From 27ac8f97f81cc9d8b332badb3d930fdd96e36bae Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 19 Feb 2017 05:17:00 +1300 Subject: [PATCH 0001/1961] tidied spacings --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index b8ce08b..2dda991 100644 --- a/user.js +++ b/user.js @@ -1,17 +1,17 @@ /****** * name: ghacks user.js * date: 18 Feb 2017 -* version: 51 : The [White?] House of the Rising Pants +* version 51: The [White?] House of the Rising Pants * "My mother was a tailor, she sewed my new blue pants" * FF version: 51 (DESKTOP) * note: date, version, and code names only change for a gthub release, which will be shortly after every Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases -* authers (v52+) : github -* authors (v51-) : FLOTUS: Pants - VICE PRESIDENT: earthling (birth certificate on request) - SECRETARY: Martin Brinkmann - SPEAKER: Tom Hawack - CABINET: Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis +* authers (v52+): github +* authors (v51-): FLOTUS: Pants + VICE PRESIDENT: earthling (birth certificate on request) + SECRETARY: Martin Brinkmann + SPEAKER: Tom Hawack + CABINET: Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis * url: https://github.com/ghacksuserjs/ghacks-user.js http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/ * required reading: http://kb.mozillazine.org/User.js_file From f507603cec88edcc60c2d0b8ee87aedca7914e7d Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 19 Feb 2017 19:18:45 +1300 Subject: [PATCH 0002/1961] moved appendix of test sites to wiki --- user.js | 65 +++++---------------------------------------------------- 1 file changed, 5 insertions(+), 60 deletions(-) diff --git a/user.js b/user.js index 2dda991..c58f33b 100644 --- a/user.js +++ b/user.js @@ -338,7 +338,7 @@ user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) // 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which // when clicked bypasses the block for that session. This is a means for admins to enforce SB // https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 - // tests: see APPENDIX A: TEST SITES - Section 06 + // tests: see APPENDIX C: TEST SITES - Section 5 // user_pref("browser.safebrowsing.allowOverride", true); // 0420: disable tracking protection // There SHOULD be NO privacy concerns here, but you are better off using an extension such as @@ -1654,65 +1654,10 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // security.sandbox.content.level ***/ -/**- APPENDIX A: TEST SITES - Here is an exhaustive list of various websites in which to test your browser. You should enable - JS on these sites for the tests to present a worst-case scenario. In reality, you should control - JS and XSS (cross site scripting) on sites with add-ons such as NoScript, uMatrix, uBlock Origin, - among others, to reduce the possibility of fingerprinting attacks. - url: http://www.ghacks.net/2015/12/28/the-ultimate-online-privacy-test-resource-list/ - -//* 01: Fingerprinting - Panopticlick https://panopticlick.eff.org/ - JoDonym http://ip-check.info/?lang=en - Am I Unique? https://amiunique.org/ - Browserprint https://browserprint.info/test - Unique Machine http://www.uniquemachine.org/ -//* 02: Multiple Tests [single page] - Whoer https://whoer.net/ - 5who http://5who.net/?type=extend - IP/DNS Leak https://ipleak.net/ - IP Duh http://ipduh.com/anonymity-check/ -//* 03: Multiple Tests [multi-page] - BrowserSpy.dk http://browserspy.dk/ - BrowserLeaks https://www.browserleaks.com/ - HTML Security https://html5sec.org/ - PC Flank http://www.pcflank.com/index.htm -//* 04: Encryption / Ciphers / SSL/TLS / Certificates - BadSSL https://badssl.com/ - DCSec https://cc.dcsec.uni-hannover.de/ - Qualys SSL Labs https://www.ssllabs.com/ssltest/viewMyClient.html - Fortify https://www.fortify.net/sslcheck.html - How's My SSL https://www.howsmyssl.com/ - RC4 https://rc4.io/ - Heartbleed https://filippo.io/Heartbleed/ - Freak Attack https://freakattack.com/clienttest.html - Logjam https://weakdh.org/ - Symantec https://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp -//* 05: Other - AudioContext https://audiofingerprint.openwpm.com/ - Battery https://pstadler.sh/battery.js/ - DNS Leak https://www.dnsleaktest.com/ - DNS Spoofability https://www.grc.com/dns/dns.htm - Evercookie https://samy.pl/evercookie/ - Firefox Add-ons http://thehackerblog.com/addon_scanner/ - localStorage http://www.filldisk.com/ - HSTS Supercookie http://www.radicalresearch.co.uk/lab/hstssupercookies - HSTS [sniffly] https://zyan.scripts.mit.edu/sniffly/ - HTML5 https://www.youtube.com/html5 - Keyboard Events https://w3c.github.io/uievents/tools/key-event-viewer.html - rel=noopener https://mathiasbynens.github.io/rel-noopener/ - Popup Killer http://www.kephyr.com/popupkillertest/index.html - Popup Test http://www.popuptest.com/ - Redirects https://jigsaw.w3.org/HTTP/300/Overview.html - Referer Headers https://www.darklaunch.com/tools/test-referer - Resource://URI https://www.browserleaks.com/firefox - WebRTC IP Leak https://www.privacytools.io/webrtc.html -//* 06: Safe Browsing, Tracking Protection - Attack https://itisatrap.org/firefox/its-an-attack.html - Blocked https://itisatrap.org/firefox/blocked.html - Malware https://itisatrap.org/firefox/unwanted.html - Phishing https://itisatrap.org/firefox/its-a-trap.html - Tracking https://itisatrap.org/firefox/its-a-tracker.html +/**- APPENDIX + A: GLOSSARY: + B: FIREFOX ADD-ONS: + C: TEST SITES: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites ***/ /**- APPENDIX B: FIREFOX ADD-ONS From 5e94428cb33cca0aeb9a3054c72a7f38bbf4c605 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 19 Feb 2017 19:45:57 +1300 Subject: [PATCH 0003/1961] removed unsupported palemoon section --- user.js | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/user.js b/user.js index c58f33b..d0fb784 100644 --- a/user.js +++ b/user.js @@ -1402,27 +1402,6 @@ user_pref("browser.migrate.automigrate.enabled", false); // END: internal custom pref to test for syntax errors user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9996: PALEMOON SPECIFIC ( https://www.palemoon.org/ ) - Full list maintained by Moonchild: https://forum.palemoon.org/viewtopic.php?f=24&t=3357 - If you have issues or questions about any of these, please use the palemoon forums - NOTE: This section is no longer maintained [after version 10] ***/ -// 9996-1: (v25.6+) disable canvas fingerprinting - // user_pref("canvas.poisondata", true); -// 9996-2: (v25.2+) control HSTS - // If editing this in about:config PM needs to be fully closed and then restarted - // NOTE: This is a trade-off between privacy vs security. HSTS was designed to increase - // security to stop MiTM attacks but can also be misused as a fingerprinting vector, by - // scrapping previously visited sites. Recommended: security over privacy. Your choice. - // user_pref("network.stricttransportsecurity.enabled", true); -// 9996-3: (v25.0+) controls whether to ignore an expired state of stapled OCSP responses - // If set to true, breaks with RFC6066 (like Firefox) and ignores the fact that stapled - // OCSP responses may be expired. If false (the default) aborts the connection. - // user_pref("security.ssl.allow_unsafe_ocsp_response", false); -// 9996-4: (v25.6+) Controls whether to completely ignore "autocomplete=off" on login fields - // user_pref("signon.ignoreAutocomplete", false); -// 9996-5: (v26.0+) read Moonchild's description on the palemoon forum thread linked above - // user_pref("dom.disable_beforeunload", true); - /*** 9997: DEPRECATED Personally confirmed by resetting as well as via documentation and DXR searches. NOTE: numbers may get re-used ***/ @@ -1623,7 +1602,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 // 2699-append: bundle and whitelist fonts with privacy.resistFingerprinting // https://bugzilla.mozilla.org/show_bug.cgi?id=1336208 - ***/ +***/ /**- 9999: TO INVESTIGATE - OTHER // 1600's: restrict the contents of referrers attached to cross-origin requests (FF52+) From bd226c716ee464558d906ce8e55bb214f1d4d640 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 19 Feb 2017 23:53:45 +1300 Subject: [PATCH 0004/1961] removed tor uplift investigation section I have created three issues for tracking items of interest from the tor uplift: #7 `resistFingerprinting`, #8 `FPI` and #15 `the rest` --- user.js | 71 +-------------------------------------------------------- 1 file changed, 1 insertion(+), 70 deletions(-) diff --git a/user.js b/user.js index d0fb784..a336bc5 100644 --- a/user.js +++ b/user.js @@ -1535,75 +1535,6 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // 2614: (51+) disable SPDY // user_pref("network.http.spdy.enabled.v3-1", false); -/**- 9998: TO INVESTIGATE - TOR UPLIFT - https://wiki.mozilla.org/Security/Tor_Uplift/Tracking -// RESOLVED - // 1400's: set whitelisted system fonts only (FF52+) - // If whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 - // user_pref("font.system.whitelist", ""); - // 2698-append: privacy.firstparty.isolate.restrict_opener_access - // https://bugzilla.mozilla.org/show_bug.cgi?id=1319773 -// ACTIVE - // 1200's: Isolate the HSTS and HPKP cache by first party domain - // https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 - // 2400's: reduce precision of time exposed by javascript - // https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 - // user_pref("javascript.options.privacy.reduce_time_precision", true); - // 2699-append: resource://URIs leak - // https://trac.torproject.org/projects/tor/ticket/8725 - // https://bugzilla.mozilla.org/show_bug.cgi?id=863246 - // test: https://www.browserleaks.com/firefox -// ASSIGNED - // 2001: preference to fully disable WebRTC JS API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1314443 - // 2699-append: enable fingerprinting resistence to WebGL - // https://bugzilla.mozilla.org/show_bug.cgi?id=1217290 - // 2699-append: checkbox in about#preferences#privacy for privacy.resistFingerprinting - // when this lands, add note to 2699 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1308340 - // 2699-append: use UTC timezone (spoof as UTC 0) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 - // 2699-append: new window sizes to round to hundreds - // Note: override values, future may enforce a select set of (inner) window measurements - // If override values are too big, the code falls back and determines it for you - // https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - // user_pref("privacy.window.maxInnerWidth", 1366); - // user_pref("privacy.window.maxInnerHeight", 768); -// BACKLOG - // 1400's: prevent local font enumeration - // https://bugzilla.mozilla.org/show_bug.cgi?id=732096 - // 1800's: disable "This Plugin is Disabled" overlay - // https://bugzilla.mozilla.org/show_bug.cgi?id=967979 - // user_pref("privacy.plugin_disabled_barrier.enabled", false); - // 2500's: disable/mitigate canvas fingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1041818 - // 2500's: enable prompt (site permission) before allowing canvas data extraction - // https://bugzilla.mozilla.org/show_bug.cgi?id=967895 - // 2600's: window.name - // https://bugzilla.mozilla.org/show_bug.cgi?id=444222 - // 2698-append: checkbox in about:preferences#privacy for privacy.firstparty.isolate - // when this lands, add note to 2611 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1312655 - // 2698-append: FPI and HTTP Alternative Services (see 2666) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 - // 2698-append: FPI and SPDY/HTTP2 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 - // 2699-append: disable keyboard fingerprinting - // Test: https://w3c.github.io/uievents/tools/key-event-viewer.html - // https://bugzilla.mozilla.org/show_bug.cgi?id=1222285 - // 2699-append: disable WebSpeech API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333641 - // see also: web speech exposes TTS engines - // https://bugzilla.mozilla.org/show_bug.cgi?id=1233846 - // 2699-append: spoof Navigator API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 - // 2699-append: set and enforce various prefs with privacy.resistFingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 - // 2699-append: bundle and whitelist fonts with privacy.resistFingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1336208 -***/ - /**- 9999: TO INVESTIGATE - OTHER // 1600's: restrict the contents of referrers attached to cross-origin requests (FF52+) // 0- 1- 2-scheme+hostname+port @@ -1631,7 +1562,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // sandbox levels (recommended to leave at what Firefox sets it to) // http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/ // security.sandbox.content.level - ***/ +***/ /**- APPENDIX A: GLOSSARY: From fe50cf94b5524ad38b11a69e013d0de4c2c15910 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 01:29:56 +1300 Subject: [PATCH 0005/1961] added inactive pref 0001: start in PB mode --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index a336bc5..3a3d11d 100644 --- a/user.js +++ b/user.js @@ -95,6 +95,10 @@ // https://en.wikipedia.org/wiki/Warrant_canary user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); +// O001: Start Firefox in private browsing (PB) mode + // https://wiki.mozilla.org/Private_Browsing + // user_pref("browser.privatebrowsing.autostart", true); + /*** 0100: STARTUP ***/ user_pref("ghacks_user.js.parrot", "0100 syntax error: the parrot's dead!"); // 0101: disable "slow startup" options From 4ca669951dd13f6367c8c34c9ad50b810868d344 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 03:39:05 +1300 Subject: [PATCH 0006/1961] draft readme outline --- README.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..c400ff9 --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +## ghacks-user.js + +- This is a rough draft, please read the old intro currently at the start of the user.js in the meantime. +- Paragraph here about not jumping in without reading first, and backing up, and understanding the changes + +### Origins +- yada yada + +### Purpose +- discuss why use a js (enforcement on startup, migration) +- outline trade-offs between security vs privacy etc +- explain expectations and site breakage +- explain this version is "middle to high road" with very little breakage (but it will happen) but is only a starting point +- no one size fits all, this is a template, fork it! Customize it! (see goals, we won't set you wrong) + +### Goals & Standards +To be **THE** template and resource all other user.js' come to for news, links, information and more, which means it needs to be: + +- comprehensive (mention prefs are included at default for completeness/enforcement, alot are included and changed for future-proofing, etc) +- current and available and change-trackable (hey, we're on github now) +- easy to understand (good simple less-techincal descriptions) +- accountable and a resource (lots of links to authorative authors and tech papers etc) +- correct and to dispell myths and bad advise (see accountable) +- eassy to follow and report and discuss (logical numbered structuring) +- give good advise (see trade-offs) +- expanded on with more information, such as FF version numbering for introduction and deprecation of preferences +- archived for each stable release (starting with 51) + +- to provide illustrated wiki topics to help +- to make it as easy as possible for anyone to use a user.js and get it right +- to provide two or three future forks with differnent settings from painless no-breakage, thru to super-hardened for use with multiple profiles + +### Implementation +- expectations of the user +- link to wiki on testing and tweaking in a portable FF first +- backup first: link to wiki articles on backup & restore methods + +### Troubleshooting +- wiki links + +### Help & Resources +- Wiki links, appendices etc + +### Acknowledgements +- yada yada + From 9ab13cec8798abe809c5f20ef8ae82797c764dbc Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Feb 2017 17:20:20 +0100 Subject: [PATCH 0007/1961] more typos beware of the big bad grammar nazi :scream: --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3a3d11d..5525d4f 100644 --- a/user.js +++ b/user.js @@ -6,7 +6,7 @@ * FF version: 51 (DESKTOP) * note: date, version, and code names only change for a gthub release, which will be shortly after every Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases -* authers (v52+): github +* authors (v52+): github * authors (v51-): FLOTUS: Pants VICE PRESIDENT: earthling (birth certificate on request) SECRETARY: Martin Brinkmann @@ -95,7 +95,7 @@ // https://en.wikipedia.org/wiki/Warrant_canary user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); -// O001: Start Firefox in private browsing (PB) mode +// 0001: Start Firefox in private browsing (PB) mode // https://wiki.mozilla.org/Private_Browsing // user_pref("browser.privatebrowsing.autostart", true); From 01263ad61f48199d2ca369f092f2a9d793189567 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Feb 2017 17:24:25 +0100 Subject: [PATCH 0008/1961] typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5525d4f..8b38cc2 100644 --- a/user.js +++ b/user.js @@ -4,7 +4,7 @@ * version 51: The [White?] House of the Rising Pants * "My mother was a tailor, she sewed my new blue pants" * FF version: 51 (DESKTOP) -* note: date, version, and code names only change for a gthub release, which will be shortly after +* note: date, version, and code names only change for a github release, which will be shortly after every Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases * authors (v52+): github * authors (v51-): FLOTUS: Pants From 6435c2795a4334f8b344856be11c51356a100688 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 13:43:26 +1300 Subject: [PATCH 0009/1961] Update user.js replace all bugzil.la links --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8b38cc2..c3c864a 100644 --- a/user.js +++ b/user.js @@ -1057,7 +1057,7 @@ user_pref("beacon.enabled", false); user_pref("browser.download.folderList", 2); // 2603: always ask the user where to download - enforce user interaction for security user_pref("browser.download.useDownloadDir", false); -// 2604: https://bugzil.la/238789#c19 +// 2604: https://bugzilla.mozilla.org/show_bug.cgi?id=238789#c19 user_pref("browser.helperApps.deleteTempFileOnExit", true); // 2605: don't integrate activity into windows recent documents user_pref("browser.download.manager.addToRecentDocs", false); From 894dda6d6081961792b2184e825a5f22627eadd7 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 15:45:58 +1300 Subject: [PATCH 0010/1961] still drafting... --- README.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c400ff9..27d2b31 100644 --- a/README.md +++ b/README.md @@ -10,36 +10,38 @@ - discuss why use a js (enforcement on startup, migration) - outline trade-offs between security vs privacy etc - explain expectations and site breakage -- explain this version is "middle to high road" with very little breakage (but it will happen) but is only a starting point +- explain this version is a "compromise" or balance that aims (with addons eg you WILL need uBlock Origin or turn safe browsing and tracking protection back on) to provide as much privacy and enhanced security as possible, and to reduce the fingerpritning attack surface as much as possible - while putting up with some incoveniences and as little site breakage as possible (but it will happen). It's only a starting point. +- provide troubleshooting: site breakage will happen. 90=% of the preferences cause no issues. It is only a small core of settings that people may or may not need to look at, depending on their objective. - no one size fits all, this is a template, fork it! Customize it! (see goals, we won't set you wrong) + ### Goals & Standards To be **THE** template and resource all other user.js' come to for news, links, information and more, which means it needs to be: -- comprehensive (mention prefs are included at default for completeness/enforcement, alot are included and changed for future-proofing, etc) +- comprehensive (eg some prefs are included at default for completeness/enforcement, a lot are included and changed for future-proofing, etc) - current and available and change-trackable (hey, we're on github now) -- easy to understand (good simple less-techincal descriptions) -- accountable and a resource (lots of links to authorative authors and tech papers etc) +- easy to understand (good, simple, less-technincal descriptions) +- accountable and a resource (lots of links to authorative authors and tech papers, also repo wiki) - correct and to dispell myths and bad advise (see accountable) -- eassy to follow and report and discuss (logical numbered structuring) +- eassy to follow and report and discuss (logical and numbered structure) - give good advise (see trade-offs) -- expanded on with more information, such as FF version numbering for introduction and deprecation of preferences +- expanded on with more information, such as FF version numbering for introduction and deprecation of preferences, hidden pref tags etc - archived for each stable release (starting with 51) - -- to provide illustrated wiki topics to help -- to make it as easy as possible for anyone to use a user.js and get it right -- to provide two or three future forks with differnent settings from painless no-breakage, thru to super-hardened for use with multiple profiles +- to provide illustrated wiki topics to help (help wanted please!) +- to make it as easy as possible for anyone to use a user.js and get it right for them +- to provide two or three future forks with differnent settings from "painless no-breakage no-addons" thru to a "super-hardened" version: for use with multiple profiles ### Implementation - expectations of the user - link to wiki on testing and tweaking in a portable FF first -- backup first: link to wiki articles on backup & restore methods +- backup first: link to wiki article on backup & restore methods +- changing, resetting preferences: user.js and about:config ### Troubleshooting - wiki links ### Help & Resources -- Wiki links, appendices etc +- wiki links, appendices etc ### Acknowledgements - yada yada From b5a1e3ff5d36813586163241fed027df0f9c0759 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 15:58:12 +1300 Subject: [PATCH 0011/1961] added suggested info to 0001: pb mode --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index c3c864a..e7a7990 100644 --- a/user.js +++ b/user.js @@ -96,6 +96,9 @@ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); // 0001: Start Firefox in private browsing (PB) mode + // This setting is under Options>Privacy>History>Always use private browsing mode + // You will see this option if you "Use custom settings for history" + // These "custom settings for history" are covered throughout this user.js // https://wiki.mozilla.org/Private_Browsing // user_pref("browser.privatebrowsing.autostart", true); From 1eccc39ca587e7fce9b5cfcdeedc507080742363 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 18:50:14 +1300 Subject: [PATCH 0012/1961] 0808 update --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index e7a7990..db277c8 100644 --- a/user.js +++ b/user.js @@ -430,8 +430,11 @@ user_pref("browser.urlbar.autoFill", false); user_pref("browser.urlbar.autoFill.typed", false); // 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) user_pref("browser.urlbar.autocomplete.enabled", false); -// 0808: disable history suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) +// 0808: disable urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) + // These settings are under Options>Privacy>Location Bar (these require 0806 to be enabled) user_pref("browser.urlbar.suggest.history", false); +user_pref("browser.urlbar.suggest.bookmark", false); +user_pref("browser.urlbar.suggest.openpage", false); // 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY // This is a PER TAB session history. You still have a full history stored under all history // default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages From eba5ae463a49607560b5cab24917ce578f58a413 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 20 Feb 2017 19:00:19 +1300 Subject: [PATCH 0013/1961] 0808 info fixup --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index db277c8..277d2f1 100644 --- a/user.js +++ b/user.js @@ -430,8 +430,9 @@ user_pref("browser.urlbar.autoFill", false); user_pref("browser.urlbar.autoFill.typed", false); // 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) user_pref("browser.urlbar.autocomplete.enabled", false); -// 0808: disable urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) - // These settings are under Options>Privacy>Location Bar (these require 0806 to be enabled) +// 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) + // These settings are under Options>Privacy>Location Bar. If you wish to enable any of these suggestions, + // then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); From 3bf64d5714220084f5a87c38fa618c17973283e7 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 21 Feb 2017 07:38:19 +1300 Subject: [PATCH 0014/1961] moved appendix of add-ons to wiki --- user.js | 46 ++-------------------------------------------- 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/user.js b/user.js index 277d2f1..50d87cf 100644 --- a/user.js +++ b/user.js @@ -15,6 +15,8 @@ * url: https://github.com/ghacksuserjs/ghacks-user.js http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/ * required reading: http://kb.mozillazine.org/User.js_file +* FIREFOX ADD-ONS: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons +* TEST SITES: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites * README/IMPORTANT: End users of this list/file are expected to know what they are doing. These are the author's @@ -1574,47 +1576,3 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/ // security.sandbox.content.level ***/ - -/**- APPENDIX - A: GLOSSARY: - B: FIREFOX ADD-ONS: - C: TEST SITES: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites -***/ - -/**- APPENDIX B: FIREFOX ADD-ONS - A massive thank you to all the developers and online communities who provide and maintain these. - - Sometimes preferences alone are not enough. Here is a list of some essential addons for security, - privacy, and fingerprinting protection. This is not a debate, it's just a list covering JS, XSS, - AdBlocking, cookies, DOM Storage, UTM, redirects, and other items. Some are global, others allow - granular control. While I believe most of these are the very best of the best, this can be subjective - depending on your needs. Some of these may become obsolete with upcoming FF changes (canvas, - resource://URI), some of these are debatable (should we UA spoof?), some I'm still looking for - a better solution, and some I do not use but they will suit a lot of users. - - NoScript https://addons.mozilla.org/en-US/firefox/addon/noscript/ - uBlock Origin https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - uMatrix https://addons.mozilla.org/en-US/firefox/addon/umatrix/ - *Cookie Controller https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/ - *Self-Destructing Cookies https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ - HTTPS Everywhere https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/ - CanvasBlocker https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/ - No Resource URI Leak https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/ - Decentraleyes https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/ - NoRedirect https://addons.mozilla.org/en-US/firefox/addon/noredirect/ - UAControl https://addons.mozilla.org/en-US/firefox/addon/uacontrol/ - User-Agent JS Fixer https://addons.mozilla.org/en-US/firefox/addon/user-agent-js-fixer/ - Popup Blocker Ultimate https://addons.mozilla.org/en-US/firefox/addon/popup-blocker-ultimate/ - Pure URL https://addons.mozilla.org/en-US/firefox/addon/pure-url/ - **Google Privacy https://addons.mozilla.org/en-US/firefox/addon/google-privacy/ - ***Quick Java https://addons.mozilla.org/en-US/firefox/addon/quickjava/ - - * Don't use both cookie add-ons - ** Yes, I use google search sometimes (my choice). I have some global add-ons that address - tracking in URLS, but am still looking for a working, comprehensible solution. - *** It's not just Java! Covers JS, Cookies, Java, Flash... and more. Customisable controls and defaults - - NOTE: At the time of publication the following are not e10s compatible: - Google Privacy, NoRedirect, UAControl, User-Agent JS Fixer, Popup Blocker Ultimate - -***/ From a00316d1c9ae9ba734a30cc137f85f3e7306b88f Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 21 Feb 2017 20:53:07 +1300 Subject: [PATCH 0015/1961] dyslexic moment fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 50d87cf..591540e 100644 --- a/user.js +++ b/user.js @@ -1241,7 +1241,7 @@ user_pref("security.block_script_with_wrong_mime", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 user_pref("svg.disabled", true); -/*** 2698: FIRST PARTY ISOLATION (PFI) ***/ +/*** 2698: FIRST PARTY ISOLATION (FPI) ***/ // 2698a: enable first party isolation pref and OriginAttribute (FF51+) // WARNING: breaks lots of cross-domain logins and site funtionality until perfected // https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 From 4d0e5825a27ca5a899cad8bb00e8bddd84650940 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 21 Feb 2017 18:29:05 +0100 Subject: [PATCH 0016/1961] network.IDN_show_punycode my draft for network.IDN_show_punycode added under 2600 but it would maybe also fit under 0800 (?) the title and that one line are quite long, feel free to improve the wording etc. --- user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user.js b/user.js index 591540e..20e9382 100644 --- a/user.js +++ b/user.js @@ -1240,6 +1240,13 @@ user_pref("security.block_script_with_wrong_mime", true); // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 user_pref("svg.disabled", true); +// 2672: eliminate possible spoofing security risk by forcing Punycode for Internationalized Domain Names - SECURITY + // Firefox has *some* protections to mitigate the risk, but better safe than sorry + // downside: will also display legitimate IDN's punycoded, which might be undesirable for users from countries with non-latin alphabets + // https://wiki.mozilla.org/IDN_Display_Algorithm + // https://en.wikipedia.org/wiki/IDN_homograph_attack + // CVE-2017-5383 -> https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +user_pref("network.IDN_show_punycode", true); // default in FF51: false /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ // 2698a: enable first party isolation pref and OriginAttribute (FF51+) From 069d8214137df14338a0371b52da6bd6a12918ad Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 07:32:52 +1300 Subject: [PATCH 0017/1961] mods to earthlng patch #19 shortened and evened out lines, added that extra link. I changed "Internationalized Domain Names" to IDNs to save space and then realized the kb and wiki articles don;t even say what IDN stands for, so I put it back. Also swapped the order and wording of the pref to make it consistent with the action. Instead of - "2672: eliminate possible .. show_punycode", true)" - "2672: force Punycode .. show_punycode", true)" --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 20e9382..cf925fa 100644 --- a/user.js +++ b/user.js @@ -1240,13 +1240,15 @@ user_pref("security.block_script_with_wrong_mime", true); // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 user_pref("svg.disabled", true); -// 2672: eliminate possible spoofing security risk by forcing Punycode for Internationalized Domain Names - SECURITY - // Firefox has *some* protections to mitigate the risk, but better safe than sorry - // downside: will also display legitimate IDN's punycoded, which might be undesirable for users from countries with non-latin alphabets +// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk. + // Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry. + // The downside: it will also display legitimate IDN's punycoded, which might be undesirable for + // users from countries with non-latin alphabets + // http://kb.mozillazine.org/Network.IDN_show_punycode // https://wiki.mozilla.org/IDN_Display_Algorithm // https://en.wikipedia.org/wiki/IDN_homograph_attack - // CVE-2017-5383 -> https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -user_pref("network.IDN_show_punycode", true); // default in FF51: false + // CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +user_pref("network.IDN_show_punycode", true); /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ // 2698a: enable first party isolation pref and OriginAttribute (FF51+) From 00e99d2b650d1eec6ceddd8ded73147db5ea6df3 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 07:42:08 +1300 Subject: [PATCH 0018/1961] removed to investigate section #20 --- user.js | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/user.js b/user.js index 591540e..ffc026d 100644 --- a/user.js +++ b/user.js @@ -1547,32 +1547,3 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("dom.vr.oculus050.enabled", false); // 2614: (51+) disable SPDY // user_pref("network.http.spdy.enabled.v3-1", false); - -/**- 9999: TO INVESTIGATE - OTHER -// 1600's: restrict the contents of referrers attached to cross-origin requests (FF52+) - // 0- 1- 2-scheme+hostname+port - // user_pref("network.http.referer.XOriginTrimmingPolicy", 2); -// 1600's: default referrer fallback override? (FF52+?) - // 0-no-referer 1-same-origin 2-strict-origin-when-cross-origin - // 3-no-referrer-when-downgrade (default) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 - // user_pref("network.http.referer.userControlPolicy", 3); -// 3000's: show system add-ons in about:addons (so you can enable/disable them) - NOT landed yet - // https://bugzilla.mozilla.org/show_bug.cgi?id=1231202 - // user_pref("extensions.hideSystemAddons", false); // (hidden pref) -// ^^ keep an eye on extensions.systemAddon* prefs -// dom.presentation.* -// privacy.userContext.* (Containers) - // use a private container for thumbnail loads (FF51+) - // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); -// browser.newtabpage.remote* -// user_pref("browser.formfill.expire_days", 1); -// user_pref("javascript.options.shared_memory", false); -// user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf"); -// network.http.enablePerElementReferrer -// history.length XSHM fix - // https://bugzilla.mozilla.org/show_bug.cgi?id=1315203 -// sandbox levels (recommended to leave at what Firefox sets it to) - // http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/ - // security.sandbox.content.level -***/ From e00a80fd8b8c704cad1decb91ecb731900e4f73d Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 21 Feb 2017 19:54:25 +0100 Subject: [PATCH 0019/1961] network.IDN_show_punycode removed the 'period' at the end of the pref description (we usually don't have one there) and aligned the 2nd line of the downside a bit nicer. --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index cf925fa..74ec1ea 100644 --- a/user.js +++ b/user.js @@ -1240,10 +1240,10 @@ user_pref("security.block_script_with_wrong_mime", true); // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 user_pref("svg.disabled", true); -// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk. +// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk // Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry. // The downside: it will also display legitimate IDN's punycoded, which might be undesirable for - // users from countries with non-latin alphabets + // users from countries with non-latin alphabets // http://kb.mozillazine.org/Network.IDN_show_punycode // https://wiki.mozilla.org/IDN_Display_Algorithm // https://en.wikipedia.org/wiki/IDN_homograph_attack From bb605524c0d74ccdf1680733387cef17009d2a04 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 08:40:27 +1300 Subject: [PATCH 0020/1961] remove spaces, even out lines --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 4cd4b9f..65283bf 100644 --- a/user.js +++ b/user.js @@ -1241,9 +1241,9 @@ user_pref("security.block_script_with_wrong_mime", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 user_pref("svg.disabled", true); // 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk - // Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry. - // The downside: it will also display legitimate IDN's punycoded, which might be undesirable for - // users from countries with non-latin alphabets + // Firefox has *some* protections to mitigate the risk, but it is better to be safe + // than sorry. The downside: it will also display legitimate IDN's punycoded, which + // might be undesirable for users from countries with non-latin alphabets // http://kb.mozillazine.org/Network.IDN_show_punycode // https://wiki.mozilla.org/IDN_Display_Algorithm // https://en.wikipedia.org/wiki/IDN_homograph_attack From 31c77a62257b5b5c9419a48e77e2e4e4986aff1b Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 09:49:44 +1300 Subject: [PATCH 0021/1961] update dom.disable_beforeunload see discussion https://github.com/pyllyukko/user.js/commit/fca08276034cb4209036c74db8a85e1037075b9f#commitcomment-20981489 --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 65283bf..b8052d3 100644 --- a/user.js +++ b/user.js @@ -886,6 +886,11 @@ user_pref("dom.allow_scripts_to_close_windows", false); // This is to stop malicious window sizes and screen res leaks etc in conjunction // with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false // user_pref("browser.link.open_newwindow.restriction", 0); +// 2204: disable "Confirm you want to leave" dialog on page close + // Does not prevent JS leaks of the page close event. + // https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload + // https://support.mozilla.org/en-US/questions/1043508 +user_pref("dom.disable_beforeunload", true); /*** 2300: SERVICE WORKERS ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); @@ -1370,9 +1375,6 @@ user_pref("clipboard.autocopy", false); // This setting is under Options>General>Tabs // 1=current window, 2=new window, 3=most recent window user_pref("browser.link.open_newwindow", 3); -// 3008: disable "Do you really want to leave this site?" popups - // https://support.mozilla.org/en-US/questions/1043508 -user_pref("dom.disable_beforeunload", true); // 3009: turn on APZ (Async Pan/Zoom) - requires e10s // http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ // user_pref("layers.async-pan-zoom.enabled", true); From b73324e39122282b4150979b10f1164a36da8170 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 11:40:38 +1300 Subject: [PATCH 0022/1961] added browser.ssl_override_behavior see https://github.com/pyllyukko/user.js/issues/210 - basically instead of a value 2, a value of 1 will save a cert pre-fetch --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index b8052d3..611be58 100644 --- a/user.js +++ b/user.js @@ -666,6 +666,10 @@ user_pref("security.mixed_content.use_hsts", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9) // user_pref("security.nocertdb", true); // (hidden pref) +// 1221: control "Add Security Exception" dialog on SSL warnings + // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) + // https://github.com/pyllyukko/user.js/issues/210 + // user_pref("browser.ssl_override_behavior", 1); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From bb206ec8fb6ac6b46956478901a6e1cf4bb76638 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 22 Feb 2017 13:08:00 +1300 Subject: [PATCH 0023/1961] minor description edits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 611be58..8850b65 100644 --- a/user.js +++ b/user.js @@ -715,7 +715,7 @@ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace // 1601: disable referer from an SSL Website // to be deprecated in FF52+? - https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 user_pref("network.http.sendSecureXSiteReferrer", false); -// 1602: DNT HTTP header - essentially USELESS - default is off. I recommend off. +// 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) // NOTE: "Options>Privacy>Tracking>Request that sites not track you" // if you use NoScript MAKE SURE to set your noscript.doNotTrack.enabled to match // http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) @@ -772,7 +772,7 @@ user_pref("media.block-autoplay-until-in-foreground", true); // https://wiki.mozilla.org/GeckoMediaPlugins user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); -// 1825: disable widevine CDM +// 1825: disable widevine CDM (Content Decryption Module) user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); From 18984600712631df8c47d1850b6ac47ec2ef778d Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 02:31:10 +1300 Subject: [PATCH 0024/1961] activate 1221 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8850b65..6b4a295 100644 --- a/user.js +++ b/user.js @@ -669,7 +669,7 @@ user_pref("security.mixed_content.use_hsts", false); // 1221: control "Add Security Exception" dialog on SSL warnings // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) // https://github.com/pyllyukko/user.js/issues/210 - // user_pref("browser.ssl_override_behavior", 1); +user_pref("browser.ssl_override_behavior", 1); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From 49d8b9f6d6d5b40843d554dfa750bdace87dff25 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 02:36:16 +1300 Subject: [PATCH 0025/1961] description ambiguity fix --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6b4a295..0edb913 100644 --- a/user.js +++ b/user.js @@ -658,7 +658,7 @@ user_pref("security.mixed_content.block_active_content", true); user_pref("security.mixed_content.send_hsts_priming", false); user_pref("security.mixed_content.use_hsts", false); // 1219: disable HSTS preload list - // recommended enabled, unless you fully understand the risks and trade-offs + // recommended left inactive and at default, unless you fully understand the risks and trade-offs // user_pref("network.stricttransportsecurity.preloadlist", false); // 1220: disable intermediate certificate caching (fingerprinting attack vector) // NOTE: This affects login/cert/key dbs. AFAIK the only effect is all active logins start anew From 3af76799322c5cd53cd939e7d13e0bdd9b028eec Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 03:32:09 +1300 Subject: [PATCH 0026/1961] 1220 security.nocertdb clarify & add warning --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0edb913..59a61e8 100644 --- a/user.js +++ b/user.js @@ -58,6 +58,7 @@ 1210: disable 1024-DH Encryption 1211: disable SHA-1 1212: disable SSL session tracking + 1220: security.nocertdb 1401 & 1406: browser.display.use_document_fonts [author blocked fonts] 1404: default fonts [author changed default fonts] 1805: plugin.scan.plid.all [author blocked all plugins] @@ -661,8 +662,9 @@ user_pref("security.mixed_content.use_hsts", false); // recommended left inactive and at default, unless you fully understand the risks and trade-offs // user_pref("network.stricttransportsecurity.preloadlist", false); // 1220: disable intermediate certificate caching (fingerprinting attack vector) - // NOTE: This affects login/cert/key dbs. AFAIK the only effect is all active logins start anew - // per session. This may be better handled under FPI (ticket 1323644, part of Tor Uplift) + // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift) + // WARNING: This affects login/cert/key dbs You will lose all credentials as they are now + // session-only. To be clear, you will lose all your saved passwords and login user names // https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9) // user_pref("security.nocertdb", true); // (hidden pref) From d17fa573a918da7f8eda383b852bb2e30c8fc948 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 05:53:57 +1300 Subject: [PATCH 0027/1961] minor edits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 59a61e8..092ec18 100644 --- a/user.js +++ b/user.js @@ -610,7 +610,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); // user_pref("security.tls.version.min", 2); // user_pref("security.tls.version.fallback-limit", 3); // user_pref("security.tls.version.max", 4); // allow up to and including TLS 1.3 -// 1210: disable 1024-DH Encryption +// 1210: disable DHE (Diffie-Hellman Key Exchange) // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH // WARNING: may break obscure sites, but not major sites, which should support ECDH over DHE user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); @@ -663,8 +663,8 @@ user_pref("security.mixed_content.use_hsts", false); // user_pref("network.stricttransportsecurity.preloadlist", false); // 1220: disable intermediate certificate caching (fingerprinting attack vector) // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift) - // WARNING: This affects login/cert/key dbs You will lose all credentials as they are now - // session-only. To be clear, you will lose all your saved passwords and login user names + // WARNING: This affects login/cert/key dbs. The effect is all credentials are session-only. + // Saved logins and passwords are not available. Reset the pref and restart to return them. // https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9) // user_pref("security.nocertdb", true); // (hidden pref) From 2fcd21083ecafee0c4911bd211f8796e8ceef0fc Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 20:30:18 +1300 Subject: [PATCH 0028/1961] enforce HSTS preload list --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 092ec18..1585e75 100644 --- a/user.js +++ b/user.js @@ -658,9 +658,9 @@ user_pref("security.mixed_content.block_active_content", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 user_pref("security.mixed_content.send_hsts_priming", false); user_pref("security.mixed_content.use_hsts", false); -// 1219: disable HSTS preload list - // recommended left inactive and at default, unless you fully understand the risks and trade-offs - // user_pref("network.stricttransportsecurity.preloadlist", false); +// 1219: enforce HSTS preload list (default is true) + // recommended left at default, unless you fully understand the risks and trade-offs +user_pref("network.stricttransportsecurity.preloadlist", true); // 1220: disable intermediate certificate caching (fingerprinting attack vector) // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift) // WARNING: This affects login/cert/key dbs. The effect is all credentials are session-only. From df1e1e42e8aa57148b78cdc613133f9371dd6d0c Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 20:54:43 +1300 Subject: [PATCH 0029/1961] enforce CSP --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 1585e75..d1d2783 100644 --- a/user.js +++ b/user.js @@ -672,7 +672,9 @@ user_pref("network.stricttransportsecurity.preloadlist", true); // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) // https://github.com/pyllyukko/user.js/issues/210 user_pref("browser.ssl_override_behavior", 1); - +// 1222: enforce CSP (Content Security Policy) (default is true) + // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +user_pref("security.csp.enable", true); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); // 1401: disable websites downloading their own fonts (0=block, 1=allow) From 7b80d3c73342b483cdd15426a73b895ff4c8623c Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 23 Feb 2017 20:56:05 +1300 Subject: [PATCH 0030/1961] spacing silly wsywig editor hates pastes --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index d1d2783..c67cb43 100644 --- a/user.js +++ b/user.js @@ -675,6 +675,7 @@ user_pref("browser.ssl_override_behavior", 1); // 1222: enforce CSP (Content Security Policy) (default is true) // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP user_pref("security.csp.enable", true); + /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); // 1401: disable websites downloading their own fonts (0=block, 1=allow) From ffbbb4311039cdbb4d45695f378b27314a170dcd Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 24 Feb 2017 01:34:25 +1300 Subject: [PATCH 0031/1961] add 1219 ref links --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index c67cb43..6751fb3 100644 --- a/user.js +++ b/user.js @@ -659,7 +659,8 @@ user_pref("security.mixed_content.block_active_content", true); user_pref("security.mixed_content.send_hsts_priming", false); user_pref("security.mixed_content.use_hsts", false); // 1219: enforce HSTS preload list (default is true) - // recommended left at default, unless you fully understand the risks and trade-offs + // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ + // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List user_pref("network.stricttransportsecurity.preloadlist", true); // 1220: disable intermediate certificate caching (fingerprinting attack vector) // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift) From 32c4e5a1dc97ee02e625ead6dbe7a405fc3c16a9 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 24 Feb 2017 04:34:52 +1300 Subject: [PATCH 0032/1961] UA Spoofing own section, all inactive --- user.js | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/user.js b/user.js index 6751fb3..475cd0a 100644 --- a/user.js +++ b/user.js @@ -1166,29 +1166,6 @@ user_pref("network.dns.blockDotOnion", true); // 2626: strip optional user agent token, default is false, included for completeness // https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference user_pref("general.useragent.compatMode.firefox", false); -// 2627: Spoof default UA & relevant (navigator) parts (also see 0204 for UA language) - // NOTE: may be better handled by an extension (eg whitelisitng), try not to clash with it - // NOTE: this is NOT a complete solution (feature detection, some navigator objects leak, resource URI etc) - // AIM: match latest TBB settings: Windows, ESR, OS etc - // WARNING: If you do not understand fingerprinting then don't use this section - // test: http://browserspy.dk/browser.php - // http://browserspy.dk/showprop.php (for buildID) - // http://browserspy.dk/useragent.php - // ==start== - // A: navigator.userAgent leaks in JS, setting this also seems to break UA extension whitelisting - // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) - // B: navigator.buildID (see gecko.buildID in about:config) reveals build time - // down to the second which defeats user agent spoofing and can compromise OS etc - // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -user_pref("general.buildID.override", "20100101"); // (hidden pref) - // C: navigator.appName -user_pref("general.appname.override", "Netscape"); // (hidden pref) - // D: navigator.appVersion -user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) - // E: navigator.platform leaks in JS -user_pref("general.platform.override", "Win32"); // (hidden pref) - // F: navigator.oscpu -user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) // 2628: disable UITour backend so there is no chance that a remote page can use it user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); @@ -1265,6 +1242,35 @@ user_pref("svg.disabled", true); // CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ user_pref("network.IDN_show_punycode", true); +/*** 2697: USER AGENT (UA) SPOOFING + Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage + depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the + lastest ESR, it still *does* *not* *work*. There are two main reasons for this. + 1. Many of the components that make up your UA can be derived by other means. And when + those values differ, you provide more bits and raise entropy. Examples of leaks include + navigator objects, resource://URIs, locale, feature detection and more. + 2. You are not in a controlled set of signifcant numbers, where the values are enforced + by default. It works for TBB because for TBB, the spoofed values ARE their default. + * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) + * Values below are for example only based on the current ESR/TBB at the time of writing +***/ +// 2697-A: navigator.userAgent leaks in JS + // NOTE: setting this will break any UA spoofing add-on whitelisting + // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) +// 2697-B: navigator.buildID (see gecko.buildID in about:config) reveals build time + // down to the second which defeats user agent spoofing and can compromise OS etc + // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 + // user_pref("general.buildID.override", "20100101"); // (hidden pref) +// 2697-C: navigator.appName + //user_pref("general.appname.override", "Netscape"); // (hidden pref) +// 2697-D: navigator.appVersion + // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) +// 2697-E: navigator.platform leaks in JS + // user_pref("general.platform.override", "Win32"); // (hidden pref) +// 2697-F: navigator.oscpu leaks in JS + // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) +// 2697-G: also see 0204 for general.useragent.locale + /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ // 2698a: enable first party isolation pref and OriginAttribute (FF51+) // WARNING: breaks lots of cross-domain logins and site funtionality until perfected From 46157a565953545d6a90e6ae1c9db7dae3951be9 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 24 Feb 2017 05:39:20 +1300 Subject: [PATCH 0033/1961] browser.xul.error_pages.expert_bad_cert -> true #26 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 475cd0a..46e3ce0 100644 --- a/user.js +++ b/user.js @@ -676,6 +676,10 @@ user_pref("browser.ssl_override_behavior", 1); // 1222: enforce CSP (Content Security Policy) (default is true) // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP user_pref("security.csp.enable", true); +// 1223: display advanced information on Insecure Connection warning pages (thanks @crssi) + // only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) + // test: https://expired.badssl.com/ +user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From d4d6440be9a73e2a6a978dfbf9028361eacb2b9c Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 27 Feb 2017 13:31:26 +1300 Subject: [PATCH 0034/1961] browser.usedOnWindows10.introURL -> deprecated --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 46e3ce0..0390cb3 100644 --- a/user.js +++ b/user.js @@ -119,7 +119,6 @@ user_pref("startup.homepage_welcome_url.additional", ""); user_pref("startup.homepage_override_url", ""); user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); -user_pref("browser.usedOnWindows10.introURL", ""); // 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) // home = browser.startup.homepage preference // You can set all of this from Options>General>Startup @@ -1446,7 +1445,7 @@ user_pref("browser.migrate.automigrate.enabled", false); // END: internal custom pref to test for syntax errors user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9997: DEPRECATED +/*** 9997: DEPRECATED / REMOVED Personally confirmed by resetting as well as via documentation and DXR searches. NOTE: numbers may get re-used ***/ // 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when @@ -1556,6 +1555,8 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("dom.disable_window_open_feature.scrollbars", true); // 2431: (49+) disable ONE of the push notification prefs // user_pref("dom.push.udp.wakeupEnabled", false); +// 0101: (50+) disable ONE of the "slow startup" options + // user_pref("browser.usedOnWindows10.introURL", ""); // 0308: (50+) disable update plugin notifications // if using Flash/Java/Silverlight, it is best to turn on their own auto-update mechanisms. // See 1804 below: Mozilla only checks a few plugins and will soon do away with NPAPI From 4a6fbddb01e57995835caf86ef1166ac1afce8ca Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 27 Feb 2017 23:39:26 +1300 Subject: [PATCH 0035/1961] 1222->2672 and 2613->2512 --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 0390cb3..258a373 100644 --- a/user.js +++ b/user.js @@ -672,9 +672,6 @@ user_pref("network.stricttransportsecurity.preloadlist", true); // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) // https://github.com/pyllyukko/user.js/issues/210 user_pref("browser.ssl_override_behavior", 1); -// 1222: enforce CSP (Content Security Policy) (default is true) - // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -user_pref("security.csp.enable", true); // 1223: display advanced information on Insecure Connection warning pages (thanks @crssi) // only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) // test: https://expired.badssl.com/ @@ -1074,6 +1071,9 @@ user_pref("dom.webaudio.enabled", false); // https://developer.mozilla.org/en-US/docs/Web/Events/devicechange // https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); +// 2512: disable device sensor API - fingerprinting vector + // https://trac.torproject.org/projects/tor/ticket/15758 +user_pref("device.sensors.enabled", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1105,9 +1105,6 @@ user_pref("devtools.webide.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16222 user_pref("browser.casting.enabled", false); user_pref("gfx.layerscope.enabled", false); -// 2613: disable device sensor API - fingerprinting vector - // https://trac.torproject.org/projects/tor/ticket/15758 -user_pref("device.sensors.enabled", false); // 2614: disable SPDY as it can contain identifiers // https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) user_pref("network.http.spdy.enabled", false); @@ -1244,6 +1241,9 @@ user_pref("svg.disabled", true); // https://en.wikipedia.org/wiki/IDN_homograph_attack // CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ user_pref("network.IDN_show_punycode", true); +// 2673: enforce CSP (Content Security Policy) (default is true) + // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +user_pref("security.csp.enable", true); /*** 2697: USER AGENT (UA) SPOOFING Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage From 9d3fb13d763e006edfd6fe8974b3a2c25bca43c5 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 28 Feb 2017 00:04:23 +1300 Subject: [PATCH 0036/1961] #30 no preference value changes or active/inactive status, just descriptions and formatting --- user.js | 1832 ++++++++++++++++++++++++++----------------------------- 1 file changed, 880 insertions(+), 952 deletions(-) diff --git a/user.js b/user.js index 258a373..ac06332 100644 --- a/user.js +++ b/user.js @@ -3,112 +3,48 @@ * date: 18 Feb 2017 * version 51: The [White?] House of the Rising Pants * "My mother was a tailor, she sewed my new blue pants" -* FF version: 51 (DESKTOP) * note: date, version, and code names only change for a github release, which will be shortly after - every Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases -* authors (v52+): github -* authors (v51-): FLOTUS: Pants - VICE PRESIDENT: earthling (birth certificate on request) - SECRETARY: Martin Brinkmann - SPEAKER: Tom Hawack - CABINET: Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis + each major Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases +* authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js - http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/ -* required reading: http://kb.mozillazine.org/User.js_file -* FIREFOX ADD-ONS: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons -* TEST SITES: https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites -* README/IMPORTANT: - End users of this list/file are expected to know what they are doing. These are the author's - settings. The author does NOT expect (or indeed want) end users to just run with it as is. - Use it as a comprehensive list, or as a template for your own. Extensive links and comments - have been added to help. Before using this user.js, if necessary, you should change, remove or - comment out with two forward slashes any preferences you're not happy with or not sure about. - The settings in this file (user.js) OVERWRITE the ones in your prefs (prefs.js - these are - accessed via about:config) when FF is started. See the required reading above. +* README: -* BACKUP FIRST: - Backup your profile first, or even just the PREFS.JS. Go to your profile directory and copy - prefs.js, rename it (eg to prefs.js.backup). That way, if you have problems, to restore FF - to the state it was in beforehand, close FF, delete the prefs.js, rename your backup copy of - prefs back to prefs.js, RENAME the user.js so it doesn't overwrite everything again, then - start FF. IF you have any problems, you can also ask in the comments at ghacks. + 1. READ the full README at github + 2. READ the full README at github + 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum + * The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates + You need to read, understand, and decide about these. Don't leave yourself less secure + * Site breakage WILL happen + - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting + and these need to be balanced against Functionality & Convenience & Breakage + * You will need to make a few changes to suit your own needs + - Search this file for the "[SETUP]" tag to find SOME common items you could check + before using to avoid unexpected surprises + - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues -* PURPOSE: - This is not a "comprehensive" list of ALL things privacy/security (otherwise it would be huge) - It is more like a list of settings that generally differ from their defaults, and is aimed at - improving security and privacy, at making a "quieter" FF, and at reducing fingerprinting and - tracking, while allowing functionality. There will be trade-offs and conflicts between these. - -* COMMON ISSUES: - Some prefs will break some sites (it's inevitable). If you are having issues search for - "WARNING:" in this document, especially the ones listed just below. - - This user.js uses the author's settings, so you need to check these EACH release because - the author prefers anonymity, security, and privacy over functionality [eg being able to - paste in Facebook, downloadable fonts, and other minor inconveniences]. You have been warned. - - 0202 & 0204 & 0207 & 0208: search, language and locale settings - 0903 & 0904: master password (author set his up to last 5 minutes, default is once per session) - 1007 & 1008: disabling/reducing session store saves affects recently closed tabs history - 1204: security.ssl.require_safe_negotiation - 1206: security.OCSP.require - 1208: security.cert_pinning.enforcement_level - 1209: TLS min and max - 1210: disable 1024-DH Encryption - 1211: disable SHA-1 - 1212: disable SSL session tracking - 1220: security.nocertdb - 1401 & 1406: browser.display.use_document_fonts [author blocked fonts] - 1404: default fonts [author changed default fonts] - 1805: plugin.scan.plid.all [author blocked all plugins] - 1807: disable auto-play of HTML5 media (may break some sites' playback) - 2025: enable/disable media types [author's settings, choose your own] - 2201: dom.event.contextmenu.enabled - 2300's: workers/service.workers/push notifications etc may affect twitter, street view and other sites - 2402: dom.event.clipboardevents.enabled - 2404: dom.indexedDB.enabled [author killed indexedDB] - 2415b: limit popup events - 2421: two JS preferences that cause the odd issue (commented out, not worth the performance loss) - 2507: keyboard fingerprinting (android + physical keyboard) - 2508: hardware acceleration (performance vs lots of video, also fonts render differently) - [author killed hardware acceleration] - 2509: dom.w3c_touch_events.enabled (you will want to change this if you use touch) - 2619: network.http.redirection-limit - 2627: various User Agent and navigator objects - 2662: browser.download.forbid_open_with - 2668: lock down allowed extension directories - breaks add-ons that do not use the default XPI dir - 2671: disable SVG - 2698: privacy.firstparty.isolate - 2705: dom.storage.enabled - -* THANKS: - Special thanks to Martin Brinkmann and the ghacks community - Lots of websites, lots of people, too many to list but here are some excellent resources - - https://github.com/pyllyukko/user.js - - https://www.wilderssecurity.com/threads/firefox-lockdown.368003/ - - http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs - - https://www.privacy-handbuch.de/handbuch_21.htm (German) + 4. BACKUP BACKUP BACKUP your profile folder before implementing (and/or test in a new profile) + 5. Did you do a BACKUP? ******/ -// START: internal custom pref to test for syntax errors (thanks earthling) - // Yes, this next pref setting is redundant, but I like it! - // https://en.wikipedia.org/wiki/Dead_parrot - // https://en.wikipedia.org/wiki/Warrant_canary +/* START: internal custom pref to test for syntax errors (thanks earthling) + * Yes, this next pref setting is redundant, but we like it! + * https://en.wikipedia.org/wiki/Dead_parrot + * https://en.wikipedia.org/wiki/Warrant_canary ***/ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); -// 0001: Start Firefox in private browsing (PB) mode - // This setting is under Options>Privacy>History>Always use private browsing mode - // You will see this option if you "Use custom settings for history" - // These "custom settings for history" are covered throughout this user.js - // https://wiki.mozilla.org/Private_Browsing +/* 0001: Start Firefox in PB (Private Browsing) mode + * This setting is under Options>Privacy>History>Always use private browsing mode + * You will see this option if you "Use custom settings for history" + * These "custom settings for history" are covered throughout this user.js + * https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); /*** 0100: STARTUP ***/ user_pref("ghacks_user.js.parrot", "0100 syntax error: the parrot's dead!"); -// 0101: disable "slow startup" options - // warnings, disk history, welcomes, intros, EULA, default browser check +/* 0101: disable "slow startup" options + * warnings, disk history, welcomes, intros, EULA, default browser check ***/ user_pref("browser.slowStartup.notificationDisabled", true); user_pref("browser.slowStartup.maxSamples", 0); user_pref("browser.slowStartup.samples", 0); @@ -116,144 +52,142 @@ user_pref("browser.rights.3.shown", true); user_pref("browser.startup.homepage_override.mstone", "ignore"); user_pref("startup.homepage_welcome_url", ""); user_pref("startup.homepage_welcome_url.additional", ""); -user_pref("startup.homepage_override_url", ""); +user_pref("startup.homepage_override_url", ""); // what's new page after updates user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); -// 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) - // home = browser.startup.homepage preference - // You can set all of this from Options>General>Startup +/* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) + * home = browser.startup.homepage preference. + * These settings are under Options>General>Startup ***/ // user_pref("browser.startup.page", 0); /*** 0200: GEOLOCATION ***/ user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -// 0201: disable location-aware browsing +/* 0201: disable location-aware browsing ***/ user_pref("geo.enabled", false); user_pref("geo.wifi.uri", "https://127.0.0.1"); user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); user_pref("geo.wifi.xhr.timeout", 1); user_pref("browser.search.geoip.timeout", 1); -// 0202: disable GeoIP-based search results - // NOTE: may not be hidden if Mozilla have changed your settings due to your locale - // https://trac.torproject.org/projects/tor/ticket/16254 +/* 0202: disable GeoIP-based search results + * [NOTE] may not be hidden if Firefox has changed your settings due to your locale + * https://trac.torproject.org/projects/tor/ticket/16254 ***/ user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) -// 0203: disable using OS locale, force APP locale +/* 0203: disable using OS locale, force APP locale ***/ user_pref("intl.locale.matchOS", false); -// 0204: set APP local +/* 0204: set APP locale ***/ user_pref("general.useragent.locale", "en-US"); -// 0206: disable geographically specific results/search engines eg: "browser.search.*.US" - // i.e ignore all of Mozilla's multiple deals with multiple engines in multiple locales +/* 0206: disable geographically specific results/search engines eg: "browser.search.*.US" + * i.e ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); -// 0207: set language to match - // WARNING: reset this to your default if you don't want English +/* 0207: set language to match ***/ user_pref("intl.accept_languages", "en-US, en"); -// 0208: enforce US English locale regardless of the system locale - // https://bugzilla.mozilla.org/show_bug.cgi?id=867501 +/* 0208: enforce US English locale regardless of the system locale + * https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /*** 0300: QUIET FOX [PART 1] No auto-phoning home for anything. You can still do manual updates. It is still important - to do updates for security reasons. If you don't auto update, make sure you do manually. - There are many legitimate reasons to turn off AUTO updates, including hijacked monetized - extensions, time constraints, legacy issues, and fear of breakage/bugs ***/ + to do updates for security reasons. [WARNING] [SETUP] If you don't auto update, make sure you + do manually. There are many legitimate reasons to turn off AUTO updates, including hijacked + monetized extensions, time constraints, legacy issues, and fear of breakage/bugs ***/ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -// 0301: disable browser auto update - // Options>Advanced>Update>Never check for updates +/* 0301a: disable browser auto update + * This setting is under Options>Advanced>Update>Never check for updates ***/ user_pref("app.update.enabled", false); - // Options>Advanced>Update>Use a background service to install updates +/* 0301b: Options>Advanced>Update>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); - // ensure update information is not suppressed +/* 0301c: ensure update information is not suppressed ***/ user_pref("app.update.silent", false); - // disable background update staging +/* 0301d: disable background update staging ***/ user_pref("app.update.staging.enabled", false); -// 0302: disable browser auto installing update when you do a manual check +/* 0302: disable browser auto installing update when you do a manual check ***/ user_pref("app.update.auto", false); -// 0303: disable search update (Options>Advanced>Update>Automatically update: search engines) +/* 0303: disable search update (Options>Advanced>Update>Automatically update: search engines) ***/ user_pref("browser.search.update", false); -// 0304: disable add-ons auto checking for new versions +/* 0304: disable add-ons auto checking for new versions ***/ user_pref("extensions.update.enabled", false); -// 0305: disable add-ons auto update +/* 0305: disable add-ons auto update ***/ user_pref("extensions.update.autoUpdateDefault", false); -// 0306: disable add-on metadata updating - // sends daily pings to Mozilla about extensions and recent startups +/* 0306: disable add-on metadata updating + * sends daily pings to Mozilla about extensions and recent startups ***/ user_pref("extensions.getAddons.cache.enabled", false); -// 0307: disable auto updating of personas (themes) +/* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); -// 0309: disable sending Flash crash reports +/* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -// 0310: disable sending the URL of the website where a plugin crashed +/* 0310: disable sending the URL of the website where a plugin crashed ***/ user_pref("dom.ipc.plugins.reportCrashURL", false); -// 0320: disable extension discovery - // featured extensions for displaying in Get Add-ons panel +/* 0320: disable extension discovery + * featured extensions for displaying in Get Add-ons panel ***/ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); -// 0330a: disable telemetry - // https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html - // the pref (.unified) affects the behaviour of the pref (.enabled) - // IF unified=false then .enabled controls the telemetry module - // IF unified=true then .enabled ONLY controls whether to record extended data - // so make sure to have both set as false +/* 0330a: disable telemetry + * https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html + * the pref (.unified) affects the behaviour of the pref (.enabled) + * IF unified=false then .enabled controls the telemetry module + * IF unified=true then .enabled ONLY controls whether to record extended data + * so make sure to have both set as false ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); -// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled +/* 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry + * is enabled ONLY for people that opted into it, even if unified Telemetry is enabled ***/ user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) -// 0331: remove url of server telemetry pings are sent to +/* 0331: remove url of server telemetry pings are sent to ***/ user_pref("toolkit.telemetry.server", ""); -// 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false +/* 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false ***/ user_pref("toolkit.telemetry.archive.enabled", false); -// 0333a: disable health report +/* 0333a: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) -// 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) - // If you have disabled health reports, then this about page is useless - disable it - // If you want to see what health data is present, then these must be set at default +/* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) + * If you have disabled health reports, then this about page is useless - disable it + * If you want to see what health data is present, then this must be set at default ***/ user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); -// 0334a: disable new data submission, master kill switch (FF41+) - // If disabled, no policy is shown or upload takes place, ever - // https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 +/* 0334: disable new data submission, master kill switch (FF41+) + * If disabled, no policy is shown or upload takes place, ever + * https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); -// 0335: remove a telemetry clientID - // if you haven't got one, be proactive and set it now for future proofing +/* 0335: remove telemetry clientID ***/ user_pref("toolkit.telemetry.cachedClientID", ""); -// 0336: disable "Heartbeat" (Mozilla user rating telemetry) - // https://trac.torproject.org/projects/tor/ticket/18738 +/* 0336: disable "Heartbeat" (Mozilla user rating telemetry) + * https://trac.torproject.org/projects/tor/ticket/18738 ***/ user_pref("browser.selfsupport.enabled", false); // (hidden pref) user_pref("browser.selfsupport.url", ""); -// 0340: disable experiments - // https://wiki.mozilla.org/Telemetry/Experiments +/* 0340: disable experiments + * https://wiki.mozilla.org/Telemetry/Experiments ***/ user_pref("experiments.enabled", false); user_pref("experiments.manifest.uri", ""); user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); -// 0341: disable Mozilla permission to silently opt you into tests +/* 0341: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); -// 0350: disable crash reports +/* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); -// 0351: disable sending of crash reports (FF44+) +/* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); -// 0360: disable new tab tile ads & preload & marketing junk +/* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -// 0370: disable "Snippets" (Mozilla content shown on about:home screen) - // https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service - // MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks +/* 0370: disable "Snippets" (Mozilla content shown on about:home screen) + * https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service + * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); -// 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure - // NOTE: Important: Remove the pocket icon from your toolbar first - // https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ +/* 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure + * [NOTE] Important: Remove the pocket icon from your toolbar first + * https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); user_pref("extensions.pocket.api", ""); user_pref("extensions.pocket.site", ""); user_pref("extensions.pocket.oAuthConsumerKey", ""); -// 0374: disable "social" integration - // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API +/* 0374: disable "social" integration + * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ user_pref("social.whitelist", ""); user_pref("social.toast-notifications.enabled", false); user_pref("social.shareDirectory", ""); @@ -261,594 +195,595 @@ user_pref("social.remote-install.enabled", false); user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // (hidden pref) -// 0375: disable "Reader View" +/* 0375: disable "Reader View" [SETUP] ***/ user_pref("reader.parse-on-load.enabled", false); -// 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers - // https://wiki.mozilla.org/FlyWeb - // http://www.ghacks.net/2016/07/26/firefox-flyweb/ +/* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers + * https://wiki.mozilla.org/FlyWeb + * http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -// 0380: disable sync +/* 0380: disable sync [SETUP] ***/ user_pref("services.sync.enabled", false); // (hidden pref) -/*** 0400: QUIET FOX [PART 2] - This section has security & tracking protection implications vs privacy concerns. - These settings are geared up to make FF "quiet" & private. I am NOT advocating no protection. - If you turn these off, then by all means please use something superior, such as uBlock Origin. - IMPORTANT: This entire section is rather contentious. Safebrowsing is designed to protect - users from malicious sites. Tracking protection is designed to lessen the impact of third +/*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP] + This section has security & tracking protection implications vs privacy concerns vs effectiveness. + These settings, WITH EXTENSIONS, are geared up to make Firefox "quiet", private and effective. + We DO NOT advocate no protection, so use something with more scope, such as uBlock Origin. + + This entire section is rather contentious. Safebrowsing (SB) is designed to protect + users from malicious sites. Tracking protection (TP) is designed to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing experience. These are both very good features provided by Mozilla. They do rely on third parties: Google for safebrowsing and Disconnect for tracking protection (someone has to provide the information). Additionally, SSL Error Reporting helps makes the internet more secure for everyone. - If you do not understand the ramifications of disabling all of these, then it is advised that + + If you do not understand the ramifications of disabling SB and TP, then it is advised that you enable them by commenting out the preferences and saving the changes, and then in - about:config find each entry and right-click and reset the preference's value. ***/ + about:config find each entry and right-click and reset the preference's value. +***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -// 0401: DON'T disable extension blocklist, but sanitize blocklist url - SECURITY - // It now includes updates for "revoked certificates" - security trumps privacy here - // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl - // https://trac.torproject.org/projects/tor/ticket/16931 +/* 0401: DON'T disable extension blocklist, but sanitize blocklist url + * It now includes updates for "revoked certificates" + * https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl + * https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); -// 0402: disable/enable various Kinto blocklist updates (FF50+) - // What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - // As FF transitions to Kinto, the blocklists have been broken down (more could be added). These contain - // block entries for certs to be revoked, add-ons and plugins to be disabled, and gfx environments that - // cause problems or crashes. Here you can remove the collection name to prevent each specific list updating +/* 0402: disable/enable various Kinto blocklist updates (FF50+) + * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications + * As Firefox transitions to Kinto, the blocklists have been broken down (more could be added). These contain + * block entries for certs to be revoked, add-ons and plugins to be disabled, and gfx environments that + * cause problems or crashes. Here you can remove the collection name to disable each specific list updating ***/ user_pref("services.blocklist.update_enabled", true); user_pref("services.blocklist.signing.enforced", true); -user_pref("services.blocklist.onecrl.collection", "certificates"); // Revoked certificates +user_pref("services.blocklist.onecrl.collection", "certificates"); // revoked certificates user_pref("services.blocklist.addons.collection", "addons"); -user_pref("services.blocklist.plugins.collection", ""); // I have no plugins -user_pref("services.blocklist.gfx.collection", ""); // I have gfx hw acceleration disabled -// 0410: disable safe browsing - // I have redesigned this sub-section to differentiate between "real-time"/"user initiated" - // data being sent to Google from all other settings such as using local blocklists/whitelists - // and updating those lists. There SHOULD be NO privacy issues here. Even *IF* an URL was sent - // to Google, they swear it is anonymized and only used to flag malicious sites/activity. Firefox - // also takes measures such as striping out identifying parameters and storing safe browsing - // cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) - // To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f - // #Required reading: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - // https://wiki.mozilla.org/Security/Safe_Browsing -// 0410a: disable "Block dangerous and deceptive content" This setting is under Options>Security - // in FF47 and under this is was titled "Block reported web forgeries" - // this covers deceptive sites such as phishing and social engineering +user_pref("services.blocklist.plugins.collection", ""); // if you have no plugins +user_pref("services.blocklist.gfx.collection", ""); // if gfx hw acceleration is disabled +/* 0410: disable Safe Browsing (SB) + * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" + * data being sent to Google from all other settings such as using local blocklists/whitelists + * and updating those lists. There SHOULD be NO privacy issues here. Even *IF* an URL was sent + * to Google, they swear it is anonymized and only used to flag malicious sites/activity. Firefox + * also takes measures such as striping out identifying parameters and storing safe browsing + * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) + * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f + * #Required reading: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + * https://wiki.mozilla.org/Security/Safe_Browsing ***/ +/* 0410a: disable "Block dangerous and deceptive content" [under Options>Security] + * Until FF48 this was titled "Block reported web forgeries" + * It covers deceptive sites such as phishing and social engineering ***/ user_pref("browser.safebrowsing.malware.enabled", false); user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -// 0410b: disable "Block dangerous downloads" This setting is under Options>Security - // in FF47 and under this was titled "Block reported attack sites" - // this covers malware and PUPs (potentially unwanted programs) +/* 0410b: disable "Block dangerous downloads" [under Options>Security] + * Until FF48 this was titled "Block reported attack sites" + * It covers malware and PUPs (potentially unwanted programs) ***/ user_pref("browser.safebrowsing.downloads.enabled", false); - // disable "Warn me about unwanted and uncommon software" Also under Options>Security (FF48+) +/* 0410b: disable "Warn me about unwanted and uncommon software" [under Options>Security] (FF48+) ***/ user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); - // yet more prefs added (FF49+) -user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); -// 0410c: disable Google safebrowsing downloads, updates +user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) +user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) +/* 0410c: disable Google safebrowsing downloads, updates ***/ user_pref("browser.safebrowsing.provider.google.updateURL", ""); // update google lists user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // list hash check user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) -// 0410d: disable mozilla safebrowsing downloads, updates - // NOTE: These two prefs are also used for Tracking Protection (see 0420) +/* 0410d: disable Mozilla safebrowsing downloads, updates + * [NOTE] These two prefs are also used for Tracking Protection (see 0420) ***/ user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists -// 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) +/* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); -// 0410f: disable reporting URLs +/* 0410f: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) -// 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which - // when clicked bypasses the block for that session. This is a means for admins to enforce SB - // https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 - // tests: see APPENDIX C: TEST SITES - Section 5 +/* 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which + * when clicked bypasses the block for that session. This is a means for admins to enforce SB + * https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 + * test: see github wiki APPENDIX C: Test Sites: Section 5 ***/ // user_pref("browser.safebrowsing.allowOverride", true); -// 0420: disable tracking protection - // There SHOULD be NO privacy concerns here, but you are better off using an extension such as - // uBlock Origin which is not decided by a third party (disconnect) and is far more effective - // (when used correctly). NOTE: There are two prefs (see 0410d) shared with Safe Browsing - // https://wiki.mozilla.org/Security/Tracking_protection - // https://support.mozilla.org/en-US/kb/tracking-protection-firefox +/* 0420: disable Tracking Protection (TP) + * There SHOULD be NO privacy concerns here, but we strongly recommend to use uBlock Origin instead, + * which offers more comprehensive as well as specialized lists. It also allows per domain control. + * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing + * https://wiki.mozilla.org/Security/Tracking_protection + * https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ user_pref("privacy.trackingprotection.enabled", false); // all windows pref (not just private) user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref -// 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection +/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection ***/ user_pref("privacy.trackingprotection.ui.enabled", true); -// 0430: disable SSL Error Reporting - PRIVACY - // https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html +/* 0430: disable SSL Error Reporting + * https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); -// 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (48+) - // If you don't have Flash, then you don't need this enabled - // NOTE: if enabled, you will need to check what prefs (safebrowsing URLs etc) this uses to update - // http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - // https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 +/* 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) + * If you don't have Flash, then you don't need this enabled + * [NOTE] if enabled, you will need to check what prefs (safebrowsing URLs etc) this uses to update + * http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ user_pref("browser.safebrowsing.blockedURIs.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); -// 0601: disable link prefetching - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ +/* 0601: disable link prefetching + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); -// 0602: disable dns prefetching - // http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching +/* 0602: disable DNS prefetching + * http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) -// 0603: disable Seer/Necko - // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko +/* 0603a: disable Seer/Necko + * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ user_pref("network.predictor.enabled", false); -// 0603a: disable more Necko/Captive Portal - // https://en.wikipedia.org/wiki/Captive_portal - // https://wiki.mozilla.org/Necko/CaptivePortal +/* 0603b: disable more Necko/Captive Portal + * https://en.wikipedia.org/wiki/Captive_portal + * https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+?) -// 0604: disable search suggestions +/* 0604: disable search suggestions ***/ user_pref("browser.search.suggest.enabled", false); -// 0605: disable link-mouseover opening connection to linked server - // http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - // http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links +/* 0605: disable link-mouseover opening connection to linked server + * http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests + * http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ user_pref("network.http.speculative-parallel-limit", 0); -// 0606: disable pings (but enforce same host in case) - // http://kb.mozillazine.org/Browser.send_pings - // http://kb.mozillazine.org/Browser.send_pings.require_same_host +/* 0606: disable pings (but enforce same host in case) + * http://kb.mozillazine.org/Browser.send_pings + * http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); -// 0607: stop links launching Windows Store on Windows 8/8.1/10 - // http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ +/* 0607: stop links launching Windows Store on Windows 8/8.1/10 + * http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); -// 0608: disable predictor / prefetching (FF48+) +/* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); /*** 0800: LOCATION BAR / SEARCH / AUTO SUGGESTIONS / HISTORY / FORMS etc Not ALL of these are strictly needed, some are for the truly paranoid, but included for a more comprehensive list (see comments on each one) ***/ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -// 0801: disable location bar using search - PRIVACY - // don't leak typos to a search engine, give an error message instead +/* 0801: disable location bar using search - PRIVACY + * don't leak typos to a search engine, give an error message instead ***/ user_pref("keyword.enabled", false); -// 0802: disable location bar domain guessing - PRIVACY/SECURITY - // domain guessing intercepts DNS "hostname not found errors" and resends a - // request (eg by adding www or .com). This is inconsistent use (eg FQDNs), does not work - // via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com - // as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - // intend to), can leak sensitive data (eg query strings: eg Princeton attack), - // and is a security risk (eg common typos & malicious sites set up to exploit this) +/* 0802: disable location bar domain guessing - PRIVACY/SECURITY + * domain guessing intercepts DNS "hostname not found errors" and resends a + * request (eg by adding www or .com). This is inconsistent use (eg FQDNs), does not work + * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com + * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't + * intend to), can leak sensitive data (eg query strings: eg Princeton attack), + * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); -// 0803: disable locationbar dropdown - PRIVACY (shoulder surfers,forensics/unattended browser) +/* 0803: disable locationbar dropdown - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ user_pref("browser.urlbar.maxRichResults", 0); -// 0804: display all parts of the url - // why rely on just a visual clue - helps SECURITY +/* 0804: display all parts of the url - helps SECURITY ***/ user_pref("browser.urlbar.trimURLs", false); -// 0805: disable URLbar autofill - PRIVACY (shoulder surfers, forensics/unattended browser) - // http://kb.mozillazine.org/Inline_autocomplete +/* 0805: disable urlbar autofill - PRIVACY (shoulder surfers, forensics/unattended browser) + * http://kb.mozillazine.org/Inline_autocomplete ***/ user_pref("browser.urlbar.autoFill", false); user_pref("browser.urlbar.autoFill.typed", false); -// 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) +/* 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ user_pref("browser.urlbar.autocomplete.enabled", false); -// 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) - // These settings are under Options>Privacy>Location Bar. If you wish to enable any of these suggestions, - // then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default +/* 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) + * These settings are under Options>Privacy>Location Bar. If you wish to enable any of these suggestions, + * then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default ***/ user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); -// 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY - // This is a PER TAB session history. You still have a full history stored under all history - // default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - // use it as a means of referral (eg hotlinking), 4 or 6 may be more practical +/* 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY + * This is a PER TAB session history. You still have a full history stored under all history + * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages + * use it as a means of referral (eg hotlinking), 4 or 6 may be more practical ***/ user_pref("browser.sessionhistory.max_entries", 4); -// 0810: disable css querying page history - css history leak - PRIVACY - // NOTE: this has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in - // 'certain circumstances', also see latest comments in the bug link - // https://dbaron.org/mozilla/visited-privacy - // https://bugzilla.mozilla.org/show_bug.cgi?id=147777 - // https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector +/* 0810: disable CSS querying page history - CSS history leak - PRIVACY + * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in + * 'certain circumstances', also see latest comments in the bug link + * https://dbaron.org/mozilla/visited-privacy + * https://bugzilla.mozilla.org/show_bug.cgi?id=147777 + * https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); -// 0811: disable displaying javascript in history URLs - SECURITY +/* 0811: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); -// 0812: disable search and form history - // Under Options>Privacy> if you set Firefox to "use custom settings" there will be a - // setting called "remember search and form history". - // You can clear formdata on exiting Firefox (see 2803) +/* 0812: disable search and form history + * Under Options>Privacy> if you set Firefox to "use custom settings" there will be a + * setting called "Remember search and form history". + * You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.enable", false); -// 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc) - // For convenience & functionality, this is best left at default true. - // You can clear formdata on exiting Firefox (see 2803) +/* 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc) + * For convenience & functionality, this is best left at default true. + * You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.saveHttpsForms", false); -// 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+) - // Setting: Options>Privacy>Location Bar>Related searches from the default search engine +/* 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+) + * Setting: Options>Privacy>Location Bar>Related searches from the default search engine ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); -// 0816: disable browsing and download history - // Under Options>Privacy> if you set Firefox to "use custom settings" there will be a - // setting called "remember my browsing and download history" - // You can clear history and downloads on exiting Firefox (see 2803) +/* 0816: disable browsing and download history + * Under Options>Privacy> if you set Firefox to "use custom settings" there will be a + * setting called "Remember my browsing and download history" + * You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); -// 0817: disable Jumplist (Windows7+) +/* 0817: disable Jumplist (Windows7+) ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); user_pref("browser.taskbar.lists.recent.enabled", false); user_pref("browser.taskbar.lists.tasks.enabled", false); -// 0818: disable taskbar preview +/* 0818: disable taskbar preview ***/ user_pref("browser.taskbar.previews.enable", false); -// 0819: disable one-off searches from the addressbar (FF51+) - // http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ +/* 0819: disable one-off searches from the addressbar (FF51+) + * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); -// 0820: disable search reset (about:searchreset) (FF51+) - // http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ +/* 0820: disable search reset (about:searchreset) (FF51+) + * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/ user_pref("browser.search.reset.enabled", false); user_pref("browser.search.reset.whitelist", ""); /*** 0900: PASSWORDS ***/ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); -// 0901: disable saving passwords - // Options>Security>Logins>Remember logins for sites - // NOTE: this does not clear any passwords already saved +/* 0901: disable saving passwords + * This setting is under Options>Security>Logins>Remember logins for sites + * [NOTE] this does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); -// 0902: use a master password (recommended if you save passwords) - // There are no preferences for this. It is all handled internally. - // https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins -// 0903: set how often Mozilla should ask for the master password - // 0=the first time, 1=every time it's needed, 2=every n minutes (as per the next pref) - // WARNING: the default is 0, author changed his settings +/* 0902: use a master password (recommended if you save passwords) + * There are no preferences for this. It is all handled internally. + * https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ +/* 0903: set how often Mozilla should ask for the master password + * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ user_pref("security.ask_for_password", 2); -// 0904: how often in minutes Mozilla should ask for the master password (see pref above) - // in minutes, default is 30 +/* 0904: how often in minutes Mozilla should ask for the master password (see pref above) + * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); -// 0905: disable auto-filling username & password form fields - SECURITY - // can leak in cross-site forms AND be spoofed - // http://kb.mozillazine.org/Signon.autofillForms - // password will still be auto-filled after a user name is manually entered +/* 0905: disable auto-filling username & password form fields - SECURITY + * can leak in cross-site forms AND be spoofed + * http://kb.mozillazine.org/Signon.autofillForms + * password will still be auto-filled after a user name is manually entered ***/ user_pref("signon.autofillForms", false); -// 0906: ignore websites' autocomplete="off" (FF30+) +/* 0906: ignore websites' autocomplete="off" (FF30+) ***/ user_pref("signon.storeWhenAutocompleteOff", true); -// 0907: force warnings for logins on non-secure (non HTTPS) pages - // https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 +/* 0907: force warnings for logins on non-secure (non HTTPS) pages + * https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); -// 0908: When attempting to fix an entered URL, do not fix an entered password along with it - // i.e do not turn ~http://user:password@foo into ~http://user:password@(prefix)foo(suffix) - // but instead ~http://user@(prefix)foo(suffix)) +/* 0908: When attempting to fix an entered URL, do not fix an entered password along with it + * i.e do not turn ~http://user:password@foo into ~http://user:password@(prefix)foo(suffix) + * but instead ~http://user@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); -// 0909: disabling for now (FF51+) +/* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); /*** 1000: CACHE ***/ user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); -// 1001: disable disk cache +/* 1001: disable disk cache ***/ user_pref("browser.cache.disk.enable", false); user_pref("browser.cache.disk.capacity", 0); user_pref("browser.cache.disk.smart_size.enabled", false); user_pref("browser.cache.disk.smart_size.first_run", false); -// 1002: disable disk caching of SSL pages - // http://kb.mozillazine.org/Browser.cache.disk_cache_ssl +/* 1002: disable disk caching of SSL pages + * http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); -// 1003: disable memory cache as well IF you're REALLY paranoid - // I haven't tried it, but I'm sure you'll take a performance/traffic hit +/* 1003: disable memory cache as well IF you're REALLY paranoid ***/ // user_pref("browser.cache.memory.enable", false); -// 1004: disable offline cache +/* 1004: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -// 1005: disable storing extra session data 0=all 1=http-only 2=none - // extra session data contains contents of forms, scrollbar positions, cookies and POST data +/* 1005: disable storing extra session data + * extra session data contains contents of forms, scrollbar positions, cookies and POST data + * options: 0=all 1=http-only 2=none ***/ user_pref("browser.sessionstore.privacy_level", 2); -// 1006: disable pages being stored in memory. This is not the same as memory cache. - // Visited pages are stored in memory in such a way that they don't have to be - // re-parsed. This improves performance when pressing back/forward. - // For the sake of completeness, this option is listed for the truly paranoid. - // 0=none, -1=auto (that's minus 1), or any other positive integer - // http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers +/* 1006: disable pages being stored in memory. This is not the same as memory cache. + * Visited pages are stored in memory in such a way that they don't have to be + * re-parsed. This improves performance when pressing back/forward. + * For the sake of completeness, this option is listed for the truly paranoid. + * 0=none, -1=auto (that's minus 1), or any other positive integer + * http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); -// 1007: disable the Session Restore service completely - // WARNING: This also disables the "Recently Closed Tabs" feature - // It does not affect "Recently Closed Windows" or any history. +/* 1007: disable the Session Restore service completely + * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature + * It does not affect "Recently Closed Windows" or any history. ***/ user_pref("browser.sessionstore.max_tabs_undo", 0); user_pref("browser.sessionstore.max_windows_undo", 0); -// 1008: IF you use session restore (see 1007 above), increasing the minimal interval between - // two session save operations can help on older machines and some websites. - // Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc - your choice. - // WARNING: This can also affect entries in the "Recently Closed Tabs" feature: - // i.e the longer the interval the more chance a quick tab open/close won't be captured - // this longer interval *MAY* affect history but I cannot replicate any history not recorded +/* 1008: IF you use session restore (see 1007 above), increasing the minimal interval between + * two session save operations can help on older machines and some websites. + * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc - your choice. + * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: + * i.e the longer the interval the more chance a quick tab open/close won't be captured + * this longer interval *MAY* affect history but we cannot replicate any history not recorded ***/ // user_pref("browser.sessionstore.interval", 30000); -// 1009: DNS cache and expiration time (default 400 and 60 - same as TBB) +/* 1009: DNS cache and expiration time (default 400 and 60 - same as TBB) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); -// 1010: disable randomized FF HTTP cache decay experiments - // https://trac.torproject.org/projects/tor/ticket/13575 +/* 1010: disable randomized FF HTTP cache decay experiments + * https://trac.torproject.org/projects/tor/ticket/13575 ***/ user_pref("browser.cache.frecency_experiment", -1); -// 1011: disable permissions manager from writing to disk (requires restart) - // https://bugzilla.mozilla.org/show_bug.cgi?id=967812 - // user_pref("permissions.memory_only", true); // (hidden pref) -// 1012: disable resuming session from crash +/* 1011: disable permissions manager from writing to disk (requires restart) + * https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ + // user_pref("permissions.memory_only", true); // (hidden pref) +/* 1012: disable resuming session from crash [SETUP] ***/ user_pref("browser.sessionstore.resume_from_crash", false); -/*** 1200: SSL / OCSP / CERTS / ENCRYPTION / HSTS/HPKP/HTTPS +/*** 1200: HTTPS ( SSL / OCSP / CERTS / ENCRYPTION / HSTS / HPKP ) Note that your cipher and other settings can be used server side as a fingerprint attack vector: - see https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ . You can either - strengthen your encryption/cipher suite and protocols (security) or keep them at default and let - Mozilla handle them (dragging their feet for fear of breaking legacy sites) ***/ + see https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ + You can either strengthen your encryption/cipher suite and protocols (security) or keep them + at default and let Mozilla handle them (dragging their feet for fear of breaking legacy sites) ***/ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); -// 1201: block rc4 fallback (default is now false as of at least FF45) +/* 1201: block rc4 fallback (default is now false as of at least FF45) ***/ user_pref("security.tls.unrestricted_rc4_fallback", false); -// 1203: enable OCSP stapling - // https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +/* 1203: enable OCSP stapling + * https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); -// 1204: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack - // https://wiki.mozilla.org/Security:Renegotiation - // WARNING: tested Jan 2017 - still breaks too many sites +/* 1204: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack + * https://wiki.mozilla.org/Security:Renegotiation + * [WARNING] tested Feb 2017 - still breaks too many sites ***/ // user_pref("security.ssl.require_safe_negotiation", true); -// 1205: display warning (red padlock) for "broken security" - // https://wiki.mozilla.org/Security:Renegotiation +/* 1205: display warning (red padlock) for "broken security" + * https://wiki.mozilla.org/Security:Renegotiation ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -// 1206: require certificate revocation check through OCSP protocol - // This leaks information about the sites you visit to the CA (cert authority) - // It's a trade-off between security (checking) and privacy (leaking info to the CA) - // WARNING: Since FF44 the default is false. If set to true, this may/will cause some - // site breakage. Some users have previously mentioned issues with youtube, microsoft etc +/* 1206: require certificate revocation check through OCSP protocol + * This leaks information about the sites you visit to the CA (cert authority) + * It's a trade-off between security (checking) and privacy (leaking info to the CA) + * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some + * site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ // user_pref("security.OCSP.require", true); -// 1207: query OCSP responder servers to confirm current validity of certificates (default=1) - // 0=disable, 1=validate only certificates that specify an OCSP service URL - // 2=enable and use values in security.OCSP.URL and security.OCSP.signing +/* 1207: query OCSP responder servers to confirm current validity of certificates (default=1) + * 0=disable, 1=validate only certificates that specify an OCSP service URL + * 2=enable and use values in security.OCSP.URL and security.OCSP.signing ***/ user_pref("security.OCSP.enabled", 1); -// 1208: enforce strict pinning - // https://trac.torproject.org/projects/tor/ticket/16206 - // PKP (public key pinning) 0-disabled 1=allow user MiTM (such as your antivirus), 2=strict - // WARNING: If you rely on an AV (antivirus) to protect your web browsing - // by inspecting ALL your web traffic, then leave at current default =1 +/* 1208: enforce strict pinning + * https://trac.torproject.org/projects/tor/ticket/16206 + * PKP (public key pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * [WARNING] If you rely on an AV (antivirus) to protect your web browsing + * by inspecting ALL your web traffic, then leave at current default =1 ***/ user_pref("security.cert_pinning.enforcement_level", 2); -// 1209: control TLS versions with min and max - // 1=min version of TLS 1.0, 2-min version of TLS 1.1, 3=min version of TLS 1.2 etc - // WARNING: FF/chrome currently allow TLS 1.0 by default, so this is your call. - // http://kb.mozillazine.org/Security.tls.version.* - // https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ +/* 1209: control TLS versions with min and max + * 1=min version of TLS 1.0, 2-min version of TLS 1.1, 3=min version of TLS 1.2 etc + * [WARNING] FF/chrome currently allow TLS 1.0 by default, so this is your call. + * http://kb.mozillazine.org/Security.tls.version.* + * https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ // user_pref("security.tls.version.min", 2); // user_pref("security.tls.version.fallback-limit", 3); - // user_pref("security.tls.version.max", 4); // allow up to and including TLS 1.3 -// 1210: disable DHE (Diffie-Hellman Key Exchange) - // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH - // WARNING: may break obscure sites, but not major sites, which should support ECDH over DHE + // user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 +/* 1210: disable DHE (Diffie-Hellman Key Exchange) + * https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH + * [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE ***/ user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -// 1211: disable or limit SHA-1 - // 0 = all SHA1 certs are allowed - // 1 = all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) - // 2 = deprecated option that now maps to 1 - // 3 = only allowed for locally-added roots (e.g. anti-virus) - // 4 = only allowed for locally-added roots or for certs in 2015 and earlier - // WARNING: when disabled, some man-in-the-middle devices (eg security scanners and antivirus - // products, are failing to connect to HTTPS sites. SHA-1 will eventually become obsolete. - // https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ - // https://github.com/pyllyukko/user.js/issues/194#issuecomment-256509998 +/* 1211: disable or limit SHA-1 + * 0 = all SHA1 certs are allowed + * 1 = all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) + * 2 = deprecated option that now maps to 1 + * 3 = only allowed for locally-added roots (e.g. anti-virus) + * 4 = only allowed for locally-added roots or for certs in 2015 and earlier + * [WARNING] when disabled, some man-in-the-middle devices (eg security scanners and antivirus + * products, are failing to connect to HTTPS sites. SHA-1 will eventually become obsolete. + * https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ + * https://github.com/pyllyukko/user.js/issues/194#issuecomment-256509998 ***/ user_pref("security.pki.sha1_enforcement_level", 1); -// 1212: disable SSL session tracking (36+) - // SSL session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. - // Since the ID is unique, web servers can (and do) use it for tracking. If set to true, - // this disables sending SSL3 Session IDs and TLS Session Tickets to prevent session tracking - // WARNING: This will slow down TLS connections (personally I don't notice it at all) - // https://tools.ietf.org/html/rfc5077 - // https://bugzilla.mozilla.org/show_bug.cgi?id=967977 +/* 1212: disable SSL session tracking (FF36+) + * SSL session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. + * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, + * this disables sending SSL3 Session IDs and TLS Session Tickets to prevent session tracking + * https://tools.ietf.org/html/rfc5077 + * https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) -// 1213: disable 3DES (effective key size < 128) - // https://en.wikipedia.org/wiki/3des#Security - // http://en.citizendium.org/wiki/Meet-in-the-middle_attack - // http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html +/* 1213: disable 3DES (effective key size < 128) + * https://en.wikipedia.org/wiki/3des#Security + * http://en.citizendium.org/wiki/Meet-in-the-middle_attack + * http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ user_pref("security.ssl3.rsa_des_ede3_sha", false); -// 1214: disable 128 bits +/* 1214: disable 128 bits ***/ user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -// 1215: disable Microsoft Family Safety cert (Windows 8.1) - // 0: disable detecting Family Safety mode and importing the root - // 1: only attempt to detect Family Safety mode (don't import the root) - // 2: detect Family Safety mode and import the root +/* 1215: disable Microsoft Family Safety cert (Windows 8.1) (FF50+) + * 0 = disable detecting Family Safety mode and importing the root + * 1 = only attempt to detect Family Safety mode (don't import the root) + * 2 = detect Family Safety mode and import the root ***/ user_pref("security.family_safety.mode", 0); -// 1216: disable insecure active content on https pages - mixed content +/* 1216: disable insecure active content on https pages - mixed content ***/ user_pref("security.mixed_content.block_active_content", true); -// 1217: disable insecure passive content (such as images) on https pages - mixed context - // current default=false, leave it this way as too many sites break visually +/* 1217: disable insecure passive content (such as images) on https pages - mixed context + * current default=false, leave it this way as too many sites break visually ***/ // user_pref("security.mixed_content.block_display_content", true); -// 1218: disable HSTS Priming (FF51+) - // RISKS: formerly blocked mixed-content may load, may cause noticeable delays eg requests - // time out, requests may not be handled well by servers, possible fingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 +/* 1218: disable HSTS Priming (FF51+) + * We disable it because formerly blocked mixed-content may load, may cause noticeable delays + * eg requests time out, requests may not be handled well by servers, possible fingerprinting + * https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ user_pref("security.mixed_content.send_hsts_priming", false); user_pref("security.mixed_content.use_hsts", false); -// 1219: enforce HSTS preload list (default is true) - // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ - // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List +/* 1219: enforce HSTS preload list (default is true) + * The list is compiled into Firefox and is used to always use HTTPS for the domains on that list + * https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ + * https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ user_pref("network.stricttransportsecurity.preloadlist", true); -// 1220: disable intermediate certificate caching (fingerprinting attack vector) - // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift) - // WARNING: This affects login/cert/key dbs. The effect is all credentials are session-only. - // Saved logins and passwords are not available. Reset the pref and restart to return them. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug - // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9) +/* 1220: disable intermediate certificate caching (fingerprinting attack vector) + * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) + * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. + * Saved logins and passwords are not available. Reset the pref and restart to return them. + * https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug + * https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) -// 1221: control "Add Security Exception" dialog on SSL warnings - // 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) - // https://github.com/pyllyukko/user.js/issues/210 +/* 1221: control "Add Security Exception" dialog on SSL warnings + * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) + * https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); -// 1223: display advanced information on Insecure Connection warning pages (thanks @crssi) - // only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) - // test: https://expired.badssl.com/ +/* 1223: display advanced information on Insecure Connection warning pages (thanks crssi) + * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) + * test: https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -// 1401: disable websites downloading their own fonts (0=block, 1=allow) - // This setting is under Options>Content>Font & Colors>Advanced>Allow pages to choose... - // If you disallow fonts, this drastically limits/reduces font enumeration (by JS) which - // is a high entropy fingerprinting vector. - // WARNING: Disabling fonts can uglify the web a fair bit. +/* 1401: disable websites choosing fonts (0=block, 1=allow) + * This setting is under Options>Content>Font & Colors>Advanced>Allow pages to choose... + * If you disallow fonts, this drastically limits/reduces font enumeration (by JS) which + * is a high entropy fingerprinting vector. + * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); -// 1402: allow icon fonts (glyphs) (FF41+) +/* 1402: allow icon fonts (glyphs) (FF41+) ***/ user_pref("gfx.downloadable_fonts.enabled", true); -// 1403: disable rendering of SVG OpenType fonts - // https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this +/* 1403: disable rendering of SVG OpenType fonts + * https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -// 1404: use more legible default fonts - // WARNING: These are the author's settings, comment out if you do not require them - // Been using this for over a year, it really grows on you +/* 1404: use more legible default fonts + * [SETUP] These are optional, comment out if you do not require them + * Been using this for over a year, it really grows on you ***/ user_pref("font.name.serif.x-unicode", "Georgia"); user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman user_pref("font.name.sans-serif.x-unicode", "Arial"); -user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial +user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial user_pref("font.name.monospace.x-unicode", "Lucida Console"); user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New -// 1405: disable woff2 +/* 1405: disable WOFF2 (Web Open Font Format) ***/ user_pref("gfx.downloadable_fonts.woff2.enabled", false); -// 1406: disable CSS Font Loading API - // WARNING: Disabling fonts can uglify the web a fair bit. +/* 1406: disable CSS Font Loading API + * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); -// 1407: remove special underline handling for a few fonts which you will probably never use. - // Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. - // http://kb.mozillazine.org/Font.blacklist.underline_offset +/* 1407: remove special underline handling for a few fonts which you will probably never use. + * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. + * http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); -// 1408: disable graphite which FF49 turned back on by default - // In the past it had security issues - need citation +/* 1408: disable graphite which FF49 turned back on by default + * In the past it had security issues - need citation ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/*** 1600: HEADERS / REFERERS +/*** 1600: HEADERS / REFERERS [SETUP] Except for 1601 and 1602, these can all be best handled by an extension to block/spoof all and then whitelist if needed, otherwise too much of the internet breaks. http://www.ghacks.net/2015/01/22/improve-online-privacy-by-controlling-referrer-information/ #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -// 1601: disable referer from an SSL Website - // to be deprecated in FF52+? - https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 +/* 1601: disable referer from an SSL Website + * to be deprecated in FF52+? - https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ user_pref("network.http.sendSecureXSiteReferrer", false); -// 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) - // NOTE: "Options>Privacy>Tracking>Request that sites not track you" - // if you use NoScript MAKE SURE to set your noscript.doNotTrack.enabled to match - // http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) +/* 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) + * This setting is under Options>Privacy>Tracking>Request that sites not track you + * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match + * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ // user_pref("privacy.donottrackheader.enabled", true); // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) -// 1603: referer, WHEN to send - // 0=never, 1=send only when links are clicked, 2=for links and images (default) +/* 1603: referer, WHEN to send + * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ // user_pref("network.http.sendRefererHeader", 2); -// 1604: referer, SPOOF or NOT (default=false) +/* 1604: referer, SPOOF or NOT (default=false) ***/ // user_pref("network.http.referer.spoofSource", false); -// 1605: referer, HOW to handle cross origins - // 0=always (default), 1=only if base domains match, 2=only if hosts match +/* 1605: referer, HOW to handle cross origins + * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ // user_pref("network.http.referer.XOriginPolicy", 0); -// 1606: referer, WHAT to send (limit the information) - // 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port +/* 1606: referer, WHAT to send (limit the information) + * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ // user_pref("network.http.referer.trimmingPolicy", 0); /*** 1800: PLUGINS ***/ user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -// 1801: set default plugin state (i.e new plugins on discovery) to never activate - // 0=disabled, 1=ask to activate, 2=active - you can override individual plugins +/* 1801: set default plugin state (i.e new plugins on discovery) to never activate + * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ user_pref("plugin.default.state", 0); user_pref("plugin.defaultXpi.state", 0); -// 1802: enable click to play and set to 0 minutes +/* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -// 1802a: make sure a plugin is in a certain state: 0=deactivated 1=ask 2=enabled (Flash example) - // you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config - // NOTE: you can still over-ride individual sites eg youtube via site permissions - // http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ +/* 1803: make sure a plugin is in a certain state: 0=deactivated 1=ask 2=enabled (Flash example) + * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config + * [NOTE] you can still over-ride individual sites eg youtube via site permissions + * http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); -// 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect +/* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ user_pref("security.xpconnect.plugin.unrestricted", false); -// 1805: disable scanning for plugins - // http://kb.mozillazine.org/Plugin_scanning - // plid.all = whether to scan the directories specified in the Windows registry for PLIDs - // includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc - // WARNING: The author turned off plugins, try it one day. You are not missing much. +/* 1805: disable scanning for plugins + * http://kb.mozillazine.org/Plugin_scanning + * plid.all = whether to scan the directories specified in the Windows registry for PLIDs + * includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc + * [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/ user_pref("plugin.scan.plid.all", false); -// 1806: Acrobat, Quicktime, WMP are handled separately from 1805 above. - // The string refers to min version number allowed +/* 1806: Acrobat, Quicktime, WMP are handled separately from 1805 above. + * The string refers to min version number allowed ***/ user_pref("plugin.scan.Acrobat", "99999"); user_pref("plugin.scan.Quicktime", "99999"); user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -// 1807: disable auto-play of HTML5 media - // WARNING: This may break youtube video playback (and probably other sites). If you block - // autoplay but occasionally would like a toggle button, try the following add-on - // https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle +/* 1807: disable auto-play of HTML5 media + * [WARNING] This may break youtube video playback (and probably other sites). If you block + * autoplay but occasionally would like a toggle button, try the following add-on + * https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ user_pref("media.autoplay.enabled", false); -// 1808: disable audio auto-play in non-active tabs (FF51+) - // http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ +/* 1808: disable audio auto-play in non-active tabs (FF51+) + * http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); -// 1820: disable all GMP (Gecko Media Plugins) - // https://wiki.mozilla.org/GeckoMediaPlugins +/* 1820: disable all GMP (Gecko Media Plugins) [SETUP] + * https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); -// 1825: disable widevine CDM (Content Decryption Module) +/* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); -// 1830: disable all DRM content (EME: Encryption Media Extension) +/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required user_pref("media.eme.apiVisible", false); // block websites detecting DRM is disabled -// 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - // This is the bundled codec used for video chat in WebRTC - // Disable pings to the external update/download server +/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" + * and disable pings to the external update/download server + * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -// 1850: disable the Adobe EME "Primetime CDM" (Content Decryption Module) - // https://trac.torproject.org/projects/tor/ticket/16285 +/* 1850: disable the Adobe EME "Primetime CDM" (Content Decryption Module) [SETUP] + * https://trac.torproject.org/projects/tor/ticket/16285 ***/ user_pref("media.gmp-eme-adobe.enabled", false); user_pref("media.gmp-eme-adobe.visible", false); user_pref("media.gmp-eme-adobe.autoupdate", false); /*** 2000: MEDIA / CAMERA / MIKE ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); -// 2001: disable WebRTC - // https://www.privacytools.io/#webrtc +/* 2001: disable WebRTC (Web Real-Time Communication) + * https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.use_document_iceservers", false); user_pref("media.peerconnection.video.enabled", false); user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.identity.timeout", 1); user_pref("media.peerconnection.turn.disable", true); - // disable video capability for WebRTC -user_pref("media.navigator.video.enabled", false); -// 2001a: pref which improves the WebRTC IP Leak issue, as opposed to completely - // disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+) - // https://wiki.mozilla.org/Media/WebRTC/Privacy +user_pref("media.navigator.video.enabled", false); // video capability for WebRTC +/* 2002: pref which improves the WebRTC IP Leak issue, as opposed to completely + * disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+) + * https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); // (FF41-FF50) user_pref("media.peerconnection.ice.no_host", true); // (FF51+) -// 2010: disable WebGL, force bare minimum feature set if used & disable WebGL extensions - // http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ - // https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern +/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions + * http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ + * https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); -// 2011: don't make WebGL debug info available to websites - // https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 - // https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info +/* 2011: don't make WebGL debug info available to websites + * https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 + * https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); -// 2012: two more webgl preferences (FF51+) +/* 2012: two more webgl preferences (FF51+) ***/ user_pref("webgl.dxgl.enabled", false); user_pref("webgl.enable-webgl2", false); -// 2021: disable speech recognition +/* 2021: disable speech recognition + * https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition + * https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis + * https://wiki.mozilla.org/HTML5_Speech_API ***/ user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); -// 2022: disable screensharing +/* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.screensharing.allowed_domains", ""); user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); -// 2023: disable camera stuff +/* 2023: disable camera stuff ***/ user_pref("camera.control.face_detection.enabled", false); -// 2024: enable/disable MSE (Media Source Extensions) - // http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ +/* 2024: enable/disable MSE (Media Source Extensions) + * http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ user_pref("media.mediasource.enabled", true); user_pref("media.mediasource.mp4.enabled", true); user_pref("media.mediasource.webm.audio.enabled", true); user_pref("media.mediasource.webm.enabled", true); -// 2025: enable/disable various media types - end user personal choice - // WARNING: this is the author's settings, choose your own +/* 2025: enable/disable various media types [SETUP] ***/ user_pref("media.mp4.enabled", true); user_pref("media.flac.enabled", true); // (FF51+) user_pref("media.ogg.enabled", false); @@ -858,29 +793,29 @@ user_pref("media.raw.enabled", false); user_pref("media.wave.enabled", false); user_pref("media.webm.enabled", true); user_pref("media.wmf.enabled", true); // https://www.youtube.com/html5 - for the two H.264 entries -// 2026: disable canvas capture stream - // https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream +/* 2026: disable canvas capture stream + * https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); -// 2027: disable camera image capture - // https://trac.torproject.org/projects/tor/ticket/16339 +/* 2027: disable camera image capture + * https://trac.torproject.org/projects/tor/ticket/16339 ***/ user_pref("dom.imagecapture.enabled", false); -// 2028: disable offscreen canvas - // https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas +/* 2028: disable offscreen canvas + * https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); /*** 2200: UI MEDDLING see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -// 2201: disable website control over right click context menu - // WARNING: This will break some sites eg Dropbox, Google Docs? gmail? +/* 2201: disable website control over right click context menu + * [WARNING] This will break sites' functionality such as Dropbox ***/ user_pref("dom.event.contextmenu.enabled", false); -// 2202: UI SPOOFING: disable scripts hiding or disabling the following on new windows +/* 2202: UI SPOOFING: disable scripts hiding or disabling the following on new windows ***/ user_pref("dom.disable_window_open_feature.location", true); user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.resizable", true); user_pref("dom.disable_window_open_feature.status", true); user_pref("dom.disable_window_open_feature.toolbar", true); -// 2203: POPUP windows - prevent or allow javascript UI meddling +/* 2203: POPUP windows - prevent or allow javascript UI meddling ***/ user_pref("dom.disable_window_flip", true); // window z-order user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_window_open_feature.close", true); @@ -889,472 +824,468 @@ user_pref("dom.disable_window_open_feature.personalbar", true); //bookmarks tool user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_status_change", true); user_pref("dom.allow_scripts_to_close_windows", false); -// 2204: disable links opening in a new window - // https://trac.torproject.org/projects/tor/ticket/9881 - // test url: https://people.torproject.org/~gk/misc/entire_desktop.html - // You can still right click a link and select open in a new window - // This is to stop malicious window sizes and screen res leaks etc in conjunction - // with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false +/* 2204: disable links opening in a new window + * https://trac.torproject.org/projects/tor/ticket/9881 + * test url: https://people.torproject.org/~gk/misc/entire_desktop.html + * You can still right click a link and select open in a new window + * This is to stop malicious window sizes and screen res leaks etc in conjunction + * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false ***/ // user_pref("browser.link.open_newwindow.restriction", 0); -// 2204: disable "Confirm you want to leave" dialog on page close - // Does not prevent JS leaks of the page close event. - // https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload - // https://support.mozilla.org/en-US/questions/1043508 +/* 2204: disable "Confirm you want to leave" dialog on page close + * Does not prevent JS leaks of the page close event. + * https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload + * https://support.mozilla.org/en-US/questions/1043508 ***/ user_pref("dom.disable_beforeunload", true); /*** 2300: SERVICE WORKERS ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -// 2301: disable workers API and service workers API - // https://developer.mozilla.org/en-US/docs/Web/API/Worker - // https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API - // http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ - // WARNING: WILL break sites as this gains traction: eg mega.nz requires workers +/* 2301: disable workers API and service workers API + * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) + * [WARNING] WILL break sites as this gains traction: eg mega.nz requires workers + * https://developer.mozilla.org/en-US/docs/Web/API/Worker + * https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API + * http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/ user_pref("dom.workers.enabled", false); user_pref("dom.serviceWorkers.enabled", false); -// 2302: disable service workers cache and cache storage +/* 2302: disable service workers cache and cache storage ***/ user_pref("dom.caches.enabled", false); -// 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled] - // web apps can receive messages pushed to them from a server, whether or - // not the web app is in the foreground, or even currently loaded - // https://developer.mozilla.org/en/docs/Web/API/Push_API - // WARNING: may affect social media sites like Twitter +/* 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled] + * web apps can receive messages pushed to them from a server, whether or + * not the web app is in the foreground, or even currently loaded + * https://developer.mozilla.org/en/docs/Web/API/Push_API + * [WARNING] may affect social media sites like Twitter ***/ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); -// 2304: disable web/push notifications - // https://developer.mozilla.org/en-US/docs/Web/API/notification - // NOTE: you can still override individual domains under site permissions (FF44+) - // WARNING: may affect social media sites like Twitter +/* 2304: disable web/push notifications + * https://developer.mozilla.org/en-US/docs/Web/API/notification + * [NOTE] you can still override individual domains under site permissions (FF44+) + * [WARNING] may affect social media sites like Twitter ***/ user_pref("dom.webnotifications.enabled", false); user_pref("dom.webnotifications.serviceworker.enabled", false); /*** 2400: DOM & JAVASCRIPT ***/ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -// 2402: disable website access to clipboard events/content - // http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ - // WARNING: This will break some sites functionality such as pasting into Facebook - // this applies to onCut, onCopy, onPaste events - i.e is you have to interact with - // the website for it to look at the clipboard +/* 2402: disable website access to clipboard events/content + * http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ + * [WARNING] This will break some sites functionality such as pasting into facebook + * this applies to onCut, onCopy, onPaste events - i.e you have to interact with + * the website for it to look at the clipboard ***/ user_pref("dom.event.clipboardevents.enabled", false); -// 2403: disable clipboard commands (cut/copy) from "non-priviledged" content - // this disables document.execCommand("cut"/"copy") to protect your clipboard - // https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 +/* 2403: disable clipboard commands (cut/copy) from "non-priviledged" content + * this disables document.execCommand("cut"/"copy") to protect your clipboard + * https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) -// 2404: disable JS storing data permanently - // If you block indexedDB but would like a toggle button, try the following add-on - // https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ - // This setting WAS under about:permissions>All Sites>Maintain Offline Storage - // NOTE: about:permissions is no longer available since FF46 but you can still override - // individual domains: use info icon in urlbar etc or right click on a web page>view page info - // WARNING: If set as false (disabled), this WILL break some [old] add-ons and DOES break - // a lot of sites' functionality. Applies to websites, add-ons and session data. +/* 2404: disable JS storing data permanently + * If you block indexedDB but would like a toggle button, try the following add-on + * https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ + * This setting WAS under about:permissions>All Sites>Maintain Offline Storage + * [NOTE] about:permissions is no longer available since FF46 but you can still override + * individual domains: use info icon in urlbar etc or right click on a web page>view page info + * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES break + * a lot of sites' functionality. Applies to websites, add-ons and session data. ***/ user_pref("dom.indexedDB.enabled", false); -// 2405: https://wiki.mozilla.org/WebAPI/Security/WebTelephony +/* 2405: https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ user_pref("dom.telephony.enabled", false); -// 2410: disable User Timing API - // https://trac.torproject.org/projects/tor/ticket/16336 +/* 2410: disable User Timing API + * https://trac.torproject.org/projects/tor/ticket/16336 ***/ user_pref("dom.enable_user_timing", false); -// 2411: disable resource/navigation timing +/* 2411: disable resource/navigation timing ***/ user_pref("dom.enable_resource_timing", false); -// 2412: disable timing attacks - javascript performance fingerprinting - // https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +/* 2412: disable timing attacks - javascript performance fingerprinting + * https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ user_pref("dom.enable_performance", false); -// 2414: disable shaking the screen +/* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); -// 2415: max popups from a single non-click event - default is 20! +/* 2415: max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); -// 2415b: limit events that can cause a popup - // default is "change click dblclick mouseup notificationclick reset submit touchend" - // WARNING: Author killed all methods but does this with Popup Blocker Ultimate - // in Strict mode with whitelist. Or you can allow all but blacklist. Either way, - // Popup Blocker Ultimate overwrites this pref with a blank (or allows everything!). - // http://kb.mozillazine.org/Dom.popup_allowed_events +/* 2415b: limit events that can cause a popup + * default is "change click dblclick mouseup notificationclick reset submit touchend" + * http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); -// 2416: disable idle observation +/* 2416: disable idle observation ***/ user_pref("dom.idle-observers-api.enabled", false); -// 2418: disable full-screen API - // This setting WAS under about:permissions>All Sites>Fullscreen - // NOTE: about:permissions is no longer available since FF46 but you can still override - // individual domains: use info icon in urlbar etc or right click on a web page>view page info - // set to false=block, set to true=ask +/* 2418: disable full-screen API + * This setting WAS under about:permissions>All Sites>Fullscreen + * [NOTE] about:permissions is no longer available since FF46 but you can still override + * individual domains: use info icon in urlbar etc or right click on a web page>view page info + * set to false=block, set to true=ask ***/ user_pref("full-screen-api.enabled", false); -// 2420: disable support for asm.js ( http://asmjs.org/ ) - // https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ - // https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ - // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 +/* 2420: disable support for asm.js ( http://asmjs.org/ ) + * https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ + * https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ + * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ user_pref("javascript.options.asmjs", false); -// 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 - // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 - // WARNING: causes the odd site issue and there is also a performance loss - // Update: Jan-2017: commented out for now, as performance gains outweigh extra security +/* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 + * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 + * [WARNING] causes the odd site issue and there is also a performance loss ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); -// 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly - // in the browser, through DOM file objects. Default is false. +/* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly + * in the browser, through DOM file objects. Default is false. ***/ user_pref("dom.archivereader.enabled", false); -// 2450: force FF to tell you if a website asks to store data for offline use - // https://support.mozilla.org/en-US/questions/1098540 - // https://bugzilla.mozilla.org/show_bug.cgi?id=959985 +/* 2450a: force Firefox to tell you if a website asks to store data for offline use + * https://support.mozilla.org/en-US/questions/1098540 + * https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); - // Options>Advanced>Network>Tell me when a website asks to store data for offline use +/* 2450b: Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); - // change size of warning quota for offline cache (default 51200) - // Offline cache is only used in rare cases to store data locally. FF will store small amounts - // (default <50MB) of data in the offline (application) cache without asking for permission. +/* 2450c: change size of warning quota for offline cache (default 51200) + * Offline cache is only used in rare cases to store data locally. FF will store small amounts + * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ // user_pref("offline-apps.quota.warn", 51200); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -// 2501: disable gamepad API - USB device ID enumeration - // https://trac.torproject.org/projects/tor/ticket/13023 +/* 2501: disable gamepad API - USB device ID enumeration + * https://trac.torproject.org/projects/tor/ticket/13023 ***/ user_pref("dom.gamepad.enabled", false); -// 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that is now fixed. - // However, it is still another metric for fingerprinting, used to raise entropy. - // eg: do you have a battery or not, current charging status, charge level, times remaining etc - // http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - // https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - // https://www.w3.org/TR/battery-status/ - // https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online - // NOTE: From FF52+ Battery Status API is only available in chrome/privileged code. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 +/* 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that is now fixed. + * However, it is still another metric for fingerprinting, used to raise entropy. + * eg: do you have a battery or not, current charging status, charge level, times remaining etc + * http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + * https://www.w3.org/TR/battery-status/ + * https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. + * https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ user_pref("dom.battery.enabled", false); -// 2503: disable giving away network info - // eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - // https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API - // https://wicg.github.io/netinfo/ - // https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +/* 2503: disable giving away network info + * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none + * https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API + * https://wicg.github.io/netinfo/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ user_pref("dom.netinfo.enabled", false); -// 2504: disable virtual reality devices - // https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API +/* 2504: disable virtual reality devices + * https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ user_pref("dom.vr.enabled", false); user_pref("dom.vr.oculus.enabled", false); user_pref("dom.vr.osvr.enabled", false); // (FF49+) user_pref("dom.vr.openvr.enabled", false); // (FF51+) -// 2505: disable media device enumeration (FF29+) - // NOTE: media.peerconnection.enabled should also be set to false (see 2001) - // https://wiki.mozilla.org/Media/getUserMedia - // https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices +/* 2505: disable media device enumeration (FF29+) + * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) + * https://wiki.mozilla.org/Media/getUserMedia + * https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); -// 2506: disable video statistics - JS performance fingerprinting - // https://trac.torproject.org/projects/tor/ticket/15757 +/* 2506: disable video statistics - JS performance fingerprinting + * https://trac.torproject.org/projects/tor/ticket/15757 ***/ user_pref("media.video_stats.enabled", false); -// 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) - // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on - // web pages. These parameters vary between types of keyboard layouts such as QWERTY, - // AZERTY, Dvorak, and between various languages, eg German vs English. - // WARNING: Don't use if Android + physical keyboard - // UPDATE: This MAY be incorporated better into the Tor Uplift project (see 2699) - // https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code - // https://www.privacy-handbuch.de/handbuch_21v.htm +/* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) + * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on + * web pages. These parameters vary between types of keyboard layouts such as QWERTY, + * AZERTY, Dvorak, and between various languages, eg German vs English. + * [WARNING] Don't use if Android + physical keyboard + * [UPDATE] This MAY be incorporated better into the Tor Uplift project (see 2699) + * https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code + * https://www.privacy-handbuch.de/handbuch_21v.htm ***/ user_pref("dom.keyboardevent.code.enabled", false); user_pref("dom.beforeAfterKeyboardEvent.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); -// 2508: disable graphics fingerprinting (the loss of hardware acceleration is negligible) - // These prefs are under Options>Advanced>General>Use hardware acceleration when available - // NOTE: changing this option changes BOTH these preferences - // https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration - // WARNING: This changes text rendering (fonts will look different) - // If you watch a lot of video, this will impact performance +/* 2508: reduce graphics fingerprinting (the loss of hardware acceleration is negligible) + * This setting is under Options>Advanced>General>Use hardware acceleration when available + * [NOTE] changing this option changes BOTH these preferences + * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance + * https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ user_pref("gfx.direct2d.disabled", true); user_pref("layers.acceleration.disabled", true); -// 2509: disable touch events - // https://developer.mozilla.org/en-US/docs/Web/API/Touch_events - // https://trac.torproject.org/projects/tor/ticket/10286 - // fingerprinting attack vector - leaks screen res & actual screen coordinates - // WARNING: If you use touch eg Win8/10 Metro/Smartphone reset this to default +/* 2509: disable touch events [SETUP] + * https://developer.mozilla.org/en-US/docs/Web/API/Touch_events + * https://trac.torproject.org/projects/tor/ticket/10286 + * fingerprinting attack vector - leaks screen res & actual screen coordinates ***/ user_pref("dom.w3c_touch_events.enabled", 0); -// 2510: disable Web Audio API (FF51+) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 +/* 2510: disable Web Audio API (FF51+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); -// 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) - // https://developer.mozilla.org/en-US/docs/Web/Events/devicechange - // https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange +/* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) + * https://developer.mozilla.org/en-US/docs/Web/Events/devicechange + * https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); -// 2512: disable device sensor API - fingerprinting vector - // https://trac.torproject.org/projects/tor/ticket/15758 +/* 2512: disable device sensor API + * https://trac.torproject.org/projects/tor/ticket/15758 ***/ user_pref("device.sensors.enabled", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); -// 2601: disable sending additional analytics to web servers - // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon +/* 2601: disable sending additional analytics to web servers + * https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ user_pref("beacon.enabled", false); -// 2602: CIS 2.3.2 disable downloading on desktop +/* 2602: CIS 2.3.2 disable downloading on desktop ***/ user_pref("browser.download.folderList", 2); -// 2603: always ask the user where to download - enforce user interaction for security +/* 2603: always ask the user where to download - enforce user interaction for security ***/ user_pref("browser.download.useDownloadDir", false); -// 2604: https://bugzilla.mozilla.org/show_bug.cgi?id=238789#c19 +/* 2604: https://bugzilla.mozilla.org/show_bug.cgi?id=238789#c19 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -// 2605: don't integrate activity into windows recent documents +/* 2605: don't integrate activity into windows recent documents ***/ user_pref("browser.download.manager.addToRecentDocs", false); -// 2606: disable hiding mime types (Options>Applications) not associated with a plugin +/* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); -// 2607: disable page thumbnail collection - // look in profile/thumbnails directory - you may want to clean that out +/* 2607: disable page thumbnail collection + * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) -// 2608: disable JAR from opening Unsafe File Types +/* 2608: disable JAR from opening Unsafe File Types ***/ user_pref("network.jar.open-unsafe-types", false); -// 2611: disable WebIDE to prevent remote debugging and add-on downloads - // https://trac.torproject.org/projects/tor/ticket/16222 +/* 2611: disable WebIDE to prevent remote debugging and add-on downloads + * https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.webide.autoinstallFxdtAdapters", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -// 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku - // https://trac.torproject.org/projects/tor/ticket/16222 +/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku + * https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("browser.casting.enabled", false); user_pref("gfx.layerscope.enabled", false); -// 2614: disable SPDY as it can contain identifiers - // https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) +/* 2614: disable SPDY as it can contain identifiers + * https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) ***/ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); -// 2615: disable http2 for now as well +/* 2615: disable http2 for now as well ***/ user_pref("network.http.spdy.enabled.http2", false); -// 2617: disable pdf.js as an option to preview PDFs within Firefox - // see mime-types under Options>Applications) - EXPLOIT risk - // Enabling this (set to true) will change your option most likely to "Ask" or "Open with - // some external pdf reader". This does NOT necessarily prevent pdf.js being used via - // other means, it only removes the option. I think this should be left at default (false). - // 1. It won't stop JS bypassing it. 2. Depending on external pdf viewers there is just as - // much risk or more (acrobat). 3. Mozilla are very quick to patch these sorts of exploits, - // they treat them as severe/critical and 4. for convenience +/* 2617: enable pdf.js as an option to preview PDFs within Firefox - EXPLOIT risk + * This setting is under Options>Applications>Portable Document Format (PDF) + * Enabling this (set to true) will change your option most likely to "Ask" or "Open with + * some external pdf reader". This does NOT necessarily prevent pdf.js being used via + * other means, it only removes the option. We recommend this is left at default (false). + * 1. It won't stop JS bypassing it. 2. Depending on external pdf viewers there is just as + * much risk or more (acrobat). 3. Mozilla are very quick to patch these sorts of exploits, + * they treat them as severe/critical and 4. for convenience + * [SETUP] By all means, use an external app you consider MORE secure ***/ user_pref("pdfjs.disabled", false); -// 2618: when using SOCKS have the proxy server do the DNS lookup - dns leak issue - // http://kb.mozillazine.org/Network.proxy.socks_remote_dns - // https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers - // eg in TOR, this stops your local DNS server from knowing your Tor destination - // as a remote Tor node will handle the DNS request +/* 2618: when using SOCKS have the proxy server do the DNS lookup - DNS leak issue + * http://kb.mozillazine.org/Network.proxy.socks_remote_dns + * https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers + * eg in TOR, this stops your local DNS server from knowing your Tor destination + * as a remote Tor node will handle the DNS request ***/ user_pref("network.proxy.socks_remote_dns", true); -// 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - // WARNING: a low setting of 5 or under will probably break some sites (eg gmail logins) - // To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 +/* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) + * [WARNING] a low setting of 5 or under will probably break some sites (eg gmail logins) + * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ user_pref("network.http.redirection-limit", 10); -// 2620: disable middle mouse click opening links from clipboard - // https://trac.torproject.org/projects/tor/ticket/10089 - // http://kb.mozillazine.org/Middlemouse.contentLoadURL +/* 2620: disable middle mouse click opening links from clipboard + * https://trac.torproject.org/projects/tor/ticket/10089 + * http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -// 2621: disable IPv6 (included for knowledge ONLY - not recommended) - // This is all about covert channels such as MAC addresses being included/abused in the - // IPv6 protocol for tracking. If you want to mask your IP address, this is not the way - // to do it. It's 2016, IPv6 is here. Here are some old links - // 2010: https://www.christopher-parsons.com/ipv6-and-the-future-of-privacy/ - // 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 - // 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ - // NOTE: It is a myth that disabling IPv6 will speed up your internet connection - // http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection +/* 2621: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) + * This is all about covert channels such as MAC addresses being included/abused in the + * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way + * to do it. It's 2016, IPv6 is here. Here are some old links + * 2010: https://www.christopher-parsons.com/ipv6-and-the-future-of-privacy/ + * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 + * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ + * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection + * http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); -// 2622: ensure you have a security delay when installing add-ons (milliseconds) - // default=1000, This also covers the delay in "Save" on downloading files. - // http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - // http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ +/* 2622: ensure you have a security delay when installing add-ons (milliseconds) + * default=1000, This also covers the delay in "Save" on downloading files. + * http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox + * http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 1000); -// 2623: ensure Strict File Origin Policy on local files - // The default is true. Included for completeness - // http://kb.mozillazine.org/Security.fileuri.strict_origin_policy +/* 2623: ensure Strict File Origin Policy on local files + * The default is true. Included for completeness + * http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ user_pref("security.fileuri.strict_origin_policy", true); -// 2624: enforce Subresource Integrity (SRI) (FF43+) - // The default is true. Included for completeness - // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity - // https://wiki.mozilla.org/Security/Subresource_Integrity +/* 2624: enforce Subresource Integrity (SRI) (FF43+) + * The default is true. Included for completeness + * https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity + * https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); -// 2625: Applications [non Tor protocol] SHOULD generate an error - // upon the use of .onion and SHOULD NOT perform a DNS lookup. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 +/* 2625: Applications [non Tor protocol] SHOULD generate an error + * upon the use of .onion and SHOULD NOT perform a DNS lookup. + * https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); -// 2626: strip optional user agent token, default is false, included for completeness - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference +/* 2626: strip optional user agent token, default is false, included for completeness + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ user_pref("general.useragent.compatMode.firefox", false); -// 2628: disable UITour backend so there is no chance that a remote page can use it +/* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); -// 2629: disable remote JAR files being opened, regardless of content type - // https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 +/* 2629: disable remote JAR files being opened, regardless of content type + * https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ user_pref("network.jar.block-remote-files", true); -// 2650: start the browser in e10s mode (48+) - // After restarting the browser, you can check whether it's enabled by visiting - // about:support and checking that "Multiprocess Windows" = 1 - // use force-enable and extensions.e10sblocksenabling if you have add-ons +/* 2650: start the browser in e10s mode (FF48+) + * After restarting the browser, you can check whether it's enabled by visiting + * about:support and checking that "Multiprocess Windows" = 1 + * use force-enable and extensions.e10sblocksenabling if you have add-ons ***/ // user_pref("browser.tabs.remote.autostart", true); // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) // user_pref("extensions.e10sBlocksEnabling", false); -// 2651: control e10s number of container processes - // http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ - // https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 +/* 2651: control e10s number of container processes + * http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); -// 2652: enable console shim warnings for extensions that don't have the flag - // 'multiprocessCompatible' set to true +/* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/ user_pref("dom.ipc.shims.enabledWarnings", true); -// 2660: enforce separate content process for file://URLs (FF53+?) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - // http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ +/* 2660: enforce separate content process for file://URLs (FF53+?) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 + * http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ user_pref("browser.tabs.remote.separateFileUriProcess", true); -// 2662: disable "open with" in download dialog (FF50+) - // This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) - // in such a way that it is forbidden to run external applications. - // WARNING: This may interfere with some users' workflow or methods - // https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 +/* 2662: disable "open with" in download dialog (FF50+) + * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) + * in such a way that it is forbidden to run external applications. + * [SETUP] This may interfere with some users' workflow or methods + * https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ user_pref("browser.download.forbid_open_with", true); -// 2663: disable MathML (FF51+) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 - // test: http://browserspy.dk/mathml.php +/* 2663: disable MathML (Mathematical Markup Language) (FF51+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 + * test: http://browserspy.dk/mathml.php ***/ user_pref("mathml.disabled", true); -// 2664: disable DeviceStorage API - // https://wiki.mozilla.org/WebAPI/DeviceStorageAPI +/* 2664: disable DeviceStorage API + * https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ user_pref("device.storage.enabled", false); -// 2665: sanitize webchannel whitelist +/* 2665: sanitize webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); -// 2666: disable HTTP Alternative Services - // http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 +/* 2666: disable HTTP Alternative Services + * http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); -// 2667: disable various developer tools in browser context - // Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - // http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 +/* 2667: disable various developer tools in browser context + * Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes + * http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -// 2668: lock down allowed extension directories - // WARNING: this will break add-ons (Roboform, Internet Download Manager and others) that - // do not use the default XPI directories - // https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - // archived: http://archive.is/DYjAM +/* 2668: lock down allowed extension directories + * [WARNING] this will break add-ons that do not use the default XPI directories + * https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ + * archived: http://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -// 2669: strip paths when sending URLs to PAC scripts (FF51+) - // CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 +/* 2669: strip paths when sending URLs to PAC scripts (FF51+) + * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); -// 2670: close bypassing of CSP via image mime types (FF51+) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 +/* 2670: close bypassing of CSP via image mime types (FF51+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); -// 2671: disable SVG (FF53+) - // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage - // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 +/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) + * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage + * https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ user_pref("svg.disabled", true); -// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk - // Firefox has *some* protections to mitigate the risk, but it is better to be safe - // than sorry. The downside: it will also display legitimate IDN's punycoded, which - // might be undesirable for users from countries with non-latin alphabets - // http://kb.mozillazine.org/Network.IDN_show_punycode - // https://wiki.mozilla.org/IDN_Display_Algorithm - // https://en.wikipedia.org/wiki/IDN_homograph_attack - // CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +/* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk + * Firefox has *some* protections to mitigate the risk, but it is better to be safe + * than sorry. The downside: it will also display legitimate IDN's punycoded, which + * might be undesirable for users from countries with non-latin alphabets + * http://kb.mozillazine.org/Network.IDN_show_punycode + * https://wiki.mozilla.org/IDN_Display_Algorithm + * https://en.wikipedia.org/wiki/IDN_homograph_attack + * CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ ***/ user_pref("network.IDN_show_punycode", true); -// 2673: enforce CSP (Content Security Policy) (default is true) - // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +/* 2673: enforce CSP (Content Security Policy) (default is true) + * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); /*** 2697: USER AGENT (UA) SPOOFING Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the - lastest ESR, it still *does* *not* *work*. There are two main reasons for this. + latest ESR, it still *does* *not* *work*. There are two main reasons for this. 1. Many of the components that make up your UA can be derived by other means. And when those values differ, you provide more bits and raise entropy. Examples of leaks include navigator objects, resource://URIs, locale, feature detection and more. - 2. You are not in a controlled set of signifcant numbers, where the values are enforced + 2. You are not in a controlled set of significant numbers, where the values are enforced by default. It works for TBB because for TBB, the spoofed values ARE their default. * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) * Values below are for example only based on the current ESR/TBB at the time of writing ***/ -// 2697-A: navigator.userAgent leaks in JS - // NOTE: setting this will break any UA spoofing add-on whitelisting +/* 2697a: navigator.userAgent leaks in JS + * [NOTE] setting this will break any UA spoofing add-on whitelisting ***/ // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) -// 2697-B: navigator.buildID (see gecko.buildID in about:config) reveals build time - // down to the second which defeats user agent spoofing and can compromise OS etc - // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 +/* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time + * down to the second which defeats user agent spoofing and can compromise OS etc + * https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ // user_pref("general.buildID.override", "20100101"); // (hidden pref) -// 2697-C: navigator.appName +/* 2697c: navigator.appName ***/ //user_pref("general.appname.override", "Netscape"); // (hidden pref) -// 2697-D: navigator.appVersion +/* 2697d: navigator.appVersion ***/ // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) -// 2697-E: navigator.platform leaks in JS +/* 2697e: navigator.platform leaks in JS ***/ // user_pref("general.platform.override", "Win32"); // (hidden pref) -// 2697-F: navigator.oscpu leaks in JS +/* 2697f: navigator.oscpu leaks in JS ***/ // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -// 2697-G: also see 0204 for general.useragent.locale +/* 2697g: also see 0204 for general.useragent.locale ***/ /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ -// 2698a: enable first party isolation pref and OriginAttribute (FF51+) - // WARNING: breaks lots of cross-domain logins and site funtionality until perfected - // https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 -// 2698b: this also isolates OCSP requests by first party domain - // https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 +/* 2698a: enable first party isolation pref and OriginAttribute (FF51+) + * [WARNING] breaks lots of cross-domain logins and site functionality until perfected + * https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ +/* 2698b: this also isolates OCSP requests by first party domain + * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ // user_pref("privacy.firstparty.isolate", true); /*** 2699: TOR UPLIFT: privacy.resistFingerprinting This preference will be used as a generic switch for a wide range of items. This section will attempt to list all the ramifications and Mozilla tickets ***/ -// 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. - // POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - // https://bugzilla.mozilla.org/show_bug.cgi?id=418986 - // NOTE: does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - // NOTE: this will probably make your values pretty unique until you resize or snap the - // inner window width + height into standard/common resolutions (mine is at 1366x768) - // To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - // Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - // your window size, do some math, resize to allow for all the non inner window elements - // test: http://browserspy.dk/screen.php - // Common resolutions: http://www.rapidtables.com/web/dev/screen-resolution-statistics.htm -// 2699b: spoof screen orientation - // https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 -// 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 +/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. + * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + * https://bugzilla.mozilla.org/show_bug.cgi?id=418986 + * [NOTE] does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + * [NOTE] this will probably make your values pretty unique until you resize or snap the + * inner window width + height into standard/common resolutions (mine is at 1366x768) + * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + * your window size, do some math, resize to allow for all the non inner window elements + * test: http://browserspy.dk/screen.php + * Common resolutions: http://www.rapidtables.com/web/dev/screen-resolution-statistics.htm ***/ +/* 2699b: spoof screen orientation + * https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ +/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -// 2701: disable cookies on all sites - // you can set exceptions under site permissions or use an extension (eg Cookie Controller) - // 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie +/* 2701: disable cookies on all sites [SETUP] + * If you use custom settings for History in Options, this is the setting under + * Options>Privacy>HistoryAccept cookies from sites + * you can set exceptions under site permissions or use an extension (eg Cookie Controller) + * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie ***/ user_pref("network.cookie.cookieBehavior", 2); -// 2702: ensure that third-party cookies (if enabled, see above pref) are session-only - // https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ - // http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly +/* 2702: ensure that third-party cookies (if enabled, see above pref) are session-only + * https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ + * http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); -// 2703: set cookie lifetime policy - // 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - // If you use custom settings for History in Options, this is the setting under - // Privacy>Accept cookies from sites>Keep until +/* 2703: set cookie lifetime policy + * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) + * If you use custom settings for History in Options, this is the setting under + * Options>Privacy>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); -// 2704: set cookie lifetime in days (see above pref) - default is 90 days +/* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); -// 2705: disable dom storage - // WARNING: this will break a LOT of sites' functionality. - // You are better off using an extension for more granular control +/* 2705: disable dom storage + * [WARNING] this will break a LOT of sites' functionality. + * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -// 2706: disable Storage API (FF51+) which gives sites' code the ability to find out how much space - // they can use, how much they are already using, and even control whether or not they need to - // be alerted before the user agent disposes of site data in order to make room for other things. - // https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - // https://developer.mozilla.org/en-US/docs/Web/API/Storage_API +/* 2706: disable Storage API (FF51+) + * The API gives sites the ability to find out how much space they can use, how much + * they are already using, and even control whether or not they need to be alerted + * before the user agent disposes of site data in order to make room for other things. + * https://developer.mozilla.org/en-US/docs/Web/API/StorageManager + * https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ user_pref("dom.storageManager.enabled", false); -// 2707: clear localStorage and UUID when a WebExtension is uninstalled - // NOTE: both preferences must be the same - // https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local - // https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 +/* 2707: clear localStorage and UUID when a WebExtension is uninstalled + * [NOTE] both preferences must be the same + * https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local + * https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/*** 2800: SHUTDOWN ***/ +/*** 2800: SHUTDOWN [SETUP] ***/ user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -// 2802: enable FF to clear stuff on close - // This setting is under Options>Privacy>Clear history when Firefox closes +/* 2802: enable FF to clear stuff on close + * This setting is under Options>Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -// 2803: what to clear on shutdown - // These settings are under Options>Privacy>Clear history when Firefox closes>Settings - // These are the settings of the author of this user.js, chose your own +/* 2803: what to clear on shutdown + * These settings are under Options>Privacy>Clear history when Firefox closes>Settings ***/ user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", false); user_pref("privacy.clearOnShutdown.downloads", true); -user_pref("privacy.clearOnShutdown.formdata", true); +user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History user_pref("privacy.clearOnShutdown.history", true); user_pref("privacy.clearOnShutdown.offlineApps", true); -user_pref("privacy.clearOnShutdown.sessions", false); // active logins +user_pref("privacy.clearOnShutdown.sessions", false); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); -// 2803a: include all open windows/tabs when you shutdown +/* 2803a: include all open windows/tabs when you shutdown ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); -// 2804: (to match above) - auto selection of items to delete with Ctrl-Shift-Del +/* 2804: (to match above) - auto selection of items to delete with Ctrl-Shift-Del ***/ user_pref("privacy.cpd.cache", true); user_pref("privacy.cpd.cookies", false); user_pref("privacy.cpd.downloads", true); @@ -1364,113 +1295,112 @@ user_pref("privacy.cpd.offlineApps", true); user_pref("privacy.cpd.passwords", false); user_pref("privacy.cpd.sessions", false); user_pref("privacy.cpd.siteSettings", false); -// 2804a: include all open windows/tabs when you run clear recent history +/* 2804a: include all open windows/tabs when you run clear recent history ***/ // user_pref("privacy.cpd.openWindows", true); -// 2805: reset default 'Time range to clear' for 'clear recent history' (see 2804 above) - // Firefox remembers your last choice. This will reset the value when you start FF. - // 0=everything 1=last hour, 2=last 2 hours, 3=last 4 hours, 4=today +/* 2805: reset default 'Time range to clear' for 'clear recent history' (see 2804 above) + * Firefox remembers your last choice. This will reset the value when you start FF. + * 0=everything 1=last hour, 2=last 2 hours, 3=last 4 hours, 4=today ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** 3000: PERSONAL SETTINGS +/*** 3000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ user_pref("ghacks_user.js.parrot", "3000 syntax error: this is an ex-parrot!"); -// 3001: disable annoying warnings +/* 3001: disable annoying warnings ***/ user_pref("general.warnOnAboutConfig", false); user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); -// 3001a: disable warning when a domain requests full screen - // https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode +/* 3001a: disable warning when a domain requests full screen + * https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); -// 3002: disable closing browser with last tab +/* 3002: disable closing browser with last tab ***/ user_pref("browser.tabs.closeWindowWithLastTab", false); -// 3004: disable backspace (0 = previous page, 1 = scroll up, 2 = do nothing) +/* 3004: disable backspace (0 = previous page, 1 = scroll up, 2 = do nothing) ***/ user_pref("browser.backspace_action", 2); -// 3005: disable autocopy default (use extensions autocopy 2 & copy plain text 2) +/* 3005: disable autocopy default (we like autocopy 2 & copy plain text 2) ***/ user_pref("clipboard.autocopy", false); -// 3007: open new windows in a new tab instead - // This setting is under Options>General>Tabs - // 1=current window, 2=new window, 3=most recent window +/* 3007: open new windows in a new tab instead + * This setting is under Options>General>Tabs + * 1=current window, 2=new window, 3=most recent window ***/ user_pref("browser.link.open_newwindow", 3); -// 3009: turn on APZ (Async Pan/Zoom) - requires e10s - // http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ +/* 3009: turn on APZ (Async Pan/Zoom) - requires e10s + * http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ // user_pref("layers.async-pan-zoom.enabled", true); -// 3010: enable ctrl-tab previews +/* 3010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); -// 3011: don't open "page/selection source" in a tab. The window used instead is cleaner - // and easier to use and move around (eg developers/multi-screen). +/* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner + * and easier to use and move around (eg developers/multi-screen). ***/ user_pref("view_source.tab", false); -// 3012: spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls +/* 3012: spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ user_pref("layout.spellcheckDefault", 1); -// 3013: disable automatic "Work Offline" status - // https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - // https://developer.mozilla.org/en-US/docs/Online_and_offline_events +/* 3013: disable automatic "Work Offline" status + * https://bugzilla.mozilla.org/show_bug.cgi?id=620472 + * https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); -// 3015: disable tab animation, speed things up a little +/* 3015: disable tab animation, speed things up a little ***/ user_pref("browser.tabs.animate", false); -// 3016: disable fullscreeen animation. Test using F11. - // Animation is smother but is annoyingly slow, while no animation can be startling +/* 3016: disable fullscreeen animation. Test using F11. + * Animation is smother but is annoyingly slow, while no animation can be startling ***/ user_pref("browser.fullscreen.animate", false); -// 3017: submenu in milliseconds. 0=instant while a small number allows - // a mouse pass over menu items without any submenus alarmingly shooting out +/* 3017: submenu in milliseconds. 0=instant while a small number allows + * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 75); // (hidden pref) -// 3018: maximum number of daily bookmark backups to keep (default is 15) +/* 3018: maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); -// 3020: FYI: urlbar click behaviour (with defaults) +/* 3020: FYI: urlbar click behaviour (with defaults) ***/ user_pref("browser.urlbar.clickSelectsAll", true); user_pref("browser.urlbar.doubleClickSelectsAll", false); -// 3021: FYI: tab behaviours (with defaults) - // open links in a new tab immediately to the right of parent tab, not far right +/* 3021a: FYI: tab behaviours (with defaults) + * open links in a new tab immediately to the right of parent tab, not far right ***/ user_pref("browser.tabs.insertRelatedAfterCurrent", true); - // switch to the parent tab (if it has one) on close, rather than to the adjacent right tab if - // it exists or to the adjacent left tab if it doesn't. NOTE: requires browser.link.open_newwindow - // set to 3 (see pref 3007). NOTE: does not apply to middle-click or Ctrl-clicking links. +/* 3021b: switch to the parent tab (if it has one) on close, rather than + * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. + * [NOTE] requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); - // Options>General>When I open a link in a new tab, switch to it immediately - // default is unchecked = DON'T switch to it = true +/* 3021c: Options>General>When I open a link in a new tab, switch to it immediately ***/ user_pref("browser.tabs.loadInBackground", true); - // set behavior of pages normally meant to open in a new window (such as target="_blank" - // or from an external program), but that have instead been loaded in a new tab. - // true: load the new tab in the background, leaving focus on the current tab - // false: load the new tab in the foreground, taking the focus from the current tab. +/* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" + * or from an external program), but that have instead been loaded in a new tab. + * true: load the new tab in the background, leaving focus on the current tab + * false: load the new tab in the foreground, taking the focus from the current tab. ***/ user_pref("browser.tabs.loadDivertedInBackground", false); -// 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) +/* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); -// 3023: disable automigrate, current default is false but may change (FF49+) - // need more info, but lock down for now +/* 3023: disable automigrate, current default is false but may change (FF49+) + * need more info, but lock down for now ***/ user_pref("browser.migrate.automigrate.enabled", false); -// END: internal custom pref to test for syntax errors +/* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9997: DEPRECATED / REMOVED +/*** 9997: DEPRECATED Personally confirmed by resetting as well as via documentation and DXR searches. - NOTE: numbers may get re-used ***/ -// 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when - // this pref was replaced with browser.pagethumbnails.capturing_disabled + [NOTE] numbers may get re-used ***/ +/* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when + * this pref was replaced with browser.pagethumbnails.capturing_disabled ***/ // user_pref("pageThumbs.enabled", false); -// 2408: (31+) disable network API - fingerprinting vector +/* 2408: (31+) disable network API - fingerprinting vector ***/ // user_pref("dom.network.enabled", false); -// 2620: (35+) disable WebSockets - // https://developer.mozilla.org/en-US/Firefox/Releases/35 +/* 2620: (35+) disable WebSockets + * https://developer.mozilla.org/en-US/Firefox/Releases/35 ***/ // user_pref("network.websocket.enabled", false); -// 2023: (37+) disable camera autofocus callback (was in 36, not in 37) - // Not part of any specification, the API will be superceded by the WebRTC Capture - // and Stream API ( http://w3c.github.io/mediacapture-main/getusermedia.html ) - // https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ +/* 2023: (37+) disable camera autofocus callback (was in 36, not in 37) + * Not part of any specification, the API will be superceded by the WebRTC Capture + * and Stream API ( http://w3c.github.io/mediacapture-main/getusermedia.html ) + * https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ ***/ // user_pref("camera.control.autofocus_moving_callback.enabled", false); -// 1804: (41+) disable plugin enumeration +/* 1804: (41+) disable plugin enumeration ***/ // user_pref("plugins.enumerable_names", ""); -// 0420: (42+) disable tracking protection - // this particular pref was never in stable - // labelled v42+ because that's when tracking protection landed +/* 0420: (42+) disable tracking protection + * this particular pref was never in stable + * labelled v42+ because that's when tracking protection landed ***/ // user_pref("browser.polaris.enabled", false); -// 2803: (42+) what to clear on shutdown - // https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 +/* 2803: (42+) what to clear on shutdown + * https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 ***/ // user_pref("privacy.clearOnShutdown.passwords", false); -// 0411: (43+) disable safebrowsing urls & download +/* 0411: (43+) disable safebrowsing urls & download ***/ // user_pref("browser.safebrowsing.gethashURL", ""); // user_pref("browser.safebrowsing.malware.reportURL", ""); // user_pref("browser.safebrowsing.provider.google.appRepURL", ""); @@ -1480,102 +1410,100 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.safebrowsing.reportMalwareURL", ""); // user_pref("browser.safebrowsing.reportURL", ""); // user_pref("browser.safebrowsing.updateURL", ""); -// 0420: (43+) disable tracking protection. FF43+ URLs are now part of safebrowsing - // https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs) - // NOTE: getupdateURL = WRONG / never existed. updateURL = CORRECT and has been added FYI +/* 0420: (43+) disable tracking protection. FF43+ URLs are now part of safebrowsing + * https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs) + * [NOTE] getupdateURL = WRONG / never existed. updateURL = CORRECT and has been added FYI ***/ // user_pref("browser.trackingprotection.gethashURL", ""); // user_pref("browser.trackingprotection.getupdateURL", ""); // user_pref("browser.trackingprotection.updateURL", ""); -// 1803: (43+) remove plugin finder service - // http://kb.mozillazine.org/Pfs.datasource.url +/* 1803: (43+) remove plugin finder service + * http://kb.mozillazine.org/Pfs.datasource.url ***/ // user_pref("pfs.datasource.url", ""); -// 2403: (43+) disable scripts changing images - test link below - // http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - // WARNING: will break some sites such as Google Maps and a lot of web apps +/* 2403: (43+) disable scripts changing images - test link below + * http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 + * [WARNING] will break some sites such as Google Maps and a lot of web apps ***/ // user_pref("dom.disable_image_src_set", true); -// 2615: (43+) disable http2 for now as well +/* 2615: (43+) disable http2 for now as well ***/ // user_pref("network.http.spdy.enabled.http2draft", false); -// 3001a: (43+) disable warning when a domain requests full screen - // replaced by setting full-screen-api.warning.timeout to zero +/* 3001a: (43+) disable warning when a domain requests full screen + * replaced by setting full-screen-api.warning.timeout to zero ***/ // user_pref("full-screen-api.approval-required", false); -// 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search] +/* 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search] ***/ // user_pref("browser.search.showOneOffButtons", false); -// 1201: (44+) block rc4 whitelist - // https://developer.mozilla.org/en-US/Firefox/Releases/44#Security +/* 1201: (44+) block rc4 whitelist + * https://developer.mozilla.org/en-US/Firefox/Releases/44#Security ***/ // user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that - // are open in different tabs, even if the sites do not belong to the same domain. - // https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) - // https://bugs.torproject.org/15562 - // is used in FF 45and 46 code once, to set it for a test +/* 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that + * are open in different tabs, even if the sites do not belong to the same domain. + * https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) + * https://bugs.torproject.org/15562 + * is used in FF 45 and 46 code once, to set it for a test ***/ // user_pref("dom.workers.sharedWorkers.enabled", false); -// 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none +/* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ // user_pref("browser.sessionstore.privacy_level_deferred", 2); -// 0334b: (46+) disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers +/* 0334b: (46+) disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers ***/ // user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -// 0373: (46+) disable "Pocket". FF46 replaced these with extensions.pocket.* +/* 0373: (46+) disable "Pocket". FF46 replaced these with extensions.pocket.* ***/ // user_pref("browser.pocket.enabled", false); // user_pref("browser.pocket.api", ""); // user_pref("browser.pocket.site", ""); // user_pref("browser.pocket.oAuthConsumerKey", ""); -// 0410e: (46+) safebrowsing +/* 0410e: (46+) safebrowsing ***/ // user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check -// 0333b: (47+) disable about:healthreport page UNIFIED +/* 0333b: (47+) disable about:healthreport page UNIFIED ***/ // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -// 0807: (47+) disable history manipulation - // https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history - // WARNING: if set to false it breaks some sites (youtube) ability to correctly show the - // url in location bar and for the forward/back tab history to work +/* 0807: (47+) disable history manipulation + * https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history + * [WARNING] if set to false it breaks some sites (youtube) ability to correctly show the + * url in location bar and for the forward/back tab history to work ***/ // user_pref("browser.history.allowPopState", false); // user_pref("browser.history.allowPushState", false); // user_pref("browser.history.allowReplaceState", false); -// 0806: (48+) disable 'unified complete': 'Search with [default search engine]' - // this feature has been added back in Classic Theme Restorer - // http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html +/* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' + * this feature has been added back in Classic Theme Restorer + * http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ // user_pref("browser.urlbar.unifiedcomplete", false); -// 3006: (48+) disable enforced add-on signing - // NOTE: the preference is still in FF48+, but it's legacy code and does not work in stable +/* 3006: (48+) disable enforced add-on signing + * [NOTE] the preference is still in FF48+, but it's legacy code and does not work in stable ***/ // user_pref("xpinstall.signatures.required", false); -// 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) - // https://www.mozilla.org/en-US/privacy/firefox-hello/ - // https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - // https://support.mozilla.org/en-US/kb/hello-status +/* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) + * https://www.mozilla.org/en-US/privacy/firefox-hello/ + * https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello + * https://support.mozilla.org/en-US/kb/hello-status ***/ // user_pref("loop.enabled", false); // user_pref("loop.server", ""); // user_pref("loop.feedback.formURL", ""); // user_pref("loop.feedback.manualFormURL", ""); - // additional facebook loop settings // user_pref("loop.facebook.appId", ""); // user_pref("loop.facebook.enabled", false); // user_pref("loop.facebook.fallbackUrl", ""); // user_pref("loop.facebook.shareUrl", ""); - // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion // user_pref("loop.logDomains", false); -// 2202: (49+) ONE of the new window UI prefs +/* 2202: (49+) ONE of the new window UI prefs ***/ // user_pref("dom.disable_window_open_feature.scrollbars", true); -// 2431: (49+) disable ONE of the push notification prefs +/* 2431: (49+) disable ONE of the push notification prefs ***/ // user_pref("dom.push.udp.wakeupEnabled", false); -// 0101: (50+) disable ONE of the "slow startup" options +/* 0101: (50+) disable ONE of the "slow startup" options ***/ // user_pref("browser.usedOnWindows10.introURL", ""); -// 0308: (50+) disable update plugin notifications - // if using Flash/Java/Silverlight, it is best to turn on their own auto-update mechanisms. - // See 1804 below: Mozilla only checks a few plugins and will soon do away with NPAPI +/* 0308: (50+) disable update plugin notifications + * if using Flash/Java/Silverlight, it is best to turn on their own auto-update mechanisms. + * See 1804 below: Mozilla only checks a few plugins and will soon do away with NPAPI ***/ // user_pref("plugins.update.notifyUser", false); -// 0410a: (50+) "Block dangerous and deceptive content" pref name change +/* 0410a: (50+) "Block dangerous and deceptive content" pref name change ***/ // user_pref("browser.safebrowsing.enabled", false); // FF49 and earlier -// 1202: (50+) disable rc4 ciphers - // https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ - // https://trac.torproject.org/projects/tor/ticket/17369 +/* 1202: (50+) disable rc4 ciphers + * https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ + * https://trac.torproject.org/projects/tor/ticket/17369 ***/ // user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // user_pref("security.ssl3.rsa_rc4_128_md5", false); // user_pref("security.ssl3.rsa_rc4_128_sha", false); -// 1809: (50+) remove Mozilla's plugin update URL +/* 1809: (50+) remove Mozilla's plugin update URL ***/ // user_pref("plugins.update.url", ""); -// 1851: (51+) delay play of videos until they're visible - // https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 +/* 1851: (51+) delay play of videos until they're visible + * https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 ***/ // user_pref("media.block-play-until-visible", true); -// 2504: (51+) disable virtual reality devices +/* 2504: (51+) disable virtual reality devices ***/ // user_pref("dom.vr.oculus050.enabled", false); -// 2614: (51+) disable SPDY +/* 2614: (51+) disable SPDY ***/ // user_pref("network.http.spdy.enabled.v3-1", false); From e0e7fc4c32a18a4d3cd8e552ae5f893bb61e4030 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 28 Feb 2017 02:46:51 +1300 Subject: [PATCH 0037/1961] +dom.mozTCPSocket.enabled -> deprecated --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index ac06332..bb22be2 100644 --- a/user.js +++ b/user.js @@ -1459,6 +1459,11 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.history.allowPopState", false); // user_pref("browser.history.allowPushState", false); // user_pref("browser.history.allowReplaceState", false); +/* (48+) disable dom.mozTCPSocket.enabled (raw TCP socket support) + * https://trac.torproject.org/projects/tor/ticket/18863 + * https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ + * https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ + // user_pref("dom.mozTCPSocket.enabled", false); /* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' * this feature has been added back in Classic Theme Restorer * http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ From ebdd81c764d40a9afeb2d3e5d56b5ededb84222b Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 28 Feb 2017 04:28:14 +1300 Subject: [PATCH 0038/1961] 0906: description --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bb22be2..8248863 100644 --- a/user.js +++ b/user.js @@ -440,7 +440,10 @@ user_pref("security.password_lifetime", 5); * http://kb.mozillazine.org/Signon.autofillForms * password will still be auto-filled after a user name is manually entered ***/ user_pref("signon.autofillForms", false); -/* 0906: ignore websites' autocomplete="off" (FF30+) ***/ +/* 0906: ignore websites' autocomplete="off" (FF30+) + * Don't let sites dictate use of saved logins and passwords. Increase security through + * stronger password use. The trade-off is the convenience. Some sites should never be + * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: force warnings for logins on non-secure (non HTTPS) pages * https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ @@ -873,7 +876,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b * this applies to onCut, onCopy, onPaste events - i.e you have to interact with * the website for it to look at the clipboard ***/ user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-priviledged" content +/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content * this disables document.execCommand("cut"/"copy") to protect your clipboard * https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) From acf5a7a54dd6b412fa543e1432559e3d701fab4f Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Feb 2017 12:21:14 +0100 Subject: [PATCH 0039/1961] change 9997 title it got lost --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8248863..bc63fbb 100644 --- a/user.js +++ b/user.js @@ -1378,7 +1378,7 @@ user_pref("browser.migrate.automigrate.enabled", false); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9997: DEPRECATED +/*** 9997: DEPRECATED / REMOVED Personally confirmed by resetting as well as via documentation and DXR searches. [NOTE] numbers may get re-used ***/ /* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when From 2b2b9133a44073c11c4299ab31492b35983048af Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Feb 2017 12:30:16 +0100 Subject: [PATCH 0040/1961] add static-rsa prefs commented out as per proposal (C) @ https://github.com/ghacksuserjs/ghacks-user.js/issues/24#issue-209476365 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index bc63fbb..2d02d6a 100644 --- a/user.js +++ b/user.js @@ -613,6 +613,10 @@ user_pref("browser.ssl_override_behavior", 1); * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) * test: https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); +/* 1224: disable the remaining non-modern cipher suites as of FF51 + * [NOTE] commented out because it still breaks too many sites ***/ + // user_pref("security.ssl3.rsa_aes_128_sha", false); + // user_pref("security.ssl3.rsa_aes_256_sha", false); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From 4248af6b78c2bc89243e711409183c83bf0e303e Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Feb 2017 12:58:49 +0100 Subject: [PATCH 0041/1961] accessibility.typeaheadfind added inactive under 3000: PERSONAL SETTINGS --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index bc63fbb..5a1c421 100644 --- a/user.js +++ b/user.js @@ -1374,6 +1374,9 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); /* 3023: disable automigrate, current default is false but may change (FF49+) * need more info, but lock down for now ***/ user_pref("browser.migrate.automigrate.enabled", false); +/* 3024: enable "Find As You Type" + * http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ + // user_pref("accessibility.typeaheadfind", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From f7c1c6791ceccb6c719d37c47d9c95cfd62bd1e0 Mon Sep 17 00:00:00 2001 From: pyllyukko Date: Wed, 1 Mar 2017 00:11:05 +0200 Subject: [PATCH 0042/1961] Added Travis CI configuration --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5a70a15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,7 @@ +language: node_js +node_js: + - "node" +before_script: + - npm install -g acorn +script: + - acorn user.js From 3ce8350fec0b5848c386c894e013ae6af1d87ad1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 3 Mar 2017 12:43:41 +0100 Subject: [PATCH 0043/1961] signon.autofillForms.http + contextual warning --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 68a5be3..514fab5 100644 --- a/user.js +++ b/user.js @@ -454,6 +454,10 @@ user_pref("security.insecure_password.ui.enabled", true); user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); +/* 0910: enforce disable autofilling saved password on HTTP pages and show warning + * https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ +user_pref("signon.autofillForms.http", false); +user_pref("security.insecure_field_warning.contextual.enabled", true); /*** 1000: CACHE ***/ user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); From 85fbbde60df384c8d02cabf7d578fc3743327e67 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 3 Mar 2017 12:48:16 +0100 Subject: [PATCH 0044/1961] network.cookie.leave-secure-alone --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 68a5be3..b07da82 100644 --- a/user.js +++ b/user.js @@ -1274,6 +1274,9 @@ user_pref("dom.storageManager.enabled", false); * https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); +/* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) + * https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ +user_pref("network.cookie.leave-secure-alone", true); /*** 2800: SHUTDOWN [SETUP] ***/ user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); From b48b4935ec3c197e539e3d0ca0e8c8ee7a7b8316 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 3 Mar 2017 12:59:25 +0100 Subject: [PATCH 0045/1961] network.http.sendSecureXSiteReferrer move network.http.sendSecureXSiteReferrer to 9997 and enable a safe alternative for now until we re-work the Referrer-Section --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 68a5be3..794a5d0 100644 --- a/user.js +++ b/user.js @@ -654,14 +654,11 @@ user_pref("font.blacklist.underline_offset", ""); user_pref("gfx.font_rendering.graphite.enabled", false); /*** 1600: HEADERS / REFERERS [SETUP] - Except for 1601 and 1602, these can all be best handled by an extension to block/spoof + Except for 1602, these can all be best handled by an extension to block/spoof all and then whitelist if needed, otherwise too much of the internet breaks. http://www.ghacks.net/2015/01/22/improve-online-privacy-by-controlling-referrer-information/ #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: disable referer from an SSL Website - * to be deprecated in FF52+? - https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ -user_pref("network.http.sendSecureXSiteReferrer", false); /* 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * This setting is under Options>Privacy>Tracking>Request that sites not track you * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match @@ -675,7 +672,7 @@ user_pref("network.http.sendSecureXSiteReferrer", false); // user_pref("network.http.referer.spoofSource", false); /* 1605: referer, HOW to handle cross origins * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ - // user_pref("network.http.referer.XOriginPolicy", 0); +user_pref("network.http.referer.XOriginPolicy", 1); /* 1606: referer, WHAT to send (limit the information) * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ // user_pref("network.http.referer.trimmingPolicy", 0); @@ -1522,3 +1519,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("dom.vr.oculus050.enabled", false); /* 2614: (51+) disable SPDY ***/ // user_pref("network.http.spdy.enabled.v3-1", false); +/* 1601: (52+) disable referer from an SSL Website + * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ + // user_pref("network.http.sendSecureXSiteReferrer", false); + From 0aed6c57dbbced6f56b668ceca850e050f995308 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 4 Mar 2017 14:33:42 +0100 Subject: [PATCH 0046/1961] added (FF52+) indicator --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 514fab5..b43bdb9 100644 --- a/user.js +++ b/user.js @@ -454,7 +454,7 @@ user_pref("security.insecure_password.ui.enabled", true); user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); -/* 0910: enforce disable autofilling saved password on HTTP pages and show warning +/* 0910: enforce disable autofilling saved password on HTTP pages and show warning (FF52+) * https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); From 53d37bbafac0469434154025401b850ef47b27df Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 4 Mar 2017 14:35:13 +0100 Subject: [PATCH 0047/1961] adding (FF52+) indicator --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b07da82..462cf4d 100644 --- a/user.js +++ b/user.js @@ -1274,7 +1274,7 @@ user_pref("dom.storageManager.enabled", false); * https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) +/* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) * https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); From 022610258d937e0e329ca39780d90e8f9a5ed579 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 6 Mar 2017 15:37:11 +1300 Subject: [PATCH 0048/1961] 52 deprecation EME & Telephony --- user.js | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 794a5d0..63f0b95 100644 --- a/user.js +++ b/user.js @@ -730,11 +730,6 @@ user_pref("media.eme.apiVisible", false); // block websites detecting DRM is dis user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -/* 1850: disable the Adobe EME "Primetime CDM" (Content Decryption Module) [SETUP] - * https://trac.torproject.org/projects/tor/ticket/16285 ***/ -user_pref("media.gmp-eme-adobe.enabled", false); -user_pref("media.gmp-eme-adobe.visible", false); -user_pref("media.gmp-eme-adobe.autoupdate", false); /*** 2000: MEDIA / CAMERA / MIKE ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); @@ -890,8 +885,6 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref) * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES break * a lot of sites' functionality. Applies to websites, add-ons and session data. ***/ user_pref("dom.indexedDB.enabled", false); -/* 2405: https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ -user_pref("dom.telephony.enabled", false); /* 2410: disable User Timing API * https://trac.torproject.org/projects/tor/ticket/16336 ***/ user_pref("dom.enable_user_timing", false); @@ -1521,5 +1514,11 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("network.http.spdy.enabled.v3-1", false); /* 1601: (52+) disable referer from an SSL Website * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ - // user_pref("network.http.sendSecureXSiteReferrer", false); - +user_pref("network.http.sendSecureXSiteReferrer", false); +/* 1850: (52+) disable the Adobe EME "Primetime CDM" (Content Decryption Module) + * https://trac.torproject.org/projects/tor/ticket/16285 ***/ +user_pref("media.gmp-eme-adobe.enabled", false); +user_pref("media.gmp-eme-adobe.visible", false); +user_pref("media.gmp-eme-adobe.autoupdate", false); +/* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ +user_pref("dom.telephony.enabled", false); From 9767982e8cae88a61fb311ec43839384a4e7b4b5 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Mon, 6 Mar 2017 16:03:46 +1300 Subject: [PATCH 0049/1961] tiny edit.. nothing to see.. move along I know it was there before 52, but it was flipped to true in 52 - unless someone wants to find when it was actually introduced, this is sufficient for people to use to be effective for versioning --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 63f0b95..c74d095 100644 --- a/user.js +++ b/user.js @@ -324,7 +324,7 @@ user_pref("network.predictor.enabled", false); * https://en.wikipedia.org/wiki/Captive_portal * https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); -user_pref("network.captive-portal-service.enabled", false); // (FF52+?) +user_pref("network.captive-portal-service.enabled", false); // (FF52+) /* 0604: disable search suggestions ***/ user_pref("browser.search.suggest.enabled", false); /* 0605: disable link-mouseover opening connection to linked server From cae26373c3c7794c92e5e6738a52e67b253429b8 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 7 Mar 2017 17:13:19 +1300 Subject: [PATCH 0050/1961] privacy.donottrackheader.value -> deprecated --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index c74d095..286dbfe 100644 --- a/user.js +++ b/user.js @@ -661,10 +661,8 @@ user_pref("gfx.font_rendering.graphite.enabled", false); user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * This setting is under Options>Privacy>Tracking>Request that sites not track you - * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match - * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ + * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ // user_pref("privacy.donottrackheader.enabled", true); - // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) /* 1603: referer, WHEN to send * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ // user_pref("network.http.sendRefererHeader", 2); @@ -1522,3 +1520,6 @@ user_pref("media.gmp-eme-adobe.visible", false); user_pref("media.gmp-eme-adobe.autoupdate", false); /* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ user_pref("dom.telephony.enabled", false); +/* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago + * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ + // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) From cb2386da6c24fe30d69ea92df4e2cb07ce358afa Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 7 Mar 2017 22:16:49 +1300 Subject: [PATCH 0051/1961] FPI updates --- user.js | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 286dbfe..636636b 100644 --- a/user.js +++ b/user.js @@ -1202,8 +1202,20 @@ user_pref("security.csp.enable", true); /* 2698a: enable first party isolation pref and OriginAttribute (FF51+) * [WARNING] breaks lots of cross-domain logins and site functionality until perfected * https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ -/* 2698b: this also isolates OCSP requests by first party domain +/* 2698b: isolate favicons (FF52+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ +/* 2698c: isolate OCSP requests (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ +/* 2698d: isolate Shared Workers (FF52+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ +/* 2699e: isolate HSTS and HPKP (FF54+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ +/* 2699f: isolate HTTP Alternative Services (FF54+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ +/* 2699g: isolate SPDY/HTTP2 (FF55+?) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ +/* 2699h: isolate DNS Cache (FF55+?) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); /*** 2699: TOR UPLIFT: privacy.resistFingerprinting From 26d3718dc0c5e41f6278f444ba3fc59e4b093a6a Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 03:34:12 +1300 Subject: [PATCH 0052/1961] 0820 search reset -> personal section as 0325 0800 is getting a major revamp (patch review to be posted for discussion soon). Search reset does not belong here, dumping in personal settiing --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 636636b..aa1282a 100644 --- a/user.js +++ b/user.js @@ -415,10 +415,6 @@ user_pref("browser.taskbar.previews.enable", false); /* 0819: disable one-off searches from the addressbar (FF51+) * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); -/* 0820: disable search reset (about:searchreset) (FF51+) - * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/ -user_pref("browser.search.reset.enabled", false); -user_pref("browser.search.reset.whitelist", ""); /*** 0900: PASSWORDS ***/ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); @@ -1381,6 +1377,10 @@ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" * http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); +/* 0325: disable search reset (about:searchreset) (FF51+) + * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/ +user_pref("browser.search.reset.enabled", false); +user_pref("browser.search.reset.whitelist", ""); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From 530f7bc39d60556f938706e4f0c3d2b7818ac1c3 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 03:37:15 +1300 Subject: [PATCH 0053/1961] 0325 typo -> 3025 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index aa1282a..f1710a1 100644 --- a/user.js +++ b/user.js @@ -1377,7 +1377,7 @@ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" * http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); -/* 0325: disable search reset (about:searchreset) (FF51+) +/* 3025: disable search reset (about:searchreset) (FF51+) * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/ user_pref("browser.search.reset.enabled", false); user_pref("browser.search.reset.whitelist", ""); From f87a860188225694277b7db0a1c05f1b9558bcad Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 04:24:22 +1300 Subject: [PATCH 0054/1961] 1600 revamp & 52+53 new prefs --- user.js | 49 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/user.js b/user.js index f1710a1..dcc1a2e 100644 --- a/user.js +++ b/user.js @@ -650,26 +650,43 @@ user_pref("font.blacklist.underline_offset", ""); user_pref("gfx.font_rendering.graphite.enabled", false); /*** 1600: HEADERS / REFERERS [SETUP] - Except for 1602, these can all be best handled by an extension to block/spoof - all and then whitelist if needed, otherwise too much of the internet breaks. - http://www.ghacks.net/2015/01/22/improve-online-privacy-by-controlling-referrer-information/ + Except for DNT (Do Not Track), referers are best controlled by an extension. + We highly recommend that you block all referers, and then whitelist sites on a + granular, per domain level. That said, it is still important to set defaults. + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+path+port: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) +/* 1601: ALL: control when images/links send a referer + * 0=never, 1=send only when links are clicked, 2=for links and images (default) + * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/ +user_pref("network.http.sendRefererHeader", 2); +/* 1602: ALL: control the amount of information to send + * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port + * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests + * is rather pointless. Recommended left at default for zero same origin breakage ***/ +user_pref("network.http.referer.trimmingPolicy", 0); +/* 1603: CROSS ORIGIN: fine-tune when to send a referer [SETUP] + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [NOTE] 1 = less breakage, possible leakage 2 = less leakage, more breakage ***/ +user_pref("network.http.referer.XOriginPolicy", 1); +/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) + * 0=send full URI 1=scheme+host+path+port 2=scheme+host+port ***/ +user_pref("network.http.referer.XOriginTrimmingPolicy", 2); +/* 1605: ALL: disable spoofing a referer + * Spoofing increases your exposure to cross-site request forgeries ***/ +user_pref("network.http.referer.spoofSource", false); +/* 1606: ALL: set the default Referrer Policy (FF53+) + * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin + * 3=no-referrer-when-downgrade (default) + * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy + * https://www.w3.org/TR/referrer-policy/ * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ + // user_pref("network.http.referer.userControlPolicy", 3); +/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * This setting is under Options>Privacy>Tracking>Request that sites not track you * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ - // user_pref("privacy.donottrackheader.enabled", true); -/* 1603: referer, WHEN to send - * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ - // user_pref("network.http.sendRefererHeader", 2); -/* 1604: referer, SPOOF or NOT (default=false) ***/ - // user_pref("network.http.referer.spoofSource", false); -/* 1605: referer, HOW to handle cross origins - * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ -user_pref("network.http.referer.XOriginPolicy", 1); -/* 1606: referer, WHAT to send (limit the information) - * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ - // user_pref("network.http.referer.trimmingPolicy", 0); +user_pref("privacy.donottrackheader.enabled", false); /*** 1800: PLUGINS ***/ user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); From d6d62a0ea858ac892f9be1e5e859c88c77cccc81 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 04:32:34 +1300 Subject: [PATCH 0055/1961] damnit --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index dcc1a2e..7eaf281 100644 --- a/user.js +++ b/user.js @@ -656,7 +656,8 @@ user_pref("gfx.font_rendering.graphite.enabled", false); full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+path+port: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 - #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ + #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ +***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) From b64439a9b222f42a218082c13e7ba11da93d0648 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 04:39:44 +1300 Subject: [PATCH 0056/1961] damnit part 2 what the hell is that setting again, the that screws up the wsyiwyg so that i lose all line breaks? --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 7eaf281..393c029 100644 --- a/user.js +++ b/user.js @@ -682,7 +682,8 @@ user_pref("network.http.referer.spoofSource", false); * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin * 3=no-referrer-when-downgrade (default) * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy - * https://www.w3.org/TR/referrer-policy/ * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ + * https://www.w3.org/TR/referrer-policy/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ // user_pref("network.http.referer.userControlPolicy", 3); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * This setting is under Options>Privacy>Tracking>Request that sites not track you From 13133749a442266869b046d0d6aeab03ca1db1ac Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 05:33:56 +1300 Subject: [PATCH 0057/1961] deprecated battery API --- user.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/user.js b/user.js index 393c029..44614c7 100644 --- a/user.js +++ b/user.js @@ -951,16 +951,6 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off /* 2501: disable gamepad API - USB device ID enumeration * https://trac.torproject.org/projects/tor/ticket/13023 ***/ user_pref("dom.gamepad.enabled", false); -/* 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that is now fixed. - * However, it is still another metric for fingerprinting, used to raise entropy. - * eg: do you have a battery or not, current charging status, charge level, times remaining etc - * http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - * https://www.w3.org/TR/battery-status/ - * https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online - * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - * https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ -user_pref("dom.battery.enabled", false); /* 2503: disable giving away network info * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none * https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API @@ -1541,6 +1531,9 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("dom.vr.oculus050.enabled", false); /* 2614: (51+) disable SPDY ***/ // user_pref("network.http.spdy.enabled.v3-1", false); +/* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago + * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ + // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) /* 1601: (52+) disable referer from an SSL Website * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ user_pref("network.http.sendSecureXSiteReferrer", false); @@ -1551,6 +1544,13 @@ user_pref("media.gmp-eme-adobe.visible", false); user_pref("media.gmp-eme-adobe.autoupdate", false); /* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ user_pref("dom.telephony.enabled", false); -/* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago - * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ - // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) +/* 2502: (52+) disable Battery Status API. Initially a Linux issue (high precision readout) that was fixed. + * However, it is still another metric for fingerprinting, used to raise entropy. + * eg: do you have a battery or not, current charging status, charge level, times remaining etc + * http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + * https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + * https://www.w3.org/TR/battery-status/ + * https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. + * https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ +user_pref("dom.battery.enabled", false); From f7ecc665b0ec764948f1bf1b200b4406bc9b72ae Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 06:28:11 +1300 Subject: [PATCH 0058/1961] minor edits --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 0e5e891..5f14447 100644 --- a/user.js +++ b/user.js @@ -976,7 +976,7 @@ user_pref("media.video_stats.enabled", false); * web pages. These parameters vary between types of keyboard layouts such as QWERTY, * AZERTY, Dvorak, and between various languages, eg German vs English. * [WARNING] Don't use if Android + physical keyboard - * [UPDATE] This MAY be incorporated better into the Tor Uplift project (see 2699) + * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) * https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code * https://www.privacy-handbuch.de/handbuch_21v.htm ***/ user_pref("dom.keyboardevent.code.enabled", false); @@ -1213,13 +1213,13 @@ user_pref("security.csp.enable", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ /* 2698d: isolate Shared Workers (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ -/* 2699e: isolate HSTS and HPKP (FF54+) +/* 2698e: isolate HSTS and HPKP (FF54+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ -/* 2699f: isolate HTTP Alternative Services (FF54+) +/* 2698f: isolate HTTP Alternative Services (FF54+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ -/* 2699g: isolate SPDY/HTTP2 (FF55+?) +/* 2698g: isolate SPDY/HTTP2 (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2699h: isolate DNS Cache (FF55+?) +/* 2698h: isolate DNS Cache (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); From 6a04e894e3ac7d1edbeeef763f01be56e89f9986 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 06:41:57 +1300 Subject: [PATCH 0059/1961] added font.system.whitelist --- user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user.js b/user.js index 5f14447..4c6f68e 100644 --- a/user.js +++ b/user.js @@ -648,6 +648,13 @@ user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues - need citation ***/ user_pref("gfx.font_rendering.graphite.enabled", false); +/* 1409: only expose whitelisted system fonts (FF52+) + * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. + * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If + * you block sites choosing fonts in 1401, this preference is irrelevant. In future, + * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. + * https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ + // user_pref("font.system.whitelist", ""); // (hidden pref) /*** 1600: HEADERS / REFERERS [SETUP] Except for DNT (Do Not Track), referers are best controlled by an extension. From b924d1ef988e4572ecf83bc93edf9bfe42c1cdf7 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 06:57:27 +1300 Subject: [PATCH 0060/1961] start transition to 52 --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 4c6f68e..8c3f089 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 18 Feb 2017 -* version 51: The [White?] House of the Rising Pants -* "My mother was a tailor, she sewed my new blue pants" +* version 52: Daypants Believer +* "Cheer up, Sleepy JEANS. Oh, what can it mean." * note: date, version, and code names only change for a github release, which will be shortly after each major Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases * authors: v52+ github | v51- www.ghacks.net @@ -1546,14 +1546,14 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) /* 1601: (52+) disable referer from an SSL Website * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ -user_pref("network.http.sendSecureXSiteReferrer", false); + // user_pref("network.http.sendSecureXSiteReferrer", false); /* 1850: (52+) disable the Adobe EME "Primetime CDM" (Content Decryption Module) * https://trac.torproject.org/projects/tor/ticket/16285 ***/ -user_pref("media.gmp-eme-adobe.enabled", false); -user_pref("media.gmp-eme-adobe.visible", false); -user_pref("media.gmp-eme-adobe.autoupdate", false); + // user_pref("media.gmp-eme-adobe.enabled", false); + // user_pref("media.gmp-eme-adobe.visible", false); + // user_pref("media.gmp-eme-adobe.autoupdate", false); /* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ -user_pref("dom.telephony.enabled", false); + // user_pref("dom.telephony.enabled", false); /* 2502: (52+) disable Battery Status API. Initially a Linux issue (high precision readout) that was fixed. * However, it is still another metric for fingerprinting, used to raise entropy. * eg: do you have a battery or not, current charging status, charge level, times remaining etc @@ -1563,4 +1563,4 @@ user_pref("dom.telephony.enabled", false); * https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. * https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ -user_pref("dom.battery.enabled", false); + // user_pref("dom.battery.enabled", false); From 6504744cc8c0005e1dfc0fb86198adc546c1c099 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 20:09:04 +1300 Subject: [PATCH 0061/1961] javascript.options.wasm --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 22ffa7c..4175435 100644 --- a/user.js +++ b/user.js @@ -943,6 +943,9 @@ user_pref("javascript.options.asmjs", false); * [WARNING] causes the odd site issue and there is also a performance loss ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); +/* 2422: disable WebAssembly for now (FF52+) + * https://developer.mozilla.org/en-US/docs/WebAssembly ***/ +user_pref("javascript.options.wasm", false); /* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly * in the browser, through DOM file objects. Default is false. ***/ user_pref("dom.archivereader.enabled", false); From bb1e02220c76526ca665bc35bf661ce43fce32cb Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Wed, 8 Mar 2017 23:40:59 +1300 Subject: [PATCH 0062/1961] FPI updates --- user.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 4175435..269c806 100644 --- a/user.js +++ b/user.js @@ -1227,13 +1227,17 @@ user_pref("security.csp.enable", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ /* 2698d: isolate Shared Workers (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ -/* 2698e: isolate HSTS and HPKP (FF54+) +/* 2698e: isolate SSL session cache (FF52+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ +/* 2698f: isolate media cache (FF53+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ +/* 2698g: isolate HSTS and HPKP (FF54+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ -/* 2698f: isolate HTTP Alternative Services (FF54+) +/* 2698h: isolate HTTP Alternative Services (FF54+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ -/* 2698g: isolate SPDY/HTTP2 (FF55+?) +/* 2698i: isolate SPDY/HTTP2 (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2698h: isolate DNS Cache (FF55+?) +/* 2698j: isolate DNS Cache (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); From b27811b0f943551c7af52a65db95be5be4a0cd83 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 00:48:28 +1300 Subject: [PATCH 0063/1961] i am beginning to really hate referers --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 269c806..fe8631d 100644 --- a/user.js +++ b/user.js @@ -684,8 +684,8 @@ user_pref("network.http.referer.trimmingPolicy", 0); * [NOTE] 1 = less breakage, possible leakage 2 = less leakage, more breakage ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) - * 0=send full URI 1=scheme+host+path+port 2=scheme+host+port ***/ -user_pref("network.http.referer.XOriginTrimmingPolicy", 2); + * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ +user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer * Spoofing increases your exposure to cross-site request forgeries ***/ user_pref("network.http.referer.spoofSource", false); From c78b02a5de2e098816dbc2db704de49e94113c18 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 8 Mar 2017 13:06:07 +0100 Subject: [PATCH 0064/1961] update 1224 with info that those older cipher also still exist in FF52 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index fe8631d..262246a 100644 --- a/user.js +++ b/user.js @@ -613,7 +613,7 @@ user_pref("browser.ssl_override_behavior", 1); * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) * test: https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1224: disable the remaining non-modern cipher suites as of FF51 +/* 1224: disable the remaining non-modern cipher suites as of FF52 * [NOTE] commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); From e66fbf13357375b31fa0c2472f685846a7a7839a Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 03:56:05 +1300 Subject: [PATCH 0065/1961] #44 [SETTING] tags #44 --- user.js | 79 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/user.js b/user.js index 262246a..2447045 100644 --- a/user.js +++ b/user.js @@ -35,9 +35,7 @@ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0001: Start Firefox in PB (Private Browsing) mode - * This setting is under Options>Privacy>History>Always use private browsing mode - * You will see this option if you "Use custom settings for history" - * These "custom settings for history" are covered throughout this user.js + * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode * https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); @@ -57,7 +55,7 @@ user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) * home = browser.startup.homepage preference. - * These settings are under Options>General>Startup ***/ + * [SETTING] Options>General>Startup>When Firefox starts ***/ // user_pref("browser.startup.page", 0); /*** 0200: GEOLOCATION ***/ @@ -95,9 +93,10 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) monetized extensions, time constraints, legacy issues, and fear of breakage/bugs ***/ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable browser auto update - * This setting is under Options>Advanced>Update>Never check for updates ***/ + * [SETTING] Options>Advanced>Update>Never check for updates ***/ user_pref("app.update.enabled", false); -/* 0301b: Options>Advanced>Update>Use a background service to install updates ***/ +/* 0301b: disable background update service + * [SETTING] Options>Advanced>Update>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); /* 0301c: ensure update information is not suppressed ***/ user_pref("app.update.silent", false); @@ -105,7 +104,8 @@ user_pref("app.update.silent", false); user_pref("app.update.staging.enabled", false); /* 0302: disable browser auto installing update when you do a manual check ***/ user_pref("app.update.auto", false); -/* 0303: disable search update (Options>Advanced>Update>Automatically update: search engines) ***/ +/* 0303: disable search update + * [SETTING] Options>Advanced>Update>Automatically update: search engines ***/ user_pref("browser.search.update", false); /* 0304: disable add-ons auto checking for new versions ***/ user_pref("extensions.update.enabled", false); @@ -248,16 +248,16 @@ user_pref("services.blocklist.gfx.collection", ""); // if gfx hw acceleration is * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f * #Required reading: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ * https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410a: disable "Block dangerous and deceptive content" [under Options>Security] +/* 0410a: disable "Block dangerous and deceptive content" (under Options>Security) * Until FF48 this was titled "Block reported web forgeries" * It covers deceptive sites such as phishing and social engineering ***/ user_pref("browser.safebrowsing.malware.enabled", false); user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -/* 0410b: disable "Block dangerous downloads" [under Options>Security] +/* 0410b: disable "Block dangerous downloads" (under Options>Security) * Until FF48 this was titled "Block reported attack sites" * It covers malware and PUPs (potentially unwanted programs) ***/ user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0410b: disable "Warn me about unwanted and uncommon software" [under Options>Security] (FF48+) ***/ +/* 0410b: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) @@ -368,7 +368,7 @@ user_pref("browser.urlbar.autoFill.typed", false); /* 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ user_pref("browser.urlbar.autocomplete.enabled", false); /* 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) - * These settings are under Options>Privacy>Location Bar. If you wish to enable any of these suggestions, + * [SETTING] Options>Privacy>Location Bar. If you wish to enable any of these suggestions, * then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default ***/ user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); @@ -388,22 +388,20 @@ user_pref("layout.css.visited_links_enabled", false); /* 0811: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); /* 0812: disable search and form history - * Under Options>Privacy> if you set Firefox to "use custom settings" there will be a - * setting called "Remember search and form history". - * You can clear formdata on exiting Firefox (see 2803) ***/ + * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history + * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.enable", false); /* 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc) * For convenience & functionality, this is best left at default true. * You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.saveHttpsForms", false); /* 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+) - * Setting: Options>Privacy>Location Bar>Related searches from the default search engine ***/ + * [SETTING] Options>Search>Provide search suggestions ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); /* 0816: disable browsing and download history - * Under Options>Privacy> if you set Firefox to "use custom settings" there will be a - * setting called "Remember my browsing and download history" - * You can clear history and downloads on exiting Firefox (see 2803) ***/ + * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history + * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); /* 0817: disable Jumplist (Windows7+) ***/ user_pref("browser.taskbar.lists.enabled", false); @@ -419,7 +417,7 @@ user_pref("browser.urlbar.oneOffSearches", false); /*** 0900: PASSWORDS ***/ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * This setting is under Options>Security>Logins>Remember logins for sites + * [SETTING] Options>Security>Logins>Remember logins for sites * [NOTE] this does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) @@ -471,7 +469,7 @@ user_pref("browser.cache.disk_cache_ssl", false); user_pref("browser.cache.offline.enable", false); /* 1005: disable storing extra session data * extra session data contains contents of forms, scrollbar positions, cookies and POST data - * options: 0=all 1=http-only 2=none ***/ + * 0=all 1=http-only 2=none ***/ user_pref("browser.sessionstore.privacy_level", 2); /* 1006: disable pages being stored in memory. This is not the same as memory cache. * Visited pages are stored in memory in such a way that they don't have to be @@ -621,9 +619,9 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) - * This setting is under Options>Content>Font & Colors>Advanced>Allow pages to choose... - * If you disallow fonts, this drastically limits/reduces font enumeration (by JS) which - * is a high entropy fingerprinting vector. + * If you disallow fonts, this drastically limits/reduces font + * enumeration (by JS) which is a high entropy fingerprinting vector. + * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: allow icon fonts (glyphs) (FF41+) ***/ @@ -632,8 +630,9 @@ user_pref("gfx.downloadable_fonts.enabled", true); * https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1404: use more legible default fonts + * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-Serif|Monospace * [SETUP] These are optional, comment out if you do not require them - * Been using this for over a year, it really grows on you ***/ + * [NOTE] Been using this for well over a year, it really grows on you ***/ user_pref("font.name.serif.x-unicode", "Georgia"); user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman user_pref("font.name.sans-serif.x-unicode", "Arial"); @@ -697,7 +696,7 @@ user_pref("network.http.referer.spoofSource", false); * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ // user_pref("network.http.referer.userControlPolicy", 3); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) - * This setting is under Options>Privacy>Tracking>Request that sites not track you + * [SETTING] Options>Privacy>Tracking>Request that sites not track you * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); @@ -953,7 +952,8 @@ user_pref("dom.archivereader.enabled", false); * https://support.mozilla.org/en-US/questions/1098540 * https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2450b: Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ +/* 2450b: display a notification when websites offer data for offline use + * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); /* 2450c: change size of warning quota for offline cache (default 51200) * Offline cache is only used in rare cases to store data locally. FF will store small amounts @@ -997,7 +997,7 @@ user_pref("dom.keyboardevent.code.enabled", false); user_pref("dom.beforeAfterKeyboardEvent.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); /* 2508: reduce graphics fingerprinting (the loss of hardware acceleration is negligible) - * This setting is under Options>Advanced>General>Use hardware acceleration when available + * [SETTING] Options>Advanced>General>Use hardware acceleration when available * [NOTE] changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ @@ -1056,13 +1056,13 @@ user_pref("network.http.spdy.enabled.deps", false); /* 2615: disable http2 for now as well ***/ user_pref("network.http.spdy.enabled.http2", false); /* 2617: enable pdf.js as an option to preview PDFs within Firefox - EXPLOIT risk - * This setting is under Options>Applications>Portable Document Format (PDF) * Enabling this (set to true) will change your option most likely to "Ask" or "Open with * some external pdf reader". This does NOT necessarily prevent pdf.js being used via * other means, it only removes the option. We recommend this is left at default (false). * 1. It won't stop JS bypassing it. 2. Depending on external pdf viewers there is just as * much risk or more (acrobat). 3. Mozilla are very quick to patch these sorts of exploits, * they treat them as severe/critical and 4. for convenience + * [SETTING] Options>Applications>Portable Document Format (PDF) * [SETUP] By all means, use an external app you consider MORE secure ***/ user_pref("pdfjs.disabled", false); /* 2618: when using SOCKS have the proxy server do the DNS lookup - DNS leak issue @@ -1155,7 +1155,7 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 2667: disable various developer tools in browser context - * Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes + * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories @@ -1264,10 +1264,9 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] - * If you use custom settings for History in Options, this is the setting under - * Options>Privacy>HistoryAccept cookies from sites - * you can set exceptions under site permissions or use an extension (eg Cookie Controller) - * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie ***/ + * You can set exceptions under site permissions or use an extension (eg Cookie Controller) + * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie + * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ user_pref("network.cookie.cookieBehavior", 2); /* 2702: ensure that third-party cookies (if enabled, see above pref) are session-only * https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ @@ -1275,8 +1274,7 @@ user_pref("network.cookie.cookieBehavior", 2); user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - * If you use custom settings for History in Options, this is the setting under - * Options>Privacy>Accept cookies from sites>Keep until ***/ + * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); @@ -1304,10 +1302,10 @@ user_pref("network.cookie.leave-secure-alone", true); /*** 2800: SHUTDOWN [SETUP] ***/ user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable FF to clear stuff on close - * This setting is under Options>Privacy>Clear history when Firefox closes ***/ + * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: what to clear on shutdown - * These settings are under Options>Privacy>Clear history when Firefox closes>Settings ***/ + * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings ***/ user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", false); user_pref("privacy.clearOnShutdown.downloads", true); @@ -1331,7 +1329,7 @@ user_pref("privacy.cpd.siteSettings", false); /* 2804a: include all open windows/tabs when you run clear recent history ***/ // user_pref("privacy.cpd.openWindows", true); /* 2805: reset default 'Time range to clear' for 'clear recent history' (see 2804 above) - * Firefox remembers your last choice. This will reset the value when you start FF. + * Firefox remembers your last choice. This will reset the value when you start Firefox. * 0=everything 1=last hour, 2=last 2 hours, 3=last 4 hours, 4=today ***/ user_pref("privacy.sanitize.timeSpan", 0); @@ -1355,7 +1353,7 @@ user_pref("browser.backspace_action", 2); /* 3005: disable autocopy default (we like autocopy 2 & copy plain text 2) ***/ user_pref("clipboard.autocopy", false); /* 3007: open new windows in a new tab instead - * This setting is under Options>General>Tabs + * [SETTING] Options>General>Tabs>Open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window ***/ user_pref("browser.link.open_newwindow", 3); /* 3009: turn on APZ (Async Pan/Zoom) - requires e10s @@ -1392,7 +1390,8 @@ user_pref("browser.tabs.insertRelatedAfterCurrent", true); * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. * [NOTE] requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); -/* 3021c: Options>General>When I open a link in a new tab, switch to it immediately ***/ +/* 3021c: switch immediately to the new tab when opened by a link + * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ user_pref("browser.tabs.loadInBackground", true); /* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" * or from an external program), but that have instead been loaded in a new tab. From 1ca7ef1442229392de4d54dc1eca2f901de4a10f Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 04:04:35 +1300 Subject: [PATCH 0066/1961] minor edits --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 2447045..2858880 100644 --- a/user.js +++ b/user.js @@ -105,7 +105,7 @@ user_pref("app.update.staging.enabled", false); /* 0302: disable browser auto installing update when you do a manual check ***/ user_pref("app.update.auto", false); /* 0303: disable search update - * [SETTING] Options>Advanced>Update>Automatically update: search engines ***/ + * [SETTING] Options>Advanced>Update>Automatically update: search engines ***/ user_pref("browser.search.update", false); /* 0304: disable add-ons auto checking for new versions ***/ user_pref("extensions.update.enabled", false); @@ -257,7 +257,7 @@ user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) * Until FF48 this was titled "Block reported attack sites" * It covers malware and PUPs (potentially unwanted programs) ***/ user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0410b: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ +/* 0410b: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) @@ -630,7 +630,7 @@ user_pref("gfx.downloadable_fonts.enabled", true); * https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1404: use more legible default fonts - * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-Serif|Monospace + * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [SETUP] These are optional, comment out if you do not require them * [NOTE] Been using this for well over a year, it really grows on you ***/ user_pref("font.name.serif.x-unicode", "Georgia"); @@ -1353,8 +1353,8 @@ user_pref("browser.backspace_action", 2); /* 3005: disable autocopy default (we like autocopy 2 & copy plain text 2) ***/ user_pref("clipboard.autocopy", false); /* 3007: open new windows in a new tab instead - * [SETTING] Options>General>Tabs>Open new windows in a new tab instead - * 1=current window, 2=new window, 3=most recent window ***/ + * 1=current window, 2=new window, 3=most recent window + * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); /* 3009: turn on APZ (Async Pan/Zoom) - requires e10s * http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ From e18a85adb8de383304b1a16b98a2d502931cf3a2 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 04:43:13 +1300 Subject: [PATCH 0067/1961] 1600 header edits --- user.js | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 2858880..6a13466 100644 --- a/user.js +++ b/user.js @@ -661,11 +661,19 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /*** 1600: HEADERS / REFERERS [SETUP] Except for DNT (Do Not Track), referers are best controlled by an extension. - We highly recommend that you block all referers, and then whitelist sites on a - granular, per domain level. That said, it is still important to set defaults. - full URI: https://example.com:8888/foo/bar.html?id=1234 - scheme+host+path+port: https://example.com:8888/foo/bar.html - scheme+host+port: https://example.com:8888 + It is important to realize that it is *cross domain* referers that need + controlling, and this is best handled by EITHER 1603 or 1604, not both. + + Option 1: Recommended: Use an extension to block all referers, and then whitelist + sites on a granular, per domain level. + Option 2: As per the settings below: Set XOriginPolicy (1603) to 1 (less breakage) + or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 + Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 + + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+path+port: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 + #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); From 5f8b3b52e0e1e6e3ca31d5818e767eb485a4c0b6 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 06:15:43 +1300 Subject: [PATCH 0068/1961] earthlng tiny nits --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6a13466..e6c94d2 100644 --- a/user.js +++ b/user.js @@ -666,7 +666,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); Option 1: Recommended: Use an extension to block all referers, and then whitelist sites on a granular, per domain level. - Option 2: As per the settings below: Set XOriginPolicy (1603) to 1 (less breakage) + Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage) or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 From 3ddbd01811672674432a0ba8b954044ca27207f2 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 07:24:41 +1300 Subject: [PATCH 0069/1961] 3021c description fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e6c94d2..b0f44eb 100644 --- a/user.js +++ b/user.js @@ -1398,7 +1398,7 @@ user_pref("browser.tabs.insertRelatedAfterCurrent", true); * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. * [NOTE] requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); -/* 3021c: switch immediately to the new tab when opened by a link +/* 3021c: stay on the parent tab when opening links in a new tab * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ user_pref("browser.tabs.loadInBackground", true); /* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" From de21ffd178b3d9106de55de0216b4455e4b73ffb Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 08:08:12 +1300 Subject: [PATCH 0070/1961] security.csp.experimentalEnabled --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index b0f44eb..4ae61ab 100644 --- a/user.js +++ b/user.js @@ -1195,6 +1195,10 @@ user_pref("network.IDN_show_punycode", true); /* 2673: enforce CSP (Content Security Policy) (default is true) * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); +/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=855326 + * https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ +user_pref("security.csp.experimentalEnabled", true); /*** 2697: USER AGENT (UA) SPOOFING Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage From 08b0a7cc9235a57589db8f9ed67b8acd5a9902f3 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 08:19:43 +1300 Subject: [PATCH 0071/1961] see earthlng --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 4ae61ab..7929c42 100644 --- a/user.js +++ b/user.js @@ -735,14 +735,6 @@ user_pref("plugin.scan.plid.all", false); user_pref("plugin.scan.Acrobat", "99999"); user_pref("plugin.scan.Quicktime", "99999"); user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -/* 1807: disable auto-play of HTML5 media - * [WARNING] This may break youtube video playback (and probably other sites). If you block - * autoplay but occasionally would like a toggle button, try the following add-on - * https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ -user_pref("media.autoplay.enabled", false); -/* 1808: disable audio auto-play in non-active tabs (FF51+) - * http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ -user_pref("media.block-autoplay-until-in-foreground", true); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP] * https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); @@ -832,6 +824,14 @@ user_pref("dom.imagecapture.enabled", false); /* 2028: disable offscreen canvas * https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); +/* 2030: disable auto-play of HTML5 media + * [WARNING] This may break youtube video playback (and probably other sites). If you block + * autoplay but occasionally would like a toggle button, try the following add-on + * https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ +user_pref("media.autoplay.enabled", false); +/* 2031: disable audio auto-play in non-active tabs (FF51+) + * http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ +user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ @@ -1004,7 +1004,7 @@ user_pref("media.video_stats.enabled", false); user_pref("dom.keyboardevent.code.enabled", false); user_pref("dom.beforeAfterKeyboardEvent.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); -/* 2508: reduce graphics fingerprinting (the loss of hardware acceleration is negligible) +/* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>Advanced>General>Use hardware acceleration when available * [NOTE] changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance From e10fe65024e3fdebd38c60bf6017f385316b33ad Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 18:45:23 +1300 Subject: [PATCH 0072/1961] [TEST] tags --- user.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 7929c42..28dfde7 100644 --- a/user.js +++ b/user.js @@ -283,7 +283,7 @@ user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) /* 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which * when clicked bypasses the block for that session. This is a means for admins to enforce SB * https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 - * test: see github wiki APPENDIX C: Test Sites: Section 5 ***/ + * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 ***/ // user_pref("browser.safebrowsing.allowOverride", true); /* 0420: disable Tracking Protection (TP) * There SHOULD be NO privacy concerns here, but we strongly recommend to use uBlock Origin instead, @@ -609,7 +609,7 @@ user_pref("network.stricttransportsecurity.preloadlist", true); user_pref("browser.ssl_override_behavior", 1); /* 1223: display advanced information on Insecure Connection warning pages (thanks crssi) * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) - * test: https://expired.badssl.com/ ***/ + * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); /* 1224: disable the remaining non-modern cipher suites as of FF52 * [NOTE] commented out because it still breaks too many sites ***/ @@ -855,11 +855,11 @@ user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_status_change", true); user_pref("dom.allow_scripts_to_close_windows", false); /* 2204: disable links opening in a new window - * https://trac.torproject.org/projects/tor/ticket/9881 - * test url: https://people.torproject.org/~gk/misc/entire_desktop.html - * You can still right click a link and select open in a new window * This is to stop malicious window sizes and screen res leaks etc in conjunction - * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false ***/ + * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false + * [NOTE] You can still right click a link and select open in a new window + * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html + * https://trac.torproject.org/projects/tor/ticket/9881 ***/ // user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. @@ -1150,8 +1150,8 @@ user_pref("browser.tabs.remote.separateFileUriProcess", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ user_pref("browser.download.forbid_open_with", true); /* 2663: disable MathML (Mathematical Markup Language) (FF51+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 - * test: http://browserspy.dk/mathml.php ***/ + * [TEST] http://browserspy.dk/mathml.php + * https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ user_pref("mathml.disabled", true); /* 2664: disable DeviceStorage API * https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ @@ -1265,7 +1265,7 @@ user_pref("security.csp.experimentalEnabled", true); * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test * your window size, do some math, resize to allow for all the non inner window elements - * test: http://browserspy.dk/screen.php + * [TEST] http://browserspy.dk/screen.php * Common resolutions: http://www.rapidtables.com/web/dev/screen-resolution-statistics.htm ***/ /* 2699b: spoof screen orientation * https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ @@ -1470,8 +1470,8 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 1803: (43+) remove plugin finder service * http://kb.mozillazine.org/Pfs.datasource.url ***/ // user_pref("pfs.datasource.url", ""); -/* 2403: (43+) disable scripts changing images - test link below - * http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 +/* 2403: (43+) disable scripts changing images + * [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 * [WARNING] will break some sites such as Google Maps and a lot of web apps ***/ // user_pref("dom.disable_image_src_set", true); /* 2615: (43+) disable http2 for now as well ***/ From 1eca16f9b49cd4264ce95e5e9f105913554c9227 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 10 Mar 2017 21:21:11 +1300 Subject: [PATCH 0073/1961] Set theme jekyll-theme-midnight --- _config.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 _config.yml diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..1885487 --- /dev/null +++ b/_config.yml @@ -0,0 +1 @@ +theme: jekyll-theme-midnight \ No newline at end of file From 49df4579540f1b13863e2fde2acf0709e97064c7 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 10 Mar 2017 22:47:22 +1300 Subject: [PATCH 0074/1961] 2698c description fix --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 28dfde7..8b258f1 100644 --- a/user.js +++ b/user.js @@ -1235,7 +1235,7 @@ user_pref("security.csp.experimentalEnabled", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ /* 2698b: isolate favicons (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ -/* 2698c: isolate OCSP requests (FF52+) +/* 2698c: isolate OCSP cache (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ /* 2698d: isolate Shared Workers (FF52+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ @@ -1249,7 +1249,7 @@ user_pref("security.csp.experimentalEnabled", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ /* 2698i: isolate SPDY/HTTP2 (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2698j: isolate DNS Cache (FF55+?) +/* 2698j: isolate DNS Cache (FF55+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); From eb0694e8bca2ef0b188a6ea516b11b89c35738de Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Fri, 10 Mar 2017 23:38:31 +1300 Subject: [PATCH 0075/1961] 2204 double use fix --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8b258f1..b6e9060 100644 --- a/user.js +++ b/user.js @@ -861,7 +861,7 @@ user_pref("dom.allow_scripts_to_close_windows", false); * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * https://trac.torproject.org/projects/tor/ticket/9881 ***/ // user_pref("browser.link.open_newwindow.restriction", 0); -/* 2204: disable "Confirm you want to leave" dialog on page close +/* 2205: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. * https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload * https://support.mozilla.org/en-US/questions/1043508 ***/ From 369678e02b2cbdd75ab907014de996ab89d77771 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sat, 11 Mar 2017 07:02:19 +1300 Subject: [PATCH 0076/1961] 3025 removed see #42 --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index b6e9060..82610a2 100644 --- a/user.js +++ b/user.js @@ -1418,10 +1418,6 @@ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" * http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); -/* 3025: disable search reset (about:searchreset) (FF51+) - * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/ -user_pref("browser.search.reset.enabled", false); -user_pref("browser.search.reset.whitelist", ""); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From f01f99f7d1bd2d0c774b390b5031bbfd207f1737 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sat, 11 Mar 2017 21:13:18 +1300 Subject: [PATCH 0077/1961] clipboard.autocopy->linux --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 82610a2..e8aa5e7 100644 --- a/user.js +++ b/user.js @@ -1249,7 +1249,7 @@ user_pref("security.csp.experimentalEnabled", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ /* 2698i: isolate SPDY/HTTP2 (FF55+?) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2698j: isolate DNS Cache (FF55+) +/* 2698j: isolate DNS cache (FF55+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); @@ -1362,8 +1362,8 @@ user_pref("browser.tabs.warnOnOpen", false); user_pref("browser.tabs.closeWindowWithLastTab", false); /* 3004: disable backspace (0 = previous page, 1 = scroll up, 2 = do nothing) ***/ user_pref("browser.backspace_action", 2); -/* 3005: disable autocopy default (we like autocopy 2 & copy plain text 2) ***/ -user_pref("clipboard.autocopy", false); +/* 3005: disable autocopy default (linux) ***/ + // user_pref("clipboard.autocopy", false); /* 3007: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ From 616ce65772fc0eac54e69d1463880db494533aec Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 12 Mar 2017 04:52:33 +1300 Subject: [PATCH 0078/1961] 2204->active --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e8aa5e7..6c97009 100644 --- a/user.js +++ b/user.js @@ -860,7 +860,7 @@ user_pref("dom.allow_scripts_to_close_windows", false); * [NOTE] You can still right click a link and select open in a new window * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * https://trac.torproject.org/projects/tor/ticket/9881 ***/ - // user_pref("browser.link.open_newwindow.restriction", 0); +user_pref("browser.link.open_newwindow.restriction", 0); /* 2205: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. * https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload From 0a58b3e91c70f24d641fea272872bc485d2820c6 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 12 Mar 2017 05:58:14 +1300 Subject: [PATCH 0079/1961] 2800 revamp --- user.js | 59 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index 6c97009..e93926a 100644 --- a/user.js +++ b/user.js @@ -1311,38 +1311,53 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); -/*** 2800: SHUTDOWN [SETUP] ***/ +/*** 2800: SHUTDOWN [SETUP] + You should set the values to what suits you best. Be aware that the settings below clear + browsing, download and form history, but not cookies (we expect you to use an extension). + [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the + firefox interface as "Browsing & Download History" and their values will be synced + ***/ user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/* 2802: enable FF to clear stuff on close +/* 2802: enable Firefox to clear history items on shutdown * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: what to clear on shutdown - * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings ***/ +/* 2803: set what history items to clear on shutdown + * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings + * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value + * but if 'history' is false, downloads can still be cleared independently + * However, this may not always be the case. The interface combines and syncs these + * prefs when set from there, and the sanitize code may change at any time ***/ user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", false); -user_pref("privacy.clearOnShutdown.downloads", true); +user_pref("privacy.clearOnShutdown.downloads", true); // see note above user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History -user_pref("privacy.clearOnShutdown.history", true); -user_pref("privacy.clearOnShutdown.offlineApps", true); +user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History +user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", false); // Active Logins -user_pref("privacy.clearOnShutdown.siteSettings", false); -/* 2803a: include all open windows/tabs when you shutdown ***/ - // user_pref("privacy.clearOnShutdown.openWindows", true); -/* 2804: (to match above) - auto selection of items to delete with Ctrl-Shift-Del ***/ +user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences +/* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) + * This dialog can also be accessed from the menu History>Clear Recent History + * [NOTE] regardless of what you set privacy.cpd.downloads to, as soon as the dialog + * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ user_pref("privacy.cpd.cache", true); user_pref("privacy.cpd.cookies", false); -user_pref("privacy.cpd.downloads", true); -user_pref("privacy.cpd.formdata", true); -user_pref("privacy.cpd.history", true); -user_pref("privacy.cpd.offlineApps", true); -user_pref("privacy.cpd.passwords", false); -user_pref("privacy.cpd.sessions", false); -user_pref("privacy.cpd.siteSettings", false); -/* 2804a: include all open windows/tabs when you run clear recent history ***/ - // user_pref("privacy.cpd.openWindows", true); -/* 2805: reset default 'Time range to clear' for 'clear recent history' (see 2804 above) + // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.cpd.formdata", true); // Form & Search History +user_pref("privacy.cpd.history", true); // Browsing & Download History +user_pref("privacy.cpd.offlineApps", true); // Offline Website Data +user_pref("privacy.cpd.passwords", false); // this is not listed +user_pref("privacy.cpd.sessions", false); // Active Logins +user_pref("privacy.cpd.siteSettings", false); // Site Preferences +/* 2805: privacy.*.openWindows (FF34+) + * We don't know what they do and we don't care what they do ***/ +user_pref("privacy.clearOnShutdown.openWindows", false); +user_pref("privacy.cpd.openWindows", false); +/* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) * Firefox remembers your last choice. This will reset the value when you start Firefox. - * 0=everything 1=last hour, 2=last 2 hours, 3=last 4 hours, 4=today ***/ + * 0=everything, 1=last hour, 2=last two hours, 3=last four hours + * 4=today, 5=last five minutes, 6=last twenty-four hours + * [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a + * blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); /*** 3000: PERSONAL SETTINGS [SETUP] From 5d427e2a1588ce6d0389132b4bfbfde9b40795da Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 11 Mar 2017 18:19:34 +0100 Subject: [PATCH 0080/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e93926a..5d8da63 100644 --- a/user.js +++ b/user.js @@ -1349,7 +1349,7 @@ user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", false); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: privacy.*.openWindows (FF34+) - * We don't know what they do and we don't care what they do ***/ + * We don't know what they do because we don't care what they do ***/ user_pref("privacy.clearOnShutdown.openWindows", false); user_pref("privacy.cpd.openWindows", false); /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) From 76bd6c9399217db8717c49089e6e3f9d9b7df360 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 12 Mar 2017 12:42:17 +1300 Subject: [PATCH 0081/1961] release policy update "releases" which is the github term, is purposed for archiving legacy versions of the user.js. This is done *near* the end of each version's stable cycle (a week?), for the reasons given in the user.js. As soon as a "release" is done, the "live" version is incremented to the upcoming stable, and changes are started based on the diffs provided by earthlng. --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5d8da63..836bcd4 100644 --- a/user.js +++ b/user.js @@ -1,10 +1,12 @@ /****** * name: ghacks user.js -* date: 18 Feb 2017 +* date: 11 March 2017 * version 52: Daypants Believer * "Cheer up, Sleepy JEANS. Oh, what can it mean." -* note: date, version, and code names only change for a github release, which will be shortly after - each major Firefox stable release: https://github.com/ghacksuserjs/ghacks-user.js/releases +* note: date, version, and code names will change after each version is archived as + a release. Releases will be done at the end-of-life for each stable, making + the legacy archived versions as up-to-date, tested and vetted as can be. + https://github.com/ghacksuserjs/ghacks-user.js/releases * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 668c307ffb4f5555b318cab38a07301d8bf4d0e2 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 12 Mar 2017 16:10:41 +1300 Subject: [PATCH 0082/1961] release info edit --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 836bcd4..9627cff 100644 --- a/user.js +++ b/user.js @@ -3,13 +3,14 @@ * date: 11 March 2017 * version 52: Daypants Believer * "Cheer up, Sleepy JEANS. Oh, what can it mean." -* note: date, version, and code names will change after each version is archived as - a release. Releases will be done at the end-of-life for each stable, making - the legacy archived versions as up-to-date, tested and vetted as can be. - https://github.com/ghacksuserjs/ghacks-user.js/releases * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js +* releases: These are end-of-stable-life-cycle legacy archives. They are not "releases" + in the sense that they are done to coincide with when Firefox versions land. + *Always* use the master branch user.js for a current up-to-date version. + url: https://github.com/ghacksuserjs/ghacks-user.js/releases + * README: 1. READ the full README at github From 2c4b7761ee95c2b0fad2ec7e578b08cc82fc0971 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 12 Mar 2017 15:53:59 +0100 Subject: [PATCH 0083/1961] ui.submenuDelay both @atomGit and myself are using 150 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9627cff..832d963 100644 --- a/user.js +++ b/user.js @@ -1407,7 +1407,7 @@ user_pref("browser.tabs.animate", false); user_pref("browser.fullscreen.animate", false); /* 3017: submenu in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ -user_pref("ui.submenuDelay", 75); // (hidden pref) +user_pref("ui.submenuDelay", 150); // (hidden pref) /* 3018: maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); /* 3020: FYI: urlbar click behaviour (with defaults) ***/ From 4e455ba392986c0c82cd05ba8c89b6d1ecfc6860 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 12 Mar 2017 16:11:42 +0100 Subject: [PATCH 0084/1961] security.dialog_enable_delay set to 700ms for a slight speedup and to match @atomGit's user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9627cff..c28f47c 100644 --- a/user.js +++ b/user.js @@ -1105,7 +1105,7 @@ user_pref("middlemouse.contentLoadURL", false); * default=1000, This also covers the delay in "Save" on downloading files. * http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 1000); +user_pref("security.dialog_enable_delay", 700); /* 2623: ensure Strict File Origin Policy on local files * The default is true. Included for completeness * http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ From 37505e3461de28b053381340ac5e22312b3f8bee Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 14 Mar 2017 02:50:47 +1300 Subject: [PATCH 0085/1961] 0800 revamp --- user.js | 93 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 41 deletions(-) diff --git a/user.js b/user.js index 9627cff..bc10b06 100644 --- a/user.js +++ b/user.js @@ -328,8 +328,6 @@ user_pref("network.predictor.enabled", false); * https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) -/* 0604: disable search suggestions ***/ -user_pref("browser.search.suggest.enabled", false); /* 0605: disable link-mouseover opening connection to linked server * http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ @@ -345,9 +343,14 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); -/*** 0800: LOCATION BAR / SEARCH / AUTO SUGGESTIONS / HISTORY / FORMS etc - Not ALL of these are strictly needed, some are for the truly paranoid, but - included for a more comprehensive list (see comments on each one) ***/ +/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS / DOWNLOADS [SETUP] + If you are in a private environment (no unwanted eyeballs) and your device is private + (restricted access), and the device is secure when unattended (locked, encrypted, forensic + hardened), then items 0850 and above can be relaxed in return for more convenience and + functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. + [NOTE] The urlbar is also commonly referred to as the location bar and address bar + #Required reading: https://xkcd.com/538/ + ***/ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY * don't leak typos to a search engine, give an error message instead ***/ @@ -360,62 +363,70 @@ user_pref("keyword.enabled", false); * intend to), can leak sensitive data (eg query strings: eg Princeton attack), * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); -/* 0803: disable locationbar dropdown - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ -user_pref("browser.urlbar.maxRichResults", 0); -/* 0804: display all parts of the url - helps SECURITY ***/ +/* 0803: display all parts of the url in the location bar - helps SECURITY ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0805: disable urlbar autofill - PRIVACY (shoulder surfers, forensics/unattended browser) - * http://kb.mozillazine.org/Inline_autocomplete ***/ -user_pref("browser.urlbar.autoFill", false); -user_pref("browser.urlbar.autoFill.typed", false); -/* 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ -user_pref("browser.urlbar.autocomplete.enabled", false); -/* 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) - * [SETTING] Options>Privacy>Location Bar. If you wish to enable any of these suggestions, - * then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default ***/ -user_pref("browser.urlbar.suggest.history", false); -user_pref("browser.urlbar.suggest.bookmark", false); -user_pref("browser.urlbar.suggest.openpage", false); -/* 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY +/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY * This is a PER TAB session history. You still have a full history stored under all history * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - * use it as a means of referral (eg hotlinking), 4 or 6 may be more practical ***/ -user_pref("browser.sessionhistory.max_entries", 4); -/* 0810: disable CSS querying page history - CSS history leak - PRIVACY - * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in - * 'certain circumstances', also see latest comments in the bug link + * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ +user_pref("browser.sessionhistory.max_entries", 10); +/* 0805: disable CSS querying page history - CSS history leak - PRIVACY + * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's + * only in 'certain circumstances', also see latest comments in the bug link + * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * https://dbaron.org/mozilla/visited-privacy * https://bugzilla.mozilla.org/show_bug.cgi?id=147777 * https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); -/* 0811: disable displaying javascript in history URLs - SECURITY ***/ +/* 0806: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); -/* 0812: disable search and form history +/* 0807: disable search bar LIVE search suggestions - PRIVACY + * [SETTING] Options>Search>Provide search suggestions ***/ +user_pref("browser.search.suggest.enabled", false); +/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY + * Also disable the location bar prompt to enable/disable or learn more about it. + * [SETTING] Options>Search>Show search suggestions in location bar results ***/ +user_pref("browser.urlbar.suggest.searches", false); +user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) +/* 0850a: disable location bar autocomplete ***/ +user_pref("browser.urlbar.autocomplete.enabled", false); +/* 0850b: disable location bar dropdown + * This controls the maximum number of entries that can appear in the location bar dropdown. + * Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/ +user_pref("browser.urlbar.maxRichResults", 0); +/* 0850c: disable location bar suggestion types + * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest + * [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/ +user_pref("browser.urlbar.suggest.history", false); +user_pref("browser.urlbar.suggest.bookmark", false); +user_pref("browser.urlbar.suggest.openpage", false); +/* 0850d: disable location bar autofill + * http://kb.mozillazine.org/Inline_autocomplete ***/ +user_pref("browser.urlbar.autoFill", false); +user_pref("browser.urlbar.autoFill.typed", false); +/* 0850e: disable location bar one-off searches (FF51+) + * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ +user_pref("browser.urlbar.oneOffSearches", false); +/* 0860: disable search and form history * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.enable", false); -/* 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc) - * For convenience & functionality, this is best left at default true. - * You can clear formdata on exiting Firefox (see 2803) ***/ +/* 0861: disable saving form history on secure websites + * For convenience & functionality, this is best left at default true, + * especially as the web moves more and more to encrypted services + * You can clear form history on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.saveHttpsForms", false); -/* 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+) - * [SETTING] Options>Search>Provide search suggestions ***/ -user_pref("browser.urlbar.suggest.searches", false); -user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); -/* 0816: disable browsing and download history +/* 0862: disable browsing and download history * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); -/* 0817: disable Jumplist (Windows7+) ***/ +/* 0870: disable Windows jumplist ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); user_pref("browser.taskbar.lists.recent.enabled", false); user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 0818: disable taskbar preview ***/ +/* 0871: disable Windows taskbar preview ***/ user_pref("browser.taskbar.previews.enable", false); -/* 0819: disable one-off searches from the addressbar (FF51+) - * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ -user_pref("browser.urlbar.oneOffSearches", false); /*** 0900: PASSWORDS ***/ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); From b4e0b2ad86ad38322e91f5696df37d222a9433ed Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 14 Mar 2017 06:15:41 +1300 Subject: [PATCH 0086/1961] tiny edit.. nothing to see --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bc10b06..0b0b4ea 100644 --- a/user.js +++ b/user.js @@ -343,7 +343,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); -/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS / DOWNLOADS [SETUP] +/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private (restricted access), and the device is secure when unattended (locked, encrypted, forensic hardened), then items 0850 and above can be relaxed in return for more convenience and From 8f59879992ed6671629a775b9378e75aa9d1e30d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Mar 2017 04:30:02 +1300 Subject: [PATCH 0087/1961] 2698i-> resolved --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0b0b4ea..9a7b2c2 100644 --- a/user.js +++ b/user.js @@ -1261,7 +1261,7 @@ user_pref("security.csp.experimentalEnabled", true); * https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ /* 2698h: isolate HTTP Alternative Services (FF54+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ -/* 2698i: isolate SPDY/HTTP2 (FF55+?) +/* 2698i: isolate SPDY/HTTP2 (FF55+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ /* 2698j: isolate DNS cache (FF55+) * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ From d7bd0521c5c29aa264fad29d3cfe6ee77e96fd02 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Mar 2017 13:48:27 +1300 Subject: [PATCH 0088/1961] 3023->description --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9a7b2c2..fe76d0e 100644 --- a/user.js +++ b/user.js @@ -1441,7 +1441,8 @@ user_pref("browser.tabs.loadInBackground", true); user_pref("browser.tabs.loadDivertedInBackground", false); /* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); -/* 3023: disable automigrate, current default is false but may change (FF49+) +/* 3023: disable automigrate (FF49+) + * default is false in FF49+ and true in FF53+ * need more info, but lock down for now ***/ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" From 0605bd0d4ea824cad00b75b4f8509c97323cefdd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Mar 2017 14:38:56 +1300 Subject: [PATCH 0089/1961] 2201 add [SETUP] tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5b482cc..4e9fd29 100644 --- a/user.js +++ b/user.js @@ -850,7 +850,7 @@ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: disable website control over right click context menu +/* 2201: disable website control over right click context menu [SETUP] * [WARNING] This will break sites' functionality such as Dropbox ***/ user_pref("dom.event.contextmenu.enabled", false); /* 2202: UI SPOOFING: disable scripts hiding or disabling the following on new windows ***/ From dc728f2cd03e65f56c418252a15821f132e7fb1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Mar 2017 02:39:06 +1300 Subject: [PATCH 0090/1961] 2402->description edit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4e9fd29..f6f0a68 100644 --- a/user.js +++ b/user.js @@ -913,7 +913,7 @@ user_pref("dom.webnotifications.serviceworker.enabled", false); user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content * http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ - * [WARNING] This will break some sites functionality such as pasting into facebook + * [WARNING] This will break some sites functionality such as pasting into Facebook, WordPress * this applies to onCut, onCopy, onPaste events - i.e you have to interact with * the website for it to look at the clipboard ***/ user_pref("dom.event.clipboardevents.enabled", false); From e6e1447d9c8ab9265a7dc7b0c4fb3e40824c5c40 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Mar 2017 04:22:45 +1300 Subject: [PATCH 0091/1961] #44 [1], [2] tags numbered references, also made sure references were the last lines prior to the user_pref( --- user.js | 484 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 242 insertions(+), 242 deletions(-) diff --git a/user.js b/user.js index f6f0a68..8ebe85c 100644 --- a/user.js +++ b/user.js @@ -33,13 +33,13 @@ /* START: internal custom pref to test for syntax errors (thanks earthling) * Yes, this next pref setting is redundant, but we like it! - * https://en.wikipedia.org/wiki/Dead_parrot - * https://en.wikipedia.org/wiki/Warrant_canary ***/ + * [1] https://en.wikipedia.org/wiki/Dead_parrot + * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0001: Start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode - * https://wiki.mozilla.org/Private_Browsing ***/ + * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); /*** 0100: STARTUP ***/ @@ -72,7 +72,7 @@ user_pref("geo.wifi.xhr.timeout", 1); user_pref("browser.search.geoip.timeout", 1); /* 0202: disable GeoIP-based search results * [NOTE] may not be hidden if Firefox has changed your settings due to your locale - * https://trac.torproject.org/projects/tor/ticket/16254 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16254 ***/ user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) /* 0203: disable using OS locale, force APP locale ***/ @@ -86,7 +86,7 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); /* 0207: set language to match ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale - * https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /*** 0300: QUIET FOX [PART 1] @@ -127,11 +127,11 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); * featured extensions for displaying in Get Add-ons panel ***/ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); /* 0330a: disable telemetry - * https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html * the pref (.unified) affects the behaviour of the pref (.enabled) * IF unified=false then .enabled controls the telemetry module * IF unified=true then .enabled ONLY controls whether to record extended data - * so make sure to have both set as false ***/ + * so make sure to have both set as false + * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); /* 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry @@ -151,16 +151,16 @@ user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); /* 0334: disable new data submission, master kill switch (FF41+) * If disabled, no policy is shown or upload takes place, ever - * https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0335: remove telemetry clientID ***/ user_pref("toolkit.telemetry.cachedClientID", ""); /* 0336: disable "Heartbeat" (Mozilla user rating telemetry) - * https://trac.torproject.org/projects/tor/ticket/18738 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ user_pref("browser.selfsupport.enabled", false); // (hidden pref) user_pref("browser.selfsupport.url", ""); /* 0340: disable experiments - * https://wiki.mozilla.org/Telemetry/Experiments ***/ + * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ user_pref("experiments.enabled", false); user_pref("experiments.manifest.uri", ""); user_pref("experiments.supported", false); @@ -179,18 +179,18 @@ user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) - * https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service - * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks ***/ + * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks + * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); /* 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure * [NOTE] Important: Remove the pocket icon from your toolbar first - * https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ + * [1] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); user_pref("extensions.pocket.api", ""); user_pref("extensions.pocket.site", ""); user_pref("extensions.pocket.oAuthConsumerKey", ""); /* 0374: disable "social" integration - * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ + * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ user_pref("social.whitelist", ""); user_pref("social.toast-notifications.enabled", false); user_pref("social.shareDirectory", ""); @@ -201,8 +201,8 @@ user_pref("social.enabled", false); // (hidden pref) /* 0375: disable "Reader View" [SETUP] ***/ user_pref("reader.parse-on-load.enabled", false); /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers - * https://wiki.mozilla.org/FlyWeb - * http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ + * [1] https://wiki.mozilla.org/FlyWeb + * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); /* 0380: disable sync [SETUP] ***/ user_pref("services.sync.enabled", false); // (hidden pref) @@ -226,8 +226,8 @@ user_pref("services.sync.enabled", false); // (hidden pref) user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /* 0401: DON'T disable extension blocklist, but sanitize blocklist url * It now includes updates for "revoked certificates" - * https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl - * https://trac.torproject.org/projects/tor/ticket/16931 ***/ + * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl + * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: disable/enable various Kinto blocklist updates (FF50+) @@ -249,8 +249,8 @@ user_pref("services.blocklist.gfx.collection", ""); // if gfx hw acceleration is * also takes measures such as striping out identifying parameters and storing safe browsing * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f - * #Required reading: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - * https://wiki.mozilla.org/Security/Safe_Browsing ***/ + * #Required reading [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + * [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ /* 0410a: disable "Block dangerous and deceptive content" (under Options>Security) * Until FF48 this was titled "Block reported web forgeries" * It covers deceptive sites such as phishing and social engineering ***/ @@ -285,60 +285,60 @@ user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) /* 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which * when clicked bypasses the block for that session. This is a means for admins to enforce SB - * https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 - * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 ***/ + * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", true); /* 0420: disable Tracking Protection (TP) * There SHOULD be NO privacy concerns here, but we strongly recommend to use uBlock Origin instead, * which offers more comprehensive as well as specialized lists. It also allows per domain control. * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing - * https://wiki.mozilla.org/Security/Tracking_protection - * https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ + * [1] https://wiki.mozilla.org/Security/Tracking_protection + * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ user_pref("privacy.trackingprotection.enabled", false); // all windows pref (not just private) user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0430: disable SSL Error Reporting - * https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ + * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); /* 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * If you don't have Flash, then you don't need this enabled * [NOTE] if enabled, you will need to check what prefs (safebrowsing URLs etc) this uses to update - * http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ + * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ user_pref("browser.safebrowsing.blockedURIs.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching - * https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching - * http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - * https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ + * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ + * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) /* 0603a: disable Seer/Necko - * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ + * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ user_pref("network.predictor.enabled", false); /* 0603b: disable more Necko/Captive Portal - * https://en.wikipedia.org/wiki/Captive_portal - * https://wiki.mozilla.org/Necko/CaptivePortal ***/ + * [1] https://en.wikipedia.org/wiki/Captive_portal + * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) /* 0605: disable link-mouseover opening connection to linked server - * http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - * http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ + * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests + * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: disable pings (but enforce same host in case) - * http://kb.mozillazine.org/Browser.send_pings - * http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ + * [1] http://kb.mozillazine.org/Browser.send_pings + * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); /* 0607: stop links launching Windows Store on Windows 8/8.1/10 - * http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ + * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); @@ -349,7 +349,7 @@ user_pref("network.predictor.enable-prefetch", false); hardened), then items 0850 and above can be relaxed in return for more convenience and functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. [NOTE] The urlbar is also commonly referred to as the location bar and address bar - #Required reading: https://xkcd.com/538/ + #Required reading [1] https://xkcd.com/538/ ***/ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY @@ -372,11 +372,11 @@ user_pref("browser.urlbar.trimURLs", false); user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable CSS querying page history - CSS history leak - PRIVACY * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's - * only in 'certain circumstances', also see latest comments in the bug link + * only in 'certain circumstances', also see latest comments in [3] * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) - * https://dbaron.org/mozilla/visited-privacy - * https://bugzilla.mozilla.org/show_bug.cgi?id=147777 - * https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ + * [1] https://dbaron.org/mozilla/visited-privacy + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 + * [3] https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); @@ -401,11 +401,11 @@ user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); /* 0850d: disable location bar autofill - * http://kb.mozillazine.org/Inline_autocomplete ***/ + * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ user_pref("browser.urlbar.autoFill", false); user_pref("browser.urlbar.autoFill.typed", false); /* 0850e: disable location bar one-off searches (FF51+) - * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ + * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history @@ -436,7 +436,7 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. - * https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ + * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Mozilla should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ user_pref("security.ask_for_password", 2); @@ -445,8 +445,8 @@ user_pref("security.ask_for_password", 2); user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields - SECURITY * can leak in cross-site forms AND be spoofed - * http://kb.mozillazine.org/Signon.autofillForms - * password will still be auto-filled after a user name is manually entered ***/ + * [NOTE] password will still be auto-filled after a user name is manually entered + * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ user_pref("signon.autofillForms", false); /* 0906: ignore websites' autocomplete="off" (FF30+) * Don't let sites dictate use of saved logins and passwords. Increase security through @@ -454,7 +454,7 @@ user_pref("signon.autofillForms", false); * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: force warnings for logins on non-secure (non HTTPS) pages - * https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); /* 0908: When attempting to fix an entered URL, do not fix an entered password along with it * i.e do not turn ~http://user:password@foo into ~http://user:password@(prefix)foo(suffix) @@ -463,7 +463,7 @@ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); /* 0910: enforce disable autofilling saved password on HTTP pages and show warning (FF52+) - * https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ + * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); @@ -475,7 +475,7 @@ user_pref("browser.cache.disk.capacity", 0); user_pref("browser.cache.disk.smart_size.enabled", false); user_pref("browser.cache.disk.smart_size.first_run", false); /* 1002: disable disk caching of SSL pages - * http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ + * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); /* 1003: disable memory cache as well IF you're REALLY paranoid ***/ // user_pref("browser.cache.memory.enable", false); @@ -490,7 +490,7 @@ user_pref("browser.sessionstore.privacy_level", 2); * re-parsed. This improves performance when pressing back/forward. * For the sake of completeness, this option is listed for the truly paranoid. * 0=none, -1=auto (that's minus 1), or any other positive integer - * http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ + * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1007: disable the Session Restore service completely * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature @@ -508,10 +508,10 @@ user_pref("browser.sessionstore.max_windows_undo", 0); // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); /* 1010: disable randomized FF HTTP cache decay experiments - * https://trac.torproject.org/projects/tor/ticket/13575 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ user_pref("browser.cache.frecency_experiment", -1); /* 1011: disable permissions manager from writing to disk (requires restart) - * https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) /* 1012: disable resuming session from crash [SETUP] ***/ user_pref("browser.sessionstore.resume_from_crash", false); @@ -525,14 +525,14 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /* 1201: block rc4 fallback (default is now false as of at least FF45) ***/ user_pref("security.tls.unrestricted_rc4_fallback", false); /* 1203: enable OCSP stapling - * https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); /* 1204: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack - * https://wiki.mozilla.org/Security:Renegotiation - * [WARNING] tested Feb 2017 - still breaks too many sites ***/ + * [WARNING] tested Feb 2017 - still breaks too many sites + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ // user_pref("security.ssl.require_safe_negotiation", true); /* 1205: display warning (red padlock) for "broken security" - * https://wiki.mozilla.org/Security:Renegotiation ***/ + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1206: require certificate revocation check through OCSP protocol * This leaks information about the sites you visit to the CA (cert authority) @@ -545,23 +545,23 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * 2=enable and use values in security.OCSP.URL and security.OCSP.signing ***/ user_pref("security.OCSP.enabled", 1); /* 1208: enforce strict pinning - * https://trac.torproject.org/projects/tor/ticket/16206 * PKP (public key pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [WARNING] If you rely on an AV (antivirus) to protect your web browsing - * by inspecting ALL your web traffic, then leave at current default =1 ***/ + * by inspecting ALL your web traffic, then leave at current default =1 + * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1209: control TLS versions with min and max * 1=min version of TLS 1.0, 2-min version of TLS 1.1, 3=min version of TLS 1.2 etc * [WARNING] FF/chrome currently allow TLS 1.0 by default, so this is your call. - * http://kb.mozillazine.org/Security.tls.version.* - * https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ + * [1] http://kb.mozillazine.org/Security.tls.version.* + * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ // user_pref("security.tls.version.min", 2); // user_pref("security.tls.version.fallback-limit", 3); // user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1210: disable DHE (Diffie-Hellman Key Exchange) - * https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH - * [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE ***/ -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); +* [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE +* [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ + user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); /* 1211: disable or limit SHA-1 * 0 = all SHA1 certs are allowed @@ -571,20 +571,20 @@ user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); * 4 = only allowed for locally-added roots or for certs in 2015 and earlier * [WARNING] when disabled, some man-in-the-middle devices (eg security scanners and antivirus * products, are failing to connect to HTTPS sites. SHA-1 will eventually become obsolete. - * https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ - * https://github.com/pyllyukko/user.js/issues/194#issuecomment-256509998 ***/ + * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ + * [2] https://github.com/pyllyukko/user.js/issues/194#issuecomment-256509998 ***/ user_pref("security.pki.sha1_enforcement_level", 1); /* 1212: disable SSL session tracking (FF36+) * SSL session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, * this disables sending SSL3 Session IDs and TLS Session Tickets to prevent session tracking - * https://tools.ietf.org/html/rfc5077 - * https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ + * [1] https://tools.ietf.org/html/rfc5077 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) /* 1213: disable 3DES (effective key size < 128) - * https://en.wikipedia.org/wiki/3des#Security - * http://en.citizendium.org/wiki/Meet-in-the-middle_attack - * http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ + * [1] https://en.wikipedia.org/wiki/3des#Security + * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack + * [3] http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ user_pref("security.ssl3.rsa_des_ede3_sha", false); /* 1214: disable 128 bits ***/ user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); @@ -602,24 +602,24 @@ user_pref("security.mixed_content.block_active_content", true); /* 1218: disable HSTS Priming (FF51+) * We disable it because formerly blocked mixed-content may load, may cause noticeable delays * eg requests time out, requests may not be handled well by servers, possible fingerprinting - * https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ user_pref("security.mixed_content.send_hsts_priming", false); user_pref("security.mixed_content.use_hsts", false); /* 1219: enforce HSTS preload list (default is true) * The list is compiled into Firefox and is used to always use HTTPS for the domains on that list - * https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ - * https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ + * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ + * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ user_pref("network.stricttransportsecurity.preloadlist", true); /* 1220: disable intermediate certificate caching (fingerprinting attack vector) * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. - * https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug - * https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) /* 1221: control "Add Security Exception" dialog on SSL warnings * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) - * https://github.com/pyllyukko/user.js/issues/210 ***/ + * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); /* 1223: display advanced information on Insecure Connection warning pages (thanks crssi) * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) @@ -641,7 +641,7 @@ user_pref("browser.display.use_document_fonts", 0); /* 1402: allow icon fonts (glyphs) (FF41+) ***/ user_pref("gfx.downloadable_fonts.enabled", true); /* 1403: disable rendering of SVG OpenType fonts - * https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ + * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1404: use more legible default fonts * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace @@ -660,7 +660,7 @@ user_pref("gfx.downloadable_fonts.woff2.enabled", false); user_pref("layout.css.font-loading-api.enabled", false); /* 1407: remove special underline handling for a few fonts which you will probably never use. * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. - * http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ + * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues - need citation ***/ @@ -670,26 +670,26 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. - * https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) /*** 1600: HEADERS / REFERERS [SETUP] Except for DNT (Do Not Track), referers are best controlled by an extension. It is important to realize that it is *cross domain* referers that need controlling, and this is best handled by EITHER 1603 or 1604, not both. - + Option 1: Recommended: Use an extension to block all referers, and then whitelist sites on a granular, per domain level. Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage) or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 - + full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+path+port: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 - #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ -***/ + #Required reading [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ + ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) @@ -714,8 +714,8 @@ user_pref("network.http.referer.spoofSource", false); * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin * 3=no-referrer-when-downgrade (default) * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy - * https://www.w3.org/TR/referrer-policy/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ + * [1] https://www.w3.org/TR/referrer-policy/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ // user_pref("network.http.referer.userControlPolicy", 3); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * [SETTING] Options>Privacy>Tracking>Request that sites not track you @@ -734,12 +734,12 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: make sure a plugin is in a certain state: 0=deactivated 1=ask 2=enabled (Flash example) * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config * [NOTE] you can still over-ride individual sites eg youtube via site permissions - * http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ + * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ user_pref("security.xpconnect.plugin.unrestricted", false); /* 1805: disable scanning for plugins - * http://kb.mozillazine.org/Plugin_scanning + * [1] http://kb.mozillazine.org/Plugin_scanning * plid.all = whether to scan the directories specified in the Windows registry for PLIDs * includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc * [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/ @@ -750,7 +750,7 @@ user_pref("plugin.scan.Acrobat", "99999"); user_pref("plugin.scan.Quicktime", "99999"); user_pref("plugin.scan.WindowsMediaPlayer", "99999"); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP] - * https://wiki.mozilla.org/GeckoMediaPlugins ***/ + * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); /* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ @@ -771,7 +771,7 @@ user_pref("media.gmp-manager.url", "data:text/plain,"); /*** 2000: MEDIA / CAMERA / MIKE ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * https://www.privacytools.io/#webrtc ***/ + * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.use_document_iceservers", false); user_pref("media.peerconnection.video.enabled", false); @@ -781,28 +781,28 @@ user_pref("media.peerconnection.turn.disable", true); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: pref which improves the WebRTC IP Leak issue, as opposed to completely * disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+) - * https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ + * [1] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); // (FF41-FF50) user_pref("media.peerconnection.ice.no_host", true); // (FF51+) /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions - * http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ - * https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ + * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ + * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); /* 2011: don't make WebGL debug info available to websites - * https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 - * https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 + * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); /* 2012: two more webgl preferences (FF51+) ***/ user_pref("webgl.dxgl.enabled", false); user_pref("webgl.enable-webgl2", false); /* 2021: disable speech recognition - * https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition - * https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis - * https://wiki.mozilla.org/HTML5_Speech_API ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition + * [2] https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis + * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); /* 2022: disable screensharing ***/ @@ -814,7 +814,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2023: disable camera stuff ***/ user_pref("camera.control.face_detection.enabled", false); /* 2024: enable/disable MSE (Media Source Extensions) - * http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ + * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ user_pref("media.mediasource.enabled", true); user_pref("media.mediasource.mp4.enabled", true); user_pref("media.mediasource.webm.audio.enabled", true); @@ -830,21 +830,21 @@ user_pref("media.wave.enabled", false); user_pref("media.webm.enabled", true); user_pref("media.wmf.enabled", true); // https://www.youtube.com/html5 - for the two H.264 entries /* 2026: disable canvas capture stream - * https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); /* 2027: disable camera image capture - * https://trac.torproject.org/projects/tor/ticket/16339 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ user_pref("dom.imagecapture.enabled", false); /* 2028: disable offscreen canvas - * https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); /* 2030: disable auto-play of HTML5 media * [WARNING] This may break youtube video playback (and probably other sites). If you block * autoplay but occasionally would like a toggle button, try the following add-on - * https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ + * [1] https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ user_pref("media.autoplay.enabled", false); /* 2031: disable audio auto-play in non-active tabs (FF51+) - * http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ + * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING @@ -873,22 +873,22 @@ user_pref("dom.allow_scripts_to_close_windows", false); * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false * [NOTE] You can still right click a link and select open in a new window * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html - * https://trac.torproject.org/projects/tor/ticket/9881 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow.restriction", 0); /* 2205: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. - * https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload - * https://support.mozilla.org/en-US/questions/1043508 ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload + * [2] https://support.mozilla.org/en-US/questions/1043508 ***/ user_pref("dom.disable_beforeunload", true); /*** 2300: SERVICE WORKERS ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2301: disable workers API and service workers API * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) - * [WARNING] WILL break sites as this gains traction: eg mega.nz requires workers - * https://developer.mozilla.org/en-US/docs/Web/API/Worker - * https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API - * http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/ + * [WARNING] WILL break sites especially workers eg Google Street View + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Worker + * [2] https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API + * [3] http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/ user_pref("dom.workers.enabled", false); user_pref("dom.serviceWorkers.enabled", false); /* 2302: disable service workers cache and cache storage ***/ @@ -896,47 +896,47 @@ user_pref("dom.caches.enabled", false); /* 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * https://developer.mozilla.org/en/docs/Web/API/Push_API - * [WARNING] may affect social media sites like Twitter ***/ + * [WARNING] may affect social media sites like Twitter + * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); /* 2304: disable web/push notifications - * https://developer.mozilla.org/en-US/docs/Web/API/notification * [NOTE] you can still override individual domains under site permissions (FF44+) - * [WARNING] may affect social media sites like Twitter ***/ + * [WARNING] may affect social media sites like Twitter + * [1] https://developer.mozilla.org/en-US/docs/Web/API/notification ***/ user_pref("dom.webnotifications.enabled", false); user_pref("dom.webnotifications.serviceworker.enabled", false); /*** 2400: DOM & JAVASCRIPT ***/ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content - * http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ * [WARNING] This will break some sites functionality such as pasting into Facebook, WordPress * this applies to onCut, onCopy, onPaste events - i.e you have to interact with - * the website for it to look at the clipboard ***/ + * the website for it to look at the clipboard + * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content * this disables document.execCommand("cut"/"copy") to protect your clipboard - * https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently * If you block indexedDB but would like a toggle button, try the following add-on - * https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ * This setting WAS under about:permissions>All Sites>Maintain Offline Storage * [NOTE] about:permissions is no longer available since FF46 but you can still override * individual domains: use info icon in urlbar etc or right click on a web page>view page info - * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES break - * a lot of sites' functionality. Applies to websites, add-ons and session data. ***/ + * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES + * break a lot of sites' functionality. Applies to websites, add-ons and session data. + * [1] https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ ***/ user_pref("dom.indexedDB.enabled", false); /* 2410: disable User Timing API - * https://trac.torproject.org/projects/tor/ticket/16336 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16336 ***/ user_pref("dom.enable_user_timing", false); /* 2411: disable resource/navigation timing ***/ user_pref("dom.enable_resource_timing", false); /* 2412: disable timing attacks - javascript performance fingerprinting - * https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ + * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ user_pref("dom.enable_performance", false); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); @@ -944,7 +944,7 @@ user_pref("dom.vibrator.enabled", false); user_pref("dom.popup_maximum", 3); /* 2415b: limit events that can cause a popup * default is "change click dblclick mouseup notificationclick reset submit touchend" - * http://kb.mozillazine.org/Dom.popup_allowed_events ***/ + * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); /* 2416: disable idle observation ***/ user_pref("dom.idle-observers-api.enabled", false); @@ -955,24 +955,24 @@ user_pref("dom.idle-observers-api.enabled", false); * set to false=block, set to true=ask ***/ user_pref("full-screen-api.enabled", false); /* 2420: disable support for asm.js ( http://asmjs.org/ ) - * https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ - * https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ - * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ + * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ + * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ + * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ user_pref("javascript.options.asmjs", false); /* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 - * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 - * [WARNING] causes the odd site issue and there is also a performance loss ***/ + * [WARNING] causes the odd site issue and there is also a performance loss + * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly for now (FF52+) - * https://developer.mozilla.org/en-US/docs/WebAssembly ***/ + * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly * in the browser, through DOM file objects. Default is false. ***/ user_pref("dom.archivereader.enabled", false); /* 2450a: force Firefox to tell you if a website asks to store data for offline use - * https://support.mozilla.org/en-US/questions/1098540 - * https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ + * [1] https://support.mozilla.org/en-US/questions/1098540 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2450b: display a notification when websites offer data for offline use * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ @@ -985,27 +985,27 @@ user_pref("browser.offline-apps.notify", true); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2501: disable gamepad API - USB device ID enumeration - * https://trac.torproject.org/projects/tor/ticket/13023 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ user_pref("dom.gamepad.enabled", false); /* 2503: disable giving away network info * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - * https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API - * https://wicg.github.io/netinfo/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API + * [2] https://wicg.github.io/netinfo/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ user_pref("dom.netinfo.enabled", false); /* 2504: disable virtual reality devices - * https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ user_pref("dom.vr.enabled", false); user_pref("dom.vr.oculus.enabled", false); user_pref("dom.vr.osvr.enabled", false); // (FF49+) user_pref("dom.vr.openvr.enabled", false); // (FF51+) /* 2505: disable media device enumeration (FF29+) * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) - * https://wiki.mozilla.org/Media/getUserMedia - * https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ + * [1] https://wiki.mozilla.org/Media/getUserMedia + * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); /* 2506: disable video statistics - JS performance fingerprinting - * https://trac.torproject.org/projects/tor/ticket/15757 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/ user_pref("media.video_stats.enabled", false); /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on @@ -1013,8 +1013,8 @@ user_pref("media.video_stats.enabled", false); * AZERTY, Dvorak, and between various languages, eg German vs English. * [WARNING] Don't use if Android + physical keyboard * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) - * https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code - * https://www.privacy-handbuch.de/handbuch_21v.htm ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code + * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/ user_pref("dom.keyboardevent.code.enabled", false); user_pref("dom.beforeAfterKeyboardEvent.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); @@ -1022,29 +1022,29 @@ user_pref("dom.keyboardevent.dispatch_during_composition", false); * [SETTING] Options>Advanced>General>Use hardware acceleration when available * [NOTE] changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance - * https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ + * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ user_pref("gfx.direct2d.disabled", true); user_pref("layers.acceleration.disabled", true); /* 2509: disable touch events [SETUP] - * https://developer.mozilla.org/en-US/docs/Web/API/Touch_events - * https://trac.torproject.org/projects/tor/ticket/10286 - * fingerprinting attack vector - leaks screen res & actual screen coordinates ***/ + * fingerprinting attack vector - leaks screen res & actual screen coordinates + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Touch_events + * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ user_pref("dom.w3c_touch_events.enabled", 0); /* 2510: disable Web Audio API (FF51+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); /* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) - * https://developer.mozilla.org/en-US/docs/Web/Events/devicechange - * https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/Events/devicechange + * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); /* 2512: disable device sensor API - * https://trac.torproject.org/projects/tor/ticket/15758 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/15758 ***/ user_pref("device.sensors.enabled", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: disable sending additional analytics to web servers - * https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ user_pref("beacon.enabled", false); /* 2602: CIS 2.3.2 disable downloading on desktop ***/ user_pref("browser.download.folderList", 2); @@ -1062,17 +1062,17 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) /* 2608: disable JAR from opening Unsafe File Types ***/ user_pref("network.jar.open-unsafe-types", false); /* 2611: disable WebIDE to prevent remote debugging and add-on downloads - * https://trac.torproject.org/projects/tor/ticket/16222 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.webide.autoinstallFxdtAdapters", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); /* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku - * https://trac.torproject.org/projects/tor/ticket/16222 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("browser.casting.enabled", false); user_pref("gfx.layerscope.enabled", false); /* 2614: disable SPDY as it can contain identifiers - * https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) ***/ + * [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) ***/ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); /* 2615: disable http2 for now as well ***/ @@ -1088,18 +1088,18 @@ user_pref("network.http.spdy.enabled.http2", false); * [SETUP] By all means, use an external app you consider MORE secure ***/ user_pref("pdfjs.disabled", false); /* 2618: when using SOCKS have the proxy server do the DNS lookup - DNS leak issue - * http://kb.mozillazine.org/Network.proxy.socks_remote_dns - * https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers * eg in TOR, this stops your local DNS server from knowing your Tor destination - * as a remote Tor node will handle the DNS request ***/ + * as a remote Tor node will handle the DNS request + * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns + * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] a low setting of 5 or under will probably break some sites (eg gmail logins) * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2620: disable middle mouse click opening links from clipboard - * https://trac.torproject.org/projects/tor/ticket/10089 - * http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/10089 + * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); /* 2621: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) * This is all about covert channels such as MAC addresses being included/abused in the @@ -1109,35 +1109,35 @@ user_pref("middlemouse.contentLoadURL", false); * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection - * http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ + * [1] http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); /* 2622: ensure you have a security delay when installing add-ons (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. - * http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - * http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ + * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox + * [2] http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); /* 2623: ensure Strict File Origin Policy on local files * The default is true. Included for completeness - * http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ + * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ user_pref("security.fileuri.strict_origin_policy", true); /* 2624: enforce Subresource Integrity (SRI) (FF43+) * The default is true. Included for completeness - * https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity - * https://wiki.mozilla.org/Security/Subresource_Integrity ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity + * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); /* 2625: Applications [non Tor protocol] SHOULD generate an error * upon the use of .onion and SHOULD NOT perform a DNS lookup. - * https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); /* 2626: strip optional user agent token, default is false, included for completeness - * https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ user_pref("general.useragent.compatMode.firefox", false); /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type - * https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ user_pref("network.jar.block-remote-files", true); /* 2650: start the browser in e10s mode (FF48+) * After restarting the browser, you can check whether it's enabled by visiting @@ -1148,70 +1148,70 @@ user_pref("network.jar.block-remote-files", true); // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) // user_pref("extensions.e10sBlocksEnabling", false); /* 2651: control e10s number of container processes - * http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ + * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); /* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/ user_pref("dom.ipc.shims.enabledWarnings", true); /* 2660: enforce separate content process for file://URLs (FF53+?) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - * http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 + * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. * [SETUP] This may interfere with some users' workflow or methods - * https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ user_pref("browser.download.forbid_open_with", true); /* 2663: disable MathML (Mathematical Markup Language) (FF51+) * [TEST] http://browserspy.dk/mathml.php - * https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ user_pref("mathml.disabled", true); /* 2664: disable DeviceStorage API - * https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ + * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ user_pref("device.storage.enabled", false); /* 2665: sanitize webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2666: disable HTTP Alternative Services - * http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ + * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 2667: disable various developer tools in browser context * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ + * [1] http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories * [WARNING] this will break add-ons that do not use the default XPI directories - * https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * archived: http://archive.is/DYjAM ***/ + * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ + * [2] archived: http://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); /* 2669: strip paths when sending URLs to PAC scripts (FF51+) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); /* 2670: close bypassing of CSP via image mime types (FF51+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage - * https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ user_pref("svg.disabled", true); /* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk * Firefox has *some* protections to mitigate the risk, but it is better to be safe * than sorry. The downside: it will also display legitimate IDN's punycoded, which * might be undesirable for users from countries with non-latin alphabets - * http://kb.mozillazine.org/Network.IDN_show_punycode - * https://wiki.mozilla.org/IDN_Display_Algorithm - * https://en.wikipedia.org/wiki/IDN_homograph_attack - * CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ ***/ + * [1] http://kb.mozillazine.org/Network.IDN_show_punycode + * [2] https://wiki.mozilla.org/IDN_Display_Algorithm + * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack + * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ ***/ user_pref("network.IDN_show_punycode", true); /* 2673: enforce CSP (Content Security Policy) (default is true) - * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=855326 - * https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ user_pref("security.csp.experimentalEnabled", true); /*** 2697: USER AGENT (UA) SPOOFING @@ -1231,7 +1231,7 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) /* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time * down to the second which defeats user agent spoofing and can compromise OS etc - * https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ // user_pref("general.buildID.override", "20100101"); // (hidden pref) /* 2697c: navigator.appName ***/ //user_pref("general.appname.override", "Netscape"); // (hidden pref) @@ -1246,25 +1246,25 @@ user_pref("security.csp.experimentalEnabled", true); /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ /* 2698a: enable first party isolation pref and OriginAttribute (FF51+) * [WARNING] breaks lots of cross-domain logins and site functionality until perfected - * https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ /* 2698b: isolate favicons (FF52+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ /* 2698c: isolate OCSP cache (FF52+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ /* 2698d: isolate Shared Workers (FF52+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ /* 2698e: isolate SSL session cache (FF52+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ /* 2698f: isolate media cache (FF53+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ /* 2698g: isolate HSTS and HPKP (FF54+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ /* 2698h: isolate HTTP Alternative Services (FF54+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ /* 2698i: isolate SPDY/HTTP2 (FF55+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ /* 2698j: isolate DNS cache (FF55+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); /*** 2699: TOR UPLIFT: privacy.resistFingerprinting @@ -1272,7 +1272,7 @@ user_pref("security.csp.experimentalEnabled", true); This section will attempt to list all the ramifications and Mozilla tickets ***/ /* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - * https://bugzilla.mozilla.org/show_bug.cgi?id=418986 + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 * [NOTE] does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 * [NOTE] this will probably make your values pretty unique until you resize or snap the * inner window width + height into standard/common resolutions (mine is at 1366x768) @@ -1282,9 +1282,9 @@ user_pref("security.csp.experimentalEnabled", true); * [TEST] http://browserspy.dk/screen.php * Common resolutions: http://www.rapidtables.com/web/dev/screen-resolution-statistics.htm ***/ /* 2699b: spoof screen orientation - * https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ /* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - * https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ @@ -1295,8 +1295,8 @@ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the b * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ user_pref("network.cookie.cookieBehavior", 2); /* 2702: ensure that third-party cookies (if enabled, see above pref) are session-only - * https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ - * http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ + * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ + * [1] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) @@ -1312,17 +1312,17 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - * https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ user_pref("dom.storageManager.enabled", false); /* 2707: clear localStorage and UUID when a WebExtension is uninstalled * [NOTE] both preferences must be the same - * https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local - * https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ + * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) - * https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ + * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); /*** 2800: SHUTDOWN [SETUP] @@ -1384,7 +1384,7 @@ user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); /* 3001a: disable warning when a domain requests full screen - * https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); /* 3002: disable closing browser with last tab ***/ @@ -1398,7 +1398,7 @@ user_pref("browser.backspace_action", 2); * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); /* 3009: turn on APZ (Async Pan/Zoom) - requires e10s - * http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ + * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ // user_pref("layers.async-pan-zoom.enabled", true); /* 3010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); @@ -1408,8 +1408,8 @@ user_pref("view_source.tab", false); /* 3012: spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status - * https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - * https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 + * [1] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); /* 3015: disable tab animation, speed things up a little ***/ user_pref("browser.tabs.animate", false); @@ -1446,7 +1446,7 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); * need more info, but lock down for now ***/ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" - * http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ + * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); /* END: internal custom pref to test for syntax errors ***/ @@ -1461,12 +1461,12 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 2408: (31+) disable network API - fingerprinting vector ***/ // user_pref("dom.network.enabled", false); /* 2620: (35+) disable WebSockets - * https://developer.mozilla.org/en-US/Firefox/Releases/35 ***/ + * [1] https://developer.mozilla.org/en-US/Firefox/Releases/35 ***/ // user_pref("network.websocket.enabled", false); /* 2023: (37+) disable camera autofocus callback (was in 36, not in 37) * Not part of any specification, the API will be superceded by the WebRTC Capture * and Stream API ( http://w3c.github.io/mediacapture-main/getusermedia.html ) - * https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ ***/ + * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ ***/ // user_pref("camera.control.autofocus_moving_callback.enabled", false); /* 1804: (41+) disable plugin enumeration ***/ // user_pref("plugins.enumerable_names", ""); @@ -1475,7 +1475,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem * labelled v42+ because that's when tracking protection landed ***/ // user_pref("browser.polaris.enabled", false); /* 2803: (42+) what to clear on shutdown - * https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 ***/ // user_pref("privacy.clearOnShutdown.passwords", false); /* 0411: (43+) disable safebrowsing urls & download ***/ // user_pref("browser.safebrowsing.gethashURL", ""); @@ -1488,13 +1488,13 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.safebrowsing.reportURL", ""); // user_pref("browser.safebrowsing.updateURL", ""); /* 0420: (43+) disable tracking protection. FF43+ URLs are now part of safebrowsing - * https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs) + * [1] https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs) * [NOTE] getupdateURL = WRONG / never existed. updateURL = CORRECT and has been added FYI ***/ // user_pref("browser.trackingprotection.gethashURL", ""); // user_pref("browser.trackingprotection.getupdateURL", ""); // user_pref("browser.trackingprotection.updateURL", ""); /* 1803: (43+) remove plugin finder service - * http://kb.mozillazine.org/Pfs.datasource.url ***/ + * [1] http://kb.mozillazine.org/Pfs.datasource.url ***/ // user_pref("pfs.datasource.url", ""); /* 2403: (43+) disable scripts changing images * [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 @@ -1508,12 +1508,12 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search] ***/ // user_pref("browser.search.showOneOffButtons", false); /* 1201: (44+) block rc4 whitelist - * https://developer.mozilla.org/en-US/Firefox/Releases/44#Security ***/ + * [1] https://developer.mozilla.org/en-US/Firefox/Releases/44#Security ***/ // user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); /* 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that * are open in different tabs, even if the sites do not belong to the same domain. - * https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) - * https://bugs.torproject.org/15562 + * [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) + * [1] https://bugs.torproject.org/15562 * is used in FF 45 and 46 code once, to set it for a test ***/ // user_pref("dom.workers.sharedWorkers.enabled", false); /* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ @@ -1530,28 +1530,28 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 0333b: (47+) disable about:healthreport page UNIFIED ***/ // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); /* 0807: (47+) disable history manipulation - * https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history + * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history * [WARNING] if set to false it breaks some sites (youtube) ability to correctly show the * url in location bar and for the forward/back tab history to work ***/ // user_pref("browser.history.allowPopState", false); // user_pref("browser.history.allowPushState", false); // user_pref("browser.history.allowReplaceState", false); /* (48+) disable dom.mozTCPSocket.enabled (raw TCP socket support) - * https://trac.torproject.org/projects/tor/ticket/18863 - * https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ - * https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/18863 + * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ + * [1] https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ // user_pref("dom.mozTCPSocket.enabled", false); /* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' * this feature has been added back in Classic Theme Restorer - * http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ + * [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ // user_pref("browser.urlbar.unifiedcomplete", false); /* 3006: (48+) disable enforced add-on signing * [NOTE] the preference is still in FF48+, but it's legacy code and does not work in stable ***/ // user_pref("xpinstall.signatures.required", false); /* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) - * https://www.mozilla.org/en-US/privacy/firefox-hello/ - * https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - * https://support.mozilla.org/en-US/kb/hello-status ***/ + * [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ + * [1] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello + * [1] https://support.mozilla.org/en-US/kb/hello-status ***/ // user_pref("loop.enabled", false); // user_pref("loop.server", ""); // user_pref("loop.feedback.formURL", ""); @@ -1574,8 +1574,8 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 0410a: (50+) "Block dangerous and deceptive content" pref name change ***/ // user_pref("browser.safebrowsing.enabled", false); // FF49 and earlier /* 1202: (50+) disable rc4 ciphers - * https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ - * https://trac.torproject.org/projects/tor/ticket/17369 ***/ + * [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ + * [1] https://trac.torproject.org/projects/tor/ticket/17369 ***/ // user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // user_pref("security.ssl3.rsa_rc4_128_md5", false); @@ -1583,20 +1583,20 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 1809: (50+) remove Mozilla's plugin update URL ***/ // user_pref("plugins.update.url", ""); /* 1851: (51+) delay play of videos until they're visible - * https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 ***/ // user_pref("media.block-play-until-visible", true); /* 2504: (51+) disable virtual reality devices ***/ // user_pref("dom.vr.oculus050.enabled", false); /* 2614: (51+) disable SPDY ***/ // user_pref("network.http.spdy.enabled.v3-1", false); /* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago - * http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ + * [1] http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) /* 1601: (52+) disable referer from an SSL Website * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ // user_pref("network.http.sendSecureXSiteReferrer", false); /* 1850: (52+) disable the Adobe EME "Primetime CDM" (Content Decryption Module) - * https://trac.torproject.org/projects/tor/ticket/16285 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16285 ***/ // user_pref("media.gmp-eme-adobe.enabled", false); // user_pref("media.gmp-eme-adobe.visible", false); // user_pref("media.gmp-eme-adobe.autoupdate", false); @@ -1605,10 +1605,10 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 2502: (52+) disable Battery Status API. Initially a Linux issue (high precision readout) that was fixed. * However, it is still another metric for fingerprinting, used to raise entropy. * eg: do you have a battery or not, current charging status, charge level, times remaining etc - * http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - * https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - * https://www.w3.org/TR/battery-status/ - * https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + * [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + * [1] https://www.w3.org/TR/battery-status/ + * [1] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - * https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ // user_pref("dom.battery.enabled", false); From a109e9f17cbc3fd353b910d5f5fc99cd6419f6ef Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Mar 2017 04:39:27 +1300 Subject: [PATCH 0092/1961] #44 continued --- user.js | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/user.js b/user.js index 8ebe85c..5a504fd 100644 --- a/user.js +++ b/user.js @@ -249,7 +249,7 @@ user_pref("services.blocklist.gfx.collection", ""); // if gfx hw acceleration is * also takes measures such as striping out identifying parameters and storing safe browsing * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f - * #Required reading [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + * #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ * [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ /* 0410a: disable "Block dangerous and deceptive content" (under Options>Security) * Until FF48 this was titled "Block reported web forgeries" @@ -349,7 +349,7 @@ user_pref("network.predictor.enable-prefetch", false); hardened), then items 0850 and above can be relaxed in return for more convenience and functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. [NOTE] The urlbar is also commonly referred to as the location bar and address bar - #Required reading [1] https://xkcd.com/538/ + #Required reading [#] https://xkcd.com/538/ ***/ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY @@ -688,7 +688,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); scheme+host+path+port: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 - #Required reading [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ + #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer @@ -1272,7 +1272,6 @@ user_pref("security.csp.experimentalEnabled", true); This section will attempt to list all the ramifications and Mozilla tickets ***/ /* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 * [NOTE] does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 * [NOTE] this will probably make your values pretty unique until you resize or snap the * inner window width + height into standard/common resolutions (mine is at 1366x768) @@ -1280,7 +1279,7 @@ user_pref("security.csp.experimentalEnabled", true); * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test * your window size, do some math, resize to allow for all the non inner window elements * [TEST] http://browserspy.dk/screen.php - * Common resolutions: http://www.rapidtables.com/web/dev/screen-resolution-statistics.htm ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ /* 2699b: spoof screen orientation * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ /* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) @@ -1296,7 +1295,7 @@ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the b user_pref("network.cookie.cookieBehavior", 2); /* 2702: ensure that third-party cookies (if enabled, see above pref) are session-only * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ - * [1] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ + * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) @@ -1313,12 +1312,12 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ + * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ user_pref("dom.storageManager.enabled", false); /* 2707: clear localStorage and UUID when a WebExtension is uninstalled * [NOTE] both preferences must be the same * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) @@ -1409,7 +1408,7 @@ user_pref("view_source.tab", false); user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - * [1] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ + * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); /* 3015: disable tab animation, speed things up a little ***/ user_pref("browser.tabs.animate", false); @@ -1513,7 +1512,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /* 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that * are open in different tabs, even if the sites do not belong to the same domain. * [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) - * [1] https://bugs.torproject.org/15562 + * [2] https://bugs.torproject.org/15562 * is used in FF 45 and 46 code once, to set it for a test ***/ // user_pref("dom.workers.sharedWorkers.enabled", false); /* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ @@ -1538,8 +1537,8 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.history.allowReplaceState", false); /* (48+) disable dom.mozTCPSocket.enabled (raw TCP socket support) * [1] https://trac.torproject.org/projects/tor/ticket/18863 - * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ - * [1] https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ + * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ + * [3] https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ // user_pref("dom.mozTCPSocket.enabled", false); /* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' * this feature has been added back in Classic Theme Restorer @@ -1550,8 +1549,8 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("xpinstall.signatures.required", false); /* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) * [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ - * [1] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - * [1] https://support.mozilla.org/en-US/kb/hello-status ***/ + * [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello + * [3] https://support.mozilla.org/en-US/kb/hello-status ***/ // user_pref("loop.enabled", false); // user_pref("loop.server", ""); // user_pref("loop.feedback.formURL", ""); @@ -1575,7 +1574,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.safebrowsing.enabled", false); // FF49 and earlier /* 1202: (50+) disable rc4 ciphers * [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ - * [1] https://trac.torproject.org/projects/tor/ticket/17369 ***/ + * [2] https://trac.torproject.org/projects/tor/ticket/17369 ***/ // user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // user_pref("security.ssl3.rsa_rc4_128_md5", false); @@ -1606,9 +1605,9 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem * However, it is still another metric for fingerprinting, used to raise entropy. * eg: do you have a battery or not, current charging status, charge level, times remaining etc * [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - * [1] https://www.w3.org/TR/battery-status/ - * [1] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + * [3] https://www.w3.org/TR/battery-status/ + * [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ + * [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ // user_pref("dom.battery.enabled", false); From 53b8a82e8fe5fe4b3fce66fc6e9fa1cfd42a6aa2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Mar 2017 15:04:14 +1300 Subject: [PATCH 0093/1961] minor edit companies get proper (or stylized) case, websites get lower case --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5a504fd..5652598 100644 --- a/user.js +++ b/user.js @@ -912,7 +912,7 @@ user_pref("dom.webnotifications.serviceworker.enabled", false); /*** 2400: DOM & JAVASCRIPT ***/ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content - * [WARNING] This will break some sites functionality such as pasting into Facebook, WordPress + * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e you have to interact with * the website for it to look at the clipboard * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ From f3e7a31e445c2e9378982f1115b640ee36bd9446 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 18 Mar 2017 07:19:53 +1300 Subject: [PATCH 0094/1961] #61 #46 : 2201->inactive --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5652598..e2ec6f3 100644 --- a/user.js +++ b/user.js @@ -850,9 +850,9 @@ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: disable website control over right click context menu [SETUP] - * [WARNING] This will break sites' functionality such as Dropbox ***/ -user_pref("dom.event.contextmenu.enabled", false); +/* 2201: disable website control over browser right-click context menu + * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ + // user_pref("dom.event.contextmenu.enabled", false); /* 2202: UI SPOOFING: disable scripts hiding or disabling the following on new windows ***/ user_pref("dom.disable_window_open_feature.location", true); user_pref("dom.disable_window_open_feature.menubar", true); From 6b6f614a7298816abb8facdfbbf2b3e90f654b13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 18 Mar 2017 23:11:19 +1300 Subject: [PATCH 0095/1961] #64 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index e2ec6f3..48a467c 100644 --- a/user.js +++ b/user.js @@ -95,7 +95,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) do manually. There are many legitimate reasons to turn off AUTO updates, including hijacked monetized extensions, time constraints, legacy issues, and fear of breakage/bugs ***/ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301a: disable browser auto update +/* 0301a: disable browser auto update check * [SETTING] Options>Advanced>Update>Never check for updates ***/ user_pref("app.update.enabled", false); /* 0301b: disable background update service @@ -105,14 +105,14 @@ user_pref("app.update.service.enabled", false); user_pref("app.update.silent", false); /* 0301d: disable background update staging ***/ user_pref("app.update.staging.enabled", false); -/* 0302: disable browser auto installing update when you do a manual check ***/ +/* 0302: disable browser auto update installing (after the check in 0301a) ***/ user_pref("app.update.auto", false); /* 0303: disable search update * [SETTING] Options>Advanced>Update>Automatically update: search engines ***/ user_pref("browser.search.update", false); -/* 0304: disable add-ons auto checking for new versions ***/ +/* 0304: disable add-ons auto update check ***/ user_pref("extensions.update.enabled", false); -/* 0305: disable add-ons auto update ***/ +/* 0305: disable add-ons auto update installing (after the check in 0304) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0306: disable add-on metadata updating * sends daily pings to Mozilla about extensions and recent startups ***/ From b2eccc65f425689b86d1de39767f56d8ceef01f9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Mar 2017 15:56:05 +1300 Subject: [PATCH 0096/1961] 1200 revamp --- user.js | 193 +++++++++++++++++++++++++++++++------------------------- 1 file changed, 106 insertions(+), 87 deletions(-) diff --git a/user.js b/user.js index 48a467c..25f4ba6 100644 --- a/user.js +++ b/user.js @@ -516,41 +516,28 @@ user_pref("browser.cache.frecency_experiment", -1); /* 1012: disable resuming session from crash [SETUP] ***/ user_pref("browser.sessionstore.resume_from_crash", false); -/*** 1200: HTTPS ( SSL / OCSP / CERTS / ENCRYPTION / HSTS / HPKP ) - Note that your cipher and other settings can be used server side as a fingerprint attack vector: - see https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ - You can either strengthen your encryption/cipher suite and protocols (security) or keep them - at default and let Mozilla handle them (dragging their feet for fear of breaking legacy sites) ***/ +/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) + Note that your cipher and other settings can be used server side as a fingerprint attack + vector, see [1] (It's quite technical but the first part is easy to understand + and you can stop reading when you reach the second section titled "Enter Bro") + + Option 1: Use our settings to tighten up encryption options. It *is* a fingerprinting attack + vector, and we certainly do want to reduce any attack surface, but this is not how + you *DEFEAT* fingerprinting - to do that you need large numbers to buy into the same + enforced browser-wide settings (such as TBB), and/or you use OpSec. + Option 2: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local only + anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and other + browsers) will always lag for fear of breakage and upset end-users + + [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ + ***/ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); -/* 1201: block rc4 fallback (default is now false as of at least FF45) ***/ -user_pref("security.tls.unrestricted_rc4_fallback", false); -/* 1203: enable OCSP stapling - * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ -user_pref("security.ssl.enable_ocsp_stapling", true); -/* 1204: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack +/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ +/* 1201: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack * [WARNING] tested Feb 2017 - still breaks too many sites * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ // user_pref("security.ssl.require_safe_negotiation", true); -/* 1205: display warning (red padlock) for "broken security" - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ -user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -/* 1206: require certificate revocation check through OCSP protocol - * This leaks information about the sites you visit to the CA (cert authority) - * It's a trade-off between security (checking) and privacy (leaking info to the CA) - * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some - * site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ - // user_pref("security.OCSP.require", true); -/* 1207: query OCSP responder servers to confirm current validity of certificates (default=1) - * 0=disable, 1=validate only certificates that specify an OCSP service URL - * 2=enable and use values in security.OCSP.URL and security.OCSP.signing ***/ -user_pref("security.OCSP.enabled", 1); -/* 1208: enforce strict pinning - * PKP (public key pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict - * [WARNING] If you rely on an AV (antivirus) to protect your web browsing - * by inspecting ALL your web traffic, then leave at current default =1 - * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ -user_pref("security.cert_pinning.enforcement_level", 2); -/* 1209: control TLS versions with min and max +/* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2-min version of TLS 1.1, 3=min version of TLS 1.2 etc * [WARNING] FF/chrome currently allow TLS 1.0 by default, so this is your call. * [1] http://kb.mozillazine.org/Security.tls.version.* @@ -558,77 +545,109 @@ user_pref("security.cert_pinning.enforcement_level", 2); // user_pref("security.tls.version.min", 2); // user_pref("security.tls.version.fallback-limit", 3); // user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 -/* 1210: disable DHE (Diffie-Hellman Key Exchange) -* [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE -* [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ - user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -/* 1211: disable or limit SHA-1 +/* 1203: disable SSL session tracking (FF36+) + * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. + * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, + * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking + * [1] https://tools.ietf.org/html/rfc5077 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ +user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) +/** OCSP (Online Certificate Status Protocol) ***/ +/* 1210: enable OCSP Stapling + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ +user_pref("security.ssl.enable_ocsp_stapling", true); +/* 1211: query OCSP responder servers to confirm current validity of certificates + * 0=disable, 1=validate only certificates that specify an OCSP service URL (default) + * 2=enable and use values in security.OCSP.URL and security.OCSP.signing. + * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) + * It's a trade-off between security (checking) and privacy (leaking info to the CA) + * [1] https://en.wikipedia.org/wiki/Ocsp ***/ +user_pref("security.OCSP.enabled", 1); +/* 1212: require certificate revocation check through OCSP protocol + * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some + * site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ + // user_pref("security.OCSP.require", true); +/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ +/* 1220: disable Microsoft Family Safety cert (Windows 8.1) (FF50+) + * 0 = disable detecting Family Safety mode and importing the root + * 1 = only attempt to detect Family Safety mode (don't import the root) + * 2 = detect Family Safety mode and import the root ***/ +user_pref("security.family_safety.mode", 0); +/* 1221: disable intermediate certificate caching (fingerprinting attack vector) + * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) + * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. + * Saved logins and passwords are not available. Reset the pref and restart to return them. + * [TEST] https://fiprinca.0x90.eu/poc/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ + // user_pref("security.nocertdb", true); // (hidden pref) +/* 1222: enforce strict pinning + ** PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * [WARNING] If you rely on an AV (antivirus) to protect your web browsing + * by inspecting ALL your web traffic, then leave at current default=1 + * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ +user_pref("security.cert_pinning.enforcement_level", 2); +/* 1223: enforce HSTS preload list (default is true) + * The list is compiled into Firefox and used to always load those domains over HTTPS + * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ + * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ +user_pref("network.stricttransportsecurity.preloadlist", true); +/** MIXED CONTENT ***/ +/* 1240: disable insecure active content on https pages - mixed content ***/ +user_pref("security.mixed_content.block_active_content", true); +/* 1241: disable insecure passive content (such as images) on https pages - mixed context + * [WARNING] when set to true, this will visually break many sites (March 2017) ***/ + // user_pref("security.mixed_content.block_display_content", true); +/* 1242: disable HSTS Priming (FF51+) + * Allowing HSTS Priming may load formerly blocked mixed-content, but it does so by + * sending additional priming requests which may cause noticeable delays eg requests time + * out or are not handled well by servers, and there are possible fingerprinting issues + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ + // user_pref("security.mixed_content.send_hsts_priming", false); + // user_pref("security.mixed_content.use_hsts", false); +/** CIPHERS [see the section 1200 intro] ***/ +/* 1260: disable or limit SHA-1 * 0 = all SHA1 certs are allowed * 1 = all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) * 2 = deprecated option that now maps to 1 * 3 = only allowed for locally-added roots (e.g. anti-virus) * 4 = only allowed for locally-added roots or for certs in 2015 and earlier - * [WARNING] when disabled, some man-in-the-middle devices (eg security scanners and antivirus - * products, are failing to connect to HTTPS sites. SHA-1 will eventually become obsolete. - * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ - * [2] https://github.com/pyllyukko/user.js/issues/194#issuecomment-256509998 ***/ + * [WARNING] when disabled, some man-in-the-middle devices (eg security scanners and + * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. + * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); -/* 1212: disable SSL session tracking (FF36+) - * SSL session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. - * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, - * this disables sending SSL3 Session IDs and TLS Session Tickets to prevent session tracking - * [1] https://tools.ietf.org/html/rfc5077 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ -user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) -/* 1213: disable 3DES (effective key size < 128) +/* 1261: disable 3DES (effective key size < 128) * [1] https://en.wikipedia.org/wiki/3des#Security * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack * [3] http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ user_pref("security.ssl3.rsa_des_ede3_sha", false); -/* 1214: disable 128 bits ***/ +/* 1262: disable 128 bits ***/ user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -/* 1215: disable Microsoft Family Safety cert (Windows 8.1) (FF50+) - * 0 = disable detecting Family Safety mode and importing the root - * 1 = only attempt to detect Family Safety mode (don't import the root) - * 2 = detect Family Safety mode and import the root ***/ -user_pref("security.family_safety.mode", 0); -/* 1216: disable insecure active content on https pages - mixed content ***/ -user_pref("security.mixed_content.block_active_content", true); -/* 1217: disable insecure passive content (such as images) on https pages - mixed context - * current default=false, leave it this way as too many sites break visually ***/ - // user_pref("security.mixed_content.block_display_content", true); -/* 1218: disable HSTS Priming (FF51+) - * We disable it because formerly blocked mixed-content may load, may cause noticeable delays - * eg requests time out, requests may not be handled well by servers, possible fingerprinting - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ -user_pref("security.mixed_content.send_hsts_priming", false); -user_pref("security.mixed_content.use_hsts", false); -/* 1219: enforce HSTS preload list (default is true) - * The list is compiled into Firefox and is used to always use HTTPS for the domains on that list - * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ - * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ -user_pref("network.stricttransportsecurity.preloadlist", true); -/* 1220: disable intermediate certificate caching (fingerprinting attack vector) - * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) - * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. - * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ - // user_pref("security.nocertdb", true); // (hidden pref) -/* 1221: control "Add Security Exception" dialog on SSL warnings - * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) - * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ -user_pref("browser.ssl_override_behavior", 1); -/* 1223: display advanced information on Insecure Connection warning pages (thanks crssi) - * only works when it's possible to add an exception, i.e doesn't work for HSTS (https://subdomain.preloaded-hsts.badssl.com/) - * [TEST] https://expired.badssl.com/ ***/ -user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1224: disable the remaining non-modern cipher suites as of FF52 +/* 1263: disable DHE (Diffie-Hellman Key Exchange) + * [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE + * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ +user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); +user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); +/* 1264: disable the remaining non-modern cipher suites as of FF52 * [NOTE] commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); +/* 1265: block rc4 fallback (will be deprecated in 53) ***/ +user_pref("security.tls.unrestricted_rc4_fallback", false); +/** UI (User Interface) ***/ +/* 1270: display warning (red padlock) for "broken security" + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ +user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +/* 1271: control "Add Security Exception" dialog on SSL warnings + * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) + * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ +user_pref("browser.ssl_override_behavior", 1); +/* 1272: display advanced information on Insecure Connection warning pages + * only works when it's possible to add an exception + * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) + * [TEST] https://expired.badssl.com/ ***/ +user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** 1400: FONTS ***/ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From ae60a0ff667f724c6f213477baa480d3798988bf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Mar 2017 18:43:39 +1300 Subject: [PATCH 0097/1961] #63 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 25f4ba6..405a4ab 100644 --- a/user.js +++ b/user.js @@ -391,12 +391,12 @@ user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0850a: disable location bar autocomplete ***/ user_pref("browser.urlbar.autocomplete.enabled", false); /* 0850b: disable location bar dropdown - * This controls the maximum number of entries that can appear in the location bar dropdown. - * Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/ -user_pref("browser.urlbar.maxRichResults", 0); + * This value used to control the maximum number of entries that could appear in the location + * bar dropdown. This is no longer the case, and thus, it does *NOT* hide any suggestions ***/ + // user_pref("browser.urlbar.maxRichResults", 0); /* 0850c: disable location bar suggestion types * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest - * [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/ + * [NOTE] If you wish to enable these suggestions, make sure 0850a is at default ***/ user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); From 9d80dfbf450915316a7656410e97d021d5cfa896 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 21 Mar 2017 17:45:39 +1300 Subject: [PATCH 0098/1961] 1000 revamp --- user.js | 75 ++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index 405a4ab..daa6188 100644 --- a/user.js +++ b/user.js @@ -467,54 +467,69 @@ user_pref("signon.formlessCapture.enabled", false); user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); -/*** 1000: CACHE ***/ +/*** 1000: CACHE [SETUP] ***/ user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); +/** CACHE ***/ /* 1001: disable disk cache ***/ user_pref("browser.cache.disk.enable", false); user_pref("browser.cache.disk.capacity", 0); user_pref("browser.cache.disk.smart_size.enabled", false); user_pref("browser.cache.disk.smart_size.first_run", false); -/* 1002: disable disk caching of SSL pages +/* 1002: disable disk cache for SSL pages * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); -/* 1003: disable memory cache as well IF you're REALLY paranoid ***/ +/* 1003: disable memory cache ***/ // user_pref("browser.cache.memory.enable", false); /* 1004: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -/* 1005: disable storing extra session data - * extra session data contains contents of forms, scrollbar positions, cookies and POST data - * 0=all 1=http-only 2=none ***/ -user_pref("browser.sessionstore.privacy_level", 2); -/* 1006: disable pages being stored in memory. This is not the same as memory cache. - * Visited pages are stored in memory in such a way that they don't have to be - * re-parsed. This improves performance when pressing back/forward. - * For the sake of completeness, this option is listed for the truly paranoid. - * 0=none, -1=auto (that's minus 1), or any other positive integer +/* 1005: disable fastback cache + * To improve performance when pressing back/forward Firefox stores visited pages + * so they don't have to be re-parsed. This is not the same as memory cache. + * 0=none, -1=auto (that's minus 1), or for other values see [1] * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); -/* 1007: disable the Session Restore service completely +/* 1006: disable permissions manager from writing to disk (requires restart) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ + // user_pref("permissions.memory_only", true); // (hidden pref) +/* 1007: disable randomized FF HTTP cache decay experiments + * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ +user_pref("browser.cache.frecency_experiment", -1); +/* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ + // user_pref("network.dnsCacheEntries", 400); + // user_pref("network.dnsCacheExpiration", 60); +/** SESSIONS & SESSION RESTORE ***/ +/* 1020: disable the Session Restore service completely * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature * It does not affect "Recently Closed Windows" or any history. ***/ user_pref("browser.sessionstore.max_tabs_undo", 0); user_pref("browser.sessionstore.max_windows_undo", 0); -/* 1008: IF you use session restore (see 1007 above), increasing the minimal interval between - * two session save operations can help on older machines and some websites. - * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc - your choice. - * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: - * i.e the longer the interval the more chance a quick tab open/close won't be captured - * this longer interval *MAY* affect history but we cannot replicate any history not recorded ***/ - // user_pref("browser.sessionstore.interval", 30000); -/* 1009: DNS cache and expiration time (default 400 and 60 - same as TBB) ***/ - // user_pref("network.dnsCacheEntries", 400); - // user_pref("network.dnsCacheExpiration", 60); -/* 1010: disable randomized FF HTTP cache decay experiments - * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ -user_pref("browser.cache.frecency_experiment", -1); -/* 1011: disable permissions manager from writing to disk (requires restart) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ - // user_pref("permissions.memory_only", true); // (hidden pref) -/* 1012: disable resuming session from crash [SETUP] ***/ +/* 1021: disable storing extra session data + * extra session data contains contents of forms, scrollbar positions, cookies and POST data + * define on which sites to save extra session data: + * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ +user_pref("browser.sessionstore.privacy_level", 2); +/* 1022: disable resuming session from crash [SETUP] ***/ user_pref("browser.sessionstore.resume_from_crash", false); +/* 1023: If you use session restore, increasing the minimal interval between two session save + * operations can help on older machines and some websites, as well as reducing writes, see [1] + * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc + * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: + * i.e the longer the interval the more chance a quick tab open/close won't be captured. + * This longer interval *may* affect history but we cannot replicate any history not recorded + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1304389 ***/ +user_pref("browser.sessionstore.interval", 30000); +/** FAVICONS ***/ +/* 1030: disable favicons in shortcuts + * URL shortcuts use a cached randomly named .ico file which is stored in your + * profile/shortcutCache directory. The .ico remains after the shortcut is deleted. + * If set to false then the shortcuts use a generic Firefox icon ***/ +user_pref("browser.shell.shortcutFavicons", false); +/* 1031: disable favicons in tabs and new bookmarks + * bookmark favicons are stored as data blobs in places.sqlite>moz_favicons ***/ + // user_pref("browser.chrome.site_icons", false); + // user_pref("browser.chrome.favicons", false); +/* 1032: disable favicons in web notifications ***/ + // user_pref("alerts.showFavicons", false); /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack From 08363cb217cf7f72d55e7b6ec815ccfae675c564 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 12:19:07 +1300 Subject: [PATCH 0099/1961] 1242 --- user.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index daa6188..ee906b1 100644 --- a/user.js +++ b/user.js @@ -613,13 +613,14 @@ user_pref("security.mixed_content.block_active_content", true); /* 1241: disable insecure passive content (such as images) on https pages - mixed context * [WARNING] when set to true, this will visually break many sites (March 2017) ***/ // user_pref("security.mixed_content.block_display_content", true); -/* 1242: disable HSTS Priming (FF51+) - * Allowing HSTS Priming may load formerly blocked mixed-content, but it does so by - * sending additional priming requests which may cause noticeable delays eg requests time - * out or are not handled well by servers, and there are possible fingerprinting issues +/* 1242: allow Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) + * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list + * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because + * those may cause noticeable delays eg requests time out or are not handled well by servers + * [NOTE] if you want to use the priming requests make sure 'use_hsts' is also true * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ - // user_pref("security.mixed_content.send_hsts_priming", false); - // user_pref("security.mixed_content.use_hsts", false); +user_pref("security.mixed_content.use_hsts", true); +user_pref("security.mixed_content.send_hsts_priming", false); /** CIPHERS [see the section 1200 intro] ***/ /* 1260: disable or limit SHA-1 * 0 = all SHA1 certs are allowed From 35b1bde0471c78bc46786780b250d84e84772d88 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 12:40:31 +1300 Subject: [PATCH 0100/1961] browser.crashReports.unsubmittedCheck.enabled --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index ee906b1..990f1d7 100644 --- a/user.js +++ b/user.js @@ -171,6 +171,7 @@ user_pref("network.allow-experiments", false); user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); From 4ebbbabb2cdea3dc0d3de9de336c429ad7570e74 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 21:07:39 +1300 Subject: [PATCH 0101/1961] wikipiki --- wikipiki/test.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 wikipiki/test.txt diff --git a/wikipiki/test.txt b/wikipiki/test.txt new file mode 100644 index 0000000..5a42132 --- /dev/null +++ b/wikipiki/test.txt @@ -0,0 +1 @@ +i am a test file From 0dc6e848bfb40569bddca73cb4163d60c7bb65b2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 21:08:02 +1300 Subject: [PATCH 0102/1961] Add files via upload --- wikipiki/backup01.png | Bin 0 -> 5639 bytes wikipiki/backup02.png | Bin 0 -> 11149 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/backup01.png create mode 100644 wikipiki/backup02.png diff --git a/wikipiki/backup01.png b/wikipiki/backup01.png new file mode 100644 index 0000000000000000000000000000000000000000..e10f1ea228659521464f6508b74a1369f0d4dc03 GIT binary patch literal 5639 zcmc&&cTiJrm%b?Ar3XPlY7`q%Rf-_RL=C7^snQ}K-2e)qBtS3(Q4#P{K&1*u6Dbj- zcfqJs=_En~q#Jq&HGJ{6JKxTJJF~O<&Ft(y=iYhCIrq$Y-t#>7eQaW+$Hy(k4FCY& zHT^3$0f4QU_5KCqWLfOm*h>I7)Oqa+%seQC_Cq&XTw_0Jx%N~;L~Xb~=QLT1ZZBe2 zWhh;FjAGX~X{Pj0SYtrMSJHaO_m^1dlCbNG6IZ{Cg{L*2ciw%8SRKq-Y>uiKN;`7x zd{%n)_k|Y|%cohP`d?)506^n25Dr`#_!o_$4p?l}@F=&7yMQs?n~XHx+Z!+3@Yi}W zLG@`}9p8Pq_)w{sid|kAuF|0;FlwpOK00x4(g0H6(H0L_($F z;bSQi5k)&YZnGNcS*6}$gienRt8p8RdN=HXT#l81 z>=q7T%^oj7_|}&~zx7%ew5Z%l$5us{kge!*7BXOA781p+vhX@*j@tVqW?0PgvFt7Y(YDJ(5b8@3hxd<)5HJ@{%Nf`=c&@MzA*`y3QOSAC z1qU>$HyTvAflET{M**nU|Er1M9LrU2c#_){CTN_#d(5GJHFUi+Xm@yfhI_8> zO!ZP{gWvbM9^rHh(e2i=Ctrq?+x)c%Z05NF381*Lk2Rt_y7KTQsg?=G&$BY*y9#Uh zW-EOY+@c=vP&DW@7@tHlxpY+eXC~gPf$4mjB1aEJjsPF$yuBvo5G5n#_2P#1cZF6t zzO1`^#f`9gn+&SX25C=`-TnDfDYLXZl(XIR%5*e}m1I^-HqAUE)=Vj)EM`LUW?KRV zg;VQ%5o|w9wkwJ&{QaQ3!2V&pS8JGLeaJMwz(kV8sBx`s-R`Bjt^WKQNQ4l<(jv=R z>>IjtfER96qRJ1CTJ0Fye9v$KrL#P}^u$x=rs|gy&XpY^basApJ!L;%oqx~J#z6on z{&>23IOqQBebcAPC1g=42ML{;hbUK4_rw@+Za8#N-KtJ9hhrcE+fvOlzZz_XJwBS= z1bte746)x*O@o$2rWO7zx@$OUCcSmuA{FW%r-Izd(R9i|q-$t;XT3;J{G8XSHC3$q zs#pY-Y4>AJU44+-hSikz`<4fqL$14&O0|tNaYl4wNBS-Vex4umlG&9=Y7fm%wLvTX z^0SF=3saP&=#}5AlU3P9n1jLBL+T1L5d;Dz_qXUShTw z+vzgb=e{I%k80Jl-HlPO*1R)GUhe{B(Y;7U*@KUxg<3Ma23~`emOlo|Mo*3%VPCB- z!r{o<4=T4>2Tx=Qcn`O7X84IU2Fj2X?MTmbw-{oq&K0QLgYU*=J!DW(kZKCH63S~Y z&exeyp{;lkbk_72g3VN0+VH_A{OF5aebA6`$=Ez8?j!_R<{SMPsZuptHYcq%J%AYsOOL9 zrpqgjA91Yna3Gy8&SBI{24}IR(+}O4&WPML(P=Zb#t%9lJ!4Y;9MesY0=`t{CqTI1e``8xj(b=848{qDQar`A=6lj`}4^606b zx`i!wp=*gU#26aw*Ab5(tE7iT!-^5zR%&e@op#Oe`2`3XkKWwKBGD`@qdp^byLZR# zULB&J69_DFV%n>v#kXutyxbo-ee zFnlm>=V{>8My!LjZJ^x)j|ByID`On zpZqUR2=Gi5|9@pZ4n!qL@(J+Wn3n@;T4dBw`X+G7k7m*eZ3%Vcy0IGrnp-Yf` zmo)Ld`&bG}Uk_pguqb&JZ03T3Y*0zq1vVDLy_Eq^g+tlH{n^LZS$RAwB0+afE)X_X z=}eP?-o1$%#Id-=@rwALmD}pfN?fQ2lD;ojYS1#QN*?{~D$BjsmH=EO@e8vQI5a8RgY8$zuI+jxI5xN) z;X+;x6bH^_U1Fde~F7+U8f0udp1^QGGi_|oK#H{q9^Ac+uctkDMv<=B?JmRjg753GoDpP&ons&Slk@ZqV#*D(jHnoEPDI#s-+he)z8x$fu|M;( zUsZZ6)I9fQ1M``lsf+%*#bLaOtd%>_pdB0AdXAnZxJAjZgh&~6amKjew$^6u`(Y67 z@^9F}Jtmae3@#Z!&UJ7B0W7=_auLy2&jG-G7L@9#GAUmhPO<^Y5Q0!6GLh{ch>C@# z0IYM+^G|RbyamZbO6!KP1IMA@DW@48E&JX z;=P1Su0CEfV)TPb6$o3n`UEVTwI(}1%>ZF=0<+};FXepIWslo zy5#3}`L8pw77aZPay9?$DEJ^ukidQvcHtcR(QYODGuE))Ln!;!RmedC``8x<;Zg$# zXAMgn!9!+5VEU|KnahxUyT@3&TmJ1F`2`N5O@`vO=}cc{`$)r-mq?2wL7bS<(PD6} zp&A|HEvwc3V3U{uKIo5 z-~Nw(sZs?#%H?r^X0w^Xa`OE4N9%S=ryG#iPG8u@VBoTaRKhix)6}(Wro$1n{24Npjtnk6a+6929?Gm zj#rF(7U9&o?@=8dSE=mYXXb=%{kX3oQaX%l!Ts_`%6vhQ?-+cy>(jZdZCtY%Yah^j z7F|-O__AW?B@u_dUUKH;M?NEzU1*NybbfiRzu~R6Ov7AE+i#7WT&V>=tHibdX1iA- zRqAiB8Q$7DYo%|OWSd=T4)ajfCYd{1@5xrgjxDW8PiaRC{>E^z!~j_hTV>}pjl~RG z7DTRz!DhIcSL4pzJhML&HTHD^>cgDn9#M*;YVUIRh=27QW(kx`8)mU@ekTg5x&I3ST9K8n3)zyPPYOX z-D<$|^;}SS!Lg+$C`-y58awl<3!HSe9Glk4*{a&b95r0sYCD{?bplKf%+OHvAUqUS zt7jy!wA7W;I0x}o3teP=zT+Vf?xTH|lrX9*NzzHM)djUBpRcrE7Z99HCc0?;-U&J7 z#9d-n_C{XptghQg?s^PWl;a5ck+@(r!gcNoVlSnDuM=&q7hrbRn3nWJK6=;h9?8Gl z@czZm<$8A@pJTynQ%ZmZAx_OR*PZF&#Wu9q(!W8 z7<0x(K5NI_>}dwnyt(^>K%3JMw<>tFO9}~H>>IPE4R7mFQBen& zYuz2QU0m8)TD)O+HXy9%ayJM6)4 zd2O(w;PtBxl>*vNzV93?*8c4CiX}aK*I0ViEN z=WMA00DKZRhL9Z!a*Rcs>XfLIXu8u$OG+=UgAq4giHwfaqQ8s$9iS={O}8Y6owT$K ztw|X2bP0SZTlm*r9gyKg?1s0B9`&}mshq$TH0oM&^OJXj!;vOg>D9HAmD?Yo7va`z(aLBRO_&eB5FDMpevT>kk4~# z2X;Ervg%;jH3(;0{J>!#d@M!=Y_mv0ETyDI$n88e3D&8!jt=e3|9<;*5335wTFe3W z|517VxwBhpU+uJKm5JmKg_Q5*H}nyzRuw-)&(zc?W)n0BKU3m-vNVfia`JX literal 0 HcmV?d00001 diff --git a/wikipiki/backup02.png b/wikipiki/backup02.png new file mode 100644 index 0000000000000000000000000000000000000000..d4b9d846ce102d46b396733ff970d2586f3398d0 GIT binary patch literal 11149 zcmb_>cT^MW+wCAKMWqM=7J8E|ARt{s?+2s{a+I#p1ECkCqaa;~fDsUprXVGRW+QY0 z2oXYvQY3(ZBSbg&L4kx`9b}Hy!`wH zjC6Da`~&?wyzjXKKC@9=AD*$4KAFn=g<)RsdHRFW7VvVoz2=_}ITbK!5E1HZOZMj#6AYpX(*ax28X8hUT?`!n zUFg^eMxe_K-gW6h(gEu-q`-+THlD5vnt8>9F_sg!8lDb$0bJFmi!FL0b{%+j6!^2> z_4XX_hYawic+B@PAhu|$Ac79Kkt2A9?pY=vz~P>(3wWsm)x)-_dVu{UfYZa|qbl%4 z2DoHo=V1uEZU(xB*iO^~j3%eE*9j#NRt z22w;-FYX4TOaOzOoh;wQAtP=nPUTxiZWUgYeIHhERw3>(>(`9|0C<*p2K=`h)X*W8 z+Myxk^d=S;ndQ#o2ST@R&+RV^SNUHBfN#*~k$q{ohI6s%$76l=pNp;@^}2cDSuiEd zqn`C@Bk*i#%5KA-Ha2>Q$H>Xah57j}#vdU!ZuQwk?R&m=>9V8V+m6=Qqx|~XF)I?M z;2dXgbnEN;0kUcNh2bow_}kOpGYs~cPaN#=jtPA-_fFr$dq~M>`K3BBF<(H?V6er``aa}h;^1pu$v@>jU*)~rW$Bfe?aw0n-ll~`)1P(c7Gv?di*0dC zN3ZoTa@-P}N~XJ=YA>A5$X$@ICHT(p=;<^Of!<_JOCgg?B|~|uRBHhnL*8}Gz$2OFwM{k_CC1Noe|dP~jECmVH;FICRP>pwq%af8YiW^g@&V*=lv(|o9mSj1F$ zu})=Z>7Xxl5qTICKi<0}+x-FZ=87~^wrl?zq3V-W-REB0R@0+Wez^|6fgL>^r`N@# zd=v%|xW#wP(B9PE{EOjBfeRv+*{7IPnCRmz--`=nzchI(*2=#9k>|F8e3HGPwD82~ z3=TQAh-96QDk7&-bQHvqkB=C=DYG6uJ*q$IYbCrST?xNzcuqLGcgpQM^Yeo1H<*iVUkxbRx;}f+s_%~R*#)+R%L~WdpD0|jDJ`_ZzeHHGD`hxB zY7k9Ub(TplIW7kmst!KjGBPQzd7e9V&WqcN;$26CwzA`M`ONb%cBB1E2E=?KJsEcL zRN|Qj=w#1}XW={yJf3G^Jatb@Uz{CFJBzlyq$0oaWU+v?z|Y2BvPm-XOlBW*u5qqd z?s-W$>&jOzUd_BZVY6Y=Z=F$j^LkXRzK!Dbxk{$bc~v&AivC!+e*U^=rTWXHSDr8Z zthLLc9jGbC9X^YWz9+Y^{bc(YhT>C5G6;oruytu{4zLcf4t$O$Z_1sAs&rSN&$Wv zymDyVPfH!=4_9@{Z{^;~{}!K#9MLEp*MFqX`p~=EX-;I$r`xByRP4BzpqPo-ve{~( zl^ODd#0zy(byM`Hjq=zR&Azm=;^9<)F*P@lANdgFx&7K z#knSqeuVFyr7dpwiXc)7)?I!LQgQfuIv3eBgEvelP-5#EQ~+ z(x=2-i@R}TcPl(nurpm-4d=dDKS{dw@EP*jnQIyMYwj<+s}c0-`SG|$kh1t>D09f0 zCE<@~;sl1_*7sX!AEHl+CnP1@)sQ^Nj~#+ zLrJsntRI) zdw%x_>92NAsNetOo7ODHm&?$5x8ZU1F$WpuCddn-wc|ysBtyNYyPZepU`n5AURANw zAZehX5BFH*=~~GF>Gb>4-?Ey@6HV-7cs*9Zv1G0&YjCY5M=yjr6rwMo)v z+@gwPmtPy*E*5TfH}2-UzWeVQ>F%zauwhg~YU(Ak)cdyKp98tpbvv};pdEp6rP`Z(8^`vj2C^rQ4t24R*aEb{X>@2IA= zRmOzWiUA9nzhl2>4JLC+`IOD0r`@x{{<>lFOB5yoh3}NwRLH}K>Te8V{2{!aymEIS zh3kd-@au)UH*Vi(wHVMEnOL3)-!s7Rvp&77;SgrLVcqLJwRC?h+jD*RVNq^TRJ82& z^q;urO%aQ(Lxel5erv64&~Kx92WgAyZR$f#>n+grdfWnsU5i~|otlf!GIUvEKYPpq zje3eItVKHAMXrXoH%53+md+Qe4B^S`VL!PJCdP|ZHSz5m;eM1)lwSlcd~~2Vb*LXT z2@_wfX|rf^Azvk3o7BN4jcec7pZ>Bo9doA(_H1Kh+JJIA;lc2J=C2G^onsjV8U2Z; z5?6|^XsN2sY6nu6_9}FS-G;@Ax%Z#%_t$cB$whCCuV9Bpo{S*!*YmSGeIm=L%UvsH z>u}xgyZJhLLlxz3l5KZM?_kp~-nCK!tHpezK+MGhukAO#u45{8v(IK{9~`BBva#o? zD1!s_rhu!Vl^FnpivmFG0|3}Q0N(Hqm zMVe_VJxy1KV@9=GwEt9y^Bjc}%=vUgvArk6_@DflLyq0ZKXsq!h3YCD`qUBL#E8?b zp>YU2`9b%f{10w>QJdUX##uPR&BSBAmDZBIdA1~HQA&j$p@Ru5$Vs{63hkYd7u>L^ zfg1rRxVcLF|2amT-OkwC8|I(qCr||rwpPWr+a33JTO2os3G@B(xDATmIu(YCI@m&= ziatK4jbx+)WNnBp(NsIp&)1U&#L3zV=vK{xtdaw*5#*JW=>b>2pvS}A#E(ykKq1+3 z5dnv2CiIwdBm5RfP#$wW1Ug|qV=emeS`3wy9jqCWq32nVJh}(bz8swNt>NG&v9A~?hw+~L``_l=^JM+ebq=Ir5e2!?!m@OLWiJ79@vXKR|R>eBz1?wOI) zE~~a62K1s__dOWO*n|;`^liuEm={%}-qa)}WsZ1Bgw;~;y z2pl1)O+N-l46;__OPGmw6(aHBeB6}Eey|}Tx_4!I6R_A{KQ2N$uS6XoX>EpX3O7Ze zg67t`uJ|a7{nCk_dE@Lw0B7K955!Moe0s0*=-6tLS0TK~Pk-leJvG6X>ElD_!M<5E zi_z%gtT2stIVcMv!r|-pz>*7(qBcu358km{tIFn5n>gqho=e8mxHb)staa{-xj>3y zJ7co>!9nVhPvGkij3J0W;xml%b5|_8=YoJgUpaS|VzBHne?^z*A{2CD>Q^N6WE*;M z)~GU~bYXept~+;Y;`OIKd+e~?3xuJdT>w}VA^)MK^ki037{QRhli@4pNKAi=O5%Zh zILE6a!iQkc*e#PFGNe6lmyJ(Z<2yw6Ncx|`(iO2Oi9>}B> z>d%bY0-|%n1nZ@KYAIyRxEyv0{u#1%2SzCkBsr{RhO9r;0J;L=`5u~=y8nRhuZ<95 z_^m>=f`~rXlpu{0s>5-pY}Ai%7V?Fi;)K=cn@!M|EP|#4tPZo=Gzc4*(|$mj&r||p zIjC0C=$LmuO5N#bjDj%G*mOuQgfK|0SQCzaSQgLnzq9QB`Ph)re|Q>;0q+DLKtO}_ z?{9B-f}gHjV&wHLtf&wNVynJ-K@Q0McCihR6H!Q~BY=|zBQKkp%8|pmXq<;I(D)A4 z2wp<~dRQ&3aIh5c(%=bQHjLDtX14WFx$X^n`^ff_Ut1uU%`Yta?-9 zxE*Voew7t)PD6pOg$c4NDo7oozb%AtZTeZ~6609$wr6TH89E!SAoC}+OkJvR&M z9WIK@ZnbE*eIvuh++Z!itR}^E&Sk;(jl4)l zPSP*izgRO|7RKc2tP1aAafR<0;%DR&J92BKpgLW?;sSQ#YRy4k%f8kGY&%)w*!}$iJuB-V94{cB>ST^lN7TT4r)k;^#VJ zHg!qBq7XFA$vR8pRevHb?;6; zb$gsGoMSMeG@`*=hV)8{(9!s@COCQRh4`m44$DS0>X|K~&<1G;L+p)$1z*E(DNCIm z^UFSZGsV#Myw`H;H)Zm2|2ky^=Z%m3aW=w$s3ox|$@K6M2ZFw9P^-zd9FJYIs-@oF zG*-HNe&)x~YQj7V;zMx)UkTCHFz?(E&y&1>?~*Fi&&}si_KN&w-FjstPXDhFH16S> zP>Vk2wGZ$>10o|{(5~C{E>eN-)`m%m1Be@xw)Ay_@#0BRO|KvP87BCsZ|-?D2^J6= ziw+wYMdD@y(Sy@3XQPk*zku@_5C2SXJj*}80q2?qnE#Hf7NP$!;E0m#BtAv?%zt}> z9&Cx^X3reI?cE9M!^>LuO4+i`iv~ zRJtYH%u6#aRBIysiVF{P&t04Gds)=6c~Z01a5v4=Dk!Ybh#fBnOebRq3p2ZvZ}B(R z?o!2IGo5gs=Jy8CDxzeKyYV?yj)8i4#?J#C9M`1IN{UK~)jN&PZeSa7o?pBmh~7MZ z$FofHLAuoRehsFG#f-240L=n4#78h|icmC}+r2G@tLdD)`!ws0HlDHN9d9bjGtkSc z(jBdS`H8z0U0ufx?OgXw6cC%}Krb|DPb6yX9*bS!-kF0}4r3Uu|AW0Oc#&I`E;Oh&k zRh!fZ1_bKJfqh>QBXuI7Sjw&%rAM@FZCwlb#RG$dp^B(eV+SqMn=zNiSpgLRa`IaX zAu=zT{7o``ruYH~(pK+9t;|YPTNNLH2i6klfBJ@}#PgQLrzm7um^p?MKk&S;4Q^WDv;qtTNy{#RSry-p(`N!CVB zVnD*w+UKzq4FKrmWayInL`RdgV7L0GBmUh5|F!Tz{?ic;8=!w9gyD)oad9yK)E@bp z2HAlOU_S;P9yZdy`M{613oh z^9u`lEKxpPOJQMQnUnVtPts`BqK}B#-#a^rXDiW;(LWxGVFxe$yLHpL_~G6mJ%6+F zce#h99F|Ah1JCgk26?2XJK+~-CwHUogQM=e^D4v4(>1R1?CcW#I!po+GmkVhqH`@4 zP|3;FTqf~hgOHMRQKPKXH>RCY*?xo<3g-F>1^kXzJE%We*K`_Ht?S-IYGsaC4snA6 z6WtCjgX&Iu5vO;Cc9R;|b|QsJ9cOW!;$wHYc4UJoY&*Sb=fSbv8E2&KJFtk8`F{QA zh`DkCVS&ziD5juY5KCJ@T67UB$&_tpTdVem>yESEtE4;oD$va@+TJ|M^QMMJ<5yMw z*mq?Qx0(53=YKFBvSVYg<%^n!@70aR{ng0C0uLJ|S)Nv+!q;`I9kA_Or zCQi$5?x$haeCK?p!S_~s@sr?SYqw&8&&vEYetWXIs*LAhWYOhNl+!qi-Rh2CbNh_l z4I+;ER+uueUo`hx;Z!3A9$p>vM~&ye{+I08b99qdM&|-d(L-CUmJ=7Wi__2FGD9nz zdvu3xSiIC9Ehq^s<(;r^#HVk&iS!Em4BszKr}w!WfA3o*R)gW)+{33j&Djf|Jz<3) zvdCllMBk5hbWx5EYjRK=_~Qwyy675W7@843!1v^RFokd@V-kT`8;m-)(!5J7SxwR$ z4y+UE{`poXajlu= zO8y&g3w{0Ya0Uc+c4D@m-|cdqw@HUbNLOaLO(!nhM;URQXv_OutM$_k>4OAJ(Ut8n zSpcCjc`7E49vo!CZV<8NrJ9JY_`=P++T_N0-M-PhYN;RoB7UYHr3f09Yqbs2BvNbo zBs>sS#+$nTjVF6nOvb@Cf!)Mxcl6Vvr{A+JrN*`RG9CyOrgPji4OLSvbrYvfXGIAt z_@*m1k4}<4!<@2EOn5#IVs>DLhQgJS96PiF!jnnhH^Stx4?jXcZllDdLrfEOKzYW#V^n#4yT)M)+znTR zVh%3QD83iOb(Pqq?Me4v9pNfX%l+;R;DSx-7Ke*9tv7*f%KuNq!7r@K`uh6)AHK2q z`P>DA9z8T?l604I=k}Y&llN?6VBf;QqxJUEkLhUr40{oDD*vbeTI2kE1KM|oir}}t zY!-mV2F))mF#%sC4{HFgDghH%U;(;#4u$3K_5~_Wuv>wbpmj9xx`#sIx6=510^3eU z{Jv!Qp;laWHwm*(OK$6@cELCBw}pj-+{5gdh*To>&YK*I48Qu*>|xQGHD!I27iNsR zj5Hro>2^%zG^lLR+~K0_&L3kAq=%a7)@io`wQYQKB%--|I{V36@Z+M#5r9!s2rBb( zky3N1Xx(=Q#ns4F-S8+cj5>ORC1(wP3xlguA%!F^*QO7m%3&z_tM4$Q-W>VRw7Ay z#E3^2YG(6U@AC`y-6g}Y{iOB0*RH`}##4sTk(e)rU{_4(661Y)1F=7sk}(f_CM}60 zn?huIW_Br(^SV*k`Yud@0`S5{AG2( z={swG3&*(h+3nGOeaSYZ-a+06T$$rjkG!e|uHLh9@~WPG98Ok+x`?bcx!WPo;OMZ5 zKrPg!&5#WJJlO;*QAwq4OjI_ZE!e;GNUX_0`IV!`_N*@a?P33c*bvB%e^C1$bMiO* ze!CZ^8Vub~=5K>c11QZVl}*Rxr~`oOzx)!2RvM##f7AiZFZ~1SLqoNDdZ#K!NC-5% zRrxXtw`7FYWhqH*1==0G#!Yqgy7w6I?Uw>Ajf7JA+PTd#%V}Em6AQOi(%ffg7Lax`=Jo+wGonp4X2E0Rh>dT&4@$q2|`M|#}b{+ zE{+HcG9PSb6bCuKApGS05s98seHLXbXnRr}e+qFA|nCoStH?8(k;p*`?f)Q>k)JxM}zTXX}==ne%pcCgQ`WO6AUr zTZDlD_|436yvnRI)8$`;mTRbBoKB%E z`5{C-vC0niVCE>Pe8=0F>v@+7CYt~{nc#{q`cj>RoImfzw^z(#Yjw*!p^U~DdU1Pha}WAR{mvQ zHCMl+6`|)tsdhNGiVXjh-FP5Din@gIzY~en) zWj?RJ`x>|2yIA_CEGypB>DH4NIJ#yyX?I37-E{l3-5 z+p&@2AbvybZmShDcp`IqROGkwQ35`E7q})Dx6>ON9!uL~p-3A|J`p!pHgZ9##Ps8D zE;p$U8wH9VgnX)OR%~9|8){ZJY_C1GrmU&XW(%K=NZf6QYHQD(V|AjRxl0IY^OPai zob>rNfkOtyL@ULw_|7q-99>dc%u(twxXfU;&PGf#`nmeCR^hAh(UlOGo0ZF7q!XiD z)fQ}-@PNw@3O@cldx-iVF)xFJo@r9ubg~XE?awu*6pWb8A9pX;A_ch*>m@%m2y#JY zUG`C63bqyGaSnFZ3E>DYTp0Ph>W^64jWn2Yz$)pswhrlh2IJX>!*8_2<49D(_8+?V zV40(}G8UU3S54n$1V?C?d%kRRX)bc6WMLW!pMxeKl=R@cVX5Nl<5{O(j0A%be#(o+ zP#JmjW);?^9*f&nKkjb?QIYdlNrcCvU*nm~zcDHbaRt54qKcv^%yY-XqtB}{&9p%#KpNsmw^AVLZYVk5usbgI1H z^TNwlD)YhxmsXq-#NLKDpNPA4$}fI38kQZREXy;gvY|RPS=G}n;!lF3BZ?s^`2|AG zoxKNF>d8YlS((}!Z=Q%g{{|f&&5e_Tblya)q)nfT;1wX-&VSJ%+7@+K|G)(3sMPSb z_Fn0i%KYw|>f&y$&LRy}Jm#F{WVC9OxlEME3v3pB%Zi}L;QTH`X)mgOHrK3F{0ZZM zaqZLwHxFlaa*X-y63d2%?h10!!6FSHSZlJQiHOsYo43?>ZI1TspJ`n|*K38VzGct8 z*I|yT7vyc2qd+@8kSl?MG-o2z=mw@4ERcR#b-)!y- za+ZJ*BGbE+zM?iY(Glx3?e(ajz7czNZk85M@IjhOf7(Jx1s|In{bsXgpT608jH&63 zGEGHkAg~-!LfPIL>_#g{kF_n-TDyFvn9cLi?;dUj#hdYPkt-3nYPqNH$tkaUMkka> zIUX(uoDS1ZqX4b#R(Bm8&ZyFAj2|-;RQziluEARQWf@SGfDRqf!$@V`?AgLiQt9f} zJ?P4l6_O4iY*>}z!6}4=U^PyzsB;zn@V0PkY~Xsg2{qkXY1@?ADsSN%uHtamFbSxr z7!IA~<6}@GYxzFiWbK*O#|>?_P$)d#m+GS8`97+2voca!Q!=i-N0(^N{6ZVbB7GJk zr=2;LwwACbxLP-+)fGTt1TYrG3?2EuBrR6|V@Zn?8TF}qk9EG@QJSQ%fcjDgLmKG& zUqviRvggA4!IetV;g)oNu83qlsCAZWR}w0Q9%QE(XZfJ$eZb|&XjE)4H6#jorw>f< zI-DJ{!+{+TJA13>WG5&0ZcvcT@_%F*8ZJS0|!xxGh3NoYvOM9;mT zta1KC?`VecGL*I$Y=MhGZB{XF;ROV}6AIH}1{lr?3WlC0C zUe5N-{F)ihzLHn9LR8ZF09Vl)S))S6Df5Fxl8^O_?uVf!dE^v?Pm;VDusJEN;uL$H zqcyLED|C@Zy^BullakP&p3TU;T1j~ai7-22H&1Y_$eWLZ_rrVSu8<&OU zO=ULpJ^i^se*$m1jTN%XYF-|*Ja|lQ=K84>KhrD?IQ^7{>CDtXcTs|yU^*Y0Bk&Gq$bool6)-vyEhG<7xIfZ%&LRo;X9wj<3tYFX; zP_A)0Ooew$ot_jx;D&wB;-9w5R`Pyf&-3-O^pCGPkb=BI$ukiT}+u z(3BpS>HKX+XvsFs>0Cj`ah(8-jK+jY?BqSMv`_cplAvI_!jBmCP^5(|Ixgq2AN%{$ z20RpfUx7t_jXZo{BGNwBIAnI_Fd{!pb7+CgZv!L@-s88d{H^+EUmWhyL?Hv{k-$12 z2ahoz;6;aMi6Vc?HG=l}UpZ?+LLkEyvbQ^6QFT_Wq=@K8ejJm-zb#FQVI71x_D00W zO0jStLu9D(;UnrMj$+;2YbdsXSfQCCe$b};G)^oUJ^3ubp&#l3;UDe2N^BM+FWH|q zxgS*UFkSSQ^U;U2h)q7B_F(@Rrv1Gx@wE#0kW{l+t$&f@tf*^&5EKxAsJMMGMtAnN zpZ#PfCu1&SBBjKahQaT&kESzfVpw3>H6aBM)uGSOzDAmzVkZRk+61OVb+Xv-6{p& zkGRy>2aq~l(rQ)iS+5L4zPo|C#_s0@^45M+RHpJ)I`5DPu{33%G&4eJsHPtbYm6^U z4#UY*+v#!TxysB5N^gT^qVH-$UZ{Ub2y)xa?Iiz4+=NmY=t7e*IQG|`MKT|ok|R#w zQ))kO%6oojbxtadGlwd-eOgNg%IIy+cpMV&vTNP!d`yqNF{1R=Zpj^%^4L`f3M@zFl9t z1&%h82gw-M?2+S-5WC%LD%1q6KdqdoPLU->0j;MPsX`?>&B7r;rwcsW;ZrjPeeE`W zWwn*6KV_9A(m^u$su8q=%9)^(Jhwy)zf#FU|81QJ=L7l*ZByo`Dnzja`g|6*? s*?!u6Xb%c$xxjx9RJ)kA59ojZ!CHAp*g6V)3<((Nnd{a<{=EOc0Q3Fd`~Uy| literal 0 HcmV?d00001 From 4ed77022c9b1be0e4d16b068d5920148f8e3d93c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 21:18:23 +1300 Subject: [PATCH 0103/1961] Add files via upload --- wikipiki/backup02.png | Bin 11149 -> 10859 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/wikipiki/backup02.png b/wikipiki/backup02.png index d4b9d846ce102d46b396733ff970d2586f3398d0..3c200675eb1c8400ec1f99d5a9429f13b6fc2303 100644 GIT binary patch delta 8214 zcmb7p2UJtrx^)1BsDK11g4EEJB1NPL7!!(sU?>8DNRy6qL`XJhkkA#7A_7tbQ9j5x1X$S%UOF`H z*08VRZI(;={Mm*aDq*6>_Ibh`=2|qRaIBDqnmh4_+y{?im$DvGY z6{M00HVVIcoT}CeSs9-$GU^`-?St=9F16jT9|ry~rYX;?kZt@?0$fEt+HpeR3zrar ztkcM=R`#R&dR`Oq;HQU815psH* zE1&VH??bET3UJ;g_#~=N)uO5AGisdaNYeH#__Jp-zPIw%H{?6$!ybg5VAemV%FABr zUmcS=Y`q$YDeik|iyZd0c?;<_azM+W^cK{KD)+Q?vwtq_n}}zc56A#%ZZ+J9TV{l z`bxRL;!iTPh9>X~+#$oCH=|*$xnNdn8^&Xb+b4f(pBEurc*w~R;o&%em{r-69o2VF zg9NXW!^^H6d}(v(_+MOsdBOe-hyFk`kbnQ+;~(ir;LcD3K-Ew%W8$}v^Y{0Mcudu% zK-KovSSNGN!Y$qmK|GrH5b8MkLm-J^)F7jgcqkP}WjGQ?VLA*Beh6Y0#t#aBIu6eS zGM|qi5WcbnXv-G|8X4E@?bO#WOuC^=@g|oOP>D&!lHP4b!U2kF_f6(3FPKRR-DiZr z>B9}m^}Rx&Q#r`Wu$6m@IWLdVo`N8gnKOk{kx*WJT-eKF5Y=30MK{_Fg-ri8%AP6G zA?)QEgDKi-(DFU#O{@c=E)T`1Q^6RMlIk$q77KuGLNEIDknendj$s+gjfis{9hMia zD4vi=jB_waLBwA^T*(DfZ8P2rDlu;nAk3TPNPguacU-G7uQOe{-qGnN@*$P@X6<{D zX1=TR6I-{d)bPa=fzNI2?3qH6R_URI+a&ZR`gvEaEq^u4QQ{g!Y2+VGmKfDT>m0ja z)_{bp0HM>_?fEqq*dXxfFc|{lLE=I-97WHKiaBgmMcTKk z*cQ=48pLTDr8+3M__c&ol%+#ZFar{vvcmuK@GKk=Y&gBV%m|U>LP9Ch$)A6f@7z&H zj>bQhAMxu$0KDNtzXtmgYeey2*3;!ZC+*&P{uV$4=;6 zX~hS2MP@(sCeF_c2@QslO`^@ch;1#*DeQHMk8bc4I8U=iY{ zx>D!>Id8nxH^a@+$dmCEW~ScJA^k6$1d=&XIDAib&*0LD&~o?Z(2h9cZ179F44Zl^ z?4}ZteN3IpL*G{ckm&Qb7N;t)`a!cCH2H`7I$S2obmsE82EiW__)ab1vUR3G$y!MbojxYN2x@r`=*=XaCqv#C}#O_jd>j&uVq|C zeDk9~_y?~5=E%^IB!G{AUegUnEBnAk3!lG@6)P2etbOB&Td3o}U{Uj8Y`>vnUJy`I zgnh6hyH(4)C*|F?xMU`2Uu+3M4hs+*su=54)1j&5pf0fnjq%i+5bCWIg|P)FKV+|d zbScFl%ZJ}(Hb4SafXX{$FsE^H>h2&q@wrH`5jdpqj_f>8`()Pk+-|s|Ey{B!MV0G7L)=QP6Y_$G;7qe%*qF>xQ#PYT)c8%@TD+&OAwgEMl5t zTm(u&fF-#-F43H(S=Qm19F4$sYCb}dH_k+^G8VcptC4$4a-|GzSGa;kIcn+%BZ!x9 ze&*6vv3x_2gWwa z-iw80#+z{6wU7-PvKn8SeY;Pu27c#_UK=$y|2XK0;y`xTvZBKgUIcCoCGdPYC4+~H z`3Q+fo;Hbcwe8Vz@ zDfZgXuWH@1+d>&v~LyChke-zE1~ zF{Wtnui{L(FrEnjWtUQ;VTV8&{#CR8@O*~_rg~WjUW|!*b&F{3UJi$MdtLA{_=`~7 zE|a>O+bDPUhW5O9GbB>})wwKEEBvWGO3YaHF{$GA+7i(s*BM^&t%z>fK$%>Qd9B(q zUsf*VAQKP|EQErMf?vM_ z2>7hFJQ|$y|fd1~eOPVX8$mxIFS zDJL_9m6xBC5Gh@OxT)?lqxaXngyYT4*PXcA^llaJmM4tZIo_2PD)hK6oi7y1if@04 zcbmY!E$m};elga1j{ZjAf{qrP6N&SvhRYGRSTaW(G-IS;O0dC9_KxAW&EAqgAhKtt z*kCN44fBI2l2{V{SOXM~=#`Jbb>QHq*JDZ-9sA>>3>zk5EjLEbAo3V%qOts#Kwszn z7y|*XQ$hs!Cybf{c&00Js)Q>n>?gvLI15f&-PB+NJE8VAc1snnQnooG{SZ-?3FGW# zPs}WrZuH&aNL1b?(qhpF#fYA3c&NVbAnrE{FMQYCN3-jy+8FRJ4_ z3LC_m8RlWNEHWz{GCw?sP5FHlTC^agRUAwuBA_tq14M2*N`@kvDZM!s%CF3+U~q!` zd*xkDKE$ME1r-cf%O>v5$^RRL__IJvQKNniSpjX$%`|b95FQ>LyCPFQnqLYs`r70S zC`+9al0g=1k)hx_yZ_Po|2KUDD1GEVT0fNpDAkomH8skRN)M*rej!IAq+b;B5Nt~R zrJ49|L;gMD9n*iSTmCC@OF(kVt+GV@3jJajtO^L4XsWyGPR7lRtK+~fQ2U0=L$D}& zGh0hUVsHT%sqvy%ulu0fP+F~7K|T5`4+UYvl{o8Xk20H?HYw0Xp)`JlaI3OXyn zxq<|zPc+lX?35R}%$M2W}LWG^CPRw1g>=7@FCchm zXQMmAPJIucw6>a+`vMy6BgiblsGYyF7PU!Sjucr-n7&U&P)3P{Ha|+|9x?ltW$*m` z9C2(dW)AHOX$%cNn>c?;6j9R6rm2gIvD-=mbns_KlP;i=7p34TS z)0t){zW!P-T7yUxd_0iXS|nnfZVegH!+I|q5JbIfSDAP&jq!XZpy?8FWs^lKWYlfr zHK$wG*Ml#Zk@IlfO?DWMCN9m$>4im(ZYIjUDj}MsCeo!{r376N;Un7kd<k@OeR8-iMj)t}I+kP=UjWS56zYQz>XApS7ykoTgy54)R!4D~*mY0{omAd#F zr*WKz(b*8N&i@17lxq98BL@E9iI}FWQ9nf=<6F113!k|CGC(RFo6>YmU|-j|eAO5% zg*&`ah*ETx4{Wz5Awc-DeOyvt&|JGk@ysy7XN3egTDM@8qLZ5-dI@az#H=o-r^uK` zAnWYY!+S$n%)=#jUA}B~e{WVDvIV9U8zP1SN4GM227OCg*JOhB;)gybaQI<0YsT}j zF>@2CLt|u)qkEl1V0M2~7hsb_6(5<$0EeB)vvUH|={)@@d6 zv8wOaQ*`7F-1pZfA-1%vvU7Lu$4Z3CbQ9tf%wV_T>}ha)LvL=t2JROO0?pk&P7W!L zbfdk}mPm(ZT78c@E3cflnsy5eWyF4u#IQ*k;CxR}91WJ-GPRRFx6Xxn;d^sZY@?ED z`6R{seS9`@hA{T*GyQ(}T9>+uPSJRt_bbcm9~=Y;wI1Cryf8L%2A1B|?Ttptbr3p< zvw>Czwu5yQ(7-nsV7J8M3;cCQa?75rNST-)_x{#Hg9Vw?f$A7~tLYheE{TW?)#$S8 znnA@Fr|ltf)FI_rh=>%SRvf9!s~~$afLBJ!*jClChUMjB!Y330>z;PyNmt}#yUM!i z$6QzOdu0_Zv<|?tGArV&TVdG2XXRLnFvCa_K>5D?v{JPb(A-!y^gg&WIhERtEN6ln zTR)aJ$^5<3acAe@kn%t`XijvdwxxzE#(dohuYuq{NPKm_e+m2DX#Vp4lIG%!0{Q27 z18JE(vc8+39qAzgyJpnsSI zG~zasyQ&4SuRaZQ&@;RazbMWDd!SmoiZ4uMT$ z=^%O7BEEHXsv$sX?bM2yf)k8(b}hAuK#`K_I^HfhT#AW1SQR{B!N7UK+MxmVRT7~azH)j%624mrm%CpeTOo(QrD@p* zL(`NliIo(s!?8QkEKP@yrpI2a7#1mQ?|9n5M)L_8!R8U_I~_UMhWS_hS5$G(utaWo z{X5AE+zWYTi_ZyGrCV%M^}haZuA1&Q$LLD}v^qg-I)MOqz!P{hS_eX?9+YGS>|EcUsoWU57Dwia@ZnWl}%;AonL~LbDu#h zeoU*yk}oUk75~!Cm;Bs^>g_5ETz!Dv1qRm4)HOY+#3R}rQm1r;THxc$ja>C2rMHQ`G}J;a44>SlAsVXWD$#=Qqf zuifI0WLdlVX-G$J?AV9UzBFpq*i8%%nHV221+Vp9jb0Ig$YEwB~O$d`*b?KwzQn}?)Gul4htDzViGW^ z?)H4MN0)zkCDxx<4{ABuvbc6}@Y-Ct?xGrz-Ml|FL!^--d}RllSN?J>$N!)*5JMI` zMW&=zJ3KJLBLRef;(GN*p>;ch88cHx0Ms(wV%Oj~^3D+X@UsLJ!>m$l*!m#_b{MVT zQ2Q!q>xhm;CxocE48imug>?!nH%i??F4Lx$)9d^^05#Z5Xdsr1f7|0c$sR%tPDWIC zk5*wgZQT->x@bqjFWsq8L|pfo3E($(5_{4#hIMZr?DpoqA~yKwn|t6gaFj5bXLPEl z%4sw!FiLWCu0vT~Na&iKEo%5eH@}FYibUJK=FU-zE4AE4_ zD{Z12JDXU|69hh*oU~6j^LAKP6p_7P=QI9im8Rx+>V1i2?I^-bB2AiN~>zzZ$bD*S#zk-YZ;28|4DeXA} zrKSH-1V$Fu=v{}lO)dQdX$tVHM z5I?dOjgw8vA6R}{J}YBkqR1J_!SwXLPmtw zbWy^{bb(!EY$X$aV*tLV7W*7}KMQpJXJN}Z=hFg-NwO&~@;}1B3^d3MS!q^4W7zjt!c;k!*`eM~nbDyRF4WBoqK85vEH9LiS$i&;rpkL3f>Q;Tz z6>g88F4ikq#$Dr;O}qYm=%G)wH_k6LdN<3h`WwZl&**IzNNq-fsHm5RFOJMc)z9T8xC}KFqCA^p^m%l7fA!AfM6s48*INkESPj-eNO#~wkbZCl6ND)s2$uT zfm8NNCn)gv$&E>}@8gxTvV`RlrnKR9bC{ZWk{w1*7VvDOgMfe9s4K`q#LavE1%cXLBme*a delta 8507 zcmbt(c|4SR|Ndwr6-lARHj!*Ow2-yNI*5}(WH~2WD*G_DajOss*$)%Wgi5x97-P(E zT8t%3iiw#qWyxfW36rr6zk76^p6B=aKEK!RkMAFD_uO+Y@A-VL>;1W|>t0G z)y{H{=pj)E1hNNiW##~Z2ywwb4Urw-k<<9|opp-EqJTm(-0b}2$dQ>Mqf}OB)46_N zz@*vaH=Wyl189bwoT)OUYu7RPKYq*M#xLaWxwG@h*;ygdo-MLTG5fqCZ)51(yB)pS zGtyU-9dn;sXHgj*N!tS}E~|CrIkDZ9c~65F#GT;d+|HEf3I2=7f}6ei;6?!fZq6}* z|90^Ib&Nl@oUyjnFFzsA;45q_&8jRDT-R5dT^IWq6Fu701zylRA4x@RERpua?HD(~ zi3mYXI5Ius_|D27E+xNJ;hId6T8uWbN;Zt&;q+2yZ@q$mu!sE}%-4SusX-vk$1!M_ zQDUc^G$v@0jgYaE!;li!GdOV%IRIZ=0<0RAVea=dd0-7@aw`1Z=gx!i=V7`ACxNvO zvBo61BnTvaK{`77+B!V$%s?+G)lMQ>3nQGr6}(Q@X9cV=^y7W7eUYJj-d{2|Y8WCp2u=$oE*p?p6{oH3qMU zDV>~NxalL^l62`&z?uYd^$4RcY!w2TQsVxqfBKIxqoWw%M4600Emvmx3;aD9*sDXb zrb==cVRKm-;<*_J#BzUh)MinStn0R`=TvZT5N#*UoMOq5Dm*_cJfUDGe2-5L-g$jMv!pJk&-QEv`RZ`#9{f6+|$}1{G12EERC#{lFV zB9_9K0q0M{8i&sI-^OR-XQIWpM^=gxXX8AY5I`2gNEKO2UTx|{z8yEY%bv(Q4T+cJ zJJ3kL-!r8?LIPsJgaxG9WEtit$gp@D$)99P5c{9JN&x=b!T)xw4-Q^^jtOq!$>5_P z7!cOrFIZn*@B=^T{URb8Sorj*3M9Vr({%ycfxiZ~hpcvUg1mRtS1joWq@i2GVV_C^Cc(LGpBuC+2e zXQIa^H;dvQt&GcVv2VC`HN(-)l9T9Naq*aQ8B^%fK*IVlgxdc0|#0p-LJxG%c>HIt{Q1CP|DorN6FEOhy>z25yFXaGdeuW z>hb)!vsZ_3I@>%i{OR>p7IMOgNz@LPt*(`_0TM<{nX~%wuXfU<9YGv4pT?jo!X#8} z48j9bqO1};ko%jwxKu9xDv+BloIq5;U>&|;T4Gg^nvo8(kYHt4EeRjqO}EOg9WoH5 z>#Fv-35%e#V7xLqN|onyme5zc-`QI=dkhlqd4KDt{4o#@N5P2{%qnIp2tsgI07A@G zu+0nRcXQe;nF8p5yWk0W0A}l>qxSZIJp|$`^v~SGaa&c95J<-+2!6t36V(anWFZhP z;O%~*l#38c5ZU#%7xj*koPAT=4RfFSD?QzwYbpiQ*fns zAY6LNHS!a^{TtjSiK*QhrGV1Zv8@n_9EPEJMss*2PZ6P)MmEyvJJ}`5_lQb#_pVS< z3nB#DMKd;J3W`W|yPS3Aj_%_H{ZNjhIHdhe28Q)w6;IokcQoeDtCgbz zDFYNOLZAByPG~KbQaeS7NbulSdsa`fE?nXe2iAi>t0J98ED8Yq1M*p|_AB5h=&9O0 z{n#^*FIT&bzjmXCzdX1%TCz8$G^W8$ll|P7L2P_o9iGg2qVnc|%QU>&AhTH+(Vzhn zj=x$k8E6%)e$lkk?o@#JXfcA2_m|eZhh|>xw>@yQY(o6Z!5B-XvFeoC&If6dn62%- z#!XJ;bPC6zh7a6Xv_5_6@aW98D#nBu=2dZ`TnW?3D(}!1zumHsz^`W!LEZsr*(~kF z+WCrDs>Qc=B4OyB)MISbwL0`LGo(DMTnKPNds>?eA_`4*t&|AtpH z^apzW_uv6|%3NpFH>iM#&vm5U=2&To%)x8^ZOCrA<{2o|A#ZVh)z2%xzxH<15-Z{A z-e^UaLaVG>7jZ$jEE?^YbCyztccMpLs&%1$6Z8A+=un?r&S=oHBI4q1qZ+H#R9lCz zs6w~|T?;}>CNm~SS9zZkJUBP`$B?6K=m6|XOCU~HnQM46A*a$c)I87naj1(cNBy9h zvf8nFx52RmN<+@$<3|)pi-&Lcl^NYlSEsF4lZ(VIFcu&XtbzddF``CFJR?zpzkPp| zkeh$EQSG+I15UDoO=WqO=6RK7169x7NY{|6Y9$bD^MOeU$A*Zc$tIJbB;(cX@hoXz zWgK1gHuFY)vS0aiQXGb{o zvfq*S!#hK8Y#zdJhqoH!(-VhTN8o;pFb2P6<4Sjt2!ANCSlzh_Z_adTY2ieCmq8+< z@J0NQ_Z!W$Mc~w+I7C;0oBYBa%9SN?KdU8-79RnT+TuTDoLPZyt(0TPAe&=@_g(c< z+bAU^f=y(lU4)J{78jx0WwKTxBwI%1zb;;VG&yUpP4c^Ixo!HxX$0UD6`2>KcfeRF zT<&H@Ex-CY(D~5_LhF`kQDsn%D2|2TWxTtns}ohGbC|@^Wis9An?yR z2>Vxa+-!xxjWA(7%i`i<2&87qKV--b6$V=~UJFnNUqO^5{=Ql6O)tXVyJ-juTfD^nZWR^q}>8`HCteS^|gb; z^t~k}fW?k@vIKbVA8lOF(Kq)tS^9&dKkD7AWwSoP9(a!5QIJjMWB{h|`*pT$sO%ud6CFDX zodS8+b43133&*ta?B&|JSmVrh7yG2ap@}1ai=u(sTFkzczSVmTdskwirLJStHkJ1` zrB+Ua^Y*TE=^qA%cV$q7zwRQY!j=0zLj?48VeCm+502@W6vPWwlV&pvE19?K?&LrK z9?ZLreW}!F>wZeYK54B>%k$?)$I)kXe_i*Ih;|(P=p4K;7_s7LxfF<>K(Eyf-u~9O zQw$wi(ya&gK2@-~{ZvusGi%aSpD(@hN^oyO`iYWsG*2_7S4HQLy|5?&FtEr@aikz< zFSHKYv%DJfainYB>N|GQV@>kAIt_IJ)FRb5Xnf8pYocwU&GJjj6_wrKc$>74!w+hH z8@x7LRaqwUAhzgKB;IXM%z1Vt2um1szRINXUmWEPtrv~|rL(7zjE=4f`?cEd?fS>; zu|q<`4)8-EwxqtLmWxA2Op4PF|9*j_b13bGP`^rPFiBAjQ7SuhrIDV#?5)%VD9lB# z7pHFxIF)ega|Ojv`0w!tk4&-IlOOz$g&@4R?=6^tuWy*)T_05E;3erh5@*dw)yyc8 z2>q?xA1}jsj2jul7&509b%=#sWtPm|GwKhmg?7xnFpZsU#;X=An_1+>J{?!9m%HG- z9&jT2BI8B4ZTmVZapK512O!n9@O_#t#37ZS618>qE zeaXJ4K4>hLaTi*cE_u^7QvXb;w+f$@g;JOdOh1Vo7-oM!x@F;a(&c=a*`XPRI(j9Y z*H7imJ&U;}3j!J-K9$c4QMvDOXTJPZ+U3ZbSp`y82UkG9##O zR}5D&=!mN3`I)s)nr{SE0ACw`|Q8mFizhh6kx6kmGn2jR@N$Q&6%=tiUTSEmylNfxFQs5#)^{0;;ctNu6W1oA?R+yEB{<=(`_1 z0$jfZU1M|Y7BnfaUj_e$+4xTJoS&b+GZPq}pD$g|>)QzdKtA5Pxqsza-NWHqP5|YbJ0YLcHj4m7rYcflQVh~A zv#BvCjyq-zO0jXH;F*&3ke|WK~39P%6B)>+S>fE=f9Cnc)5!*wE-} zs+|`+4^+Gfaj_U|IW7B-7vRS!-z^XkBPc=>cs9kW{-tO>a0M^bC{@*vmKVhz*dmt0 zq5n>%*6Ok&lBR3Yd+`@;xo7B0tXL)z4>USdD5Ye@;&Oa4;e|?BO7Moa2U@Ui9YV|V zm9w6;j#w(XjA%GVwSs1CW4Px-1wE!dTO?35yK!0ui?7l|AvMY{${n4F$@@6v ziz@f`h`RS&+VU=@2l4EA_o%O1M)iE0%4}j7cN&GqDH#4^Q6lQH!GVu;=ss z@(KrYpfa+l>O?V&!m<@gN(k%<1t@c0lgW1jhA%STEke0lMd|tL5s9;^UYc4;Hf(Jk z)CQds6Kn#3_^ls_R(~FmxF2prz4ktnVC6E+qjHmY<2j6?S0o-HXLD|cSv6Un#jdHzh+t(b9{Nr$c;;av3$^URI|6maK;cMKg$wGaZKm4-*rUD05M!TJ3 z0D*Y@hm`^`D- zv7WagY^u{PN2nUIKjpn~@uVo4)s z|3q2V;uj9hqo#T}xESMc3an;JNmwmkZaJp5O}KcR0LL%@%`=ZZE8on2n?KI@YUuWe zd$S}J zykBf_&aBJ6Gg#J+$S1J=(ADM$iRjwvfw)(GEmI4!0e&?~z4b-?8;Yz^7iQ5Eaojc7 zz!AgFTWy_1>O}+{#)cQ;$dx)P-`7U03sPO~;b{~=`&oCDRF9eiqw`g%Nwl=Cru<0I zf!jUN@2hHu{0p$@LVX@gm(0}qz#}V9rrjReso8lhQ9rb1KE4!XHWpFjv_iqfr)q=; zTDROfUi#Y!ak{PB?|%SjQg#2m)zP!*w#%1>EMl(e^4p_cynk05CU0fZ;lR3pP7)=c zVm}{70SW9%?vd;n@pK0Wlt|g%5bxG3J$ zGo{%MZvap;!@b)Y$ym~3gY7Lx&n3iFzyPGTgXcH)t^uhk`@NaykW(-oJ>jK9gh4Me zFM~}QZ92Q?b~(JXC)bWw@XmH(hfldNJItrwJo%Ajm?tjlRDjOTa3@6>_i!K62+8Qe z$#)-SgE5@dSj!O?%4xHfmOj%DV3PZwzs^|YHk;2_{?&{guDPv7(|+;wtnG`8a3IFe z&hJ^HC$`9)mql)5dE=>&VLX}!w|B6)>&ESoah&$~mHu+1JJZm$ z`*Q6%UAy9pEL!m^%PsNP ziwO5!w}0OglrS5I%#Jv7LS|TZ;q1t8WhX%?n2jdI6vK4$3!v_8T^oA!+&&NSorFe@ zU2%u&NC|P$R4rJW2ZohOI}{_Uz;&AVXv%adB3_;$hnVVC%eHjs^{8h8UjpxY`q&wW zX&_E+cTaVL&%!gOnW}lASmhVu7@j6I=m^SW%HV^YQN_tQqzqDOr6wHPpV=n)K4_I$ z*57wiala5U))Gd!%yqRF&pT{>ByJ+PqTD; z=*U;(aiHcGTFA>{nEa#Apv8;c{_2A@IVRWUQrp8W)f}z-oIUo^R1{UODBCd3Ll9rF zkBk`WP7*mSMkO}S&C2@{PTRi-L`@lVd^M;|B+InuHZs;dus~awyDE|qo8Er<6MoT% z6f-Z7V`&BTjg*7qV}b}n4u&nAb3(8SUN^Z0jb)ELs#|(UuI@tF-p3naD3T~>w!fhS zoQ3n{Ea5o>?aX72j|aZ^dRrDRCZLt{VyIPGk6v<9{^}eUI>XNK^~6w3ch12>jF(${ zOilNrfYK^*kSGGQ0vw`OxN&}220|=^Xv%&Ndqy^UtZWPMrCQ5)*^A17QyE*Q)&{q z=pJz0QgiuTqbFBMEgw`r(>1Kbr+s&`Q?0WC@LL1GwFy3OtoMEd3U{L$O!|nZFVyyx+Uo#~PgjJz{b&P6v1Y}8(o1nlF8cvDeAr_yO?AJoR&r=YBHVprEd zhV?W;urMrv3qws-v25WH%vLu%xv`4Hq`81mZZ*Qd;of)}2K{n~6Lv8rs};!0S@y`U z9`)-kd0qqMv*+JR71f=97mAG7ZA`HPE{~eM>TA-*jlks8xQii+!z#LN@rNZ_@|vY0 zr(_J;g^s;B4ed2|e0QrxP1{8^%9+_A6JDcK_nMJh+v(tSYuLlDyrCC0X+7`){+;3v zAd~-eesLt4;mP#>Vqgab@@>1Z`#6|V>^f*Do{`SX>23@gOn znVgdCF{{e`Tb1W4Z=ToWz_wNmGLtJoaWZcjMVQ1oxJ6!9M2JB?`IeX>DT-lwpoH7+ zG7?Q3**C0!q4o!mRNgF?vGTrC4$Jk3^$gCsaSzm;mFP#lT{I&w8>S(GGzN4$Ag)1w znJelp4(w4fI*R;vM*SbJCjRT233E}|Pe-DnqqjhsMK_HNB*Cs*)(W>3@=MZYQ28Ut z6u1!ZP1sMLBFMo79!L+PCAAB5IEF*I@x!-{rM>~~pw&PTrzel;_dO{HWK2B|Q(pJ< zq`vh%8TcG5^Hc2RI~FCvcw^s%1DlEZX5u5rY<^gyqo5i3p*4RfLBSWBdjg>-47w+< z5ZJ~;G6;L+K0)*--+Z27a`<}=2MVnRTs0=Mmx)MJtwRetCN3>Va=8D8*-5dgg)!gP zDZw317QW3;>Z^E=#$TlJE_ZZU9b3S#1iw=rG%$14Nks#@|4el0L3qOC2fEHNv5MTU zSN7T52`hMzuKeA7+XF!or=3`{vHmBS@Y0O=moE5v)u>p%XG-#*GT>DJML-l_y51kH zNo_rZgKwO*H0?BP)KAN$lIbgifpifgvKZ2&I-&q3-l&L}36_J2-;X(wohjv|-1XJW zg7{*o)us4DxFglJL$-pO9A6#XYj>}qmv)Py)Z7<9jWpB&Lw!hs++kD7yC_27QSpp) zvr3)7*VOy*cVV@F8GE)e_u%ymOumn$f#K?hN$%2m6Dsq}Qo3xP4YM@mZE0rA>Avb7 zFwn6+GTe{m@||ddXT~cshj?8LMoEFQ4SA8lB@wt~Z|~jmucUjyPJV@mvgbuYp#ui$sfrxjjJ2H7h!ztmwu)V5-JF2`-28w03PSO2lYnM?&0oFJ=uSE#QvqoiK^$k|x1#TNlFI z>v$^sl*YMRWO?y$z-qWcRSKBs~sF&exmVj4sLw6*b;b1%N`Lvw8Rv9G$L$Yfgb@q zGHTgPa11J|sW>}#;*4rK=u%))`D34+0IGpN#+^BkUzuq_*p62Zkp zkWu~{q5#N@O;hu4H2(*9Ki(y8tgy5|UYsA;8VRyv_*Taz2_9vTrBf5%`ZlcKchNzr zxM)bxE`!-a`|^Lp0)hwq>y^>Zh*VGzq From fa18bccd54d3e8bf2c4ae7f819c71784b80b3835 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Mar 2017 22:35:15 +1300 Subject: [PATCH 0104/1961] Delete test.txt --- wikipiki/test.txt | 1 - 1 file changed, 1 deletion(-) delete mode 100644 wikipiki/test.txt diff --git a/wikipiki/test.txt b/wikipiki/test.txt deleted file mode 100644 index 5a42132..0000000 --- a/wikipiki/test.txt +++ /dev/null @@ -1 +0,0 @@ -i am a test file From fd04f6666b1a61054e7967ab1690661d049a1e76 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 24 Mar 2017 03:24:34 +1300 Subject: [PATCH 0105/1961] 2025->3025 --- user.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 990f1d7..e9f333a 100644 --- a/user.js +++ b/user.js @@ -855,16 +855,6 @@ user_pref("media.mediasource.enabled", true); user_pref("media.mediasource.mp4.enabled", true); user_pref("media.mediasource.webm.audio.enabled", true); user_pref("media.mediasource.webm.enabled", true); -/* 2025: enable/disable various media types [SETUP] ***/ -user_pref("media.mp4.enabled", true); -user_pref("media.flac.enabled", true); // (FF51+) -user_pref("media.ogg.enabled", false); -user_pref("media.ogg.flac.enabled", false); // (FF51+) -user_pref("media.opus.enabled", false); -user_pref("media.raw.enabled", false); -user_pref("media.wave.enabled", false); -user_pref("media.webm.enabled", true); -user_pref("media.wmf.enabled", true); // https://www.youtube.com/html5 - for the two H.264 entries /* 2026: disable canvas capture stream * [1] https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); @@ -1483,6 +1473,16 @@ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); +/* 3025: enable/disable various media types ***/ + // user_pref("media.mp4.enabled", false); + // user_pref("media.flac.enabled", false); // (FF51+) + // user_pref("media.ogg.enabled", false); + // user_pref("media.ogg.flac.enabled", false); // (FF51+) + // user_pref("media.opus.enabled", false); + // user_pref("media.raw.enabled", false); + // user_pref("media.wave.enabled", false); + // user_pref("media.webm.enabled", false); + // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From f4f739929b46aba73120325f1a1cf10a11ac641c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Mar 2017 03:54:21 +1300 Subject: [PATCH 0106/1961] #69 Active Logins --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e9f333a..1a219e6 100644 --- a/user.js +++ b/user.js @@ -1372,7 +1372,7 @@ user_pref("privacy.clearOnShutdown.downloads", true); // see note above user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data -user_pref("privacy.clearOnShutdown.sessions", false); // Active Logins +user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences /* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) * This dialog can also be accessed from the menu History>Clear Recent History @@ -1385,7 +1385,7 @@ user_pref("privacy.cpd.formdata", true); // Form & Search History user_pref("privacy.cpd.history", true); // Browsing & Download History user_pref("privacy.cpd.offlineApps", true); // Offline Website Data user_pref("privacy.cpd.passwords", false); // this is not listed -user_pref("privacy.cpd.sessions", false); // Active Logins +user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: privacy.*.openWindows (FF34+) * We don't know what they do because we don't care what they do ***/ From e941dc7ebace30558d5fab3cbd1bb83bf3589ed5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Mar 2017 04:14:47 +1300 Subject: [PATCH 0107/1961] Add files via upload --- wikipiki/overview01.png | Bin 0 -> 19862 bytes wikipiki/overview02.png | Bin 0 -> 11179 bytes wikipiki/overview03.png | Bin 0 -> 18001 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/overview01.png create mode 100644 wikipiki/overview02.png create mode 100644 wikipiki/overview03.png diff --git a/wikipiki/overview01.png b/wikipiki/overview01.png new file mode 100644 index 0000000000000000000000000000000000000000..2c8f3b60d732604803fe1bd7eef5ec361d5f790f GIT binary patch literal 19862 zcma&NV_;;>*7x0+*qLO4i6*vfPi)(m*tTukwryJzOl(eUzdduEbKmDY&xiNW!0Du=06_N)4K9K-F&p~|xzFyH~umazpZA8`V0RUK( zKYt*AvQ^7=0;TVnkVdGXn zBE%;_!de~`3Qt}j+~-Ry2?ahhl6VMy?k`li-p}8^gJF&2gn&jx`9z?~QNe}5EJN<$ z=SBJFhlGv2Y`f>1FLpc}OujcR@f=p%WY$kZ_CUcUi89JD`@oe7;C|lnA08Om-lO63 zg(0#5AVJj|;@iIwf&d=9xVR_@dLX+1ATIN;P=Fq(^d36w;19$TfmBTpp8${^hgdcV zD4#C?KDQ`=A^@K-h)-q;i2@)844^x1puY={r3UDddLPUKd@>(X-9Z2v3HYcWIk5md z6r&I!zzav_1_05Ere z?g$~F3m_mB@J0Aqh3ks43h9sn=&95?u2v%U@4gyP)V7c+Dm1ucQ)1|pUs&`$>80_} z^tq;fW$xH6iFwpL9cf5a{dgzVA<$+wcJZ+YVl{ z?^Lw)m_D2kK9=u!#OGi?v|)1`AHt365cwJbImat1H#UEK^F24F_1CZcy}f1e0RauY zF%{2ulRljul{bqgFRs^zyREJrB3}kAUlFj!t-gs{$wKVuIOqWVwS#Dp*Jjv{SDbl* z0WtknRf;dWa>%w(LTM2<421-t0&(Pn#B(2pJDXH5pgfz*fEqI%5cgQ>5-kJJdkIn` zRfnFP2LRx@-MaTD85F3`5C83H=Z_2CH<27-fRC|QoGk#LEks14I9AU)3!!VE2Nr^}@dDvIGba4fF{h3BVZoVB6`ESNI8#1x?oAQ0UVB`KEbz6j{7HEqhM~a}1WWGWO!*JQm1rKpVY;3p3`oWS3p$#iet}vxD(HBF@mhikxbh*) z8s!Sm_Ru?n=~`znWZ&;S&@5oi0(g43{GzIos?y7%C3x6GOrKYvS)oA#4PfXq&itN58YT3w(rw@JQQF1Q4R$uW(6(jQGsqOdYAaUSyr`i}?G>LZ7?&+Cb} z(#bO_bK}P%N6AN^x6W|zL8$)2Atq#B(=i}1Oujl}RHsN5eVq^gI;=>?N`IPin2MNc zt)xoPMB#xNI|h>|o=B32MM0}rT2@rHQ3k7YqcpAkiMw;ejNy$m7<)YLqUn#J0|IR@NS#QXr^!pT7LgZmN^(jLPfkqcO)jP~r*qRUF&w5JrZ1&$HtVXps8cnSG_@Fs z)$OSlshu}S7ufcFSb{<7k@5pm5!G#&ssF;ueoX(Z7Oa4TC=|l zv0Bw++2pBbqK|IUJXqC#9^V=7+2$Gf#tjJ{{0pHRM;*t@zQOJbhcd@T+Em6lujk-x z(lM=x>NL{yGUIL&$~gIeX{JK@yod?9Nvpm8O-OjCgx@$#G7n8U*3kM$=bpI3ovqfk z+uU7ddVPA|S;=bkIm@}}dGK2H1XDJ7mKvk|O#g`BmfZdkmyDo{uSw$} zA*}&ztV-olO>?1h*@NB%I?p|iUG^@|E*I+t!-ks91Zz+8Nb|T%zjc;Q;HIEA;fLXe z+s7=R*oPRz1T@r_-&f<)%cGkIes>fv$EwkN-LEtLh@4h_RQ_ncO27TyO8g%qzhf%# z9}ZKdVy8?I0%g697H1&!4)ntNz2Ha#g9BB9c%y7WR554ilbM}o*97f1g`S0ygf`Mm z=w;Zesl}Noc*!(nA&)UXpGe+7F07;#VjPS*=Z=MSgb6%Heb(ff_E}^V0Yco zQ)oxDY+Q4v`fdY@(MoBMsW_7OBtxXx5-$0XC`!;Gh_6wciKAd#`*8Y92xw4 zOT{;toR}OKJB?Qu1=hU}T7@^$;wD0ln%BovfU8l%GzkrP!uXeccoXf>QRo-;l^*r3kRKu9V}K1fEeg8#MB0Kci+ zaCUe9eU&zOl5Dlzze%t)zniP2!>D+4YLb&zu|V-w@mZ1Od~Ur_Z|Tu$_8iN-(2$8 zIc`Py=tas?5rpAyUGJF}&eZTM@Jf*xLpy{vLauwq573(rxbPe+P7&@E+mQ3$oN!EV zXw3xDuG56m71CZb^flUKCU|BSPd40MMOMEdW-xK7xr*N?j+(9<`_0FjTu(=2CT4ni z(LAl`uI4ql9~w+;nju`cc&wc+0KjiG-oYK5*ak#Eq-A7SrQAw-j(6KymIN^Ga zpO+bK&uCApYSlDvJ$LJDbT@uD#>!%yTEFddy+Zp~T*zYQUhlkdvwj$SxZ6Zq_p&2> zn;LKbS0(0}?p_AVMx5Ij0H zdOQd|=roIshn;X_W5)-qX#DDe_CH+C*;L6l>SY{japV%n~l_uZu>j`tOgsn^YyV`G4~+v|55!P=TC zr^BGo%}sAGz$IS2hjpFh+Gmtb?hz{MM`bau++*m|%b(qlAMvKv23b{02b!vz9UmiE zhTRNiFMFn4bv?Jp&4=B&SQz$$YO-7tisi3nm~4^p5_(Q0N3Ppk`UoNpegZ03o^p5F zW!7X)$Z|2m9Ur2;Rp@Th1;A7+I7*;akJ z<`Nec7T|*(TIyvy$w)e3D#OP1Wu4XI$;J`;k%M9Y+07agtC~B5r^+!aLge@W_I7v( zgFN?~&dOomiED`Z%BL`;73UNx>dgE)_Y!$R00!o%1U>8Wv+YI2PfMjLzyqJVhRl~z znvPb;)O~p4hn$#rN&D7b0%I>o}P(d+_co$<=;vt=|jDtY2FEInZHG%L2NRrsRrF*{J1F;rPcyFxZL& z8xU<9f27i#kBWUtfS_s3DPkdo?(N0nw5g5aV8*fu%Cf79PY>Fz9Y`wFHJ&j;QLJp@ zVZ~(Zbn9bgI+AB$WEmT-Dr$jK4k{F5$0b7FgBD!s4COz>I5WdyKC2u@1$*FANZw%~ zon3IgZ|iEqW=;1tDEmbNc!dymC!608&Uf_vVsi0RKlLVZoyR0n)JhLuNj+JwueW}F zyXQ4r0d&H`j;?*Y66WqTLAhkm4PI-Gu}qvbI>||V=Qw{UokOh{OlDbU>LSoGK}`!< z`T|Z>H-^qVoVsu+kE<_73Ul$6?kRXU#+LWo!t`_{et44Vzb2plxF7@cP?ue37s;KF zs~Lcvu8uwCId$L6eD{)k@wdNJ-*Abaw$?pg-Npvx2V4vAw0b9M7K#pc4{&R1tXMf- z)8V`rxu5gaTdU3wZgxd!N=gIA2~3P76QV7psNTkqf)h~eB8NK6{9WCn%Bu%!x4h_< z7Tju4z?mbBWXCw{X&`eR-lUN3%_+WxyDi2^!Q^ z`vGbYm7XISh^*}a(x$UNPvh4X+YtaZ5gLbMcX<(lnv%4kaK{KmSq$dE3qfTkLrgR( zkI&f6Q%dPl7&wPbo@-{~sPWtfXCmUW>#taHHNU8I+otpu4Py^{4gPpQqUIs+d`8Xl z`F=$nC4A0Npdw#-L5i;>3)5hgd&zo+jd?8Xa@FdNH_2N5^>XqB#)YC?{!$1UlZq_w7YO z1pI?#>$7+ylU5G3@25nrOY#g=3G4V#rC(U0xlE_1L@X-6{@)-jwV4S1p1Gj zP1(#M@jN?bdBK>R2b8) zju;Ur`}4fVV}lIsw!|%Dh~`FVAX6Gv1v=H*io5h=Y%sqyuY^emc4M4kbNg2fl?8Q- zL_?{11~EC;++lZm$?0gVr=TpWjbtgktW*&*|6DwLuDZjX(Yt+yzxix!ui<=CB2IfH zo_rHm+EGh!>8tnzX6avA+r^Yq?01XA&k?cm+ucsf00DAs#NS@Is#QIlZF0|9tL2YL z-42=i;?1SCW%!6a8S5-2P?{?NFO1r9!)Z|Xfs)+A`v#%R(ENJOU#rol z!VFYcM22z9`*h{7rsq5pOw3a(%xrSWsB*mdjUk2`WcN{n4V`XQ#w@g2?qm9k>S}W2 z-Q(#(90c&yr+gZ-@YlIh=G(8)^kE!dR2DIjtvy0DYtniIb0oHU)r(M7B($(sOX3UM zZ@(|>w|qSV{gLNYoY3FeE5|QM*_;ctJ!TYtZHIy^v4tf1xRj=T47Ue|bx0nlE9#n?&%4Gdo?6DX5|!Igbu z*b0h}ZR;|`Jpu;QL*v!J+K@4R4tgXkNI$(9{Dhl?Nms@VGlC31QgOQJ6~U#l{tQZA zjGDY3yja$;xUKuh*uhSDqWGk+P)dA4FE0^{y(+t>BZz&XTyvy?)oP2V12*K&85Ds^ z;u$>;;;F}fSzVw;jBcJ5Vrq2cPFT|;OhOcu#ilkaC5p|uvqyKLZ#8CC-nKl)S2_7J z{ut?No{lmd-Gsvcr3LfqRBng8snXoCN9jY|$x(~}R@j<(h~PR5+M5|6tIc+}&lLSC z>lQ~`_OGR5y04#8`5gnbDh7R1SRklse&_5Fn<(*%cCZbMu8^1SZWS)G>PRxGgk4Lp zVM|1QClHSo%m#X_WhPsLD!%Z*p_2!GF+I)Ma{TvTn!5f95?!m^lbGv1;-DM~X*nK| zw&ac>b;3d!m}zauuMDx<@;*s5WjiN6>Q9xAd6BW=iFw5|${qbBIvLFxu*0I1ICVpR z9HUsF8zH(V?oH$Fg4xMQ_C@8e6;hwiqzsT#m-1gS7}Y|5`{F_KR$+y zWMDJ{q#&?P-489u7}YJvJ@otSxOLGdO7_*f$N4bE!g8Ga7C4axhmlytFdGxB*SC%` zeA*WF=u|s{f8<8c&m%@OcVVCRDWW@rV+8DTs2bp3qCBntKkKj`t|CW z0XTEcI8&J~w>u_Pw_3rGDUvU46h5Ik+3i-40I1f57rVHv_upl-nhv6yj>~MU2@TAo z&^DVdw|N84C&_ogxzorBiGAVSGS*Tp7x1m9X)kVMPaFW3$)EflCp|hAckdX*f!}?7T#W2jz-XyL7w=6I5M5L!_!|4$_(`Ese7pa%ReMI( zMA~n@Ybnc0iQpKWr-tn=eXfCLu7Q*qKgs10uwvUj-pP3jbgRhmKxeKbW^s03Nh>n; zG?pv5X4=AbNb5BTYG$Z68uU0j`)(fgH)^HT0 zY>rFxl=@NTC7@^c#CB%7wJ{t%A%T7Nft>1<;laG6B_KY&*VvT|2BZ9D!RZr_q3Q8F z8z?F_q)a}%Y9eIA5#SxNpJqNAe{9IUL_7iiK5m(7hwkNQ)nkK43vE*mJMYX*4VU>c zLQ`qmetoua$F1n<%BY0r!K8)|8*Ug$QClRLaz>Ms1;hN+*KoR;%YzAI)^H#EwCkn5 z{E&v`;Cd{hW(<4SdrY@ZDN%tY|qnmh6R7j-c{>VsAE%e#?&9|XXv-Sgcv zA7t0*7Y|7gL?&R(%2^-{iVYts)au1rOP&^Gb0SoLRyZ3vo`n;@b{227c^}-`&S)u? zhVeYW*{ex&=r`{lAoiq$FY4O7&eJV{^s2|rjonQ#V@7XH!Cvw+a1i&mHu@?m;y-^uq$9O(Szgw%O$+*Ks%Xux_nP?> z5-1Jbk3`sVWDb09ld`vyRSW)P3WMhO{}7duH#@J} za4z0|#O)V#=0OSw=-K9=7Wi~eo^41+G|`%;CWKyA;7?}xsO67djnIk`KY+nT#G*i_ z&Ydc~c*K!@hFIGAuA`ZUGC=IY{{>Tmf>3R|DSF=NJPmla<@Sp>?+gXnf76mpwf^+b zaLDtVY~R$-FM^0uHHAumEsijFNsRjuVARikD2IQZDmvg$_n^}bl3u(`D%+4)2< z?YJEw>{`%Sm5QD~4IOs+X1S`is3AXkG^ruonT&AF0i2ip7w{s%Y3WHTGypO}R@v*16XEdoVc|Es>CEMPG~m8&5H@k6KwSk5nSh&9$Aw-RGlTcT zJSOd~It#UCs$e2t6nA4hNaBq^)<6FA?OqO>u390BgT5MN8t24Np7=uqDx_w}O_=eA ziZf_&xe2n7p#m^=TDz@?NGmXrDoOtYY5xNg@VzdN!m~_&R9OG;D57HzJ1FXmG&)!& z_n)YvGfD}JZD+Ws-b^ng`_WDA#vOlSesXM9Q{bYJXnYzck{4;BTN>T z#9Lrbp+Ci5HPKh0uJG!qDp=nIpn+kdgLYv;eN&DMt6oiGVe9ek#xG(O;o#Y-gQELD zUfw<`q6(=2A`FKlN@`2)sUPXZX$&fnyxh-{3Nuq;OeSGwF#Za&O`338(HrGg{S5hc zLU#O8mC=nOe|Oai3P2)YDWo4qXVToOE9rpP(0s=R67BjCD{o+94~#XjCeHcsNmT%v zg6Pu^oE=#4F=?={oy>&?HCPJpy`FVT+SZxFi9Q>QajfuoKu(w5 z^qTJJFa>NUUAn@Vr&iQ{igNNVTG}29Zw-ZRUaNa!bxx6e3evXcDeWbdoXSLg->UWHQ5|GA+LR+{(U^W(DC6UFFR`8oHsWc25sf247X`BzeR)&qn* z>zv;e!~G|vl&vRF)r|C|509Q&T19|k5sC1@aI)PbYSKEV?`vwEKfChNC^ThB@J?~x z^@Xl-eB#8XErE*iE~%+S5#$ zUhW9Cek&AoHjcEVA9g2>;1EoF*YL4VR}G)u_uXh$z|_W#N#;xR-ghX7ryAQ0oE{*O z=&~ga9%-ZD`tfww-gbGQ0l>-Evdk~)bZqt8!o4gT(`nI_td9OvPPza3tS)k?)9)=w z%JIm8006YlkxjK?`+QiChqwWriJI@KKmpjhi>-E@P;7u6mSs-Zo^1!>wA&u4+lVyj z33bboGAl{gb#td-z836BaMgnh{Zd_Ruo{n97`1+*7! z+_02gt6IkYuE;>npZ{~dGbC(NA!oiVRCd;@Aa+J-8Rm7t3x_#JzU+C^%*roAa0fo% zB>fUN{u<(M^x(nw1qC!p;X`AWI%$+B{#HpU+e+MlJ;Th*Er#l(Grq=iCXwj*f;&RE zzPe~#KXHDZo@JZm;5qBurCN$ANlei9gFaCtn`&s3z>DrK;i04dSp18Cj(;E;!=wYp zA)GPF7JuC+*#HSf${486_}PGq$!S2X^05-Kx6c*j^d_l>Yw#*{=4`AL!!tTUs%(U9 zKnW7q5uKZ}ELqi*Jt9>L*)9x(k&1c5k*&FW)vcKDK0(i7ymePS!N4!~F5rXh_nmIjXN;`N!`&F3c!_Oan4y$xwjaA!I=qYL_HfCdS(~dmPm=>2h8sKv(wF zXO{8Etio(09{00Qt@;TNcHDR9P!^V#ud+1hQvB+=*XsTwRf zOzSP+Kk|R}tr@~cTU3Jf40kaVzR}u0delap`@2@%HoC}|DMFI>?eINQHBayt|7G7) z$RVCS|G~EZ0o_1MezGZEpnY^OD$(!|A@zKG4wHCB@0lA2mB6TY1JtFru;5eGX zy^X@1XUt8~mn^vKHH($y=E=Ukk#YrOj%~nhQZV76=T5k=kz#So+`5ZkNOWG){}kTR zUdk$@KB{}!mLU6poOkgyys@G#v*ohizjzpJBAd{tDf{Cw{!wDH%@r-l(unYs494Ko zdP1p%StLcbyoC-0wl=k(dN3>u#nX#KFrDpo@N^a~=oY`%Q`DvwFRJVOt#Kg=qOp_p zr<$vuMhflLD9$YW9bKl6%Me?+xmU_#bX#I6JQ^0PfSw@4cKeNVM4HxBqoDP=v!fA? z8ndz^lqy!r%-y8v=+tjCKMxz4Nc&gQ@=fbP!xOAcn`Oy}9%WSo18?cNe>b$8d)rw0Y zfN&f{Z9rbJemhT$^KiI@{N}mAdppc(#`7A$FcFtw$2Ib}p;MIQ-r8hpp*Q71Sy@;0UQl%gu@+KN#itsXow)3xb9^5Du@ zr+1SZ%VVr`gu0c{g}^YJDckNA4It|MOy_@`SLgM|qW$)jmrh;}3%X4aXSrVc&s&>Vu@Myk0j(I1q7p zbr>veGYjiba4BK+@f&1t7CW8GkGMZD_v+U#Z6uC+^6On)&aRt0i4{_NxUKkcxx9FG zZxGwV{fe8d#uQnM%Em5!acbR;^;O!22m;`u_Y$TwtPO=^H$a!tS3CU5uHB`3a@Ype z(vNC@JFwug0mZCiB=#SsG^}akHW7Wc)`sJgV=vRhP#2RD&JbVE%&6if1uJrt!jMiU z1|(V`XD(#uQcZP0W3oUZxqnAOilDCy44pj%vzha1d$#NBDQf>7g!Lu>1u^yV?B&XueO?csPq%o<2o8S=Tx9KF9*tebpX)guDHF-f56N67yIxhE(qn z29Jyo2(vR8>}izx5e`W2qjn#A2gBVMy+*-Kdo2t>{sJT7K(R($AENbcuG$+qY9J93PRlibkrq^!iO z+EZWewM7PmXD&she?b90Ip5>dErx zX%|TvKLY)C{YkU#Y_luAgQqEP+6Pp)A^ovbZLA-t{Xru9;HSgi zys~f!LcHysVq^6?cm=8WB<#noHgjcw8!< zZujsDoedu1Bs6HdiJjC7Y7;a24MA9KalSC{;DlC;3m4ovSc3j}rtxq8{%Bs0o~2ZS)OKwihjYnB6tZ}Cb^CN)D*_!8eXxTsq<=}X@>UFV(>s=it9J_2aZ@K=Ea2C)T;{vwn)xM&7k+kAJ+|KQBLrm4rhl*eO$VNX{`g_FjB0i%R(A z^}fABFQ!AoA#OOgf_DYRs?JgYZXhDv{RYwHS>_j%Swp}tIX6JmNtIIYIY(7{OXi!S zZGb?lfp|(X#@KkP^t{k=?0cX0X8_*dLseRu!hMRBC}m5VDIt?;D8eSE>$$P)YXNn+WfZgdbZ(r_srDeJ%fLu4@~JBA;sUuEkrop zu+fV##$1m0+-U}`%^C19cDUGR!Snn=f-3(sK!lUWLoY@P63?`nt*|5YE&p&vG9hn8|+cWO$X+6_Zu!qAFEl%=-p`Aqz-(Q=+8kgj{ShO+|Th1G92_` z_AoGaCUp5Vc6xZjR9n!-q9zpHVn)lh*I=iYKUyxX?m=O*5b4UKB;TTa6FecaJhpob z4jZa3rygm$-%U2zFZUh_m!9Y6yDeaufEM(Pfzyix-$_c&1&FE&xS8hBkN_!zBe9-- z90}POOHzt<8gQOCjD_x!2d5N3|B)(85&R=$_`k5jR2c}+$m;E7i?f{@8zrx4tn}UL zXkil5{(SE@-TUTm6Yuxk+|M^Tc6ojzvSVubcqGS0;J{c*GBm*Qd!fv0^|v?PY>jvF zr|FN2J(Xgf54H7=>kkw;ew0Oq5V5qBf@JXchUDjoC0XURY+*MAnWd(Ys(6ac28@XG z%d`%0Nm6saZJCdy1KJPob)AkEP>&C9kEc76_uIq6?8nNBZ=o=0eB`86oIF75NRFZW zf<)}Z4=Y(22*k1(5~WgsE9<>9dM88S?-;@D=7uB_q_APT@KTi-5+j@ zS!s`RE+gH@s7$`{(%7_;f3J)Xb|-P_xJ`HJ`0vV8;$WxAuQ&sYY;A%5rB$0$W!2## zIVN_lLzDC{^|<+1GyAABg2^uQjFo2k2KEV{A1C}637nIZt2neIrn+98+-*4qFljp0 zH@4E>Bva+iI3jC4hCjSd!pC-KyDz7byYC`thulAQt^Gd|OLG2<5Ojzbha_-@+`!CD z7H7CF&nucH^K5O#JHHhkN0K&yXCc;z<@>W0TdTu4ReV$4AAmp!S(sIS_oW9wH`P;HCdrzZVULF<|U^6Nf;Z&rh0KC6hA&?+ClM)rKA+7 zC=^}s*voQ+maU!sF#6Y_q>KOmsUkfA+&3&NeF?=5#HTy6q+%TYP8{v({if~6OTNc% ztk&;^l3!EXm3x)iw|A5{i_V?j8c%E|dTYk`_LWhCATY`A%q*Q&eTIhe2NPp~>#HCB z$z_pkG=jv3{-pneWh+M8@@|A;3vzD%50#q|Rn=wj2j9b+Tv3n9}8 zFl0ZTIN|O~A#_&-T5HEOM6}Q6md6b$7AXL3Eb~>ERTXWbF4}W@~Wv2>i^tkmR>lH>DbU@{(5 z{GuF?!$}0@hD&YOtfiZtVJB*AIv=*RrB6o_0>vz7G~ui@k7=NQ2-6>yrdg4AQ2&;b zq%rP)Uu3y={ZG2&okCHPkfPxeE=A3QNQaXL`n;O<{8lf~#XgTOzUxverdRoZ<7wPq zIL?arXz%Q1*KLq=%mLZ#@V}%8naBX>6vQ}KvwNbasN6grwW*2A93^zP3ZDIVg%WW) zz4)UOPIoOGt*G?LZu$iabO3t!Oz%BczoR7M0xp5t6n) z&P`B?K<1?*Bysjy?i~x@&cBh34Thc0s&PMT6!+$yu<*$0J(6tM0*$X)#!lmc1JFZn zl}Wi24tVL3{tp%u>*W-)psCHgs(Vq zM#*O}JqOZe$V|{^EGC>n#>@>XvP$bIL$&^}$uyg5hcd;KvjvdGMw-O}ZUMeGuscmS z|5m3AS7fBlV8eBIGAQW>!uzl%gU-CD!{p)8DB}wSWg!%u?tpLT9%0$wj86YPbx4Vj zU1_zOb|&o>KS@&Hnn{Kfl! z^&$P_-F(wuCrEny4ddmY0%-GF`_IsXxB&&}5xtO>`M*@=t**Y=VoR&!<>=56!+}4! zeaOdAl`+I`0&|H%^z#}~u0fp09BcbZHiB?bLQ>-@Pb9Mjx6kME*` z9?|`41qxI0*tQYzpeh7t6q^O8$q-#5$8=`(7o(1m?ASJhh*N6h?^T<0-%70}fR!cA z^}ku94v$*dRaF*dRNLtbq|~n-z}2DqNCuDe{zXl7+?3{=63;CHH#Vzk zRl64F&E_);stYlsou6z<8i3ZJ)O%Vk#bKJA+JhWxbPA4+Zu5_Sg`!xo@)0JRphwZVnkE&1pTqNBSo9urv z6#h&)Sm$^BC$;byrcr!}#b^f=e=Y0qLSa$PL-G(4Ty8A%AR#}pFfzU{MQKE;mP!J* z!Z$N5+dXBJj4C~~Pf;J4%N>}vPS;P}%zn*3PN>g}Cj6B@Df#16fyYAN#gOH&SXEgT zcd;mGO7^%y0Di7fD%IsXRQBQ1OM=!ZTj~@uY+eG&0=WpvXJ&NzN`JKx8O8}A2a84? zrxRPRbG@%|23CoxaFb~`eGE?gstuC8RW_MFDszM+`MNXx>7l*H=@Hfoc0i z=Vaz3twWMub4$Cux2Q)^`!$W3BOn_=?d8+(G4Xra6_emlYHhM%&F-@;CUK9#{7Oe zh@Rp3c6^0yJ175ovV{Bga(H#p@jrUqFQs%~zs*b!Xb^*Ntk4nzM>%8Yw-Y_?0& zKgpbF_wz=;QO!-rPF@8FeTg((a8`L2c%{?zJUFn=@mu}|Kb#3ZadYkp^3h$vbEP$M|f^HR1_@Ta*f zqPux8{ppCIH0Mbz%*e^ZZqn!#Ws0bijA_|Cz&`C*CNuwk zWSt427>^wcIW_7DSPnk|)kB(1Cyw(m(uHz;H3|zhbFDa(-T_Ry& z#vteZKwwB3G|6^3gtAtoPqpvEP(u=!xxoplGH znwi`{#Q!*PXnk=|JfUVwf?ZGPTSbn<;_J{a(R5vWB}<`PAuuI z$dF0>_Eqp0dj6Zzy@S%dN5Y+pWvf;??|z!f{zFGCdkLndwW4}?3b#d*lPQLHA)=;wb~7;<%@b26k+kE*Y1FfjM8oPQ4V{9g?tnwDz7PJm)y;>Qjfxw znY-9SuL4fY`%57Xz-QE+wtI%@fZNdHaxu3drY}r|m(I!g!tLr3ZR7+O*?!@m6Fx}nK z@gk>9v}+4L7ti_2TKFD8!QILPy`FeF&!%N7fDimPr^61`Z<=;MqSbD+IveY#yP!Br zs%fpvF-)EPjgeP#1{+A}gNdh{jQH)0gKm#|cMm1baaZw_u2!;u83;QRI4sY=0$LHEk@jfCAFp+M2*8z+$qPe>TqG|56i_ItccX3A#rTlcAnWt%}EDn>v^P zrkq7vuKygwYD&0+?J99`5S|m43aEGv-4c1J-0YN(i;jBV%AbA-et#6649=EiP~$1a zMr7!ENG?6puCm0`NMYO%H!m&iq$mvd=J}9D+g^b4%%WYz&4yOHi_@aye))wVy8C4+ zG_1V1!#z6Yz=GevB&(7=-t~1|<KMJikGcFrJwM z<`{kG$4JIW_K)bC&R8~F%Nv)SQvg0;J6g-N<&}5V9p2sX2rh_B&hM?E=C9{#M*yGL zDjlf~r4B?KmDEX8Fw?%FDRMvyYoZ0MlQMtIy|W7tw9nQ5YQ>?#3RA{WgDMSUtC^a#jNk1sHs+WPOnUKuM z*R>Q(|6Yd!Xs}LW;)a~rH5Lt|r=RmCZ|N}On$Q|gx?Vl^r(QhceiD0thMBAfB7Z|| zS8yQWLu!#tlPepoJ|r;k>h$a#yx9E>W_|FZ!Gey2D@w)QYw3#B1cAQ!dIOj4rE@}! z3n@7NYl{-wXTyKEc}2+hQNnJwASc{fm;JC#*P%$|g~e4Co0l>p1YdAec83KpU%1%s z>mRbRI>Sk3+IbuI(13f1QSL>&*w1>f5#z#mRx>lGaYP zX2ro-1-`P4XvlT{dpJKM&u?w?g`UdA(4Mwss`1`4ou~ntA4_=36qP2I^DP(;nzj`; z#ALkuvD$+U&l`tG`hlRNUg}<_!?#e5g}PEwV6DTZz%}5Na&`4f12D6o1~1mK+Yb|# zMXcJv!ut@8elmMU#hzV5^)DRG@1C|+uP)7wtN2=QHmJo+i zhu&7oP%J&pqwCn*-xUwTnuP^AHgd8`zP`Wbiw07D0g8nF6f^Cir)AY3$h^7BZfASb z(;dK6Iq8m1_*1_iSfqw#Zc84UgJ8aqFRe8+)5|QG+dr4#1EVsmwj5iyTip$BLm9iD z^cA(O$`^zDZXu^h{;8DuVfvwi4I&8r}F-5=t^*Q}uy!EwNMpQ(Q+RkHF^qW(cx76VWfv+j;HK9R4Lq{QaAb1%AL zA>H`k$j%0Xeo*l53Mb;!KNU_JI0~hof#|8trE7D0l~D1JIOt2-gUWwkry*(UIK1V^ zQV76bq&32Vi2g-UUL!lawRbVv-K5Ye5+c2l(T*o7+`%fC?pes#)&Cba+1?%uY#QM| z+A1L=A`@fLY+&ut&z}cGVoDuN;en3rk)o2w2ftY`B0{g-hRkqlB8a?%9u%{%=hY z0j-R%YPvedABn=*WP_6%Dy-=g+TQ<2nxdlpS*3s_Wb1RNb?f%G9%~T5^~g4E>H^7F z3KD=ZKeIB&MTxd}CM|RBJmD6jDO*oE+D!lDZgk8qMH=B)A^6vOQ<2w){AoS+|5;*% z@Rgt8eQ(1vm^t}=7Z}V7o6q-o8kJnnA>3Bjf5dh`U6t1OMz*zPoTj(|5%f1gW4e)6 z8qJveX6w3KJRRPZix_Dv9Ob*(hOwduc_PkC`$A(B;WubuBrrf8t}kF~b;akD#=n#Zt>G=;-<3-b7c3x`5apfG)|?jgYJag*IRfT-%mIua6aM1d6HZ?l zu*ed~qo@GE^NBy^K=HdW8a;u4H|nU`)zAr{BVD{ulo-?uh;YZ@OeI; z=kxwNPS2&WKe4IjSDR+)x9)7Xhcwh<1xx<*jmQKHY}ePN{hR zD8u&(RY);RFCvxYg1if5zQSyk?B;wg6RT7UV)1#RZc!~9BmD)5fsN6YJ<+Qtx|;4g z{~IHHS}mlHT4@MIpxp=9@8iXuq!HcL1_W1Ggvl?1Od7(_v2hIHmBr;>3NgpJ;7{$R z9)AY!s}I^X(4v<3%F8YSS!^VHkY%7=dLFHODv;z>E3wQbG3~HX2q|U(9u_Y;eHdZ8(Ons%iXy8UzYl;xJ6<>Qrq7YWu1j~*GWa*MjN}*5Ntw{RV$Pr$+ zkBOs0PIk06L)(iil#lA4DFjn9P<5Gh?M_;0Oj10m{+M2`EwF~7D%((vKQNip|0~W% zz)bk=$1g^1g)S-u87YV7mH~4|oo`Nzis(rO!+$aqKr<+F;Qi01Jg6 z!k2g1Qvi^duLBo=vRiO@#3FK9pRfNz;}pu*-?@LY+S(+dEff(R{QXm<}3gfdMg}qqsL`E}7qJ*tjxM#si=P;QXVYKwK1BN3k zbma;=Y`;=dP=CMj#&L#orV=4G!7a43O_=n_Mkh*<5(h*sOcm}mzx^rbrO@oojyfmi zfn@&mz&j^(X)b37GNAC`U=}6~Zp*ca!|#Zgm;<=; z0ngEiH{0O?@t-)9`N)u2vMx^;_Vu~lCC6cNJ^vSasdU0+)qD* zaG>>65+Xw-t=CrDIJ*QK`WRlP4D~(e;$gQmNjWHT&_L}d;|BQ)bW7;868iRq6~=@I zNi_(k_RR%3Z{NiOo!5B&?bDjTMCP)~T0BXDTZ3v<2~2P%M0DB9=QeYan(I!$S{%{A2H?RCVLD=ZUCE%{gVokoEY}M zAvA7zSxps<0J7)*4-XnJ1wfCPR?2t-cXQ{>WW=iZw&Th;J7cGSVlNULiR(mNYzvk_ z@3<1DK_C$wdOy}(r*7UYS=jq+&F_*c%_YTo$T~8?D;}kz>lj#<0|ROjp7o=_T%q&5 zVA@bv*Sq8??Haw3xoT}qmyh%3g;cewbjP9)%15!<)W{7&E|jU?WNfOveQB<|ICc}& zt}RRy5F=pJ(yFAii5KR^TLb?r->xv3$aSYKOoZ8=&?JYTsyUHonOmgwjG{W< z9#R4r2qe!5tAu6DkEHu@=I%D-m-1(MjOwSfy_dUk%xRQZ5k zcV7SMA#wV9nNj8Zo%vV=F$>Dc#===hm@iBk*rt?H{Eiuno;DRgJ`$Yj;R+$WhO&0Q z*tH%M|_47>q^(I}u{KHz^UwF5Ih!mFG36<5eifnt~^!}m3m-*Uj2n043G5J!l zZZ_fO)M$+&#vwWWZ;)^iO|U7>u|em}gN7B5lrPOgz5%Tcc@>jhGS#vw-TD~;0~sQl z9)7wEl$3tOm%ePib3qz&KGSp;*BT}Y%>hh@pSR+zzf+EM5pY9fh0_w!pNYsXflV~` z@jlDN3$A^oPFl{Lb8ZrwvGlz=!c${;DMgIYyL>IoJjq4*5yIwfaRC@KcCVr>h?ta0 zL1^jLDWp2~f`a4MCN&$UKl)u8u^@g^vnaikLS?-(#buS5h}fd0F$=~QfFGv#HiEk5V=?Yz*)8z-s64(CZhxP z{5xaK5rNwF!7nMZqsn3```y2TQLM# z_fF0Ci+KQtpHn^5(q?;l*kArvZc~Clas#Ql{~@21P2jG0R~}cxdy4HcHhS{hL0XSI zSH(9OBir|(yBms*@UTZ=petkGKDA!>YjB_O#-LKAzG#bblPRYPvbYq;xT0O3Wo^(e4%_$cxG$`Xgpe&tv4-A2zdC6VPu1%{PS{KdSSX#? zqsRS8p>nYe_@4Zaqxn8X@#8NH7bE`%KRURaIdlR|D>NGhjf7nQKE41M8JJxyyJ8#q E2f+KbJOBUy literal 0 HcmV?d00001 diff --git a/wikipiki/overview02.png b/wikipiki/overview02.png new file mode 100644 index 0000000000000000000000000000000000000000..28638fbf1573b81b22378f15a93373b8214557ae GIT binary patch literal 11179 zcmb8UbyQr>wk^B~A&`(D!QCN2gS$5tER6(r*T!9gLvVM3ySuwfaEIUy!3ox{^E>xD z_ulV}_s6R-x^`9Vs$Hw9_FQxB)gfQxB;LKje**x(J1I$!0sy?AhLziqUcmB*SBluM z%WE4+HG2R+#`yb#15(m(0pN|inW*TOFQyO&h`lMqhEz&al+?x!Vr*t<1OP5e>53*w ziU-*Iw`*4-(!oA)(hvnKBvJ*DFdxilYFe__XrF`0ek@{vyU@kNUJ?vu1;a-~_*tFs{y39z$b8U zz(?SvJD@vALE!@UCj*$`7b<+`bmeG!w6L8@uI6i^8IQ%64fWUMC;((dW5HH?`Q$Q=Qa(P;5mAq#!*JN~3QDf8zxBK`QDP$m z02>Zolh5=_HTXWfuY9bYv#CyBnrb6wIo^gDSECBm0a*u2Dwj5Y_eShTRMX<(&i3}g z=Ux#Fyzxy^_fzoQQetufMVzDe>5V z41FY;ChwKfZ&Ibj+ycM1jR2*5zhucH4-tv^*he)5HQZdMe}ETQX9p_H1>oGH849%w z;BTa9&{Q2dH*W#pq6N}5^8pFo$JB3Q!Wnud_#}}<1^5_C#n=LXHi(i@X}Csk00{s< zS-!ND!UR`cxb&T`2)htgx{x1rIs8Q^d%H!@MBW(s5ZdW}Ed3_(A#kjch*p>5 z6Kon7YlFhrt=x#hZ-aWThm_Ivq1E^GOW{Ez3_Y@?U^x9yRf-5CoaBHzvM$M&@53lb zhk`M|K&aFSvs=#hasf2LYCEkAbZc%yGWeVE&o6b)rp$ocR9Y z*~mW)9hg%hv9nTt+STIof9LqI_p`(lbtzInbl_9xJ}x3_ujMDk{vMGkF8bH81|wDE zrEg36@hiWU!ncH68%$I=zkKg2*7=&_rLzdB900V$^gq40`Yg;rs*>~+bMGTDn9$sVMSD3Z--n2@&@@H8kgCd6ntDGaK4q;y zaX?>`$|i|V5j(VGXi<&G9Y;?}HyE&;zTLCUx=pZ6cA@bmU0=vH_fB#1gTk=+XS^M> z9k!iUMoBEf$~h?ttA#(5(Agu^Maq8ED^!4k3NhFmQ@F?cu%)E)%Ch69@lA0|Z_O(9 z9h%WszkL^o=@TdO zQPN&AYBEGwmA0PN11oy?P5kG0>UaWLCZ(d{{NlA@WaUfc5v9l?ZAH&=ab;G;t)ka6 z2_?$K>0gc%2^39=cngDyO$s4Og1KI5Pa&_=dSrU!MRUPfRXSU({iMhScr`BcWESsA z0v&zXd#S6&7CoG3TauoLTEh5?i+*s6vVLY&sZqF$GZsYLO0vC6bC7$z_n{#1(kpZg z^X%j1M}mAdnI>i@9 zJ;g=E)q*z#*s}aQ*X4}G7I_3eT0qVn)&-|Y8SUCW88VQ9HP^PidqPj9C#5H=`+{qU zx2msd-cr6=emjoK*T-%P;Ui)iSUv}fYV`<-=IO=jC2sgfH%;>8%!-GLqkcE**W9Aq zvg)_$&!K)rO-3y(dnkLFq9EIp|1qCehF4}_Y;-JpY%ZBSm7jT@WiNFvbv|{yL08>H zoxZ-XzR^gkdRskT?X^B2W6q?f^1Obi zzNi7Oa%bVya(TT~y{DduK8{I4UwO}IY+I~nvuF4dKjOQfMU)aEbs{hOT02ahuRLoh z<7uaYo_$vd2TUfa6KE3)tXuUMBOiOs(iKyuB}{Nkn(X~9gTq3kzl|^^3NWS;^sf%K zZGU#Sw$<8jo4QU_sUqIEb`y1* zkTXqkOa?EAYSI$RT}aZ(y2Ttvx3arZ_Oa&C?=<<-6h*blypvf?<;lQKaU!*1;pb^% z_KS&*vK1*NlZ~x6IW*Zdb{Z))3aEbWvkq%uB92EKvZ#qFMNngSQ!kRgucZEAo))p% z#7M=sV=QEtJE0_lZtP^VW_US@Gwm!Bdh)*e{YFfEUZAuJ1Ci=(Td6sBHJ`2P@|!Iz z1iHYluS)qEL+fd+X5~vxR1(X*+Nj-REqt}RhQD>y!C4$3E5F$Z@H|?XKhcs`Wl~$O z)4LB$ClJ622`$H5#!1BTUih%$vO^FA8SY44iK{It>1{HcFrG3#*j;1D&_GEjPTWmI zv3|F>RQqoIYwgMPjo30%;@F4f7QcGYrkoDG##W<(q46&a6B_tqP>d(BY8pId)oppe3y(rMyYgqUqGFtka72r4V z9DN;$DvA)9961vBF7POWOMshuQ_$||;ITk-!f=8*1LryWd88Z%o5|~L_Go^5GHLQh z;zeR?hm}X((_!ZkUd3{McRz9akP9ob_SM&ilP>2KXQH#5byWFn4^r@?3IFJ~f zK5(28-BLew}iDrkj18rFC6|y=?wJY3z^F ziS-#W!l$}cX;TpPw{7KlMMhfMy2A6Z)&d(S&~{lOz?>Q`tS;fs*O@?ctrj)lKH3x8HlGsWK@!rUV~=4?8T}i9=O1! zLYMuURz1#wGUGpg6mP$Fb{2%D?rb?Tsqiny(}`vMdLEmZnbCRvbLOoiAY7ZZr$Y-h z{y-{5@9Ge(UA*>L-y;~(yL4mc7~RowFeXQyP5hDoNU9+#Q1{k)zUVC2AzB;oYY{HN zStoZB2_=Lhzeucj2=bUyBU5+WrbK>wD;khiR8%DNYfdLl{^wmx!uq~({(h4L>UK?TG_s8YlFJ;!xq-CX4%iQ`m{qWO5<*R zPpSTiX~DIE_fextINQN>Y(0c_BgD>%=~Uy!CSE$~ol>F?k;G$@%T31Hd%Hhxk)%K9 z9`TbQ$$DOnDftAS-c+bRgjIXStBj{W?gZ3pb{)6aoBynKq_`ZYNLQdwx(q!(@jg53=8gRbjj?qDy*&eFAagZ1T*pt7TnwKgC7i7QZ%l|#myEraQkMYZ)Z;(31fC^7rWT@Lt!cRu*q_L z+X^hvJ2@^0&E<{z@q=dUD+e-LDuWB{sv;ieRnelc#WBWIvkEoqDCgHHBJs#nxLk`` zVuK4WQ!*XG=tN7K?5gBs7VIk#bF6_+N4+eSyXQC_1rGP2w+G=8D9?IkXWFtIMN=dm^^ zS|7SH$8lNyX@0(3vE@RG?9o(2C>#()+?HkyHCSVobNh4B*Wh(`BF&rG+I%@w0)0Hj z+%*!kZF79$ zBcm`fGBSbogd>1rcj%z}baY35;yJMuPV>SpYiiD%Ebl`5asKq1>Gj#fUJSjk5<|9M zG`Wl~N!b1@ZJ$_LOj+e@R~B2i*N=25|P)4HYA}B6CJvLU;J9XB`qYU^=Y zTH1P|iiyra`Ey*`(b01al*6UMaejw|eElr3Y5*;xE?m?7>^$PP`}(41QFVEFQgdHnui8v#a0g3qX#LnKtX0&VAm z6#@(MxMqH9b0P~?@acY-6ew+{>lEU_ILbH zbZosljJrHx=j?uaxsCDbEi5rAUQ!oC#X42tQQ+<$kBN_%v-Dm`eSCWb$<%PS*}Fix4i%) zC5ClK3KyCnyhIJl@)+R0@$}SSxtw5Q)BRC&9M~dB^#?z?Zg2251TH|If>5q=JYWJz zm~77>6Y_Ag=j_!gPi#f&bZSxRkrX`Wyz<;{mMz<&QJ)xX*Y)ZGthT5!Z~{p~85aUk zbyxH9mp!0dPv@^P5LnlphDm(UsI?tP$U_dMF3;exGY$^^YSmEY`8_zeJky@2L#P&J zFO_$^PV*IWsA%UBxH$b&*R&;+9CC1;Hm48xl0(_dV?e?z-ZhoXc z;A^PonpT-P=S(h}3(m;bn%%aiV-=uYXL|K`r38zm{8Pc0>e^@r zU$=Df1lu#q_3DE!-j9Jt*z{Ub1)AkQV#0ar`P$AeqFF^9HX4t%FrT3M>G48@wmFyp~}p|EjtQ{0J1FVM>rjx)>yO4w@PfziGwQP5M+ z%_6Gu@yh%{b?PzXZ9IK;&*zb`gMiYl_URR& zzzow>HbgFm(9WOBXG(HBpg;y%KB0PQv@EP5)$_PZtnrpKdTj^eKu_$T|X z+6S1cNID{;p`qD3U2WkK1pqt>Pj64%=f^)@9niHlcP=RaNG7APx;=h=ddSPmTU^A2 zIUJ!uDUZP>`#qF#G(f0dhy?bO|8yL>;}{vL1bBGDYA_pEL{QLY=jY|+d z`2x;K5dhH7(phub45z9_>vBYy{yM8RLSThAClTHZ%kJCp{h~WTXaIBoYEyV#rwA^M zGz#T$)jav9IY{u43A#03O=V$Sps%9Km}1Qws?HS_>1Vw3Y%(zUk?~E7*Uefroq7SX zN+jl$T|X1?()E(mQuFORuLX23A+{p@du4rpCgcP0^UwROIVGa;JD2Cc%oFqYGa(4Fy7=IF*sju{nOZ%%E~iw9wurE${yxjUP*wM~w31Eb{|=qh!n4-+ zO3PrT`IXOOXW$1TdZQa4{XBrBX_VX%VCE|%r8XW2QJnP0w{M+yxqigUY7S5d&hd+tPd*m7cw~o^NRJ z^EWq_Pw)B5G*Z2$E6F2+O&7GhU0ojn^|LqAtva;rf9LJS=DIk`(*+FCwemWh--KfI zf!Msxe@Tzgn-@+aFnu|$toZX-eY4c2A;*>(Mx;FbR@rN?CXbHCC za%h&2>d{rcs5KHx?8r{_qGcC&Z`FA{d}YM-=)%T5T=hJ-(6(cNaEbn}Im7sp!_H>j z?z2f>&hY!7v0!Mo*AiLB3rnkeS-;cPMuKhuuO_v*;Hk%_mYW$8wzh}GYTUjV7pWk)5{@9926m+W1KnMw(^7Xs^o2-k?@fQ@& zi1W|G5RY`s1*8t08v@7ZT3bY%o7&sk*Z9*K^zCz0UHcr4OU;dyOjozs+p^`Z<&KE! zQEqLj;yyyeu!xLC%$JV#3+<+(IbY)8Id%`E{#3u6AtC%=WeS0;uMcX!8S_=vG(%kZfN(ir*DKHKubfL&m$uMrwW~@RZ=8J8X9PS@!09&)%A5lh_NBC z9pvwOBr5W1?&2$3Z3AcJr!{&M<&Z8D3t@pBEacb0fzt7MpD$N`yACjU{rn7?adU0V zFV>|)SB~EeapYYw_wyUSxETv~Pymbex+k48p9?V(TM2x$Wc2=ivT&83vxsJx<-G2B z8-Syoq}PgGF~U?e?)l*LCKLmo{nON)yzCex<(0O%T%_>k+(^&K2tkN?k*#a{PlW=4 zN!SunmlG4k7ey3F><)&H-j|d)8Za{P0-(UH#!^4iRVF`pz{+L$&&Pw!z}X>0YLHScdEM2~UE!f&HOu z&zmfk=vo&G2Cx z`FS4sg+b=ot%$OUAANIZFyT)@S2Dr^2vc<%g^{Pde|(#pi^XZF&Lz7uNHs}f_$%{I zdJ_$l6s`|h&%IT&S^MLMvPUIpyxgv`%k%U7+i1ro2s-$MKod&wyM0^xq|;*GIn4!K zluPMhEpKM6)cx_fY~1;nGFLx9b=5+$iM^q}`fRm?)n|Gz_7Dqa^grhLUQT(MYMafn zZVIDnxmwh-rNQo)ij9RHP`q~jRtx(x3l(*3Wbzpa{9qtf|GSgUTj%$<4kw|&N~g$k zgv#c1`IUFUW#80%B+^je3a>UdTH3kK4T>`lwCFIsLt7XV=_QJXP4o^P2|j*e9vC9` z?4A3rOEd53$CWSBWh7F30BlrRI>^CjUsASbqX+voLgkyqFSx}P#I!vI33C*Zax#2; ze0>XO*O7$3Mn2hX#JCVkB-IR7*0k%IU2fn?h0NLbovK&*3?Hf~=L!6QWB$UAG=f46 zFpo{Sq6^ImRkq^R@vnQd68bi6c@T_=CIlYnCoVsr`~2pL;B`ElNnp@m$!Z(DQuVsK zk2X@tEjdEf5maz|IMZ>+=uH0Ra%~6b=JWf>@F$oMDmPC&pQ|V+d}JEO9OZ)vME~y` z<r)Y3soNP3lWo_-8xSvw>J5@#-ChaDwnb?k=6UzV+9!iv3Wl~ z{x^3N9nj3#+5K*U$xq6>#2U**7EBmnP@)Koz()BK!l-EwR`@6TTT8m!wI!4Q@l7yk zx5BidrG4w~RrW}f=OYs9Jj;UbbvMxGMDOyY5Qhb3K*;^&l^w9Vg0;R;narwB_bG8S zqr%%wQx0_;2SAT*>W} zn-HbN>50(M-#KxwhAz{G`39d^@Rro5zxB}37%>g+=TWw>`N1w!?M6_l9(wIoIdX9E za<=~$50g%IVRiK7VIStJupTh_z*6~w1CAP|hAj@QQ)3wY#!`-c#dIEc_$K7c!s0-S zXhS5|b@R&}2D%;Bs%q-A7|f8ND@`kiw1h-hjc93X{+_wJhPax@I5nBDebd3?s8OBB4ehJ-_Y(milu`9cKc?CAPE zxFV7>nJYbGu%z8guV1_kBtFMP%hsP}Y51K6-lUpm81tm!m>XHbLnn2Y`)fICFFv3k zq(!iJ7uU6EqbgEcn{+|#*3hGcPhKlgGfv8g@ip~6xTg6#^4imHoNP+$=QI-4=|jk+ zrZnwAUMpWPnI7GI!MrUy zY~4`jV7OMK2mUmS3}!+0KK<#XA5N!Xg?Wbj>Ota-WA{mT)fXH$Wiiya(JeckmRIq& ziUSeX=e^0Lll&|gt*?A?e>u33PaScME$yFOpM%nh#0&d(m(&ev*}0Y0qL~HAB(g0* z%#Z-18LZDL(QJ*V`>fGXki!Jsy!FFd4K04P7wp?nH1ke$z z&(FO-7h#LVKm?~`FzpS|WP)q~A&(*AZBad-{mmQTwP884ZSQRpI>aZ~cv?jmPWJ|c z{|6UKz#H-Pt2x-`nAE4rSN}tM{#%avMEQ}!6x?6%4So>TL5P>-j-Md{j}|j8>^Qix z?KViRp27+7Xns&|Ov+(zyr87s&h@XFV@$OfwyfFc1wgHs)Q>?UF*R5)RqE8MS3?sX zUYSUoNN1=p+K3|5y{%WY@e+5yzh*cGe!W2TR;Wds3^nX|!rh6~8QgF%u#&?`9eQk9T1$vPnWfxd$f5sX*KIFf zI>e)C74X*=OkbJGAu`RV)tHaURvCK+m>=5t#QBpc^Rq4IW}b1*EtOH1SSh7>iPuz1 z3?JFWjFAz9%Kfx<$J9X2XU4)vvP$^LFe%Nk6Ts~$7vbQOf+g>e-AZgba`^~7!BK={_X3tIDV52nAe%M)EH)$V0Yye z`c`yAMv%!8jNxhaKfwk1FK}_7ORPY@Ae6Ww#Of6FmSo#H;z@Xrkjr_znybBEzL4t1 zh?7ZcjGR6QS)k!1L}wcPeiH6r=SKsPaP-+$ob8zwNEdhRS0!*?%RP2Vb(l{K@i!}E z&j<>4Krmn)_yQIU=BoPntc`NSSuKB!_#jbB^IC;2lsma+W%Q3e--m&R^yTP`wbKw#)6YFnr4nr1qvfN6>@puoH=dELD#i%)pDj~;V z=n4VGSG%`bgpz!bEs(aqU?arN*bCtbciX3$bHzcl{fnz3oBzhuW%R#srAIOr+85)b z1$OLm0y!gK49ua~>VNyV1d#d~qFxxyF{1~b8u*g5!uj+v&nIzhKCC2P1t8pP1NU6a zL&E5Q&GtWQJO!2d3Y z(6*ZpHM)QMq}xM$n0vxNE&MLc)5q3tiW{KkV_*T=XZ<_qHAxO{l?+XNip< z!7d#of;=U;N z{ev3u!-0V)&W|mtb5qQm@|mAV>Y7LS8(VwD?#^~9QSI-lqCc1*Fu7$J4!h1TGR#&P zczRsPk0DgRk)Fc{Hu#E1u7>vB-IEX9q!|6MvZ;O!*NPn_-r4ZG{9yD4jW44bdU%cj z;^+7=#99+sS{GNSp~wY-O*er&I*qNA)rqXDC4|T32fyEo!49K?V$M+bvV8t?gZ9Av za4C#r^m588iS~XaFT=eb+d9>Nu;bCA1O@E5lFQ}Lx)tSxAAgNq$p4Fv65GG{@c)N* zkpF{scC_Tp5;4gVEK$NLzYunxAu-x(YHuPa*1`$B*lx53FZ_6MH7<%Krq#m zspm2R0B-?{XVT-U!h#0>sqlmbVKDkvDAF+QSH-vD{07O*+eS={jEwGYiYMKc84g6G zqFHz%n(o|wT5<)`i|n{h60E+P5FqhF44ji{DGiRZVO}QH+ratH=5xUzUE{`(M( zZ)bKKB4%K;)pM_&Q$TU|zJSrh$ai$RR-`wIRVxZRsO`&TdjNRcRcbKmYJ+@qmKuC8vo?@Kna1k9DK}2%K^_RfgYd3?j)cw^t%-Wumv7e=^!6PwTJS6WH zy)FzWK$b3Iix?@BSsD%nSlI-s6p;UtlB1=!EAzXCPy3bpmxxlkSjO91FcEe$gd)+4 zVQW+pz8&sB?zaaSC<>xfRPKgBtKYMtisPnLYVm~QAOTW-C7aXiB%9gUjhFT{${(s7 zarLA9OKZC}(*u)#c2X>!h1I72?_!$Q!7l6nU~FPsFVs$wQLcc7ye(q7)c;wVM7}rK z+<(cU9IM1_`wb!O*&uFa6a~0GJ*lCap>ki6E}4-OD2=%7OsWa zsSPR~Uejt^nXeLfB>C9)y!!I_v16YZJzsKr!aMyp4|$Z3m%fB;RkrK@R(MJxOjQ{z z|AHCaKQ#0&m@WSg8p<4j(a@=uVwpu^aaueRZ?<3=X&0sy5H)z(bLHpp;cX}C8X)u{ z*+Pc!+|#<3fHYe&5)}Y?-NYLQ!?(PnQTX5Il?(QzZ-5r9vyE_DT2=4BFCg1+M`=32$>$;es zt9oj>tE=9p>bYyezRQZiL1RG!001}%ai9VK@QDln0E3761j=D*lUfA5eYF)=cK`rj zkpKRH0n#!s003w?GhyNH-%V{CZ5&K(YzZWUg$Zo!ZH&z?l7Vr(K&XCaIjTj8@=*`1JP1Ft92>^4Qg@FQe%cOTR;Dmf291Eptf%yi4bvwp# zNJ06c00i8lgo*$HqF}z6DP)R(oG$>qu^$FIfbX;bJ#wG@S%7cmW2y%jKr?|56)Yzf zK!9u%3Iv#P1InjV!bJdT3;+~kseVqt5-os1Le*FtP~8ORp8N(=3xI+JFvy1nQ3Aer z0Q825iCqDKsQ?twYgL{r>dJ2iRG^kht>tMU;S}-Hgrc>BR8^(JqnMOHr$%AZ|D>NL zK-cS*ipk{1g7D{N9016PMFrjM&712aeC6aMTT~;wF70s_#0Qaq!Or{MRGF;+0I=og zJ^fBYUx($(4dH9`o=1BA#Z(6-$LS%$xE4X60g!XFqIzTdw{1jnV_KG%_jY%eB>ROl z^+#2`-c5RSyH(#TpS*cqAMXBiZj<;iY5R$NdHmBmek)ywGZptW&|qypTI{t6=HnH2 zmZ)FCphb-eWk(*#E()0T^M4ha)5N^!*F|(=H)ZrCM%%YoDa++miCwSkI(l~ zuZ$3FxG0049R zsHz3AZ+kFkx*>3Sz}I?UUiH`lg-H5)g}wrs~b3sD45RO3?V(a#CsvUJOv z2FKgN)AcGh!}HoAJnKVc^-#3?ef=Uh427&uxDpCx5UxfX1%;j(^hnqv{sk$5gkU5T zMV?41mQ|clAzX<-SseG8*Zvb{h?Zz;EcY;g$^SLDU5qiouU4LS4z@wKkau0r&nIf!2^9c_zbRS|sGWT0D&<*wp)o{>!jsG!LLsSl1 zHi%WNQvSIu?C!@@jmsA#KauXQY+qc22=ws;#nq(MWS7K$5#W%pAg+96|N1#lzL%UR z{+CoeSu5gGKZXGlV~CnK4ev9Rm`>1k(khDn+^ob2b8VNQr@+@g(IS z6(Q9|S&gcZ$`dtq6gp8dkt`9Lie9Otw5W8W6h`?*c}yv~L`Tu9QdF5)ai`?#TvC~G zY3BD6MQlZr67F9ir6#{@l=ut0)!)J()cd6Seqh$Q(hyp}l?6Nb zvG$YIOe}jkQ?;eM;kHHamX_pl3NuSGtJW#pBpCBU?xff~W;n`zJ)kH~zVQy80u^O}* z%qN2&BP5fOIhHw3Q;=yXqAcQ;=9V6s7@x?SSV(0}=Ve@EI!HfAUrgU@($jF&plSTo z*lZ+GyQ@*8e%{z_9i+jjUZ|$5pP}z4L-x2TC>J|CM3kesp3}1$;f$Qy1Z;!&I!nKh$nQ_kV zHE^4BL~o)t^=)d2d8ZM1jI!S>Q!#y3%mm$}#UbD(G$KsOe~d1fk1id1aDBLASJLs$ zPJ7FJ<}Ne6F1`2c*J{-{+qv0!$XfO|OEzVeI8G*c-S|XHq>>;*}I#Do5tk&Y_fENHidnN zKMX(IKc)f2zNBC#pTqnF{WL$lJi2=lc17`Xts33eE}seh%xMus6^!<;@ZamHAT%95 zjj14fI7pd{oiu|F`tE(W@EcNpUq7PH8#4QrY)nbl=_P1s=*_zX+} zZls$q%5hfFO0rV%mC~8>tgyGTwDJ$q8LN-at7WQ5SW4k=(ot2iSzC5)zMkELY-eu6 z?0BH3&<|_dy5&yx-Ubz;mCzy4a3u*yhsts!Tnc`p`i1tB^cvZPGz!|S7q{1hh<=)F zI&?``iwaNnTAWJ8J?=ENoz;zGfVq%nuO*PYB&J;&PI^6^D+?{nnZSyPm#c#@ATBn> zPNd92(hsP=upI--dlFA;LYqAsQ!T%8uWQK;xpNrPgM3bNM3NY%J& zB5ag1sVs|n;%vNbbTx)O<0AXx45=4sE3UCHSW1-^S8cze+?=zP$IfjPdIuGpI#>mw zoToXwk;-abuIx-Txzf9X%w5L9Pp4c^j5@i)V8P#WrV$F3AJH%$RD|IcQzNDJBWsCZ;@f}3BdKBUOBLe|ReZ0PgM=Ql`V_{PPS zxp~|fUL}R-1?m$q_#ynx_sk0yS~xa1<;aY|ZDL!X+wRfB*Ubk!IIb1vpC08~khA#C zxF)#t=0a)LX`<l&*J1=@3?Wdc^G)O+eBOU zwkLm^9BW&4AwREZmuuI(6*v=I7G4jT=hu8+Te?{DG4FQCxtU%Qdw>WEn0k-Bi$)Lz zk4}vq3x*3m$>QMS-|D7M?PkBFjR5&wC%ML`S3dew;s9oSaUX&P~2fj_l|@qX4JV=c{%HGS#!a?$lpYe+w~;yq4+R;s<~7AUHlS{86W@g z<#Wo->knqyRnUBs;D@+^3;^Ix3IO;9002)Pp!XvHz=;6>IMxFIxKaQBbelNc0Z{;e z+fxE4sN}kG+Tr7z;-uYHXpuIwcwD7X)Ou*)kNJ!hF@!o+@^?t*(D7cQF zu~M=Uji*%5V6|pss3&iB=N+x8t#L*>__eQZuUkgz9^R)8lYA!G9T$m{rBz;M7GFU3 z0RVJMlF`#6WX8ypuXOqFyMuvph++ch{uaf52Hj}cuvgN!TT9o6;<{R*^?1xjO6W76 z$0T>-lPd8lS=Vbgi#iLIjP_)ya#`HEL0Yy`64P_7J$l8rLyai5f6xy6lX9%$F*kx@XWLB1=`kOYuOKfxcgF zL|t1=jU&VoU&Za?0bk|8>s{+;|FX(km4UAzDRi)SVFP3J`cL-9o=f<}+w@=v`(R^e z5?K`Rfpj{YWIr=8aOTsz`Q76q2Lv_%kd&PqpZwxMRBQEt`*B6Bi*=3vf>&vR|H9`J z^)j05Q;K~PWpy8AZM?9J;PWWVf|Z$-WjyG+9H5K@6caPoP(xGsB$X5&A3shV&dgTl z7_9T={bP9t<|6BCA|=-C?j^FVaXP*Yoo>3Uf!;Gsz7`D7otK)ik|$S)|M49CvU1U3 zTeL}`^E6)!9-@P_Q5o(k#*RFF`!~HIbh&7f7eT#E`*^;#`KYoyx&C@>sBFjsm%Ozp zDlYE2s(QbocacV{IC-lw`k=!=rA?Y^4aMKFrp@z8(T%t}esHnEZnN7aPYw-r*S7=! zs26rm739SEv!2ePoHtdG*K=kL@V|9XXhcyUMxMFu@gFdo1pO*FgJy=+C1d8Cot>RN z4Djjr5l*IS`rPuI%&E&n54!1XY1ydmQ`}7Hosk{JLvn!LKspX(7uNCuXD#jdwzD#j zg(t5|2nd`#%|1FZqr&erdtbZo+M6*IA_%aMc_e+hv{OY9svM#@`c4>$4oCO4+aHEZE}PNJ*jRCDi`mxbEQYDgWw+fQ)KtQGXv>gJ(03c7&-sC#x_CASwauJJ#7d=}pH6CW<6`1aRQVE9(k9;SdOX`Qzb;%55!hSti zUM#KLt%ihBkV_{}e2qMhyW7HZo#M;GMH_1LW3up*15^J@EsT&5$D$?4>m zw|1(iXwSaG0szCX^aq1WXu2uL{N86zkee?n>%#PK`0i$pA6{ozFbzRui=kCAH}s(K zT$(XorpjDam!_Ve%*okqHUdg!INn)@VbixSprV6zj%lryv?=j2mA&29gQ-PC-evjM zF4YQ+JNK)D6SK2*ZVP*RyrzpMe=_!GaYv`ieo}* zkC&rEyz|B@vZC)C)hwyC8W+U$cm-a{>Ui0u=Y8~lGVXZG<_ilt3ynifVe7~aSv+65 zD~-V(g#oC2)qzKRd-Or=YIQCuP)>SxkbkupfH|?!U@`r5xxe)K+Wr=FLB1jc>^SiG=%6y1Pn?H;%`gT| z&`WLj8mU_VCg?xFm@livLJr6i8;eyoZ@}sRW$7Vy*WrNP|2b99{_j~S|91Qv9F&0; zvi38PhMfH1{q03An{R*sG%1jt?6v=Rf2;C&J2_db8UkerILEa3H5AKb_ilhbBMtwz zs=qS^0NLLQ{-4LbBcMuRa?AHQWS#Xlr;EBCZ%RRlYUhI6#+wO2`ILL*wgUIvqN{_y z%`#TJpt_nN{<*YZu%=4Sp!>sBr3pkMR7gIip3#xos2PlO1e z+$?ML@(`@65;lw51@$f7PgI zDKX~)3~+O_r-ggDIM?odxJW()H>#B#Tnh&TzQZ3Jl>uL(*yaxDB&t60`rMw) z4IqeSE*J6c*s^)p#X-eqZog^Dj4Q4CZ40VxVGw2DU{-A>Hd;%2oq#}O-Ymq-d;^&2 zBr35jpd5nop=e43fgLxC$I0k)jdwqSex4&a#_(3?>C( zz;JLa@7$>){5kiEl48Tf+Mm}JxfAG?RXjP!#5oQsHP2rKMUuD%h`DiTtsT1cZteyP zg+SF@>fCp4s%bmLepE9Gj5(ANN+zI^f}%3U(N+B&Ol$%D(n@nwgrhr`KaiAbBS-mr z^w4ZJfdr$IJCC4FTogP4>DThaek6gdA#>^Zq{p_jcMHnv!S%=pzx61N zaN)%l#a4xr=13qkuFy;+s56!kg^%+{{~c6l-?@)?On4k?bB`!Ep`eOMb53 zT7*K7T2JOfdRB^c>LMT^V(KzlUi#o%bnqPW`dG(2pj_ss%=q#?SRX|9kpm^vW!yoo+svk!He0(ImA+M1M_bPFR>w z$rez1+XqG9m^Pk+V$)nsDCxy_k|x4bWbJgoSPP=3}^W{G(3Yt%a5wCKSN|Y zvtlE|Bis^)KLP98#1(t(ayQ-yspwXJZPCJ;&DfWQ7NMx@wB#@MPc+a@xvLu3Hg8Qf z=H|6hZGe4+4=O56VW$XHFVI16f#U`PxU%h5A)InM4i94|slsC8@j}h$UBb*e`#%uZ7rNRoeMZ88j&*loM8|?wu%+lf8s#uZ zzyI?FWi?%6q+ZwLI@TW=M~&RNu^^1<=3Lv1RKQO;+DJmkn@9OGv zvyL&nbgbJq4EUyg0WvBs}~^UTe~KCk>0vGAV= z1bVjMABUa%94L80tTsl$LTzPpxf?ko`F-+&r-Uv(qtG}`pfOs~WlmD2dd-h0BhtJM zKg30*_d&D5r0YUDNHVjdkNd6N*`rrpUU6n~TJ8-Ouhg!3k|0elx>;d(Ip0Bv0|%9b zm4`>re4HBKOH?*@4698bl=~YL-Ro+ml8-%vBK(bQv{79=-a9$I0ETtwO=Ls85fM2v zWp9rpiweqZ*XJ(L4?%q5Qz}kMDr)pDj10^4PS1li05D2W4FM9B*lv0WQ0V_B$p423 zbnk*h;9tk_HF10U`+VL%kx9V-1Rld{$pwq$>db6x_qRuiut*?ng>1p3UQX8aE}1>D zxBvDGswyQTh@CSUkGB^Jq%;cv{J-+{kEZ;iR{yOrzNiQvgBlblLb{+6)L`RRz za#=ir(SVq=28+e_>*TK2efF+Y@Eg+fmD(ANrc;^8xw*OBT@v>%zH`9*>GD+i<+-H9 zg;pczti8XLIMS12Mb^rI0rUnt9Gu6KEzQRyEpXfasw6-M927*-NPt&2Fts>Snu}73qo3Q zDQA5AlZUrsfjX5yLiGR`OqWX~-+LYJZO!_IG;n?>8b3@l9ou{D+Wv7ZmSmRfZoSY_ z>IUI-0+V>_wds7rbj&%^wNT%q=dc5xM3bo6eVp5jcdX_5+(z`qkzTd9;V?ujsg{?x zt0n&9`pO)Z#+3~Re(03xP{}RtT-WVk-PlpThzTi+W@$qJDI%a}6qcTxN-Obw)3&rB zL$oC4kG{)W&HgbmKYu%Obf{^4oA<9@PI6%KJ-JEQ9iI0UgVZE#9_6VDyL%VG7d&e% zb-tlw7a3kzbDz7ohr`HnD@&tDEolO+Hr44h`r0>Gp+4w?-wQog2(`gV=yyzBNaHC!lSkQ~&~0MX;BI)6U|AWX znH;LIjINOA5*bG5^d9PYsfp7UKLg!*c86&m^vFRaI3NcoVBFU4q|r2ywBM2Yxc8MLY4YsbjkoKVeYk zd(;bzCp6V%&{bO`Eoih7RJrem3pB1^+XcDrM6%CJE_#-~pN5{>T3DQvK-|Y>!%N%k zVPW{FQeHOt9Q0X-?bFk$V%bEZpSh{RjD5?d4YDu^Z3zta63-)2Sv~VErxS^Wqa3)No>f`ZspLDg_{E^a^+DP_I zPX~8*uE|esJXwy5drc`0o9^LAr-A+ulPDiGYTn)kyA^}uu1PaIEGrsw0&~)EB2TZ< zkurJIkxlnaXh$;{xl%R`<`!dRVQdFdcwffNeM@Wj#zRKJ94hl!+zw7%yj|6&myNUi z*Q@Y7_?>UsZk&=ovfr>TZibAM;?CZp&pmA)hv3#<6OUc^s)22~K5t%Jmy?hUG?7A1 zSIXoSP=DmqZkK z2AaFb_kXMX?vdvnIC>*Sr{XwlFnr-z9`11ItA<#h$(jCutZRtxF5@Qvdh zWS}VIMMsww*(B&9>St@27vhvY7qD=t;b*On$$JO>dR2?n=DE4ww0Uo{!R7OLXJCGE zvYA@czWR_lXLq`2xEk?ace2Tr7A9>I9vU=~E<@Xnc#W+X=bktH*p?2yu^2dV6LmAs9x0DCkU7FESuepp zYU$sUXaH&{VBnS`I2a{rRFLI;r?_3Qs1hMUyoCakY;jc9)zyI(4KVv-maEqt4=atE z$f}DM9g8aOmlvCkx`X0=PuHL|P2C-AZ38W&)?VrA$E6};NeVhKxUmhWfS{z|%Cn8b z=K9{pUQ5&j;K~WmyJ(NGYPnss(UNR_ob7rh6NMg!$I$`BdcEn64AA;Xj~>wdvs}H7 z%wk`Pt-+|U!8#Sm;|DD}`jivsB%1K#Id9&uFc=xd52Fy-GY%Om&D_y815c>+ zGvM4wQUdokk}ALn370npV%wp>4@tgq$1=a|X_wUBE+`my=y-1dZi7q*E@Y zC^{UY!ILtRf3TS+>qPG|(Zq;vU4gGWJgwM3NUKyd&KPf$E+UCQv~~autCh{eK54(I zjGr7awU)0)ruSgmJhbDvgr8{~wgq^dMM+lG-f<$A-Y2g6~jw zzo;_lsFNjwm&6`&rj6!BKY`7d8(GD+E*YFzN3-Wfl4$*bxphU&(>6=Uk0E12Y=xvc zBbzj2MU?+Tc5JCtZErr<$>Fqh?? zsDz%$cD`zp94MkHN%U?0h9##fP4T$S9}(^^vgNPVNXsnkSse_eG>Qm|k_ z*1XG|R&d6%IDEe{4;=+1UX?W|Dq z&c3YezR*x7AEv&mZMt0_qS7B+R!XuzswdbY{d>NGdKmQ?*}EOwjaj`Yvs*`)UDdeY zeW(<}cQlPHv=GlTnRC04vC;IXvUl}gKn*u$fCw+T_PI$aB0-zPNhGUoHvhd2Dq^Y? zTR=5&gw(*%9ThaJyVs6BQH9Fb#gFy?F#W26%N!!>9fzxJ0idhbsGdWs79DvR{c;r3 zlh}5oYWa*IIGM$cP(kc)_l80QtfPn58T)5o#!=3M!0w$RcxZj1rw-qWJ>x)aA6DfG zRijf>0jENFYM$?m#db~=4o9NK5?binpMA%)L{5LsODhRY_>m zG9BU1UQAUc@9a0vonZl(Hcw`~+VE&(&}A~2anjk&N&y4F%2cSW13PGt#`#(Q^ce>i z%xmNPUX=k2&S`Fjd{cYO0(^B2@$2&59huHH$(ccLiN3mt{k3A!t3t3X5&wY3&LZck zA>3Ndv-U&g3kR<=8EvZMc|(^}3Z$@a6Z6LuQ3;%8%<5cZc=(!{@@OG&X@7gyfOT?* zw_VNpL4Lh5(R#a`d6(Kodc6WTuc}I~`gmxN)3|{RjcEm4GAcbS&DWY6dmZ7A(MOdn8YThD)5Gg_3B9^eluj__{!4e z$#s9B;Ogvo=SRoRgF`{M^=6VItpd3K3fYE8P~{+h>VH|k{5uU(o51fy3FG;Ay^$jH zUEX>gjPUz-l0z_dvH&Y^-I=1Hw@J%h+4Udes|lw;iy)P-f=Iuihqsg>6B})dtEC-P zE}-*N884(L@hy4LIIN4jA-_bTzQJ*{M7;Cam?uVNT*~mdiu5t6QG?ZWe((-&@Ch6C z3SL&m)bX!EmpaL$#~g<*bLR7b9sL`7Y4)A7lZW-nl;E^(A6=I#O8wB9T*pgilL$Jh zIz}?vcN1KK90KEAq>g({25=(ca41S0bv8ahx9={Po^v&-Iamd6=#*0O>p~plP_FG+ zUt?LyddxVKbo&Q%V|AfSUdXd-oP#No`fv!Qyved)S|(~ZUy|{6(Zk0)Mx0Z_>b^_> zxRpO~L7)w6Cmgpd^#o|-V`|4S>O?JXmBJzf%8=1Y_>fcHk8S$V{S%+BZ(bIKyh z2L-n*HSF*Wt2t?RWUfEY{197erJ@wjuu|jD^K}73x%V^YYrB1Qs#rIIUV|}hiePHy z-L+K?ZhLhvOIbo+q{tP0_ucDnJp93JdsR7m=1OQ(Z?vqCb1rTu}%Tr94zSO&$&;o{fJwHx8Smznx+##!z%> z$GAc!90@Jv)J4N-2uGIgwBeC{zKueGh(J->kuFWQZVDNPPfi>Fy|!&k5eXTG%%Yjw zy9|&8FPj=2sHR1hLX}9u?cQKY-l3fT7|IH1Ta(ctj6*SS2vZEwT*JeUT^^SEPVLmP zzVStZs$}5o{wl8eW)YRVm@`R@(;T^sQCV~Q0;~P(A9HGRI7B<~Jz^taRqM+1v>Bez zY!TB^mRsI+UtdzxV9U}6~Hj;`*i6^gli0nmQ73sZ+e$5_+DBT!s#b)ZmFpcg) zb#b2K!m3d>VTGEOg>zKcYGHuS)$Zon7TA~hiCZZ>**xDR7DD7H@IKK$4}UKu(zm#< z=)$zcd_q;Zhk1AoaK3J0aZ4o8C)W>;D^S29tSQf1((V)$9&M!9l*v?mT6~^>rw0E- z_Fpztf3-3yrXIxDqBpZ%X@*-$oO4uO;7q4-koqTed1f;45{A)UsmZY&d^0PVJVI!@ z*z_5ZMQ)7HGsmQJv1`;2%7&=eTgYVMEor#VMKhKC5R-ZMNym;bs66RESvkY|-R_Ll zeM8}su*RtpyH;1l644s`nm7_vsS4$KWojvbW_4bLvfLLak08BltENX! zp1zz&WQE+nLO<(R|C|VE75q)P^c9`C3O)WrV!V)jDFZV3?E5Ho%5DAn?f#fQF(+`f zT3KXEa4CzFsACb*b7!mB;e4;@<+Xrct>pUQX?XEK6_b|AfE#nuH6>8Y2|}|liMLy7 zDL~f}G<}Mv-#oSDJaFV{z2xD#FZf>aYtG6osjcRC$-?}M@47)3=es(tvHnf*-p9db zrUV0*b8G~dg8^*I#Ff25l_Qw!q~Oab&mH%T#RKw=fxO~E9%R{?!je0nXSp85yu-Ht za7hY+9%yzr@Hoh73;$N#jP&sIlkmlznw&`F5u$Z8-9E9U4QbL_vps{fmh zw1RZ!|8Hp}PErN*`2Jmj0DM1LER+k9gLWa%E z8z5wNh}4&ze0zDw=JN^{1i5D*Lv0V_`00K;FD_Q;MuW0^PYE18TYvyhPzUHU|8Gry zzyE)*90FnW3A>EbUXb(Zb9JEnHw|vOY`hxcm4ZC|BTeqtMQ;xu=VhW;aeaM#vO8so z$RD~r{k|Vp<<_*mD6BpT#^c%lsgI+e6gOA2toabh@6DHrQ*!YMph9x3i_d_^r7nys zd!S6jgvV7MeQ1tWUsEtBk8@<%hNji)ejpVbmljS7VjfZNZgDkT`CCfKUm^?1$RL|s} zQ^P$Ovj^@T;2j1$Sb?NQL9wgjrKb02HmQe*GSZhTcluN`)PkFz0sFIKEnI)9O5EOl zSIK2zC$#Xv8DWQpzT!^Ks)pU;T9r=6zxLu?$LoBEgxuWD_rn4UwyJoKt@uFRFsOLt zCP!UmLTf#AOI&{ojVKKZt#K=@!$~>lBs7%Forjo9Yyd5fRynFSEDNvncO(P4;I^~r z{X*ip&BMTs5C>=&zLq@$~!;>XI@tZdiI#lhUGl~(0p^DjsJN$5aK9$Y05 z>beb_Lp9je)5;IT;(m^=7n!ghId{G-9!uzodn7<1_#KIYQ{8~Q3S#zl`DKg(| z>3MR&vD)jcIl($n9N{7P~G)sblp`I28fn=@)BdCqTf)(f`^*A#1;ka2z9&(D`_># z_i5tH6znM>%21XMI*5UYkcDQ}U1k3tTM&^D7I9K;|4UqClo@Tlf2$MkptHwz{sg$R z9M;8Oayg8NWv8jaVB>NBR?zbYyZRJ5cODEP#EM0ao#Z>mo zg_x<-)rKJi2?q+%-MIlB3rfMC@1e7acKvK;JuiqWc|XQ#jcu-y!VpPS$s9W>La2@( zucgd!oIF?^V(c?p#ffS5%83f|6q@$b&j(9?RF!DMDEu9{m3c+LOXbGP59Ek+#EW8* z5)0f9XFpI?Xya4>0S%qW`9BUaGBT$=J|Q=21k-_{?*G43J}wwGnw)2jflveEAwzRQCdQMtF>f{{x>4P7o3Tcftea_1U=0(Zz$km z9RNrW)PwuG<$y+oCIow23m>CtR4 z1_@|y47@$FN-cfYt3vVY-Y&r{NS_!uVQlR2c-;dLK}u5&#`gtO`+x5=_&4FB#(R%! z_)Zbn2|A$~gDfQU_~ay;$ITxPjDXc*vGQ$?-sfq;#+w=DKkc{W^o){{l93UKzn);2 zXudkLZfyxIb%oOy3eOlw$*K=^WLdC`(m#QGJCB3Yl>fjxTp+Ixlt37#+9f#oGibI- zV*3xN`SX$eTI>LK;ant-HzhCKk8~6Hv%&eILcFRqP%PC>fV{NnYT;3K<~qMONIgTwl40I($%v3t0;=Av*#l^@ zoGQk$qWv*#+&QN+zX97gL1obGw9j?t053%m9oiPdcP$xO!Y{66)wUw?gg`T1|Mrs8L` zFYok701>GQpRz0Hfz1lp)a0%86h18V~HhQB#AVJW@ugf5&j6V^v+w?}eo5)s)VbKpA4& zbUy9h-a2N0U%T=gRgT#(9(3NJkS=`%hs&UR|55Y$+CQurnR-Q2=w@2q@XPO4DpvUQ zQz}+E5X7L)Y-nc+Ifauq_U9IoRFSPFlX;+0<^jq-yiyS2kq@-Q%&sSwFJ3Qe^Xew} zz}s~B@4Zj=T@Fs@KKNhQHx8o5evz!c;IBXZxs1kceWISf@YD-)?s|WIar~2sV6Ki8 zbi7?AtARMY?W$p5yC2EE@x7jFR4$4B<5K7eGNg%p*zvUcl=bo&q01o^zWqkf;$%zY zJ8+qx}21bEI^1m&5&Jfw_a|;TDL~6x3-rvDizkh3p@V zB0xpLZ+Q5$NN0d9!nD}Pq@1(_Lfp);nvbU~IsX+({;7tj&2|5*YxC7*lgsn{Rp0pf zWFxDpZTlm6&E|N+VkaKF?PP;5KIQ6XZFln8N8#&5XG1&%R%F)GA^aFKCakRFOus7m zn@>@Ax1`8Z?rrMS^{T5;uAWQg3licwOrtt{HowhTr3bhC=PB{?EW6FxM)k?;rf=W@ zf-280n-)7w(mm&`Qqu#LQnjdm;$D&(CWO{)hWb-s4;I5`Z+>3S@x`kX52Vd7E3_%H z&p3p2#hZsU7chVr)cz<{gN6(+_xoYPqD};m=nxU0&}XM*VqyYXG@y+qFE{RaTr^m9 zkylo3dQ?@sZf$lQb^eU~bh8J7@Wv;Yh8CLe&7;aqA6vx+3XJq1DzgFFQXrsUvGe3? zx3PQnvD^G}5^!k`=-zN6T(v){+H6j+y(;#(llh5~g3HkkiuK)j9-N@%Q;!b77ZW5` zG7JA=`Rh!i_k$YNbXg~$lhjb?Og|yN^n5tB;`M$I zYXM=Ek#mUFHM|R=F(c>Za*aGge_n@(fw)9|B>C{s3HW4X?xD6BXbPjx1NMWoCD32S z(&kp;aB0?=KJE97F>-6sCHJ+@-2kcjJR?9RScOJ7Y<)Aj9?|m(Jv=a!BYr>{XdDqn z4DHC;@De%>kDiWY-L$%n`bYXc==gA0AmT60`DRi}f2HO>p5>m(u$e9IeuM`@!%aVA zIY-xlH)5nl5Zk*0Q-5*OunC(|u3=R;(XL!Y8V>T8!$6MV91?izV@1m1tdXO7Ln2!M z`^LE&?>Wk9!<;fIBT-;2NNru3=@Q;jooSr1rnq!jwq6z zq(F-3w4n6RdX?m{rFjvR9?FCGzim?0ugVUC*{@*Khkt1Pbx0!j+p)Ydm$nLBB5Y0c zxnTZSY2=qr1@ogTL{2pWE9-bRLf8_`-ROr`RKT_w3Nb<%OCm=Er4^Zs5p$xvZkdJU zLiZ>NhQr7@sAq-G@+IZJ`n|~|SV>?)DPhY(H3kqxdI=>i;)R6FPDK=S4gZwtcFBc? zR|Wzig+jy)*y8YD3o6*`*X3f_WzP<1MGa*OX`vITM7&WGeoL{GVS=d?B=2+`8pBkM z7+62JO~5k(%&R%i$l89ao!Q0r8O?{^%AlqF{~MLE|; zVVW_tXIIswX^;AEB10q^Ig!JexXXo#myM*nvHC`zvzeE*$=I&aSG)>16vDy8o&wkd z&QRmSD18|Yso4()3~IL3ri4gmMzO2zVSvXiMI=i(@)BQ7xQV-=Sva@s@MHbHjP>xC zSIqC#l0|;Idm<)7E>?)w7+{>V8yush^4AJ_ zWtwp1u~u@k7#eFeVd%Q7L}Y%2fUnmH$DA!Fd7m&O?<{|-o)#Fq+0?e(mRp$QBh?MJ z{q8q|c{0v`8I|NX0X>Ag?Jg!w3?oCN%f>4P6y2B zoD=92Q5tew`IRxKmu`gx9)Jw$VX7-KuRB=#v!;>8*Y3zWI;jDth{<|6H1)l-@J}o0 zYdaw4l^s|0t?qkR{k1V5+?}p0h-uXlLSGCmIehj+83YTT z2m62;6-k>zu8^O5btJX~Mb-unwg>z|FP{^7_8nWaWL0!)agDB{`?0Ik3P+%&7Y2jG ziDUgb3ehkR@1H@;G?ZgjFx_wX#$M}BQF186XO#+-H7E~tk`&O7q(UZOCCb`3a+=aXgEQYnPjq^h zNu0mdHfC2nXeiy&C9xn9CN9_{eWFE9YFp}aZ^Rc!D=(QdooH@DhZVPJlZ}JtmGo96 zy0VdTCV3Jh!nCq^c^pcI8RJ?r-7eFDHI+5 zAMpKjoaW(^G*I_tz;CJQv{pCK7_u;SdCLH8;mjGth(s)361fBCqkQd1kXfJPZIziG#7dxkUz46kf3IFf`j!}x3E3;SoX zG8IiTW}A5niAQCsfC>d_PSUx5@cXMi*YzibY*qeQvwP;7Q_^u&c?pCpO$I+^wek7x*?ehXD`9;ol*NP*uL9>e(^%d!e9E(-?F9`Xd$5 zKwUq*xY55YE93`lHbY5nCPg~U8t2Liz46=l9+gA~k6Jf`Z47aB7=X zO;_Jlp1T1jnAcLYPPitRbQbkR#ZZgjzUPVjy!5owqGYa6#?ja_pNuuAeEQv>Za}uT zQJbTBN!k(toB!?(vLeHlMJ*0$(KSUnqu1>;+=86?U&Ng&WW3lR{H0vZ{UADzjHqH> z|DH;Ye*~{WsfJ?j$AKb(MfiqPBc7CGXrS;o%IJn*3Zo#B{&?x`|JkS0cLlFqs)&{H zd9g9bRz1Ic#iBPot*zGDvrmEwaGwu1R~*s#q-U~ntE;C0c>X;?#pqqkchTIUDc5#O zJ`%`rTD|R7PZU>qX?tkdw)PT{9`w;Z%NQ=+{%(|^qKJuurzP6*c<2C=(rv@1GnUA*3a6Was!1o zQ$^%Lj^x(p#mRJV=&J)K!=|5}`snGT9nKGg&$p!WI~?(vEIQ*H=iARy-ISQCy>*Q) zy!{GnH%$=u^SNpl)1(R!`P`i|l5Pgtl+{U2-1jH*m5?+?rAPmMwN+1R4z9d%Xq&^7 zOUlQl9lI33S;?J#ZuW}j-DYl@Ut$UcYB%TpV|pmd!?C*Y<_h19OpQyw7fqTQCs)p} z8|Xqc-Q%ozRh=0I30Jd@u5G#gSgrkZR{6{yf8^Fb*rFX;Ug(f-p1D@f{r!QSMJH1y z)TJC0J9p%|)Qe9Qli#nqWVx_*-=z;Zn=QX*de&q*R7`xZVD0*qcV8E_184j6f1UXq z1B~bC{F^7l2TniZ$=|z_;Xx3T}u^sH(eqr(#r~Qr3^%h$beed`={Uv`uYnha4f= zO`E Date: Mon, 27 Mar 2017 00:39:34 +1300 Subject: [PATCH 0108/1961] 2030: remove addon mention --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 1a219e6..a21a30e 100644 --- a/user.js +++ b/user.js @@ -865,9 +865,7 @@ user_pref("dom.imagecapture.enabled", false); * [1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); /* 2030: disable auto-play of HTML5 media - * [WARNING] This may break youtube video playback (and probably other sites). If you block - * autoplay but occasionally would like a toggle button, try the following add-on - * [1] https://addons.mozilla.org/en-US/firefox/addon/autoplay-toggle ***/ + * [WARNING] This may break video playback on various sites ***/ user_pref("media.autoplay.enabled", false); /* 2031: disable audio auto-play in non-active tabs (FF51+) * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ From 27ef3be4f6cc577465fa789898704fcd508f734a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 27 Mar 2017 05:25:45 +1300 Subject: [PATCH 0109/1961] Add files via upload --- wikipiki/profiles01.png | Bin 0 -> 33003 bytes wikipiki/profiles02.png | Bin 0 -> 26989 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/profiles01.png create mode 100644 wikipiki/profiles02.png diff --git a/wikipiki/profiles01.png b/wikipiki/profiles01.png new file mode 100644 index 0000000000000000000000000000000000000000..c8ba7b287c39faa40038f6960e874fad5dec23e7 GIT binary patch literal 33003 zcmW(+1yEhR5~8Pu0#=lk2D`X9+d6!(0f5hIdD?b5+D8Opx4-{MDMtpSDm!c8 zgTPu+F+q4q^vqPqSW1ypML+R1`>LE3Ot&8L1= zk%I}!%cR!^3gH3s2`kH8K!Xi1X9(P10D|)FvV38Hcd1nPFoj6~7}q9J2Cx?aYG?GK zWdQ?D0MAx=PzYFM12`4+Z54pVcA$3}3$+OVp#hwlk>N}Lyf0urN<;G*2+IQSNXUZ6ZvktO4Po#1&LZXx=EdB)ngoEt zB>cD0UOj)F#;Bj3=8tc~Fk?IJL42jQwA_8!o2hYu0Km3Kz}yQfM>9!~2x5@aOEKLk zyuB%E;iuae+a^p%D^Pf}rhnz~A8%xf5<7nW+=D__l?J8WS&ZxZzu5Jg_3A%=xDOD0 zy1m}&-k}ZVHVKx8zuW4c{HIbzHj|7TX8CJBLH?;7_4SE-fqGEUvcrHGZ&wq?HC`q= z_KLfVI!Y>;X^3wA)p}=>^$|{dlMiTg6o>ImVyiT>z%uaY-MIyT%TDLMMMe-@ zkbUU(jMwX##It-M9S~%znCuDwrZTkbI^)d}BOm~fDGX+AlqCJvN5tBTNY;n&s}J?b zoIgy8cCcRxOA5t0h|JBLsWwE4F=DEboY|aX5kk(}t7#vR;)226ulo%{%mwqo0+ip! z*cFTnFF6XrwV+yygt3e^pos?&W`*BT^(nyP#L$ArBJnh-m6P}sxU`~mz`6?Lmtt

q`nHWBBxkQe5I~Ms~IL~)T@Q-jJmd(`RWCa6D-?{ z%n$D+1-77&R4`C6P+L`~1e4M7Vy__!Aj5@e_A^kYR4TX7f5*NbB(mh@`eLBKO0$fU zfXjj98!0^~K#LP4&CSq}2&?$DRA(M%UT*%Q7R?cBRSvHL2~En_n)Ul8B%xGRFw1B- zG!Hre<$;nysV?84G(ORO0e}$`+amB~Vl@t1C`hAh9R3zjbIh^!Sdwkw&4GF{?j6aU_43aR~R%3k^L2 zKXfG0j*&Qr2#Ls!*o&wkQ>C1EA%=KFhf{#-Pv$`uW|p(A0dpI(AAZs}N}5s{eHtk< zhfY;>dG+sVRNX7x37v#0Q*HlxIb9y@-74h8^cvmjJdHovq}p~>B9&jN?JAvhBuWDe zpQ8{B2UG^srAsvnznblK4TDjwh?_sNQoTp7iTD)EH%R|=>ZhM4b7$r=d1s7Rbybm& zG>;OGezVq9s;valZl>#9u7?`(0b@nRRY3G_yfda9Cem_Vl@2Z&P7f8=@@NK#&1kfU>uA$NqCee!k|nt~Im}pxVdGueU8iBE;Szd8dMbKl)nnDuY%SG}a;9<- z6%mz@smZD0spTxb95JpH?t`3zoRyr-c5|c8Myzd>ZQpDZo1jMJhNo>^AH$7=49g63 zjZB*5>hkL7mOJY@E3hj%)Kb)H@|W!f8ZX+$+N#=#8~0Wb*X!Gy+Wal-ED7z}hw2AT zQ+}lQfA^1j7DGb+@)M(m+=x8Dy~PbrSWozO_H^#4g#XaL^dk;CgBh%uRi528+zF;Z zhdk|^1$jF{yAJoztH_ur<&X*X3~}}x(&3HKA5bNaYgdzPpZV*&oaUVVlgjmmQ~pzj z(=WdYCV2~(@(p?1X9q^5w>0|INxv92B=G`2ivtC&~R9BBhn4WR0Pq%*ug~wO9sD# zeZ2GWqw0y55MH;rY5I908C%#Pi7%NDQWvth>UWI%(PgBU~fkaCsKV zV&5WWAOMXa{7blgghaecqyfnsR|cQg+%IYOO_>LobeZ2dc3kR04Qxt$%;MGTj-qP< z-+8}F471xBPA(bb87O{GCKF<3uIK;wp?mY`-=r=+ zZ`vWAGS!-%CY#6C69sb5 z3SLie`f;|C+sY!8_1VY`_J7nm3N?wkdatAG;v=v`=pojMev58nc3M)eInmFk5BNdv zqxwGBv~N75uNCI~A5>kGy>S0OzgA96)D1WcH(M#Fe|_E~ z{o*{{ll3dLrK)DI!+OSc-u7t!H(UNYjP&Y^{S1tc=s(w5&^Ps3POfic*Euq#7}q;P z+oU^6dPKi<*;I^8Pl-tAl&Xb*Jlr!94My8a$Kn$CyqJzw!ZOPrd5jUt z?w7nXFE(_3bltez;T;+m8E@#(E%N3q1-kH>XRL4SHqrv6C%GLthoe;XWwu<7cJ|{t z%Xi<^C&lNMkAM3-$*)sl=JJXfdMjP&j5(|wg)F4lUCzYjrRDhtu;2eOUoUR+J+PYI zbi{N%`;O(YJumwjb0E?sGHrbM&Ev9ZeGgavn|^kKu$j}b$Fb;3%7XexXKrV9eTVV; zj#Hl>t-iLmN2K`z(;NSOcwZ2_E-&Q^iEaG2@^QW$y1m{c*a&cAc%Gi<{OQGTTGyrC zW%dtpBKcE#~yd+&GU`it-WF<^Qphx`47Zeu~ z+L3U3K6x&nJ8-ewnBzB;W|RTl%vyJ(oFGlyRAn(&OY;_I%v?hqz&VxPO?U zd+ak0m+3#f$CEyH+>Uq zrJ$t>06ug85EKdk_pfi^5deJR1b}0601(au07BftFtQr&@v9=K&6R7kn7aX|IX!GY zP0C)vGR&SjU3flxJXoC%PT`QqNUGaYp&kiaTQASE-#Ix*w1f9V18 z5kGqR(aP8PzWa{*y6oU2G>=l62=qv5e9OhZJ|Lt&F4PX=?ufavv87PA8u>DC$HE10 z4g>@ITTx5iyR7OX<~ehCcZV~N1&$~(M1qWSv&FoHp^c}@6F68VfbfVVWY73|JZuPC&pBRrW zz6r-IS0NUAs7CDa-M2cR-^)fr=m<`W*kqXAp4x3$VfS?Q%geRM4Nu_aj2K3fkB?x_ z@SOcM@}V1dUvG`h>fO|*u9YTzES_$VeXOGiv+yjJXb_haG7&ja5jL^=B4bdJQ|Kk9 zt)I33fY5?SLe^Q=X;COTsVVVXhkM2QZr?s*X?uWmK{`x$ebiPKFCTst}@s(2cf+M zCeXopdr=_~Ts#1G3R!0U0aZw~nm}S!6fz7p_MR!cIoKB7+nYWiGAa`qpx&n18ueVx ziH*(Gcz}(?>5cYxEU)PTq;ecES{dd?!b1W2Bk{C}?WncME(6Fti=~KQVZoz7WT>z- z3L$tvZx8?r0Ym@@6im%S4Kg7``H9OI#_5R04gidpFd-1ENJb)Q@HF8xz*BRg0zYYG0Q0^}ys6ml=;G_l^)h{ZYP_57ddaX4{^i}{ zl?@-z=u-Mt{Dt?Q+hqc>lnQs`3S*zMxwFY2_G zM>mpx-p}$H1B&0RY?mEvM+n;tyrid|Bxe|5K}n>`vhv|UN}ofJ`Vd0q&U@pQ6ob?3 zO)c#Ky(7$EEvZ7xRE$@ZWh+H0mv{Vt^C&|zCYx^YJVZ|qZ@wZsi%$$^*p{26xsl71 z$C*TnWl5com1(Ss4P;*gMTsg3%gA8(nno*dVxwG&QqRE2C)2}fL+F}t6|U)sCoShy zBMYQ4lOo}85^d=8gGR#86k-p9qv6{;Uov z-q8nu6j-a^meQc8Okn}?aEftRHn>q%*5E5uj2}ydr{algv6^X@nOYR3$@%nnQpq&> z7!=&2vY*l=`LsgL4I|*D2!im_f~t|8sg#1?ds(3YKw)aeC4lvMRWNSD(eu0EOwsGN z_d%Z5hKXB$yYbqs%^VduA{xolm%WCLWXrIpN-#Bu>PbCXfiPnaNw~hkO~XNOxf*AJ zTd8KGl6BX4Bx*01;s6s5gK>sP6!9H3kWyiYm^pU$jmJ9-)NL$XibT&8EETUyEeF6# z(M`iUN2SuxN-BIz9*_&fDOp6Cl$ji)D1#z*hn194(S>mFREVnc#V}^MWsY5qDtkvV zNlE_o{u_)%!IM-W!_p(I+1z#U1oaPJ%?fQV2rA7jypxTgoK!iaLb)G|BwlsLQuJq7 z?VG)_p=O(*;w%Y8>&<7dAu&gkle10DGS<+1pLb9=S#UyX zY3QN%Bon+0UeGtsjR$8;a;>`w-`D4vTjLkYgRrWUm0A`;DUdvf3ab|zHXI9at`O^3 z8J~t_(LoVChc7gPk9IVZ!97t_h%*MOfD;bnARz z^c~D6i6EP=NxifBRUBxigbce_XU--{ylb=$)!5`^LRMOyhAK)%{iI3m?^zBrK;g|l zNRl7S&r$IQOU5FPN6HX)+Q72Rv%{YSJCaW~RtTIe<%rv5#W(G$q3&$emt#%BV;M!E0 zCG*`4IWt74ImqS5H+qvA>KWxSEuD98064Xn7V8Z=+JgNYB&E-qfCCG3ozH9pKA)L- zZv|pF`)c0C&p1^*{0Z!t^<6Vr{gFwlNQDD$9BLGo?1s*b1z}Em+v#P;)Zlu<$Amu& zYPnqQZ7f=R2k2t2L;8B(>vsj?v7|uTf=YFI)M~u~_9&mQ5x7fOtw7>Q+?5f+c9|T} zMx1?Q=twc@(Sw7Cbuy6=hBZZ(l-F!pwM9J_*)ox$fm=sZRd-Uy2BqRAy@N)~ z3_aJSv79iNnw+R5Y*l>+`N69+>VM?5{(!xa;c3gh1k20h>m+xjX1JNmD0^4wFdxxs zGtDSQ(bB@eh++n<(gcq(Mv9tqp72F@XSGt}ivCRGCjBd)pfF#814E>#gdYpm+SN>u@Z`>qr~eWNP*iPAbpRL9(Y8daj$ z@*1F|syCq<8yP!1@&?Ei(F;bEwZTgfc??8ixEG?14Fl9UYq*7Y=CHPs12+v>%3O#Q zuIRSA8Hx6ATXZS8Nv-B6ftq4F-9$|h|n52 zJgR!^46jgU!tP=tsK^AD()9Sw%c*ovTI=kXg)QEpoc8y)*q0N;u{atkW<}C2jZSF0 z*r`N2bm=gssr<+NG$lIidIc1`Rz?7e6S+4C1E4Dt4hhl{O~FC`@=?N?@3t&^v{}z% zK&h9Wx@_wW$Am+*88S!QCbbU=#==T0?bB7zl^thNP*JGl_i(CJAwgr^!)N0Ke`eKX zfxuE3B!j3M55DG(gXsZz*NElTAWa3nh_d5S*7Y?l_ApV_F{$yK@nxm`#ta;?2~43x zYHXX%B)IHUpXei4R2CA;NbQoQ^O%m4rBmh8nxD7#6y9eTuqaF&jQ}1H-?Bz6cubM{ zrn^%KzOi1x*6{M*z)PETmUfKHag5kJ`>sPL*4JX9F>%PDVmi#|rvC2I=>P;*+LrP3 zGl=@zW!AU&w|$_|6UIVzT>zomD@=B5Ql+u-EFj=#V)|&A$@5|Z;^yLcK&&!f?4!Tyk{7iLDv^RG6kij8*PWx2p!p4CL7O=L&>m!SL z`URqjgyV^OZK9SN!YYuFN{9EpGL}d|_onbRt!~p(=Z8U|2J~}GwLta!!-d-+oGmm! z^BAA_#J@8@TEvn$ONRy)2G9zc7geeK$4xKU?Xl|(^%kGG>j7rd2=U?*t5aynI-(-u z%Slyv3^LdRm+c3#;B!Xdy+@~q5DCNL;Iha*OKFE^(j#YOWgT=B1GP$W$7Us?)ij8!dvU-9!_}X0F0Q zr9ic5#g$kfK#CY9D>8A^mFyCf1XJb+#w12$F8N9&o%uSdik?02lB(qbXXBnG_s-JO zgS-i8@9!sb>NNbf6P_{5+3cniT%t?5xD(p8s<@$&oCUF^!UD2-u}3L*nrX$$`nY%+ zOO|+L58TL*`^NF2U%bXs+6!wL9s3t((qY9(aq>0jE&fHeZc);6^?KAR;yShXnW(44 zaX&J=e@1q|qb|PQutr1KM?vHwAxi)w-}Ye zQ*%ekDV}B969tJnlyDiy-IlTxWa*@lJ=26?S$f?!3_tBOJjltv`Wz{qC1l>6>w_(4=$;>c*UN3V5eja&+0b-wrPzgQYhS@mc zGY5M^KC(eCN03_IoiKppLbc|xb|hjTwA(qzXAR61l% z0qD(dJ7<(~(TIU4S)Vs(nRIV4^!Uh|)Ni&n59hl?N<1S|iKCE=O!mGSJ*WJf;WoZI zK{dS_KqXXp*fTs?e)SyQe0+w^&$k)fW$Y_ady0;HGNGr&#En;G$M%*1#q02rS(@Mc zgOZi}#K$HK^GJY?jV_-Dv6kk+YJhYWmex?}SsfT7i6hBn0%sNKEmmq&$ffLv^A2~r5RH9p1L7#j=)@;A z<2hEvcCD7Qy!#|iFlm6mLF9OXPF<|p%lAEwXoT;@ICyOtef9awNjHc8`ADT3e<5`*(xY;CRdnE4Ou1FtI#bpdsS#%U@m$qE8YF`F{0gT+ZI7orHdm(Plq* zRRZewcq=zc8|z6gvET>tU};jrKK!+z7c0WSv7Z`0!}7IczqQM0`qy-)J82%7ub7Af|(iGT^zzWopMLL?GNF zn;HwUwuFF<{Pa^52$CT8l=8O7cntLR<<3f7`u#ew&alCoHzx9@8Pm^IZn@B!SWZrs zmx56-(a^!gLA3mk60JbRMiw_R{#=@})SXk<=Qnq0$Y3Rx+ktCdbeeD3wk_Gykr^u0 z$;dhFJoDbZgz@XSK!w%%1bk^`OM%)&g^-To{j^^95ozIbb!6d)G8&*R1juV;=j!#7EQ>E z6g}dBa(QogZ(&y`L_b2k*B-S@P1nwnh|8Rlmu2S`POkAZh245QP;XoGVZVN;5T#9% z;huaACiOC3k0$C55z^uRQ7;7#oe7o7mM{A^DK(&J1j2(21Mq@CjF3u7yuLQp$BKc6 zRIfw+$NYCGW7gbRxgHB19b9j**SVtg0t^vJ0ys9`N}rHya&IA-;QqO8?L=D}n3W9N zP)XQ`lva=Pbk*92$C;iU%k#5}o00Ya&#{^jQ@AV2m)%SxeG`!K7ZU;X-`^kHpF+_% zFS@==XLjGE=jQ}?9ytXjE#(RA3TUfw{O@dug`&9#_wypPh;zWzUwP7 zFyfZmxt-Naoj)jjRpqke}CelxJX z9dUS4j_1@afz<(L`ueX=4FHfa<#U{CWqfue4IUO&CEi#B^q4W&?$p*1ArT*n@V#(ea3>D4TF zx{ze@AWHZk3CIGPz3RLVnVqB&bOmbH0h7bxEkXaSg zD@$FhW$lTn3K|&fVnT1uYx&7P9y6pF&t^X@Z%C+>X#t$~6+MC$XAAB|MQ;AN*) zEa$o<`@tCXDCY|h#QlqA2wb|Nl^@d|rR!$Q`GmkX1>d&R^IOaj9sr(tI`i|5nPYKZ z1p}WaH`xn}y8fI=bV4b;o&t1VErX`s7FatJx<_N`ht=&)K4bW@ajJ2#)6w4dZ)ie| z4RN)@c7K#o{PDbLd*HzMYW6zt*V8(CPiKnVlkI0rv|F(J4_|Cg|4T$NFW0XZxp1OQ zSo=TDwG!Akas`f#+NZPq9G6fxd*0^dX1qCojAHjaRUazb^#eUS}6cM2qJ zh~1_n>vfRxZ9W6%t%UsP0Rh?hIo0zx{W=!}hMLJAHrY9;rV9 zGh7p^?%`V8jyTsI-A-+j2N9W1@#F;lyE01A}hJMQLUt^XP z;^Yr>`bp?JN+K6pzn6p_ruE=}D)Hxu4Rs2h?HlYbbSWYdMn0PbZN>u7N_Y~f8aznL z+RkGvqqD!ITJst6LI|GNs!I{Z6az^cCl3~5WCD;r2XQ2FhgucGld}0WdA!%P^{R@k z%#*6Ylv;|1#d=d7;Vn}I`YY*&JV3ZO-t%f`AV!bDAT-n20ZRYJ7=9g^$E){2Qd83R z+6wbnC4A)b-H-@EG@0jV6;*}h@*}1^89^{P-vO?~RUClvJ(JO8o#3IH2lgk73%oM1 zlv~{5+T^zd@z&R@rv^ZabmEWbK|4=M-;eiT$Ma%2UwH_g$|F{G7VA``b4;6O9)rC(*bQLUHtQ z=t#iz`kC;?Jm@2XNnFB*nw_0n%DtNX{59-1!@$k!Z+o)W)BO}zaWf(LQ)qDjO+!EB zkM_L~3kh%7fPniZH4gMY7=VaC!vjy(#lalm;qj~49{b@k*R#k+1MZ;h%p&zEpZjF9 zI)9h`G1=bp8B7AM^OFpTB6Y@}{u^AAvw`!s>VL6RD2{$cw^M%eMgxG@uInQ4FTh{K zpayj!S3jgn&%mdZ_Q!Zq*Rb4n;ik z(1fZ-bJ_h-iber)kGHrNMoCENWC&Fm4vi$6b<-zX>tzlg>M(-heb1`7vjXR#7 zg{l;54hDBG+-?yYULXId@?6TOI)3owbn5fVR$VH*l(~{eXWDjwO+;JPBz7ePkoiPZZoY(F9dM>Qn7*m4vs=kh-5b(q>lux}yH}x1m7FbKD_A zt}DF{f`ggCC}dG~$YKk$f2Egh4H)wWP{{{pP2GLqlg^h$cDon(ns$<$( zT0$&oto5Ub4iyo;q(X~HI5b8Td`7T=EiQ+iKrwVX#O&<+xZ!sVxd~}kN!g*8pm1p( zx_v4%F@$jGwe~W8@->f_?AtvGAoarzET|7zeq4|dUhzf~Q31pIFKG&OkX!&UkgB#h zuf(W;MGYqiF9RDl6SYvDxaJ{P>i=$;yHn`xJUqwL^yHIUAl+zOsNx05{B_1lOU=7D zU`puf2$h;$=-g22Mxo5U`%6zvUG4W+h2;HrY$K9i!t3OT3sXFR;n($6j!0CL=;gnv zeBOO7>>4NP{ZqSNuFIqg-LL(&=}F=uo7opq;olQkD@{Ii=5dlx=A8evrBCP@Z_hUx zwR-UQSD518B)-dml z<9PAn+h6WhR`}0S<6qvre2wf0{597Unc=u;_k_E^F|e8DEcX5O_F`bi~X9=&$nJi>d-}c`5{$wCK!k&tlp(VZN^bkfvfgOIn1NJq9Veg-^v{dGknKu;``@~Irgf9@h zY0tvO;C_<+4Hj4b+AgZUmXIZ83wy56LB@#70dRdD%;&#KZp**>aEjFABaAqt-B-tr zm!n#tq33ByK8|Coq>5$_r->CcE?Mi$sf+zBVaJiId5A=MxU|`mkNFl!3eZZ>`%l7~p6AMhhw%}wG$3^foAX^dN?cST_ zWn7FG&r>eJf8P=>x#)3g5p(+6<^B_)cy)s5s@1_d54{-o%}d62!all^inz|54(}P0 z)qw;aG^i{0E>}n8X5Gwl_3b(G0h^A`RLgxkr!!X?()D-G=V|AP4@94KIp5S@ik?Om zIKM}M_PW=;1ddD&_57}L5fkqfk)FHlT7fqJeEhNC^c_5>&!s>^E}zk9h_gz*#Kj-- zz8Ss+o5Kd@dzYtHn!UM&08wW@Li(KqvmbuPDQJMpn(A%5NcLUjI>+;diFU(hqjXa5 zk*>ZIIs`|KKz!(wxVp=h+3pyl>kLhh=g5o8e7L|biEAIjg?8uf?fN3>vauDkaB!U7 zw02sNQNn?{-}@RSef@@OjtRO2w!cX;?s+rKC@Z?9s7RZRD`R^@O1t9Gk!;A5vEAah zQXs^e4*0K?PXt5?*)p(Js)>y;FstevxKRaKZ3aT(Hm688S67URIzDg{m8ys{S5Nn! zw!cJXnQAi|yXNVItg4~p4 z&iQAi`?28S-C+q--K;6Aa#|s-l8<~cUin0J6i5}edklgXGGT6vFU9N6EE32pxtZ!t^d)O z4!2>B$};_X?W)oPMdCOWE;?~(tS?Ng_w>A5q=IN;2FgH#{FsnqnHAZzYqx2vV37R4NIGS-B85csKgBRSfy;9*BU z7#v$=L$p(gT=EzDj5&7B?Q2nbaFPUnWb~9^uYyXUB5m*)^Opq8Oi#aw7;)P$Sk8M< z97ZH8+gz|^&ZqCJH*vJI&-PQlupI=*;2GgBP=I81(F7e{n>Q;#c{0o{?fbWjHgj67 zs!x^9xN;ezEVFxo(u=jvfXnCQC?Vmvso@d8CYlk$A8(I%oB%5Q2Z`39xa&;`@putl*TvL52j!4$nk@a6cvPGD4xs zMZ@mD1Er!7acF!Wgx$+NF_1Vo0a{9&7s+p}D%1VPUhX~bx78f|(eeHJ_bH0%;hxG= z5iRT$(yiPYXx5V{@xk)2a#~A;7{>?;Y_q8eP_S&8gjD&El> zhdX2AZ~}heDx^!(H6feCYuXhjM!}R>(n;mxtsVbCQejg5be?g~4i0E>Sdh=*M_A^Y z-HCNu(Lpu?%4ozG|ByGMtZ7ps;~f@bF_KXkkEjZ&NeLq3)h9~Y_alE4`bTFi(V#{P zG6}Fvm7zLtjlA)}tTAlv>Ne{lH0pdZgzRdM3A$(7Y)uwpKTn1^_&zNL4xu{YEr zjz-O7CrEAdl_Z7fKqGOVXLMZw0*Qbv8^UpLz6k9ye1}h!$mDMr5w{r-p>d;nW?l}1 z4xg(~9--j_*@QJWY9WHGEokR6v=&(_y<{jY(WhvAQ!G!eNw{!S^mBT;Z^7Vmji(qytF zpJ|ffH16294^*@(HTIU0Sd#{!@)RhWX=zER5Sr(x)OT^VDlpu6_}pI;g~^fT@`Mw@ zV#BnE8+9T~%OZ~q8PaOC7`@efVehoJq~N0no->JfbA3XH5NHgIuR?Lv1%nUX;= z+m%FUpXvcBYpp)8Gopf>nLJ3oFy>I*|MKixFy&Dc_4UqC_NKLn1I7`?n~nqPUWXbi(8ES zL|y6q81C4@(gU?8GL8t6(haCTDSD8E#ffup0c-9PZ*F$JUzUPaQWp_1@o=9;7X&wj zOxQJmCE%m3qB=!YN9UVG@lq>aUMnz}J}32nPFwL(;YF>ggM+&w0GxWBy30tP0)qh~ z#r-WY>ox?-Cy$nyjH+VuWBSYEAez)6NFnV26QOD3(sz=%5B>eCOTn+%0^al^-?Vx# z0>w6?9(7hfGD4vThHX}*2D*f~R+d6p3f}{F3?#vDl-4AOwqh;ZS?4-ScK;j7&TeU$ zoK}t-q0T**^}dEo5jwKcOA5P?8Y7QqV!a5o1sh)L{_1zP>gX$&DnvtZ=b9UiIx!sE zy8EZODdn>QKKVN^8TmTSvjWj{R5>25kJVE+I_;bbca}_1m~=uImQ?91_WTPAA3c+h zg`mop$q$}rNqorE)CiCD%em<{FbkJJwFA+{{iD705&CSVP_5K?-k4QwwgV9y!;vJatr2xpHEg(F<)X+{b$elcS`R`7)O( z^O{l$A@)~>gB03|N?rpuMAPZK6oyaq)HkCv9Fh1S22{1j3@YV)%-F9n7S`+~DFzGoM-rs!t7!$fW!?BFn)sYHtrHvwzE&?5U? zVTnUpzanKuk!_FLQPE;odblZNVKX;G#=h#kK(uT%F}T70NuQE67B3E|M>+r6x#(7v zd~&qdvnx>*UBf}pMAjUhL(r77P>z{h{zzwqlII)w{NeA`$a4|IV^Nu2!nQi0_+I*F zVgV1Vy!IM!ZR+`8bX`#%9c!ww5=U zPg#!YbxB(l6)*!mk?0hc2fjh0+G_M#PN;5ZG>^muA%%R46!yaX8V`Rz4?^j*q25f? zdc`q>-H&TkxiWp}G_?UmQrN+etVb7CtowMo1 z)^Ml3Z%}h*&c;UYnO_TELt1V3$5BACcYsUBLCRJ?5`bKdX^-Oq^nCkzjIExRnaajxiqFWhehW5Ox3RgGnJ$!%t8K3irv9m zU|%S5@Zp#uSJ5RWD*67O9%?c}q6n%tpMtBdFKHw+W4JQ(=ab|3H> z{4Ewdmf?AMkTR`AN@-jdWyqBlaH2kGEvr_ABo|OhUfCpqscXmYw4cdLIXGK%loY;3 zH_Co*MWAU`Cd)%xVKVBswT@T1H@ZNcWWsur`iuq`bmz#NILQ;l`mMAniz*OT)y6dx z&0es$BJsrcBz4m@zIZ{bTitZH84i{j+F4mcQ}V@eWg-JR0DI0gR(2>Ay7%>F3^iS0 ztM`iGkN`!ILefPwF`RyolMIDKQbjr2(e`=4T;=8#OC%;W@rbG}pNpb)+|?V_QkeNH&8u36)+x-PyX) z;`LL_OHW^gxj<`+oQcv?C2K|DY>a&Rvahj%`e;1EIP=*a9p0@*8gat5rdd;^%2|;} zKOui0$Dm3TNSwi;ZEh!3#(2;}O87Zfv&0#;5O$b}My_9D$tq|mbInFWWcBD$Vn$(Z zEqL&^d9Bp}SGRqBv!wF0-;n%$;k4zpjLuwI<}SmK&~!D~rS0x{_oyP7;svD|0#2=N zZ;?*kz8B17Zbr5?Q|Tr#kMMr)HHRdb3l|a#PpPj^<_zq>dpfB^tD!??l+GvHf9{ie zb7eM~Q&8RD4*^6laVNbLcB~6!6}eKUBS)8-r4*p^Z8KdWi_X!dg zoeKOxL=M?JWvf>4ffeosEL1H46i_X3C)M502gl!$IRpN3$;lb2I4?T4US$5G{-lp% z5U*FVZR~1mPNoY<5bS{XQ3w4zE`IZ9H|zWOTy3apzI~96$x3*z_OZeaxH%x z{+mEovBJAs#AF3LWeG-LBx@Y#ptdk!stQ5 zCWDrv(A-s@VeGfvD;fIwZ#X+ra7T*KACXhqVx9l3^N*@$J#YkXbS?Snj3(rKs9_s# zFa2?CB!=hviIIVU0TjUCASqe?$9+)F*7p|Y4Y9{gK*acwvBHDn&3X-OiuZutKcMW_*OtF{$dvkjvG0)PtsE0 zJ$74TqdojgB^%v0BIIX5kX1ar!5hrdXkSQBRz^S!B{1Zf?C*OcPQ%G+^ppgW%z}yir6WcFDa&zd&UULt({0C`DyZG!h~{ zx=$hXfwnt~Z=vRa30dRt!S8|&@rLxDyKIdOBr8*FHyh$xj;X|dQoH>OP7g(_RMQ6k z>?#*pKmE~dNZ=UT){Hggb#&ELv%!2Ct=eVJuD%fZrBnax-HWK9OeAK@V`Of2a<)<; zJHd5?yD~0^J8m9^rklJ!_PvGhn~%8p`ke! zhObncme~lar@~0m0a{i&s*sTDn=5P)#(R#;#z(jwU6?-}`yHFvV|BI@j6@Ir-C`py z!Pw(%bds308aDK`py(V*o86~TRpQ%%ZK>^jo7oRj>kHTLdpt{I$t3eW?+S>Y_6kz9 z!yVKa_OUC@ICHqDq|Iy&)3=5x6`bww5I{Z1EYxDljb86esUA_Yj)HB^Qj9-BfiYg9 zX>a-{dh2XWV)s8L_iIeg+#B0#m%p!Ss`u0TqLH7|V-rc1Ei^!m>LFO z9_Id5o9;gJf&YpTBp8XjW!BKs-=!f$2x`@~?R$Dl9x5S-VDIwrwVyw2Jd1Q!1^{OM^hZBlx4AX+?b~`wE1_5t zz5Sl{%g;Z54RJQv)3Rc$7|nN{6{9(S^b<48Nh;&NLS#sT0aDRP5%x$~j=ePv2c9nI zsu6!|)~X^?&=A@*d)RhqwCxWq){^e(Cx6}lrNOVlGZk&K$3vgC)GpOrvP0o|lfiIX zq4)Kx@!5aF)X8hmPN%5Z?92<`ee5`53;Z;;rkSD|st)(oecHLvAslK4Y6Ckfn_oS+ z>m_)b{K;<0!#$?De3ZkyIx=ViC0|?l=8VS_3|M z1v7KM*Az1iYN4n(=-lWnv34Z+#!DXrsZ;RJ{BC%C?8epFV*DhLMziyd9x@MO&YzxRvjG zxyh6lDHzh`Fc~54@9#uw>FzWeZs~{^)a}n7t9e_yIKP^$JgiR9s&HzISOQia0F;K+ zPn+#EXTv-6Gy9%M0tOv8)DMeB1ek6V+4Rtf;ArHAOj!aR#D9z&-+mPMSE&e&c|5el z)q|eX3lvboKKA{5`J0lmX?s@L3EFFR8fypE3x`0*Vd*U0@lUJ`LxU5LhA zyMv2~h+8+@8xQezi5+;XsExbuF#K8zlkFVS)nnU*-TE*0>rVSwBa%_s4&0wcyE$e- zTa6y3_m9&CS3YBXb2=SjZ-ViAtQLQJb*-*w>V9X^H(hj-G48ilf(oi0q3G2um4r%f ztBkLkPoQu_l&<~CP3G~V~OW(~P6{C!x#E6TGWLwYu@qXbE(L76O1A3e@{y6?Eu z;A+5$X#vzh_vXl02-ybp`iLM^l<8IT9Lx@*8HF0E8poG?ILhA9LK&(wVc{+psg~C@ zY;q#*h-tFt1>kW+wqS`0!29#?`|1`RDXL3@6I zRQc?r1Abg?Q8BtKyA}3aIz@@s1kc{I^Ii*iI9t&nG~^rt1c9dzTW2JNK;6$Ya!UUF z->z&F@;}oNBJJhy;xlZD&t|_ltvY{MQT7}Uq!_H9s|_tkZ45t>Lsy#M)4Ms>3*W;q z4|pT9Vm{cxw0yeHM8tmieC?KCWb*0$76#ku@h|_14m|-q`_!y(3dL}alxf&C4AlgrQ7mk=c)(Tt9c4o`+HBx?J9OE!y# zBnJiF?FCBka{4`fYEMP?+d-FNCP*|5&?h#Qpq+jX-ZXO{fVfKnPvtVoHXsidB+Uv0 zaFIXLudg|RlqiK3>}o||Aj|m|fe+Xe+lJqyq*5t~lTkZsW?&jA>zcM&yiE!W6o(>4 z@&8U?6=G+!7ZPv`>F0>(TsD#coapI9g49~@y~v^cnd93k<|piS;u}#`%Wtfw_roRw z0t>!f%)ecXtU+_($4L3$q1DLy^vI~DUx}N+7ljFahgQ&z1i>kFVdN)|cJHT1@e&aS z0f9K1emaWgfZh-TQpjMU>HB?mvjK=W%C3mru#>ziEN@g#Sk#v()dKFuf2D9l4e7d5 zijA+$wDxpTGVoLc*+4kThsxuo0iUSd1q%6^X!_A>)$3Sn1pzB^;M#p}Rx*o3%+^p9 zozzqXHwhQzJ69B%X>$30=EinTDr@@#{df_QDgy}055+H`=d*gwyZIuXU@B!#&pZ0^ zeO%8XR095Y__j!8V!n83FYkHl)e~jr^VSF>uZzI*^~__s>%1Bvk7MPU{uG-SR33{n zO%AGku~iqyhd6*Nz&5YZz$9Ir5r}uZ?61a%lq{E@`jXu5&R(x{UTaOKY(fTaBgEsR z*zD(}OgSKQi+M=0w&8QroE9wVR2!_dcEKedPd~tZR$0s)_z`Hea`uQec=c>K4SctT zcw&yw<^`xe@O0R}MQyK3dXJnN+WrsMTR<;CrA=g&90(Ggs=?Pr)=9euCke(f9URHHOyVOF54 zNHiHdS#U1CY!YgKd_~ zq`#}9Td{q@WHa~KD?f$xl`U*a#n|!cYt&hl%QZ8Smaj5T6IL2jz;A#3D-y2n9Of4^ zmZ)D|@_**LA)GZfEO>aCv0cCIN`7;|5p2iq>_h~0%Eu>I}k+(%zy3wiQjRp zZejko*ZT!HzVY&}lEKq0)1`z;Fz@fn#$4>eZ2)R?`)&W6=(uTIX3cG_-O~Anz{9vU z2p>ZCTABo*chZex-Tmm{0`2PiBJiX)8a|zsl1=6DRqT!6k<7r70c9I4pvso!$K8Yq z2->u#azLy5c(PP;>@>gL=6>$6lV6dLwz^w+ zo1C=hxx5(HVdqR@rPI;!_o~%E=Xqpg1D}u7#ObggPG>6{G+BB#WIIE6x6Z=m9A>r+ zXCvKm(Qnk@jn4oBI&kuMYY<$7pG5q-Yl00@WiC|uIX19T|8j0o8fd#Sff`H%j_7jl zc(y-nIj``%d#O8bzZ-8k_pJ9E@U_umNugt402dcmeWC%FSo5&(aDXIg8&`i^Wnti} z)_US_btM%fLHph^cIfOlVRKdtUQN25FW=BsfdO7Mno}1Sg0~pP9;EcQDMn$U5Ino! z^_(crH~+Y&5v?}sR)=f9D^%2fYB=e}1-Jssc>Wqt^)?$-XKQyGo*mC?cOx6LZ@M;P zNu58P^uOl+9F^ID@OfS%5W!y29Vg%|Y2O;ne0|magU(n~EPJ*d=eUwb;QRJqxiJ6i z92M74QGcuBbTK;lFnVPWeck+zzI|$yIWyRp53AU$y~Dy(E2)Yrd0mc_G2t6(jIAcA zvA%M@E=b>)6c!X@Ji2WbYV6&4)mp-M>qJLYR4jEmR3Tfr%>z!l6nI)489Bdrz~+te zGhdO$l4T8mNcL5_PYY&2Z~7n%>SF?RidnM4HZauMY`n%#=f1T#iJrDEw>>SAm5?*` z6^BJPc;1iW^INR9xF1DZF{-g8RDwXg(4)O#J3~la>NzB_9e-2`D$&Ngy5lot)L#Y! zUk=}1FNdC5;sRV5J}a-@-p9!&bGbVH;jprNQ)O#H?!DrJnP9HU;GF*nQ8$JhC6*9b>y`NPDPVo>bMwb9C!-!5 z!;99jrg%PJk_2Gb$Of+r>^Z}hrTrR0PZCs8Ycki2{=BWMbS6n!TWMN#F-S%VqBxDG zti{M(Gfh?U+_WtErF(MfnXzp5hSHY%+iw{Bv`2l}=rwl=1}iB@RwbPCM!f(%6c0gz&&opwmOUjZ)sFy_Ubu+|g)K zDco|MMUuhL!f+{vXS2&>XnM!|l)4A~k?-5dsDpg8VFRcTo!zX{fQxk+9jF~E(^abLzBg=iq2VMr*-kN z|HimPlnh((K3-SbVkgfR1e&zE&WmA9GBMR0PqJ`(-rk;=5O|pE=6F!jQ4bu+`E0rY z{`;pb{LN*}sw~*rRP;!+>&v66z=sYx=H)vazqVm!66(- zM(hhGqnG2hOb5JGhM)(VV6)w}&|IV5e@<~Z_t z#7gZ~Ol$UaWC0s&?%P%0e#?2sQ=%1-$`_0FYxB~#s@sVQdUwCjF_znbS0R6gJ|?rI=~z@Jt>#T4h7Hg4&~!|}Ymmae1}i~(Cp{Os~6k8h&tL4$s} zoF18AP^_0YL^$gsn=M(6n6yj&q1$dOvPzH(a-(~X4;_rY{GzQ(;)m^$u~YR;$k+NR zR<~gva{T9)&By|Gol&^v7W1U058bGepX;t(BHc@z9S^SS+~%K#XUPf^TL0~RYU%Oi znc4!eB6CC-<8&H`pcS34`h@7=M>3{zDsW8D5nXOa3ko>D!4Y}r>V%${qvNy2OFEq% zR`~r^X^Lx8+`XL$yV3-^K&lu%D4eU1-=XWIxb@b?a;`t?$;n0E&{)R&>0Tq|{`!HA zE^i83q$Dn)>I?aGgVT1c%q$!0DNh$Lr|N zg7T+n&EGNyWu7k;mFU!cW~Xcf5p5=3y_;z~%LOE(UJPoNYrAg?5xnqT$)R z6A9WsGWihE+LW?)Bzq23%l{l`b-o!AOnxb>icUkY?LV1qse$;LU?wU5blP|&;k40c zdSF+f+4#Dax>;&|s_C%X^C} zB?f`M;Uhz#A8WFYvCgB1_JXxqqIiyqtXArmOwwSqnjM$wEL2EiiYmlvJO^&cY2Q2) z8wA=Wc*k^LvS+Btl-uqWx+uL_1uLv>Imcag6sc#q7U7+(+s~_sI#;dMaVzbn9+Kb+ z13Gk&Y@n{+{^rV#wt+y+YZp89_yS(n*9uWyPu&~8T+#?%II3A#wb)%&a!sIv$HUW% z>IZU~e0(~Epg(41sE9x#6*P23uUSW#%oQsX=1V7Od;II;cfYNbr$q!>=CnB;PRph9 z?2fbaYF_QGQ)YPPA6MCx67LW_c^_+kwmouTRh~LsoW2XvVV?xKEgesnL6s|P5UArCM z2%gjOJnCpTr_BjU6YjrU|0{je*%bI>`z&vw1CsY8LN)oy*4gQA-M+cL&A_u~%yn3T zC>JZ~u2pZjvKI zM-;dU7cJg)v74mR{`C4JndYolpoCI?-pw=0=KtCAI5Qd&WZ85M=aR`+#LI&8awr&l zggvyu@bb!X{xp^3bRhqB_`r0{JdoOkPM-jY@s`3|kVjaj2m z&ki$}*D|LO(ydxhs8qpCttovf2S%;c#!K>l5$`@(^V!-!AOfjkDX~ZO>-i}!R@7&2 z1Lc|i{tfT_M(*>W)6%mwx1JwJx0nw!t=z~0F(JuAWN6C}s#0tjlBq@~=CtLqQBEjc zOnZ+m>(5v2$FHqc`_|D@n2Xt>E9(QF1?^`sA7HGGra9fT9z~9(DJIwGKjJm!{E)z- zpqMZiAY&x2!KTU)o>k`mNexA(4)FnTRo>al^=pft`loTOt1{N{+EQZGod7<#*SgYz z%1$eku_7EOvm0apg=h}l5gg0&5q!Ph&h&abZ1;RRF&OuIetss4;@S$M1rO$5*hyly zw-p~DD+uGE8!)YSR21pN9dGxg+aWNKu&`R^x1tyXHA zHiPhaT+S?s9I#G+ck{3?)9WHT7~FEZ%!BxeyEvDs;&B9S#me43{BgLOh1*rs(J4JP zXpro3R0$^JDEzX!z^9ghmu)3QP3D}msRlZKyg}KTp?YcaUm{qpt_TY znD>L#F_j*GTT_8aKtja0Du>c+AQ}blD;Op9(EjcmOzJzC-oHgzlt}YV(^zP2AAVfb zMv15jWE=P(j1)iU)*DV%aL!$|3U{p69xnLLhK^9qmIiUD^3-$T%u+fWQedDME?W5N z_fgMml#~I(P2A9!2_gYFylm7beaWr%l7S@WiMc2Vr zSM*&l$rT1%nIf+vwVGu?v7tr zK2&ydGoG@%z)MPYDNUj?lq&y2_tQGB)%E*j>H^t0TMVlFO@`NuI<1!TLOwHRB}I*h zAZ2-m6xR(UAj7EVL^v)OCulCo$youijHJ(x>sF;SG|jk$c?+v!rlBe|g}?;$49O2W zp*_k@U@&<7Pk_^L3%I1{0CtWsO3>5%@O>E&^$d-+7fW~LZm-}ln4#Dwcd(n6BWDqq zVS)W#$*4(_&~yQu?wLuiUd>1LauW~5B&kF>3!9pV-s-vaKBMxQ^VZgG>26dx=JDoB ziof(XU`Q~&Cmc#AsX+DsHGzw8OuN%Q7pFv0Q~xCCqR=Ntz|p925PzTQStROj^10!! zYbKf_xd!cg&!7V=BuJ=XDo&yxJw1wt!9>pvMHJQq{kNnxl^Z_lt_LiLWBb|pmlmZy zZs6SMush|a4!hUA8t@TpF9;h*A@(}|#?O`D;1*hHbN!z=g*^vtL2?uFA$#0ZEIMU{ z$8CxA9z-r$jQ|LjBy%&YNprk=i&!Poho3ZfkO?;TTU%kZY-wG3s$`K=L-?SURz++3 zT^T->wcgosE+-$W$!6lBe%I~)l^@h~ipnrM@D}VXO81_gykAzM&(6wfqsFzL5hC(>oO`Jfi#AkSMygZksGApW#`y-Pur6eMG`XKNHMVXRpVq> z6fu$0@j@J>p-pH!y|HC(^W4KxI_QsVdn(Fh?h{#IW*?~g((XEwv{CJ4Y4$#rs;`pd z1zES1SahO*F#iyLKDvL4m}LqSr~Z_2_iVw4Q0a z0;hzwLN3U{bN)No+VFZge$k8zN#&0$G%Mr+Ebj~=5HrBtc4?^AI%WqgUHzmYnB82q zCO%_p5MtP+ew(_(eH9S*`O&X;SY2$a$-0&w4SzBI4Xkzq@Bj(9k`7_*N24Tr5>oYgO0Q|Kbf%bY0hfEU|3gT{-<*RcT7E z*b@Rzj2;7(ES&H&QBQ)m%?hx=7$4%(wDd1##Gv_R{p`g6N`#BR)7hnM39;ALazg;PuUD=VuuXv?CfM^ zBRxfyekdp?Xlh!n;nAx%entQO0Uu3PI%K9sIHAcU{uDag|5(e(U=V)lBMCsWQUqAE zbar>^cO1y|XIhJencb4xosv~ontG!Az%y?Lon7xLcmL;r0G|_IXE?v@)YGc$SrWUC z{CHC!+wnP1&eFr+#GV!lu9RzgCN$)yOnCqQ@;+rAB@?HG&Z&*nuk2-Mi)H}&b<;Sn zF|&DF)szlFOR0U?yDP7x48~i?9cWZa0HC$X^RzydI5QLo)G7IF${g}a?uVe7E;^>2 z*NzRRVRUa*HJ72)Pkq?OUTft^6&jD7Ot_@E># ze+}>)?HBELa`>l75d=IZ5C4~`_hLTnwLV-}Zr0t4qx`5b*VNqXW`j0ge*W%V@D)3_ zUayPu5or=XLN7M|?d~$!XaEo`k%XjUJQnu;R?U}5uomwVjYjRSCRl?I2?-(UFm6+p z>9oZf{LcBXn~T@2E^^l0_LzO>ff|A^LG!5RJCpwxVX}S4qpq9CD3PH-KGwOEk!ejH z7WXHPvv%Bw;mWyOFd~sQVRmHmDSHW{HQ-~hvc%S;?OX4pwvDGpgOGZb&c0~tG;XFM z!#Wy-lut2bjP~&n7U^8ByEQ6Kte?K$uV&HrUVd_@=#WjpH^8o{HZ6C|WjWC6#W}f> z9^rtkVW@hnw;4NnIf#H5U9FR}`DHxbP0vjJzDzv#@`!z~>e%S02G+Ri-c~h4OwIG@ zXyj7$MUHkudDL1Z2VS_px>)nPjA`SKTQGfEhTSC95_Uhc<&qSR~ z>Dlu*rAn~6jQ;4b`eTl|#GsA~3BX-~S`4Bc+w6yeXvYX$Y;b-belJR_&6OyIa5{(lD;i((d`+z`z;62z@%~sjD>A zqewj{i#?9}J;60*lpj-~P>{R3yL+=+F#qA*irS7L{1C(Vg8!dosx3i(6x$Bxqz^Ye ziKqzd>#AVSFBM<(3+W$UQ=c2karz#aXu7D9sj0Jw(AEXFDiinhi}UHS)9epPAXOd% zZ0Nys{s@pfqlE^Xeh9}JW(EB=KCq%jll}i0+p_E_TYP?X3iBf5btd4nP6IwPQHq6S5aD->KY2aS0n0dmkPi#1+}FZ`7pX>` z8crpMA22S7a;zjGda$s%D2E7DlPpmHD=ex+$$e_L_m549l1+qx{++$0nIg`y_3=r0 zKG^}!m+X9;*N+Z-CzgLn5P!h<2qHry{qSrG5{7Rg;8ZVo=UTa@;C-nAY(o$Ng(T{3 zIUc7FLV7*E=U>(W=R(mUQ5cw*(Q_`y@eT)rJBfz|>?7aV=un9)l#eyE$;tfGLpWY+ zROwb_mxh2B06GAI0&O*o^_`))?Y-UL{qk{ul?N$A)=pL0CKF;sv5lDKAlS#%?Bcy2 zFOdrgq0-z$VXYD+3GM&%?Jv_mRf5)JuL%NxKOPfeBer6TQp^GYRUEiRB5HDU69hZ& z+_NR6DjVVqi1Y)=A_RrACho{73+PFzkm<|XyQFb8+Qe{~)=>zB6`^j?w|1&1VH{_% zpZlHaS1&<@TtfBpk)6<$6`%iL39Q&OM#60d-VkV(Qc4PKR_WJ7xuW&%ykkxCJ_J%- z3E!8JRmhwfWvOHXV%5dIxD@_(YZ5GxIryTyXv#{}!1Ll^y3au>C|3+s zPBd#%yzaP%%MsJ1(50e-0odOSFlf7VRsQejH7Pz<=)0?QJ4|D)jYqPwKVS zAowyJp|1G{H(5=>rlykrN+|~?=4<1FYbXayD91yn-?Nx@_t?ltYlO?ty9})qGfd4b zbER}5$B6b_0a$iABmGkdxWh1vT827(k*O>MbXd&5_)<*tu&|tE&$ixotXku`||_sEr6Q$e46Db3iwAuM~2@>BA+u72@TG6|7pD zg#xV=4w#3BP_dk>EZM!dZ*DhgE!mL3%$*?)(!)WKG#jcAmHJCLKYE6DD$hCdC$`@8 zlqKw}!;+8No>s2s4@y4|f8=_9q2qAw&D7v%F#kvOE_axR;S_0;an)%XeZ%3uO zO!{7D^>K9|&jsru5Es)PmX$!gDMyB$G3h1H5b2YQ0n=mnmbzU*-8VJ_PR7k{@W~gPiBWdwt}WMX;5sE#aLBfqP1855R{wi(s-IDZ!xFev zWyt8_fbPoq$CbZKA<(5H zP;n98#pG;qCI7^6j&a`&SnV_tF&WMgDqKli`s#a}jaDEGZK&Ap8fGCT#E3(7`EC>0 z0Eo3~0XcuI=F7X#Pj!u2^;OwIu067UujSoveUOp>FXq9EJ4A*pW0~V(1zgv516C00 zW+pk=S16R@r_(eVGAYOcTs8e}|3!ZVc^*fYC7`zN1(tuRCw?F zZ>3!C_BPQ_gl@Yg^!v1zjc;ShoFmU41vyi{uCFaz)Z*GZm1oo2O<{l^K&neDGD!z#lAb0Kl&{o(^h_9lTSb{ggR@U>$V;Mo3 zP1&S+P{*iOP&Q zi4y6;noQO%*;#dmlWUzWs~Lk-&?+ho8wu+Yu|Q?2%Igc7G_`pdg!nD>I?#to?CTO_ z2tl$O2m?IS9sH&IYK9FM*Jmw*zZ{OMEHyT8uLhEYtfkv`y%MfPF)J9hXhRz+fbiY$c@9+8wu3`bjNT6DD>;IQ{>2mCkDE{09+kA8e< z7OXB>B3yj?uHkT6@b2WIW6x%@It^Nf}lI&btinS(#YrDSM zLx{u3I3WZ+&CyOuqG4VPBKLztDqAQ;@_oI`OiATM)qwp&D0!;3=lo+>cNid=Wmk5k z#eI8B#RV*mGMo8Qee?L(A{dyWlMaca^_t3%^3eSPwhh%!cL{oMs)lj>mxAZjzT7YgEP6=57xYu9#)AJ`FEJGq znU>ROV|ioS-{5xqsV2LMEWHs<8gvSl29_ycG!(*)nlV&mKqgCrE2y?c5rM}}Q&2*o zE~8o%vB|hyZ`K0Dq?;-_``9Tgde8FKO*gqN>-F0;b6?q1q6u5JZa7ENB?;|*J@l7E z*IN>~AHEUTsSX4ax%M&;C*cD15o1Sf1=Iw3>b!D%#cyS5tR~}Wvhk!726FsQCtC_~ z+Ti1xzY2Nw9bNiMef)P#bu9MC*{0Re65YzH)8XVHKn|2$vH?h&oFi+ z3h?uvS5rx#osU$n3p;Gq)o#S^7}DjAUf4-XRFD(Z=&DytpL^W|)*5}aB*rW>63yyN zSL(B@{`j@IchH?JZZ_@G2BK^{IdAamoS1F2PddvH-o}@(tRUWy{3&8qH4W>k+%p_1 zsN1~g;W=MI1iBEeEPSMWUEzIO)qW69BIC`lGmi$kA=Eq2rK)>gCbjLBmBfjc_Mis4 zw7*qx3YOiM$sfi@>$u9pKcBf4qWtg@_B|yCFNimaKf;JH&A~8GD{un9l@cixWTD;_ ze}@`$-@d0|ND* zUo|?aDtwGB{gf(O`Ig~Vw$UoINb%CZ7@-iTziR%nvSL8D}ML(d;N-S zwjk4Kzu0Y7RyB_~Q;7-^ps=vow2tewab5DWYp-7V2TD!mzsn=9nPiQ`f*rDd{D7~X zW7jB^rbmH-)IvAqF|pPZdd@bBFTdj0Q0qpWl|>u}u(s?IUyqTPR}PoHJUS++PnaPlkrW)l*w?sII+J~URo|K@UBW^QcIJ1 zy=;#7KGNa^8Pw}BM<69gSzLr6h}Y<1(5crdr@PB1QL=3HNVhQis`oS{Il^QWj^gyO(=hhzhUl=s}JCd5CL-F1o*PbPC8HFC* zipfV#UP&oIA*gT>S_P|V2I)`8NM)gEKTD*zYFQCnZ;NrQN z=;5g#qUDydVf}Gx#k(QhxXSyc8Yos!sVnNTMAu};8u;wK%73@&u%PAgbU7BzDB$vK zLjhoN=;%KFO>XxdUanZZG}i&>J~(wnnd|x;yoC1EZhh}iW`+10!`UqwTAo_P>DM!4ZGAwbQMN~BHGSPcR=RiZ#opS;1ex++FRP;W|620bX@T~mCUNnte3vjkLWBZj|_k3pBj4Y6^^2LO=-I+>PJ^$_X%HM~>r zkqQBEP8I2Uj1h+>JBwv0^`3P}p?;xEy4IKN0%m)PH0_>_NHC+b@4Y(rxV&t6dv%#h zDnBfUqBCc`-XUXrew^Y?1jL?zdhL3~^XaxO_4DAwgy2>P8MtvP>_wansH@vvYG`;d z?g2lu$}w7Q)U&Ut%GirnGsM`$ zX!qcc4Fe6$a*K;i>7nn|)|ND5o8#@t5;70|Oj0O%(753%khVs?oqu`xDs3fr7+Ox0tzE(rE3m2yt#CN9z|h8rr@ ziZB*3w0Nb5h-4r@js1f!c?W^BbZl|}Omfx^pviVU%&m>ciWo<}qmwxr2T7QD>h3KW6UIMA%1p|0Mf+2j)<@c?_~@K4$!lahWA6BEN`r^JUg z?86U#^k^TI*XavBmZLr;aRGFC&1W%n$quu9_RA?Fs&letgP!ayN3(-+7RCj_5X7|; z87#1@Oj6nX_7UQu$^8R=uNXBrZ;o6sAI}red37$K0e(w;e;i$9xC4^{JPQ*flg5{9~CQbzHu?&Ew z+g?4w9>{zhom9eL9dS@rJ)>QtfGplZ_T8jm+o{T@p2Pn!R z`Of9z69TTELSX`tF{x)%nG!TddbR6c&%e3Xjj7JY6w+-6zkYwuz`8<+zQ+j+lTa`IeBh9aCrv=(Oj z1^U)HikU1SU!ajPX16d3`~hAGx*sF6dUe&Hno&q*F83Zls4+gxmsX5%A>#P#%8btk z_DEjk;&XlsC`Sz5pei)?%hk1h`nqv=&ioM-O7r=kKjoG9i#nkI-mI|YnS6)7s3pTq zdQnMDdomcljsuLY9$+Ss>O;8sCBQat8C2HgW&{>kY-U0!a*n4P3bS>mbs|Ilho zS4Y5hR=Gs{9}H|X)=UxmUMnZX+&EU38|6$PIPj>avTOsta#?rVU145PJp|(T_&wMl zhNoF|k(`IKwph{8(*HO9%sp+A3-SdWjFONInt>+ z8Tudc&S0h9s=N&Df75q!$7S15f)5$)XHEP29roxCQE@18>v0_^Gj{+}XDIZ$U)Q&@ zGr)OoC`W))R+{+}+l?oCY2==6AW9TU)E_Do>kJeGN`QLBgAS@s7!T&G=#*W8|$3^`JNyPh4y21+pR&8XgX?2 zHcp#OWUd?QibxRG*2rNgTU4e`>dqkqZZ|$q1)wl|pro4`#AVSJg2fNj{Xqn=QV?2+ zdn*GJx1e;351>+^5H@Y7q$j7uNPS~7P3b3vBk=m#b=$@+Xye`+Enb@X>k)EmD6S{V&{E>?KqJ^Z^4b zf#0VRD5gxagMN47`P19?Uc74Y?Ipd{J3sB0o09~HuIzu}e;Cx9SBLPisAzLuZ*_Ip z8#NnEg`h_UP&2?QZudu)cAVw$`KAct)GP|y+rx@r@hAlVTu++qzv2N+k0WNCe{!aS zK9>1HH;BS&u3W@;38_K8LU254fJmb|r%Q2L6g|}9b3FBMj8zFd5FzyYK#0(7J!159 z7UA>*bOI3C{?@$~%)Z_MQ~zVKr3$Qk_h|gZ{cL0R59ONvMj$A&ezgB^2{AlHzpx2* zf&^2cF>bZQcYM3@D-;d3ijY8AD6CP40uz+cdt`zV1DiZJgQ!5$j4;L{tXKzNAeBW# zV?IQbeZsKzdhxE-qKrs#8y26x1+?k&3->}5n$k?l3os`J)IvRPQ^72|-I{p%6Q+gPIhIVjnSwH%kbXLWb8w%Qk7W~aEhBl$l9S$sgm#iqMDy!UKt(4n>ex{)t9j`Rkw@?NeW99-MzOd0 zl5QqUbye)e`Ol{<_+Ol8TA`Pv2`5-~sAD2~<{k3?akbU!w5sIl?D;)p(B!_SVY&)zL=zAhJQ zs2F2Rtmw?>%vII34{M{i_?^u3`=g9XqoD94S5H3(5VWrw2ZX16%*GcCcoBu@2^KrU z@xz5{8${N+mCSx0o=okijZfoDi(I`d%Zo#!83SUMoWD|CLT0%~^`_(aA!BtwBGl%uKJ0e>B8%QAjN| z603*ajcWOjIlN?LU zzH6)+usas8Pm^o>H#Bzuh+wW67>$82pGUL8oS#~zvcY|d^b#_j_lHJB4G@yd+6H~t zFZ(4Us(8^&71U2?j+iAy~6NnGz@q{yg%acBd!xe($< z6cHuiv8Q4Xm{AG2+Z8GOiwda{H+y_h4?h}w;TLBm)Uqce51R? z#rd0<`E?spv7~V6w_0_CE*4U^E^fA(M7Vj0h>o#E=S<&8VNvU77qO_ALa(vt#7#al z(dz|=pq(ta+(116M8L&{y_gsYf#|Hu`<_A{2At3kVv>SG1HLwr#-O-@zcwE5P!ZV5 zP<#>~jCJUy-!| z_l=tKir7K5JJIT&lH^O!FsJANYHmOsVi0l~tBIWO3h8FEwUg7$-q;_;#=m~QHl-+{ zKoXf2kkfkp7vyUPF}SU9W;C9yFu8Sw%P?i#-qmjyRcmI}8_HTjxj>euN1Wl6HNca$BQk7p+i27X-3;Y8c zAulj14r<#EcuMdK!jf6XS=%|s`r0BpO>!BumuShhT~1R@Q+A!g#S+X%*co+M#c;ng ziK^?3uUha1uSKTYb9a=U+1%>#&-^qx{r7tiu@sckfCa>CH8T!F69S=2F zgcwhIUp7<7(an?6EHIFZqrBmsX~u{~pyS6WHeWf1%ePhD#W24fop9vP@p@#VtRMnCemr{uU^bY(M~l{=k0}z`_GT z9Hz}5-E;}JvD9|8&3o3Edoa0fwL%m$K;R%_WpxT*R<~zsE7_vK2mE3O z?gR*_Q-c1CPx;bApom3v39+dC&2 z9ajJV4d=fL4v>}e831^%Y%MPS{kxT;o1?3hqZ65|xHy@Ui=&0LojCyDwVJDDsjhbP zN$`I2R!lx3Fh$-`6%Un6RV+FXH<6l-{2i8D1o^KOJeA&$l9Gr-e+wcI;^G2h@KhK+ zM7>`|*&{EE3n_|-8hzgOEwWwgxIdV9Yg`gKtiH*upF-(D{g5WZuEH7kp+b!0<5tM< zz|i&{lSt5eN+$poYW)v#*VnIbfQJA90eXralr8|A*Blxuphq#ghviE+6!TatQy(rc z6t2fDkw+di5Emfg6DL**5Rrll%*~)y0~8H8?n9<896&FH z91pG_5kQ7x9w7m+;s;buX+}u`v{?YS7V-nUfMrGii>#J~4B&S&pl1>btqy?t0l=aX z5%vv$=nF9Z`}M0AAT$$zD|M|Ua7AB>bw~%3RA!w(DsFkLZDU1_LL{|Likm>fC><3A)Dk302oS8GO3T&3lF0L z01^d3biYN3ZhJp7^dNufMOyDgdokt;6{8&J6T=dF|0D2=i}APWU@_XC6TgY+jG5;} zh&g&xtbQgtVKDV+v|tE2VLq9l=JnEc1ieEP{fmlYLcSUSXBwsbH4YU&Gwgx9R|XL~ znv!fJ0#}7XK9N&~RW(YTOhbnFTF?caH(Xz;Es_5(fGzmtXNNRvN>H7O;QWV1@z!!~ z!ceI~wCNvitXc7&3bLnN8VChrxPBc@S6N}M#tVrLv-JG?jKV%($HFw!FZPFr;a#%X z*dL1O4^=~izcs57+9M%mQ-3@Wv4bRg-fqhG7MiAvEy-=v3w)M2e>J*BgNThS`*-9{}ijwV$Vv= zI;eg58wch(&QxWIl2elnq)lnNc zf_grGaX8$wcqc+W$;y}16sFD*TH#yW zTZ8_&wSC-3B~ePB)|wqVlKz+e58>AH1Nu+Akl_eRT7vA)D4#6}JU@dn6iNx^q6vo8 zS-4qGG7d8_GaWUw>6+;L@DfMgr^=;LrxMXIt5;N(R&G|JY20XxsmE6ss`=MSX|Sv9 zR=k@}tJ0{<{eGfGq-I&cUmjj*S?;JVTpXbD8i}mauh6e7UaV5^$7r`>hz!k)px%pt z+!np+r+X0R0QH}V6+aKU_Ka8J_GrP%ieJ3q>~ic{^{O{17Q!gI8O{$mZc6VCY0J`Y z0-`o?FTU-3BP!)kXk|6mx2;S|Pt&fFsZyzuKI!DDJuAyC?UZcSc@Dx59hRffr;)ad zpG3+%R9jKoD0^S_Nl}mwQp;3nTSD}!UBa{5q3k>(ugfqnPr5D(}tNN?` zQyE11gEn&g2TJ6%50jq-205J_1&Eo4*RE8=4f;jIOH5Kt(zinsTW17{7NlaOFk`HT z^mi$D?T74#il~vP$*JWPj}_0eR25rGzm@VU@GA^Yj87C!EM{_M3$iY;9cCY9FJ*(9 zjdi_r8JfzQTFhnZ_H;{i&YLf zzG@n2s%R$oy}yjSR@-FXA}ROB~?Z;DXDi z$+wv`nR71eKX{vV#B8ZOg*COzzT1Q|_HDpAS1o%^+7jQg)ivZMB05q&c#J7sh$)+B zXyb3^o}3%R*z6LtyI=4O#U(X-s$p4n7!|poW|5toVWq(E(EkBjT z7F->mEUp}6*?9Ps*^D_+t7hqUbBSl=y~zc>(4CM={;trj0QV-_rjF4#cTe-*<}u}d z$2_AjusHB5^as=jIs+&Rq=K_Vhzt@9(u03~@bM$>juYlvGry}_ITMX3Xcfg1jSsE~ z-tVm;xB7dUP(yxym@%0+X^j!~J>cKsG>XZANpyd}2b!?(Fs+}$aZVB1gfpz^oSrl5 z;;vwcCy6wP&1_3nWnK`Y94DPnC6kT7Dt8-4oA3~mh0gebcCNOpo%|PGCc0WK2fHrt z%h^r%PVNrct}lKD^Iroe?_ZOBw_#(WG`XZZw;lXNa#>NSJ=qr%lnk&L1xb; z$k)jll9ZU>ELKUbnA~J}Y9ql!)IN%~L597f!M%-ewkK#B@At#}Pu7>t43xE* zb-;}#Pd{^sgzzGxYH`=_)A4}IwCi5`MB$F3-I?nt4HZ=btv{wLW-X2mHW~BuFw!d1 z57IFl&{tL)(7~DwXOKI|HRkjQ+O_tOCh^vyZh@8#^Rki234USqV)a|~Cv~p#*^Ne% zr3Z(Zb0Xi4JC4(ZHNB4eSD}%vH4Qio#RZE6^Jm%T`g`Hp$jYOKv}b#R8YO$@vtfi; zgjbZW7)?v9^9#hYg6gXAi}WYb7{jDpZ@CwqjObkG8nHP;J71k7y!Vdo-+}K*(D_z9 zVtlK&QRYZJh%JekZN##!v!t@svYz!!_1cujg=Q9yH+^2D*GMsQI0SUO?1lF;Zw{to_0{p%LD>$U#}r43&x{}YiT?8>k4K1?cSqRe_2{KceCo#(bsqj(;oDd({wL;uhlP`+$(f9q zU+LHB$=&vTC9lUlCj_9ip}rxKt`RSGR>ND(=d)hVbx-1pA~2@%o*x;I7HakQ2ckAz z_MA+RoD4-o$hdhiV`p6Z4|bZ#s44;gK2!ieUhsrkb8`RIR!QQE{vHx1s=IfK6 z3itEobsojWL2JYJL~{W&#jD|u2?!=b{lD{0IEO7g6}p0s@hN>KcFPjdG3(_bps~5c z#7xXo)kRlTuF{m{yQ1sjS}p`*Vb|uF9CE(F4@>m)Xj4qVWW*xw?vU;N@YEK$s)XB< z@J+8NOlq*t#@4w3J2rMqowS)o<2eW;$KVD?3T%G`O7=ICX`>D3CAC4$^MN-l{1+{+ zS--SA&yuWJK65Bm@fjI(UGxkolAgbu&Q&H$^B&d+u|yA=a%E2?G9frXXJ*(v1m;kK z5$8bCt6i9yUh)1bOpPVQ#l>Z1dJJh9Y2Rc!j9UBPqtTpla{)#%|#ANOqsAm=n231nNi1Pyl%-R;0|xQKqL-*Ws@f%)5)VaFq!O z5mfR}vQR9s4)`B~PJ7Fdbzo+2%Q-2e@lemxPWWjiK8{52sjB%cFVSLjYO+TjMKr`(ZBh@gQfc#+!4979SoJ zPBKw}nu=;Q}XTmxUo^I*sD(0)8c*7NvG z|DU#0%CUICr|9jk(rI0HqnSnFp;(N9EFryHF0BASDz0dP%ym6GT~*GR_OG#hw$C3_ z2Gq}8c6UK3ijRif7hU{D1}7e^6>H)evDPtY} zp~v6)&{UF8DhU80eZ}A7m5Zw|G|=%3T0X#s#&I zUaZAX-TJi3a3q`@)m|jjK3<$0=Sdz*30cLzpHt@{79D@F5Ur6y6KG8wwe0wAJdQG66bJ=8~qgAW9t8e>TNxa^FF2V5Q4 zMjuyBHvQ|tmAq=)!MCi`B%EVN+NSnA(*@O+HZ5*?UY^zUmIDD&=k6@;V|z#a2kw z^S``NtMBH~xLEiceLtB*DI1FQO-4U8CMenWUP;({Qs;2q#y~e$+SSY2<6?d=tVjVl zzh)S5zG}R}C4BUYq0RlYZo2MT0SUiO`UW?<{Xg7%aIJ7}dNKKu{)IEY?O7ah`q<3$ zcMyHWoX&*{SBt&_Xt=79L<3T8qnXa2CKkMQQsc>YLPSWYU#r{Rzw3h0df-#PV#h(4 zT~YQF6own-B@m;c=rl@To|RmQuI?VO>}Wbc?pi%FTH`7cqntIsNAqvYVq8_vmj0cs zQ1Pm!2ji!v5;NV!xz8KX|I+M_GCswKnsHaV_G#&I37Ms>>N4(k1xNshp!0Uc5Iw1K5YG3ddExUboN)uwfk*lGRqa6 z#IqBoIv36seTair$l94(>lr#^SSh!%vf|21!~bZtv5J?qx2O`rq}4fhbnB(xsKLAP z$;`BF#!5j(#_B*MRHt+uO3iSn?u1!Hct~eySjm^M)Z2kU@~p8^Q4cn>jdjuL))w;h zc#N*;tds6G{MC)uM1C=|zC4P5cNezRt{ah3`d-B!0!jWT79X*l74U zT33DVwEL@p>gwEH2tI_Lk`|H5RNNwxsNb0xgd98BGR3xkn>x$xx;-qyR_to2oRiOg z99y#fcCapFohD?B@Kmf@D`%OsXHwWZcIr^GxSiS(luSuhz+5+D$CYh!>h2IfeB@D) zHOeE;lC5ZwJYvU|JpuUcy(i-@-dS0ZRce#9S|uGnKaU%0qtrZhb~V3zqF_<4%~kT#=r*d*Sb){187==er87c7;dJO4H`mOZ>w9zf!AU44?+tug-q z;TS)`#8>N0J+@KKm9MJR!X)OkojnB!@-WQIKTy()6nCh(%?aldG@oZWLmw6CvjAqO6$;Z5ed04&8T+ zhZOiF;4@Z6H7R#0^DHfQEf*=?8<&F;5){a4#ZoQpdceW%=f&w_-~O|2YbY1JoyiPo zvb{Dox#B|%jZDNiJCl-(G38)TX)MO}7y3YVjLZivJ0Qo>A#r#BVWXKS1?SVIY?_ob z-}pTyh^`^uwK|qR?2Am#oIW4Tx@{v;oO6ZanAJwR&s$%IG`?QQ`18`CGWyM9$TOZg z*5~Am00*=on)S=(NpiD;af02o`acW2iv{&twmcolqP_5)U8QTWbEaGBDBOf+<>Gt< z`;HCtU#(r3hd!6wj&u|I1>~NU07>XJ{C?~=sf~yQh6jg}@NZm33zPDw9Y)3EOKF!% ztahLLBLzYSpBCD?HyiF+kNQ=UV-&f-RE*@^`E|Ch&$e$b`CzES;pQ0);D^!DI}<`s zO~ppN?M0Ka@Y|^oX|9k@%dgt=mlbyRg+pTZMhHfG7YENNI!1d@Q|W=9#zN+trBWUT z{g1;kQpe}LxlZ5i%9@H2!-*ekM-D=QZTly~d7S4Ubi=NIQym{S`BO)tQu=QT0<~=$ zIVwsTN*c$FYL0>$C$au{vBX@B;|3Y{rb-VDxMb>za81Hb6xHuN4+}pHv8jcD<$=x> zHO86CEPD4?>39-;gf(Vu*Vtl9SbV?%l^eVEDXKf5* zNHtIg|9f)8|H9Cy0nt!Di--qp?LfECeU{C04MvUO>-F+kQrJ!Rqo`o4-=EDqP~p#- zYUd*Tij|t%Nl;qtXpOh~`si3=Z6&yiZ0QjUP^53wHf5bq%#78|zATm070lP`j8=J%vV;q@5)E3d;#M>C9l?o9tovc6bk9?QvTaBINS z^GmPPMo{e}^VrU`8m$x={6&<)IMa<8v0~!ilGa4y!$zwk{SNMs(?7qVg@NYXOheK9 zpC04**=TV@%NS|>rxi%CN~ItK6~gQLdgEieOYqf9KT?rVz7f`S#hGzy_c)v9_G!k( zjc+eAQzM)MRst*H zVto|!tZFBU7e#AAO9oEHn$m*~1xmVyMf?0nd-7am4w`kJXZvrmvH%fOE5g@@U1b~F z6I{uIoU&3&08Y|?B6af8iSOEcSs66c7DRjxS;`OnX1(`|O$tFyuG3+Xz_QX9TP?O$t9*Ay&^_ukYH;CtZM@ z{IEhOx)^RC3=rZ3TV-IY9ojF%d=;PD*tvKGuNG$&MZiVR5{Z$Ixe&z!I zhtAvHU^cMvx+(=xGEGJV@NV5J#4l(7Rl`85jW*&)@ZC-bgFB}=CHB0f{ z*aSj-t2Va32zfbD7GikyGLzh?SDFHghyM{5Qj>lFAWfE@v$wTXB4l<68Po ziPzor_+!qSOT1uh2C|^W?^^%%nXZq&JPM%O!Dk`&P0#kR|H4eV&g$R+4~ zyqK>)dd4Uh37!9jS*WsbTn2<2vMo(!|EseVHMA_7ay)J1gGb_kwOM?y!;W=~`8mww z(+Cmn?1;zIa;?$X&pdEAGhBL%Cs^hvMWJKeB1@vJ#u{4M@>yrL*X%%M@E=EZsV**t z@zo?%4Bw7^8@)cP(m+qL!n=j{P{1cAb=;`&dS2`PbE(_`tZej*#|@`Qsa-ltKX zmSURNKa4PsG859?ZPY2t830@Mj8Nk879c5A=k1Q8aLI6Nb!46N#qL4#3Nnh}w{CyC zHghtIr(F=dAozms$dN1h zo&JYP?L~&HpK&GA%z3FeJEfZqQMw-6Y}4J6M}9PikC)NtA2z%KW7TK>qI{3BhJ)?8 zD4_sRq_Q@}_khEx_N>otP}pLZ=HH%*H+I`>o_jsl7XcK0LJsz1HZ<7gW_f?mjS+u< zEmjK5=H|mPxfKqKy8bp0Fs{l1#{b2rt$F41C?SSQ-g>d2_Y1|yOnm_v&28o9ilZ`R zXu^@xg`HKUFVc+>si3b(OU0*>szqKLFmmTk>E?{x%EN$Q+Iu6#8Plr7+y+Ks_CGI> zN2Kp8-K?}5g&sw@MQI+h&|5}s4v*jlT-l_TW6E4UE#QS2P}ujn;h_8|xeuJd&&Rm( z1%e{#V-mrilfasAD73J@xLsyvB&NzoNiAkd=XEMrvRZd>f1X8&&;w25-&`&ekz<|~ z*m4h)H4Y$!EUDl1&N@pzh(l*z8=J z{-uQgD6_lRWF|(3Jn=*Iov?P=O!_Ax4Y+EbPa=qZev7K}zOhi8%lZ;mSV)mQad#;X z%<=Na?A%*UkN-Qw)Rx3Hp{C{j_vDiSTe8C2y(W@OACGa5B53fQd-zKZ>6%{sBssGo z@%e-#qn%^cKkZ>tJwEFDwXj~2f07rQgU3CC{7x_S0m(0q(KuISTe~^XiMIR4=4!xn zv*l1bNH8HW?aOyn!9c8Kui0YRPtjC+&5!G@N&ff4d;C8w_hPFBeX-k&s7gu+V_(0- zsolK!*Rf3fNE$gv-c%nW`$btnc;iJ-Q5EJ&!&Z+{Qri^v3SqZVOpS-3#fPXd1;nRv)eYvhHCn`U>nAS z>RY3etdwda10e99QB)`Z4jwSRb_rr!8wLm91o8yDd|r~wg&k??pRPe`unMHLdGVhd zg`aQFe0O8H?Vm2|ixFq4w3x;IdV>9zj-8KKA7+>~38feEveed25ASSLp+e#`cYk8I zs6B?GOFPF^pvsvRj#&RJDRM;>d_AUKPO`g0Efm}eaVTn~iavH6CfjH_zS_^;8)f<` zvF6oYQD>0#R?}`g$)r`G!jT8Ei?%v>x9l8<*Ri*$U98d=Dpvr(c22?PgD5Lu@S!Vq zLT<)dHa6EayAB)A`{z+1T+PE&LAV*A`B-G|Jmz1#f_a^{3f4`Q;+L;SCU;YfVo7ox zIS9wb#so=}qme0IcoZ`;{m=iNx(*{Xh!+aD#OW?S{vO|;KG=En90?Q(XvdNk@6Qtr z(<>E29nv;6Ei7E#Xlh=1S-*Ofj9+(>kGG*wUxNdTBPReN0NhAY#>Q-J%E1WvIX;di z*18MeM zY?aoO=qGv2bi*oW)1;yQ=@5}L6(!{t;eZZzi=(*yMxGU+V6w!~X^(bJIg@4Z2u#aI zM|BLoEfq~dt9r!u1F4tMyc&COSE#y`)<8;HH%O~BUZ{xN=jlpS02GYfeR-;hu{T5CJNJMrZ)Z)$--RyH|OFzC$Wg3~51WL9MS(cU;-HWn->8 z1DO|H&*zuhqvr<6KQSicWmwS2|6@2G5A%ofWm%He*Vk=9olTw>n_h!tsIzc60^Zjr zpzgT0U7)0j&)w-tjUIPMFPUtTT<^Y{w}xCOauO?RZ%STbUeb^E3jKD?Ys47R{{Dg` z^A61?vlY_fYHDg!vT{mFN{Wh#3JNLaI$CQ#k;~>*3ZUgM-U^mtV#ceh6<*On;^7!) z8|_PH9=qORSbKG3n+kMw3}t0yu(=3QQBkq7vVQv(iM8X>8j8h~KDObAgKUXL)-s8kZ_~dLWd3%k2asfp+)FI)ydlrQBBaO3l3~2JZ(M@Matazc;ha$aI-ye zFZBB$_2f-=Z*q(q{9R%%G=q*IbfDEZX4sJHlVwKxQ+jYSowlU4=uk`D``54jC1>(7 z^n=+H!o*sdy&+i+uh%pBuDyDAu~gXso9^dB9u=*;ik=gwI$}Pv)hagWN>YnBWd|Mt zV=Y^=dC_mws=e*(FsQ8Z@ZcI2FFgF&QUOb>Fm+hx^YcCEZPEVp1oLGkZ;^^X;2A`8 z1BuW}7ImklPTz#yLGKtZ?Yxsz2+P=`u&zi&-obIdKHV_Z*ZBk4y&j;Gf*;5}Q>6MOCgfahMjI|F&#nCLj&HF(TS*?cPFPgkk_E@Gqlp z)0T2*j1U47CYvdZHw+O-bd+#WS3qd!;Y0uo{?@+&#GRQ!u@d*4E3Z#= zavEHj$8tTGs-A~&NWNzr$jN*JARoWp#yy`MG;loY^l!e_4oH>~0r5^sRo6*$ZR3+a zNDSX-x#h2W}Zp^D` zS4S%0jNo#BpBo`y0;SlbB{T~kaF~-@24^2Rz(Hi~|c5*v5`9W)L9 z%U6rkHntY@vF@AQ*9lOy&LhUD{mo`%k4`or`imn*Mu&2+0nX2wr=>E)z@9Rq#h0bx zKPD)6J`8&KlRoEj5eULjpCUtUnk?DAQc=OwkO;&Wb|RYWBtE;_*RpSC^W0ZCCvTy z+TJvOTEB4m{FOn^J%dBTa$PgvF%vY2)C#O#v8?jW?C7R09=z&q>f}b35^62607viY zZED`N$bO}d`$CNO1!&EIyT{{U{vqTPA>BHDmv)2d^=(yw)H@B5n?VvkHOwh zBNE;9b)(r_WpIl6W$KT1*c&m_;Aynr{%*wvmIDMaR=HN6TrRSf%h>+8UHI&KUe?uE zfYT%|XT^QeoqG2R83BMx1N>LQFr)6ahb0ix;@CTKl~FT>p=6_tx+CTO?w6KcG?MTo zwcT5F?g#v`vc;n&UqbbkgKYaIIO?`_CxUV&Q8Lo5KUdt?zMCBczZsf zo7y52X&*#fzr4J_}nw+se-9#rs;3FYR}IKjxTSeCE&m)-&}-ACXW87AWDdN}GeQq3^K*2^_V$gqqNcus5TGD{v!M zDI!lb5WL zx1e7&$>GFgy7QqW*N4NJ>)wz+=5znD^Hyhjk~6Pxs7eDXNZ^{dhq!n_Jdn)3%vN)# zLz3Q)b#6VUXMdTK-t29R9x>tfwf1KLCB6GzF!f!Ua&8Gzsy9dJ)1Z19rD9s9lWTwX z&rK?Gi}j+mA}tva3IKLwGZp~5XrOr(%!Z|zR#P2gq&%j3&xW4o3k(r^W9|4Yn{DWnV#gH=8(_!^-n&VXd6Ui{*L?`jrRjoau5K zbT?M$>Pr0XK6k##=C|kgCwWOSY7aGqv{Y}Y{6-JA=3W601*f;7D@P##jhPK!0+~O> z$}ibIfbhcKwcdo`v1?8#kf!9mA+Ea`Nkn_TJVZaKhuFNU7oe+W^*aU{iZ{;m>N z0{huxIL&Mn_m=m-qIQ#YAJca~0ox(u!s4gGj0=K&#)VV(Z8~>#mG5Szls#IUg z3~a5u*0w_`rt(RhAJ8z9Gt$|brQ8YJtH$L8V?OZLS#HN!x`Mh?KKS!kNG`Z<>V`)# zA2rL?#*BcKq@scyBR~b=)w71SlYAUOFg?plv{84%WctLbRT7%2P6Beg z7d^_*G;MSj&2E>-a;PJkI8x{VODD(&og1(nK!@CdhOB`zt`>uc)pKSa@5 z84L|S&wpFJyTcgyAU+g;L7PW=rQ=;-5CX~`hE0j}@nVafIHzR7WI4XHat^On5$OJ3 z8gGFSsekA7@(8=7?X7oe@EG%Z=JeMZ9aAbq%M{kT)1v$4KZ9+nSqA*g#7!Ev|7NOu zNU{*X>3E~B z?2X7U;C|Ea?9P7S`P@^ugQ%c!<3#(MnV!$>a5cwhV?&zbJ}3`hb+EVZBu35~lo}YTXkTaY{YXy)?{CFJPxk|d<@zXs)AOD!uLu)TDjJbwE!mG~e zGJnr?%5}O9GB1&Fy*NwDq@Y{@Bm`^#N}OhtL^p)n{HMD>!oup#ENg7PAJZx*3f#MC z1Yd=LtIqcztxd2Vxc%@|8D<>wYo6~Lc+Ei5Cz=4%tqIbx14r;|mY%u>zh=P4&%7qc zfYa3mHap^(qfO46$ib>x$VoWHhnxdg9813Lb?uv_(__iO!IUp#3NXD@5`;a}&~)2W zx6=;u#B$5!SG+}1MIk;TH)EsS{C>5T%?;cnq#nDR20q2f#9(#wbIX5gMOx;Ap06l- zT+fTxHH`|&rz>u>P)ly4v$eyYR|rDFeqV-eS8npM48Z4?xpb|KwK=Va zaD0c&x7!BKxRcn2ru!vXGT_ya)1#38-OKz@yrhTsS>=+C$AydNLJES@M~F6H>lP~T zGEWo^0Gz);M#~)EZ@ghLuY*zG!~KAyfm_Zu_V4~+3j8*!UMzCI{@)Wsfbi8+{==%x zm&YE0P%9cVhj7fMo&vaGMq!=DTUaF2Z`T#Yi@VLo#SLO_CLwUk^-#M-Ob*NLO)P!L zl8Ti7F0l3~^>GdYq4@-AgZO?$*k_)4jwE46XNo5Z=tOPCGy4D_R4;{QD##Eq&fyHl z@9i5j2QH!HAk+``7oL+Ll1&Q|~uRAkpP%RPG|)RR1CA1JU!Q8NG+D)@g$foAcNz z^y=dJVCEx#4ZVku@0{nw3t00PEK0|Dq2Uk`OVg_uO-jTxkaq~Ydn6u%^{HLHs($GA zE$j1HEYe%NF!ZK4{SLez#etp87)<|-za%!8H{*o}V+uoN7^D9;O0Bk++45bGE0%UV zpMx`oK){I#H`?l(f!Ai6>EShLAAk3A{w4e8*B>iSc;~-`y071|g_hf-K|Uvo#5foE z^H+zaW$s9Tb+4tE-|hpztnGHDF7I>_@6$|a5??81noxL9|x#b9MGX?MCn3xt)y@!<@9@iGdE9u$) zeGt1%-haM@%_8sFZ*1!3dRsV~zU=LO%Acm{>(rpVa0UVZ`t;0}E{|>~U5^XsphF52 zJwyVq3;}P}L4clp)lND*F_>^cXE5pVBpqWH_U_gz_+pE3HZn3E8!_j!X@FD@o%oJ( zmC~OE;$4T)r}VE6Lr8%tYhURlDH3vMPl&j?8SCxTb)Vg=mTOjQo6mh%gttg@Uaoih zJ4^2!hPr5KFkg`kpPuXdc`&M@ERo`iZKp{Y{g{^r0$GI5NtX7}=apX^^Rqn- zHhU&rJURTg?6=1Mm;oLc`E-_`_pc{LUQh)iZ6jU_%?k`+d^pGlJ!!W#b8~@%DKM{F z0#%FO8-3NS~6L$$iZ)|3C zTY#z${+sQVliQ8JO(cNR^(!R%wok2$uFe+%IdXJeeVVH34#JPFb*#qe(uTZc9^^c9 zr*yi>(pq1bG+PWGyT%8s(8T4JD6R| zWW1!5^khF+o4n4argE1O$SdLFRvHboJR1Svw3Iv+KuQ(m|GKLj*LKG3$_4+S19*(M zj1FLNnLS;YdfP*>mAxx}x1!iwU({gtwP%Rb4-P=-dz^1b@73XUEG{{z(Opo&g34`|(jXyG@OwA$y}xvkjNyWVU*jB&SP@SvD` z`dch=8q})-Ay3geNaI~sDcncmWe_N$wzrZ2U$z}s$+ zkkfptZ@&M?sEZ_<=h)v4b}&nMzQ^(%741*kpBu}wS?*)%?Z!oJ7O;QJFz{Ccr(%4r zE`-JF8*rTetLpG?nL3@dJU@vo3Tj9KL(MydLf#$5sKly_W(?6Ts5399S5~Ch`W|@c+SXQP%%}ItnhJ5V{P2 zF{0Lt5^(SmV*jg+P7B_d?U@g9%%(sMb`#Pkq_wQFaVGnZ8;!W0=(=#i{jYfZZ>~x4 zOCVV~L&|JrC7q;7j8qXNXIG0D>PNAE-3pi~SYiSs$`%#}z4eQ>lA-FBPTbuK65-uY4slfa*ed(YaayKq(OK#m)3NNmZ~M&h5K>^i>LM-t zfH_o7&9fiFHX*x!T*-$R|Fv{cOj6~2jY&zw7 z8QL+I8_>H_Vy;qjnSTM@DH%$U<&{Y?yToGI`eo|nF0^#|gQ^8xur-bh9{o6u3Axn3O zF`v`+Q`~9Eui`oeOait6JFclb!FDR2<9nDm;Pyl=!)-}wTQd#@wlHA=H_2qHr2jV8 zQQ4lvKAM@%&J5uxUsCGyklc=|&mX8T`P+fyJt$udSLUzcJ<{>bM5sHC1QV5RI(ml} zve-ABoA`;&+R$)w`j_}{JgKnV^6wJ)bS^FBHQbj-kGI0S?IBcUG*3H%nm9s}mUn{< zlBT1XwZ-Z;Eyo_NQn0uirY9ntFR}ggI*6V5Z^TLGKe- zNE-?5w|s%7dE~UhniN&JrKw<@ld<o4ifcPbUa4*Z3q%wbZ{ z*id(Ol|s64kt)|^&KS)^28cyaQ#u-s6lTK0Gzz1r2EEbBk>EXSBzebmzi+j>ej2AU z)Pmb;=cVrV(VfmgbG&u|0RA%f)-PaxHlx?7jk$xYG^h}KefY`>3Q=P&GZcJCUV(Ob zl{v_=rhKuIKIffk!{FRvB7eNehoF^U(!7KUQ;AZ#zFU{=Vn8N&yV5~i21&H*C>s3m zmIr|G$V7+;Vu9PtwT{~REanmb-m~W(=Ey=33jd|P!A>u!?e-SuoEz9rkb$lS5Xi|g zh+mwkZ-pd3vk3Wbg*_o*?SaFk0!k%LwZBWjRQv){RvI22BPwEQPn*MIHBv9Notd^Z zQnk*ec2|+t$LfNV+Wf|TQgD0(*^1mSGDaY>LEana78VS~bcIqA%#C_(C_2EiEO!5X z?ek!R+6uF-h-~Ho9J$E%-iocRqsGa6PtK!*XZ_cgX*9j=NsN>fWlda36=YDRhe-D# zHFNlWa`uhaFJr@ZxR{!_<_B*A4GPQwm&5W4KBbH73j|aTW>vIH=uDC-)Xd;NKw*GF zw)R#xmm3@dtsZ7_>OXKvFZj<#eqjn?Aly9Qi)#%NWCZ>w_AeRsdi$r~TInIg0!mkC-kdPyTI#GDkNg|P>q zab2*LgAQ7HI*NaB`)5UofI_61ub#JI|6EN}9vkp#Vyd4eCg6Xk#^nAAJjkejFNhoDSOXnYkwoOmU%cF znHv=N;Wm&znfurtPhHdqc5bLZO5~m(gsRiNB3-P1_%S9^zr2voga}W6emSC|5a%;P z!PJaG7+MKR`V)eO1h|&Ruw%UJzEVd{TThY<8BQZv<>f-3N@N?r*Je*-0Ci&?u8s z z2X>xidTMO0I1+^PjPhIvUoWg zMBs5HhWAFHyhYNt-sT{H>}Ql)(nqLXOU|8n@G}S2VtOtyl-4VB<@g zQi@u=O?6t%wC`Mx*m>@vu6-|`2R{MV$|VE$L}GBq!kY~ws%`6 zF|q`~YOscIep%qO?Dv-X-Pi^=|9{62W$YJecA9X9Zfm{}%fu*+lE&Xx^+WFpcBTe! zo5Ovm7qsWHSps`I*^wy=Nr=BRyf*yITB4i*_H$ zBA>g4*9sa0BH=1ni(j+)4U!Jt%5_yFpxsif9*-M;bY+oNN?q^J$%M!fhLpLG=xOt4 z!uEM%dILnXD3_v@s<&^hMM&sFX_^wzl(@Pf7M>WzgqUZFm(2kgNYmcbzEZ56>W-BU zLamM83HUwiaBh%;%;trF)V}ol?BgXwFs^B6$HuW+I7+f$8XxW*#1?lU7b^j2k zz6WEtF1i8yP8)le3Onw5Sp7|ixOody66NEHHh9tFVRaPqC{_l=+XOV!Czu4+HmYc}yID8ai6k9=|ZGGt%>T80`e4EyimIuSzR57qA zWC!ogXJW%r8uJTtt1XH=dNMcd z2pHm+eA$Vod^#1`+n153CkSQc8X#0;Uv+EsaZq0W`)cd?-RXydh|fHJ&cA7;c4NHn zCMsQN(u#oxJ3-ntihNP2nj1Z#$q8AEPkJ>lGZFW1rXPFoS0i@#J3YUwoZwC)c?w1A zUl?+j|7o~2^{~kl%Q`R1$`}8ghBIP?iA#9yNyPY(wmJmQJCS7zwiFxyXRR!2$5s=v z*Xk9j+~Z;VX1#z!iB+qf#FZQewJ@|2X1N#TO%&Ig>qsZ}XBTSvc3;}sGXZCTseNq6 zS^FD%_2A}Uu@(0}$F`Pgg-@xLzNeNnpM35;eqepl8@m9Ln@2eRWLab|}-=aPojIH^zBA0pQC zEGd2qw+fQ+_t(*SYrbh{>c_IedO6731Ugk2R9<;A+i>?P=KTjObT92E7`pR z%BEj`)qtWJP}b@b2s}FlfbjqK0*hL}C`<~#IRRie&pVM6HNt!RJdLJQ7y^TY+g@E> z{riY?m?sx-}-V{8E$&6;8MMRl#G z9-1+)zWn!9UM}&bz>`E;IE)3E{LONzALrx?k$9r0AIRi9{=NF3#OB(W=?S+1SS<*6S#4D|D`Rq)bI|Y zYw+b!w3c_ZfY-ijXC8hlD{^|vy&oa$48$WgH#cLBNDuG|kB?m8N?`=Y8~# zs^m#DG?fYGf^~#PxMz*A?{7$VXkg{z8(9;9pn+(kL!6;-JbDUq6l#2Il8^=^!6P$; zF6M7%0??S~B;@o6PMYiw0nMcLEIVv>sD_ry zBGV_%6kfa@_Oi&y%OEJ?>NtT%g)%?E4(P0qw$Shgx6u>WF^b*1?-UzE@1fB3h1}z( z%@Sozvagy3sUAMGsp4bzwmiU>*=kt1eZflPs*9KSEq^>zp^fAM^GsR&TJJ7F%Kq4x z9um$vY{>J@yrC&&1A$S0nhkJ-rem4>XP_-&zmHA+^56d(JLbB}2PIroDwd{8`4pYC z9iB}}u?ef8ckuaKX#Tt(HcG>9TwMP(v{VPMuJEdM-glY}P5a9pQEXea^ccvE<(12< z`j>~vA%2v?8I4tG8q;9CV@MC%Ax(5oK9U zAzi$ZzF<}+sS;?=8Q9vU5NmJG=Y*iYeKfue87jkIyx{OeSg`8H6kP2M9i8pyR<>e6 zNxP#myUKB7-r1JlTj&tSNKO7UJ4o%S|W^5w+P} z!*Tr&e;)MN9 zb@57uNkNR{Da|jZkqLGQ8a*k-pvwu&43l$&=i&GEPQDnK%Xzy*w-^Atj}S zf;{_o8&DM$>QsC;<@S zU@@P|}OzZN9u<<>|wdr}w_Bh6)_YV24GUM(??77HKN0~9zHCIptljwn*a*&kautq=Um zIBGt3B-Bsi#s=wO9bPmGkB_S5`arz7DCCxxwnPD=`Ls92vN)lc$HC8>W4zrYC>ocN zvTWesH8Q^aTJYvED-X{`jUeIVT;o{nU*s!&t(VrKG(dcO#+x48sWcrKnyIGx1@%&m z%i5Szcl*ObblIlEv81duiIqKvAG_A?=c-rMgq3SA)Q3d(eqX=x*`NV|3^wu5>K3Fx z*dIEWlaeeOnPLgZH6v4N@P<$rH2jP@4kBqd(P-^uN|s*Yx$Nf2UKkc){Oh3S;m zv}F<6G|2m_2Uh&-H#XM>6s5xSfxq=xa?Z9YQldI1)*s+t^tN&FrwTMCTKr-H)$1?m z+jD9=3ocnM)$Wc%*cT$0L-IfSZN)Sn7=%a_+s)*!|FrSTy$7~$Q=Ne0Yj+i!aWuDI zLP|8ua|cm`@aVgFD10VPWL{X$HPyE0ILXfbYObz z))Sq8HEKyt|CA*`k1O{JU=4^+<9J9XWCxuc+V_X}1G*p(_f1n;$R!><2prjHE#*fK zrmoou+&KCLd~zwy?{^6&d@FT~y;!VO-dekBP*k-OXvFU0imsH!!h}yf+Cy*qiV z_AHYNTn{q~f2}Yb7OSRehJqT7#3!F~{9@5~YPuX@qD$9%Gbu#XqWZKLNj@x&#{mw&pEv43k$+oCYGn( zc$!`TCG1=!?CfI0gJOmoqM43RrTcC@D35e-vi)j(I{p@0W|A1Ye({bQkXr@ECC7C`RS;n{gnl9CM`R2KPgQK50cBQxM zY)?MlV4E?y4*Jnax8$%#80S}HU9 zGD?<{;2ea)crap>H(d-Uij{XheZ!HA9coUnv{2(h8eopS$HQNh(qkP4KAgt8BMS$F zx&B*e+II`p+2iZ?z7yCjU{QGUrv3A{l;xq*AN3cy>bQ!Ezczz;B479!nJX&36f1@# zOt+!qNR9%YLi^MwRZxKK84f4&oY}?%o*dLnr|#}GOk%Y_h)VL z&l}DEEg=QpYk~S=^@F&8P_cCso~+xdFGM+xeQ^f7zjUZH9lxw#B@%g_nl zx0I2=v*IvWi>C)*MCC(p`q%Nc|4583|4UcObq{NHmZUrpXz*4qQciAcK^v@q$7Exa z6jYUfN))}TL*7DXn&6=yz6S4-)$jno@uNmBzkY)#m-bew{(u%Us2#C6`dYp0kzx23 zCF5rEJ6}-Bvu{AFG*e^wW=?-h%dIyRfTr+@h}iy(xkvkFNm8YQ;v!cgKxKswiY;F$ z0NR?BfN#wI)QMawRGr`5pZ3~TAdoJf^M0Bww)bogP23M}Cz6By{SSpUL@E zplXSVx8+os1;Lh@Xast#{nZtEkwLx*;tYZg)2$j)?VmA^6ne-Lr{3mA^b{z+wX_&} z@1WtC%^=?YQ3Q18wp|W+mZQ_6l#fFv>Q0TD))eK ze!(@&%Ee+Ju2^ovq?As!riQnAarxZY&)8RDcYN*QitgztrX@DAl(Hm}qxynQ{{bg~ zy-1zc;$P6BS1>Ie+=Ucez`Dh);(KEgzi}G$LEvc@3 zcNVuqQ(8fOZe*;@poeoD5W}cDdG+SU?V3?e*ho>FM#i{{?`R?FhDN*hn9j18f*ZL zK}j|9c1)#2!IFY>w%FV`wD$~hXKT;={v&{5EUaVS4Gjl*?j%pKxUb#-jk@q2iQ6Oi z#c!ACKX?`D48xz;+-a#)Jbe@;n>%E~O>yk!YN6L@Phu-V!M7u1#xNRRxCtHYO|7-W zIhkrNIXPHm`Swrid1(h|J+`T;^GxJ5cB`cJi_0qq>5;{#dq6pLI$zdP@xtmiMZri> zx!cC@%4Tsnt&pSXn>X}p>m>IyF!s$<8O{kOY@E^llTvS>z@^E<2$N1+pSHGd;TkrW1{;rc)e;`{85>o3k0-z>Bm=+YlMOw_xeUr}W^nWLA`-Rj(GT!miT62FrLJsf6`AaVJ`Ad z#BUFBT3N`>BBpH83b!bkloCQn9nvaHcnjfD2k7Tvb|213nxr$|WJlx^fKzN`?;3`P zsS>J)O@VWS_ogaCN{KY(~#*%}aU$}sXO8UZ(LU@a}LT)e@NyWy-G zs3-9GHhCAqF+uN1ImdlX{47o?Cs%=+?D(U?qQGLp;=Gu z2|a(2Gne>TY{VC+zTvBNt2ewqr|tGdM?U{F?Jp|74d)?%uZsnU=VVd>O@1gy8ma+t zqMa*N2qO1N7y12%NJy?ffc{_i@-q&F{^w5~WyQ9AC=fJF?-&{u#kgTUv+ zbZ}UPfzou9;0VL&Luo8!^rF{H1voii7UnSY-x9y!43N0r!9=04crs87v_O!IKiUIb zFhKb*x}@a7)y=8g4UNkS9x~W*Gxmh*#PQ2JDO4yyuoqe^(Xe8O>$!2vNZVLK<^735 z<)ML4CNwOV(4sILrc;=L4w3Zl#d1(l$s0A$F_ITBFw>BdGOH+IP*8va6{8h63^H+$ zMdM(1e@zfu(9_VzL1;k%B!N)eNSBVFGm3_2x`0#Cy3{mu8#V>)pp1Xa=Yq5JIqq@Q4S%J zHo4_YPEqCw~-{3#eT-?wfD(YdA4)eT}_ceC@+ zUO+(pE!rLI#wj1PskMznU~^bNoPB3yHDXXa2zNUr4_|5bd1Em4$Rhu4kKlqJgv5s>U8DhO5~3zJ3_gcWXfJ z$fNQ3`B_5Hf_rzCgW(SkpiHE<%)_elZuX!{Fnz7%)N(?sa{IK;xwAF1AS*!dS-EsC zIS_exCt#SYr<{vQwxe2!yn-S$kSMBLEeJu258Kp`e#6>^wF>E-!bCe#aPDwOyF|R)&^x zdEG-U`?up0aKwB-T&Li!qqSm^M}FuOGLLj-0+Yi7q3Cr`X-70(Xe-c!YEE4rC5|+i zZ2NVr(`VlofAh%rPvaq`XhS#`77WsG@ga}YOf+y!yP+SKUMLst%vrZ!=*a0GXe!0+ zgXxdvI3(%oyJhU&uy`u+Ir-XB)&9|rK#S8g^zsUjd2N+AqK?A$*ALVdq#QZHB#6KT zkf9?}5JMf*kXRa>0L}-RLo1i{IqZ34kCr|3W`HZ|!fy0|_|@bTkdnnx|2MWgtM1JV zNwl}$^`nV(u0nm^y4$lpoSIz^&uico(86X`QzI3SlD#onwUO_mR*au%gwu@<@uz+f z&x*$Q>qEuiNYow$zO3dKVR}}2dY;y|&nTm?;)hK6+2WM&!x`jx<-+4^&=$??9`w0G z|9K6B0}+6v27KDom4W~LGJ6f(Phx(3Eb#^|O!gj?wX= zL3f=mFv;NorY-z8H`kq*V8@$$pU2)vR!A!jb4zNBgyX%d1N8nepvQ17)Ba6M7*4Cd zTF!vUlGmdwj0wN60ieg5^u(LT3=3KiB(@Tzc32)%3Sz|vR0LLh>EqkkYE|tATT7`y zfff@Km@1MG*vy%PIPCi^6t!2Y3dhZcdj)v;%l-C=5zfMEq>x1>VZB!Et8=-{B{bHCn!01POn1e5^X-&VUtfSZY>leF~K!0vav zg&rSs}B~dqp~AgU1us1Wh^Bz?3{2u_h~6A`pTzriw{jnt-#_p zZ^1kPV7n-wdy;}c)TJalnPiO0&MF@8BT5Em`!b%~Y}s`QIluh@l7z?+(-T8+AO}~M z3t7itigjB>hD!Ps&lnP+wSV~z>QNdTu%ZB6woE?YA+plz6#@b0M{{C#?UldUbhObFM zF_x4A)WG@P!+TPHfso9#q)Iub1o?xY=&%6kma}7dC`?LF#)n=D{WAI(&EI)ZyQ$(S zA5tzZkA>GAaaumR(c zgcn)JAr-jFH~HD9Ae&iB?PnO8G5FGPVQ(MDg>~_wp*IxJEsqA$;=qPeJ)M?eKg44F zp=rnu{jPg+Eb>^nt#4H%7=eLC!dcbh{gSeF_vL0 z#IfL5At*r*Tskz9Asj^SRH}Kg?!KfQxQq|FA!Ct`BbAZoW@cbwVhe{Wgu~oh3AO(e5XlOXGY6>L(V##0%+OSiwh;L2EVX$E9F2d@N@bBg2>rRum z1HI1o+>UD_dlE|uHRLZ`9ofB=P=YbLZNy~)b=3%j89&v*q$sf6!&5dr*_hYd5wCEZ zDH1%E#I^4D2$1~odNZ}0mmR2A4l85qZ zS?T2um7R$zM4>nm^l>HM*#=i-GEk)Y<2qQ7ItRU^#o2bi&tQNv%emA+L)h(2Jo6XVyTxKM zG3_R{?JKP2-}m&ObNP3JWicFk%J%dE%w1C(E)w4>cPaGt0I#&~!Y=VW6$g4GbEw9z zH$qy^=u6%CT2|}znjP{iEu*-K-=YZ9*E%<*SC^_vN~&-yLpUQe)%Bitb>T zqUYSRjGvL8k})IG1ts;Wn;NE?JuiE%!o~6D7z!MnPmm$bX&PlU8(oNM&9kIPY>+=u z#7FJv;^LjL;t)>i)Ypx|RfK)kM>AKi`*e-o&1(rQR0z|IOlav$7oUjfGz-wPzr*+q zx$Wt`2yS}bX*-6_*t^bPp&a~WYFZ|ott>H?@m3c zIMhdos0jCYf}BevxfrYRa2WSte{%+p)f2P-Hk3Q6oY&`E$<$aqsUzgZN6nTF-7NhT z&YEfMQy3x!x^&S(Gme226-w2Jg(#D0{+QMdJI?NiUVia;BVL7L9E z15o-J){CC8ebk=Cw((brqzlAgiLe?{B=7sf<_mhzTVLna!Lf#r3jXD^!WVU3HV%Bs zUF(Tj%>s*Jx}|PU8*9_?PEc-py&RP~$upGsYwFRAubpqrXHFhJJ@)8vOFCa7=6lU? z%6{8*R+*;qyQK^qC?p%+;3}By~I=xhPT- zlM)j@(v{$BC&r7o2!`8+n5l5jJMQf7&VKjecNA*0!Vq9%Q)3Rrimp6uKS<-V-d;m( zs$`WG6@7cTyw`ZMCOGqeuHJEdQ-XqdJ?~dNrMY2u>G!Q0w};`jP`ZcFhTJYE!>i{6 ziDXw)?}xO%dw&QZis-?`K1U1^iJ9|31-rUw>NlH{#LpnEW4YRgzKi!WutQDX-b$ao zxct^`*Y6i892~7W?=yH7RVGf}@ZK_p=)nDrO5-Ax2{C($NVcQzwwz)=kod7PHg+2J z=*u5;-w)Jkb=}5Ip0bWvK0pz(&LgsC)(fGZKd%{XKr_d3znk$2Zzejg@t6N%Ou^P- zE>v+8>CY$=b8WobF4_djDeU?uKJ?IcUPRTA+&r}37ofbeigabH-7JgVeQivcXJz%8 zR^%ZkGNgw|DR4}EJ0s;hD@jX7(7qhe);BiRo6Wr%zs|z^e&p(ntbKyQM~uinW4zj- z+a8hTVH0aT;Xc01TVlGJM(@h!s%@mN9_V;KemNa=Fep@D+9vu0y;fO~8a+=`&EjY5 zlLBg2S5ETsBIJpyL*EL$eqf%k#neJcY3XxKBcC$lsgm|P?b1%$$QYgPe}BYrwHwV( z3Old8+kV83&1qYpSKSxP*sSIQ^wS!SxvI=CZPlEU(?xYTDt1{GvyG;3@h z@K3KsZF^|`BA%MrJrmUa)c%!?{o}^1&IpOgF+2OIjN7AFykN;VGEN?PECLlOw@S}m-D*?xtV17LC$t~Vja#47?cX&)Btg4!Lm<%R+T230I`y`KJ-_~6h7pH}%V^cOP>hLb(<9kmy z%zdr6*}YUz`ZDA`-6wd}{Pg5*PQMZNfs^FYmy^P z8n!wPp1eYCcqy5@>g6X@)f9+bhui(9Q z(jR9;Mk0$W_4)9AgiA{1^o4@__Npv?DT`9?RB7~Z28jEXJmO(Ab!IhGRw;|;@j_&| zSjtMVW9Q~({@*8QDHN3WH1!e_OGKCI;Kaz^`rJz$P3cT;@e^8(1;!R%J{(j|H<9 z3NFtP@fd?mFCGrz@oi);paK! zqsNYBdU;H_<22!Bymu>pccH2>-yA?TxW?CXuDP$B6vY)}ncRw(lfGufL0eax|Gv=} z4!D~fXb)$9fZ;dI{S0BZ-Bfa45v$P$e6%S*7Ru9JkXf&F){R3)4=3epvE4w^ar<8k zj)zjA3)Bz_Qq1yYMUrIH?o9nrP5OI+5@3@UQ;9S8u^K*eZQEZmjBInkzl@g^nUkZz zL+jd|E;e?>rN_s*8GkbS{X|Z2BPlImGgepS&KFAt3l#GK>r3y?@6k)ECN5Z{4i$e{ zH(7R{7IhBox;IbhyeSvYm}4XZX=zWJd=L_41X6TR^0lA)no(C}Hz7UmLh4Z`n?u!Z z(YtX$o}QHMXUUoA(T4I1N>^PgyR*|7{TU)|Ds?xfrh;?;P6}&%A~V%$({Z2P1lwu3 bqXWsIKMd=&bvXq3*@NU|RHVzKOyU0rTkX@S literal 0 HcmV?d00001 From ccbbfeda88933dda925dde06455c2e35fecc689c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 27 Mar 2017 23:19:41 +1300 Subject: [PATCH 0110/1961] Delete backup02.png --- wikipiki/backup02.png | Bin 10859 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/backup02.png diff --git a/wikipiki/backup02.png b/wikipiki/backup02.png deleted file mode 100644 index 3c200675eb1c8400ec1f99d5a9429f13b6fc2303..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10859 zcmb_>2UJtt+U7wNq5=}6NQcmoB1NQwA#@O>gDBFQ^d>EU1PNV=Q~~KymEK!WY0{;J zs`MsOg;3_;cW3_j?|k>powX)wC8y+^z0cYEeV+GupB?(}fgDj1f(QIYN=n{_wGuW1crS*pLx5KG z)Ydz6A?G*N;K@dK0Vupyw-`}XNB}t?>m3Ep17sEO0@9M$wSae*foDBtrayp(yudRK z|D|CdAnkXu4<7J1o|yvgT@1i<(*lhEtR;Zre%&y6K>rRvZmIf73>fDH?kMY7DghsB zfYv_J>*WB12)OeI9n1w>_5q%Cvaq}WP{{zf!j7KguiK@h%iQ2dC6`Oqv5LtDK8El* z6YA;lF>v-NQ{5&PF}Y-tBFl&IN~RVJ6uvRH`xOA*#ZZ86yL(f9HM}ZdraqwhDN+I;pqo zbTKyanXl_6CKeYK##KJSADeXR`JGu|j9c|ipC2J5PY(Czn!mFK3O)%`y!?9(^L0-x zm##ndD#~w{V?p4vT2<@H~Ei8WX@5Dl!#ryTv#YPmg_Uy(7E~dSsom| z^z2>WqpdWaPYmz-CuaBusvM;HZmr)B0br-WvF#ft1V6w!XujX`{HM&R;yX4Vz*0HZ z833LlSoyTOD`Yw#0DyQG$o=s??Oxk0o>l_7wkuO@*H4~_px~^ZFmO`%HS+*EmuFnX zFX5c8dOy;0KjZ%Bg}MB)yHZG4Sf;`<;-RCd`v)Jkv0J zmM92Sa`12FHl@pC;jBzuX!1ue)tI|V0-9mkOgc*RJ5nx}#6pY|>SH820l}9iuNoBv z;seVcNqr-#lB;`vj|QcXb$!6xO&}$j@?GkHOC^m|gh=M{K#}#0$!KZ0jytU@w+Mwk zJ-@^Er5#=-%5yc&tfvfCOjPuR=A&*genaTKS$~=5WwJo|)~h0yJ>g6y4EL4v)$|{X zE4^o;V-xSi zW-9BP^IPjXr)IaU3iTrCqVOVtMUvoso$M6N>Gzr1(7Vxw@RH1G%@2=4-rp2z&#K}|;tKwrClT>0il7d(6(@D-Ey7z? z)SkCKB&p?54~J8CXy3Ufu%5J>d?VRWN1wZz+m|Ay``R0oH|%d{x%ssV3iAqQ3a{(z z>hx$w7d+MSD^<`D()v+w^;<%bPGQ=^buC&gs{)DlA%#}&9kpe0kOrrr1P1MD?HY19 zkKUCT|7iTeblr@);sp=09dXes_rSZK*von+d_A}ul1}Lx!leoeGR5SCRD|>@GrEo1oB3&Z zP4W!}xImKo9V#3~9Ew)aeOJnzU%BLNzdPb{q;!hNxQ6EuE`sd z#CcRq-JoRlh(e^ojR>1BMn718*nhGAlFd%Q&djc=zNWsFqN!e&$CW3cCZX2R`?WW# zcQpBKs+7Q(;BxA6>R9S*%`?LnhCJ2pt7|Qk%NGpu47REp9fA$T4082#44+gel%$og zjW(1thH;N*}dq|M;uAtGb|u`s3m_0k*W-zS_^k%9P5g=5uNLR$Nn@U%g-C zsT3h`$OK6dy&*l)wbF%LTvvQ1rSI*QjNj+IgjIek{eIH^aiJg8H+#4~*`#Tu4l7zw zS=G4)?V`g&RbTe-B}((9(terlY+6up+jo94?>)4imRgaD*?f=vuqCo(vlTLx@l`m3 zE8RfIb)dadZtl_Ipv?7*H+Sr2i;)^~8i7_-%Pjn6{4shZV;^gBJqr&_eo{#vNV{bG zkp3ZgZ$@y&!1(LE)|$?m9*uU#bmQPzIe(UO^KK_EYX4bKWcH1K}l<4d^T-oDH& zQ8MCKi-Yos&HEAW>h4qAkA7M5a8SnrigloMK?W>6sUuIJ#Coa-#&7?FUONwpHt5c|NZa+h1Wkk3|f@?O1gz04Or zOM|Z?`f2*g&sFKf__#|&9G*ANo^0-hd{6s+{f7@#5`X6tC$G#t%wBLlWdR=`h}EW3#nUNMJeceSrNo;Af?{J{JHrc^)#IwI)~uE+J$i~Qg3Hf7JA~Kp zGrS?}va5Jqe8qtGS~WaxMca^bjGM6B%0kbwr8l%&ETJg6l}kE%VXyt5xN`fIEpIsKgZXf=y;!6TaqMnM zo{Fz5DEd@q-fuZ%xw?J&4S>(h83yfK1(+<15@-PMfM!P8M6u^h3$ zDdQ>*WlBQ}SAQqq?4Oi8uy@|trO#V0)?e2V7@hZ#NSt?2n};VC;Q3aMHtxW}fC>ovYg z500+Qc%LX@8E?E5mNf8E+12i{nOuE29A~xDACdMZ%@4_UH1!OdRqeBE);DW=!|`W5 zsoVUJ{CW7YM59EX(N3+~PC0h*re3XH$_H^{`!%;U$+Ng&jgE%54JoB{Ms{^u-c40L zmWQjf>G%4k_nN$ZQJ#;Eq>D*SH|=^m9)3RDpQW5ex^SHK^)yU)a%`0}YBU<}$!^}C zkedz}k$HSJHU4wT-?r8B-R|I&;vqqBQ2$xXe)J8wE78f(J+Fvgt*47hi-~=gaXDQ* z$(QRl?`Kb^I?FoiDW#(1NB$mJAL|=T8q7@GNsMc;_su!Y%Lt$}=89CcjW`DOg1-4in*UM#3Lnaq?l)d9ep z4FCdy0O05x+^zzE`yBvSdj~|$O(6grcA|xRe!R{g2-Mk8s&83#`-8BrwCGc% zAugG`=SnCWv18Yi>e|O`^029Am!Dr93~LnU>KrJe=ZX|NoQIu|9mSH>Q{J!Rz@^7N zXVRfv9s8wO0}k3O6K_3jqvoZxj0Ri6BLRyJ^qo5ytDVfvEd^E@&{x4X$u!RE^0PO; z{hH>#V)Dz!uY9=B3^DF%RBR89x)lq?!^x4bmw#~Yy@YH{&=c$6<)rd<`4yr@5A*#) z#~oKSzR_n685+WOX~;~T>*O{`u~HQE&KEs0<{IitOdYQ~Q$(h-BUav4_(USl_wOB% z#VyaabVY+h)F+4f6}W+8UhPvVbh)P#%_X6Ys%AP~B5RMyq%Vko&L@7FvZ+ZQ>-$Cg z!uV1_|1&q;7XLKsYW~el`kPVP^<%$Xwi+%6L^EUbCvT^ONiahdC0 zWqYm~+!9Qf_j52COBDDj%$VO(n$I873d$aKF=-z-!H5(D0=4HupqZx@?5tI?*GBzk z&5VtjBMk3v_~Xsz`2wO|(1RRm9D%-%6H#AAB$rQs7)Aye%Xt3ru%_dartkEM?Hrv6 z&y$IUOS{_zg9CJqD@{1RNe-NVE6UR0m&Q@qp(+W`S`c=JvtIg9l))!~yp1HC>|fsg zC)th`R!S^Y2}DJ^u$vpf1pVgP#8gV*lqw82Stuf3S=dH6Ud+687};1f1p@lOZyvI}~#{ zcVI>z#sH@_Cb%q$=rV|2=p_)!2s8u_#4rqjx5f!xFlE zpe$1Eqpj0$dfePVJZCSjkJeR*mrqD6=X34SX7>`?3DRA8B4xnG7DNKTh(aG$Yq$hM z=5r9WA=@uEatf~#&;p1gvP?E<1cXro6;gN|kj{hD^lRG7BhnWqsWLfw*j=7S`IQ~C zD7l{xB{ca*sEkF);z3Cg6Px@Fjn>uThct`F+}FP4XjPFv4ZGXZ^F-=_*iGJqSS#IR zc$~_WS~{q7m(Hngg<%H^X3Zdn?*|>ON3YJXNq^^YPp=2ZmsISBoz+Ceg69G$X7-OR z!8Vdvrnj#JUAV^V z3_hrKRd_V;!5O(5A`)KSCjg*dV3?v2RYlEAdo<~cA_^~*qHZDAt28L<_O4nypLjnQ zmmY*!vU{F>jA$~v2l6PAVCy$krj=Q3?3#4iHvpq;x=iJ0>7IRlF z6;zv)U9lj4{KU4$700TFCMDs)>|ILI-1$nz=!yc+PMv?19nEo59r%xsaY%oow))6XJb!aw>h^Ndxj-GK$R5-)~*a zsCt;-h?VKvw;DnQni2=1Xi8k}+gyaiTq5XOK`;FQ`bC^v#3#rH;7fty{ZFR@ZgBkn z3m9Egv}Wk}iPVropfYjaJgB!+!W#!v2$y#qa9a)kG$Y=8jsZ zri2@GvNZQ&G*>0(8|9}d_QBR8qh;+I(ciSJ^L_mr%8;*)g$^3YPWfHCHZ~3TEXtn% zh;bH-RUJvQbUGxp8l)o%-)V-1n`}e1oKQ+HiPu#1F>=XPS#HdB%U-MA1~H7(DQyO5m0Ku31<2#Z_0+B^TbN0F*#FVD!>=P8&g z=2PWSZNgRvlmqwhx0(!yx=)Tgzw?N-C`HoKC&{GIdSl}{DZjuB9KV=EZdE9gdFGkb zBj6ebpg%fB4J7E^7KFz1dW@S=FEg}tnkJhZLdy;J1m#y|?3QO-tv2ll&SkwEjqjC+ z=A?I?zAW%~L-yp;#k`xI9 znJsHe4k$(bT`K%%KEzmrI#n5VnU>8R#9n_^rr&8>1t<8ESt|{AD0jBEnL5s%x8ioe zo$$|>s6iw`&;v`m%l%5`$@@!!hi)Dmc4<&Hbe#O!qYgN_!R)St}>%pKd@F=jj`!tD=Y<_05T^a2p z7N^Y8GQB==!V>P3QBR28o@R{%uj<}!qSHX(uT8Z0iC%^F3|Hqsr7h9{EO0iuPK?W$;f#BCkXw-n#r(gV@4|mb;RnSYIE1Q z_;=#{t5K;mX+7Fp$zK!Z1AV09l+#4qyLqsiDqP8Zp4jE#123y><34l2v}p4AZKRr| zP=4uAeLvlKm*}a_x~dY427z*_hY4d3$TKIb z6r%*7;?U7ds-E%K{h8`cs@x(B$CdEni6i~X9^^s z?&!8ZGX1=P}DTJg&`jZ(hH@mk!xIBA9+JD= zhFazbpqPf)hd=q5oCyvdP7bLUcu;2C3e@kguSR~d>fQfL*>ia~@&{t&ptqEN06A+) zEwgt0D?J9wm#~_5#b;^gZM-RG)^1N8fs?0m=rx2_LomykWM1l-8&!|KyZ0p<%0UEW zNu&5(nnwPL57VEjNRansQBI{TJnh75&_;5>?H<9OPT01B;Tk0ZP&Y|h>GOs`peE<= zymWcN3$jce$}y5CGQ@+zFe0BNPH33mbBZ;1(4B1T$%@GTGcn9xlK(ws?BCVijvreK zFfcHfm+3R%|6z{FV%^&y8}-ie`5IA%2ZKlE|D^E$nb!XI!ay<}g7+Y%p+N$ubt3(% zEXYv^{Kg5q1~tgPtQr2c#TWYjmaaUvg*THrEUOYUYBb8B&^mwL*|sKc2OMf;MivDs zKINx^ufZ(rN@l_v?uYX7)#bL_+~1mWNpjYLA)W76p- z3>LF2Y*+7Mr+1=OG~I#L;Ltk>YqXs3ihfE(HB^-OL7KlR`p#sclzh?#KTI+UB4?vw zj0zO&I{@`%nikJ)v3jHe7BAq252Fc3*e>A?B5Z)-WhkqBVYlRLu7IEOCl*D!zz6%} zN`aI1d&M;NeLv2>`%T<~sqIri85B`z+BWZva?~>AE$ZSU$s5A$x+N<#OTyeZTXUyD z$USo=`1O!x-~w_jzg?fh$|sJY+Vr7$ls%u8F7Z;c|70POMh)ON;Cz=Tma)V!N1P$PL#0AqVii? zTi`U^|0_geX|8By17KeNy9(ytB>H(1`QMyx(47a$r78A*${fj_eF4HYP{Va@J<nZ?IrLCRWq{Y8h*Rj~X8P@Dw@{R5IG$|MS+E#6-WQ zOWNkqm8DMi8@3YL_ly_peS%4ltKoi>d=F9Xv=?;?64x<*oW8P4C;#64*&NqiE#B6x zivsWKyNTPF>335^XQ4ZNvUaLvGx@GXPac1R@(Vj1Az$29UFBp5}7Zh0{Z^6QvMTQ`swzQGL2!;ubY4^sNV=ei|#rN8Dq z=XqIG(?MY6|E|gyyKG+?ay}&yZ4{yvuIn!mWU(M#Z`0mdHTF56GAZ?vJx*8`HNAU1 ze~xUm*ZTPQ^_av+KUjmP&L8rR*G#+Hm+FCGf1Xej^lcNls=cOiwyC(WB#Qez({i*$ z72e#BQ4V+Ffa+=YIyaO5WaNEx)bTs3=y2?k-B9+7-Mv`VN-WyRlTRT};T;0C%nf%W zb&xhXlU?xdAtEjgz0X4peI?!a3tgH@veT14=^Sm}-$eT426u32w7aI)^!nh2tETo= zmCLf>&9Om;qJdZo`-MqF8Pe9-X|E{*QqicCH}@rcdtgjrus^Rui#V5epqS zvs@+8=9X4m=J!P_3WwrNJVnphN9QlTB3f&gA16{7oiqRRqfamQ6IpXYn_t=bN+Y3% z_i)B-o%Rpv&s!O2pb36KTem4?=@+~^j%^gvKi7(>QT)dFyH6MJdv8*`6yO?wcTm=+ zJw{kNR$Qs{i#`9vdeexQ=B9~N3-kvcTrG5)dxQ^mQVSCfDiNv?hNIGyECL{D;&NOS zWxFusu>g77WrY6q_uE=!;)lo1=FrIkj6#56nCx*+PPSITBhPJV6eJ{pUPR+X(mMTm zzQIN=#<=o;a=zK!^TQ+kv-T(rJ_1!=%9(v>xJ>Z4vd*iVi5!`dqn0(B#I+5miIU}k zh^IfTlBJtFTjtFSWy72SiX<7 z78QQV{0YC7Xv|=4l&2r{mrfAlJb)6uC3!jzR& z#JqX@y&&(kY`5e(-LSe8F-2zTjyiwBRplOjT2;0V*vwWdT{B0eBWcYCpB1B~LwREA z;%Mh4vs1Okds5*RlV|iH4QvMYuWZt|0 z^bAE$e+eFLay}D0_UK-Ygv6ni?%+X@&xc%jwvTxTFTJLJFg0Nq=^S}oLj!)mb;7?0UCEYQDe@9f@aX^USN(Uk?;y=Q;@@5>GbouB z9I2>{wyLuv4PgoUh?}jvKFA%{SXoWseR$(}kCCAN?3}-DeZTXEQ^Er7?PyPIGsxeX zPs$rNM)g*z)iz|XREFPDGdNnQL${BS`PGFxIiBaWK7Ke>THJ*(b<6<8#IV3w#CGey zvhA8bTr$un0U1oK{CU6%?syD$p*&19BO1mEOJkAw&to1VFu z{J2y^AM-6U&Wc-vr@agR6=3#O3lQkuIiWvpf( zdECfDnKtp=TELo=n*8FLs0T5)j=3(jiw%C*+^}bw{JQw0eBS$qtGhE-ohAeK9iPAlD{rT-NOt)U ze@r#WJ^oJ79GLun;7S-6h;}*)*E4EO2j6!LTSI1tv)w`lR zQX@~Y?CTdVD)A-t!xH}ea4;g8MPM5f%V9aUKeoa4vg&@rlbjGq8zCc6#(b<_pD}8V zUFo|GtIVoCs!WKcswz-Go(Yt7@|Q~ue8^MBB}H{M`2`)n0^3Qif=GnhD)d1a;HWNX zCd`dHiYwvm;_Tc*TG08|&CH+|^%KPH33lb1b)0wQ(oA8#ERCR`V$zzTb}gug4NcYd z!B)BoA3eT>TpRG2jxp!#{jCBe(8^{OILuWD*&_yd$(IqDM_CY&!a~%m(M&`&kNzy! z>lZ0U*^>lzSWfPE!ofy>-Z{AD0lQfJxCq`qYaf4BLFf!n{-^til9G~4 zHBj)k)3of_!z Date: Tue, 28 Mar 2017 18:17:00 +1300 Subject: [PATCH 0111/1961] Add files via upload --- wikipiki/concurrent01.png | Bin 0 -> 32476 bytes wikipiki/concurrent02.png | Bin 0 -> 106194 bytes wikipiki/concurrent03.png | Bin 0 -> 28466 bytes wikipiki/concurrent04.png | Bin 0 -> 28727 bytes 4 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/concurrent01.png create mode 100644 wikipiki/concurrent02.png create mode 100644 wikipiki/concurrent03.png create mode 100644 wikipiki/concurrent04.png diff --git a/wikipiki/concurrent01.png b/wikipiki/concurrent01.png new file mode 100644 index 0000000000000000000000000000000000000000..60e0c4a33c9f493409c4bc1018d7066529936223 GIT binary patch literal 32476 zcmW(61y~%-ZVx^Da46El-K|jMkmBxI+>6tqg~Q$5T?@sbxE3!CMOr9coZ`;ofBAO4 z+1;6yNis<$$wa6s%V43uLI(fg?)dW&6Pr06dp-G^{l>_J~BTS1%+K!r{pZ zPU?hUsJcWHoFIXonFHY1Vr(otnox}uGZK9fb&IMnHmE2( za`b-Pr^tSx<9g@EQ`1k;-Kz7PhDp>OFlMSOj~X8wvqFLr_fOE!z~K58J1hX5))|0+ z8!V{Y9%(?pji0bE3v~}_*UNxrF~C5NQdSQqdDt_~zC?y02p$aTaZh-o0EQC)Fz;B2 zQUE3mg6E{uYXJF3fXSG-*(RXM2ADAT@5}=5oSO_E5MYo@MF`4I0HFAm;ZlIjTcB!E zJMtZ%%Lx!zDGUe#i);X=oQ{<&P}>6ZOh7Q|0Wc=OsTLl>1R(hUCc`u|o-4y*~t-&@u>cm5AI?+W5umzK7-wie|FBn(VPbv{2?_Zj!-Jbt+K z6Mne9{L{5T8^CQ8AcJ)Cr*Hg1v4ngw5iQv4*G`VK*9@n z*Mr87-VTtMadU;~%Cgcd z;Kku{Kzza_2Lx#GA|$yPTH_Jq>WVdI@MffE9Mx&|SSzx4Wna-GjVxQ(*P{w1vqD*h zL$-3Z`nPzt$hN4?4A67TU@pZs8XJu2qjvJ7+mLPEZ4}FNZgH)mO!eR81)8{garzR~ z1S(P(kv2G5^GWqlA3hIQqtKd(jiSw0j`7e-3*)zCoNs(W@cZ)gi-Vq`4svT zGG-3ViptW;)k+MlbFDGWxQh20pTA0L@n~#Tpv|Rz(W=Z*JtQeMSYE=xoE%G9(}-7m6V z)V|0Zbn<^aD$6PDeAljbAAl`BB+p>TAY&ajft<6ev83_4484pQSq*L!%bqEp$bSLf~>`Dczt%}0m3vP&6EU6ck)T9g&c2@>J&d@fGH6dXe< z|I{Rn`eBkKrYWXr>%j@F)51mb(lOFF(YAwzo3xt_gARj5^eFUH^a@J*O2?V%O0A_# zrEeAADh~Y^|55m3A%ibVgzG2wZq{zr&#bi;6Mav8*5>l&Z&>{bTL}@p1I7)YRKw4DqpEN z=0CPQ4*Qii&YQ=StHZA*zq z<+bSvvFMekYu={lrm(;&_o|-pxIj z2N)pS-+22{b;pVctyo^wFCB?T=eLRzipK?32X6OPQ`rn3##d8a@1{>AOxR+FsQUd~ zm_jw(F^%f?!(<2v3(*M`i**jyeKpOM#^*8pOVVvk>P{+EYBkH6OGU7TO`eZgw36LU zcv+y0w@qx2-AZqKUN=Wq?t=okAUpF{e#Z}8YY#`~VH-Ic7@I!C=^VpG&Rzu*eHS5R zL>26KtU{?U#c<^}$*1BF=5nHFx-)zax>$6tK8ikTYL03C>F`BKLuN|lGg)RO@5IA| z4n8m1?>r@}+pWP274aR4Sc<>1gmQ^8KS3S1MT9!Jf)W$rT_h^0l#-gQ_pNuVK8;mb zhSWcOcZ_P`piDs>v2Td4Le^tLZ7;%2 z>!kNqvJZIQI~v&A1hPNC&_dr1`F!x}=aG?$E{EP)lj&V(4w)!nMC4b372-5P|3$`M zp4(($PNUr!zmgj(z6`WlOj^xY?d`0x>s{H?>XY-HlcTQSXI%?r&tP5$GV-%X}JZycwO$$UDlcn{}S3_7kKMMt_; zv_M))^H%eg_j30Q*J58ID)(+u?;VV)l^tA;h7e~EA5m$rn}4>>%~Q;XXsX98upG!> z554Ys$~p01!{W!%ipd__pmCP++S^MvoX>vjx4%qQ3Y&d) z%_r9EaGXxsAnxlk@1CP}-*&v6Fg*L_epbJ-jj!`fC$mP#*kRv&U-&6$R%NI?yFK%3 ztD$}Cv3F;akJa@aS+2mu?~6{ae?-p<^SOc|zdO&povy!MU#=1T_H$);oEU3g@?bcw z?ojD4zJMKxFG>Cmn-?>9`n7oS%ipfYBmaE*m&`RvNYLa{!etzeBywCv+*l}9=t1rq zQ9;2CG1tevhcd}Yi%I%i;-|u=v9H8L9DX)9ehh3_j?XVYgPvP z1}VEnJbAd@UufSS^?LmBpg1X7!%^Ath59o-+uYV&YD|^gCy^#4JtHBepFf!Mu&un< zn^1FEbtM4srUL+Y5CGghztnpG@R1V$_DujlC>;QZof3_|O9OyAs+^R#rswkEXCD*7 z`KD`qpB>r`G*D9{7*9^EP9FE@sG3@$$gE<4dS2Uc9!B^LyzfBRDvDd%B+5wWfZX)X z;oa%GIt1c^nwl0ZOuI_WH?SsAM=A)l*|1>4!u62fc&^({cD68->Nt-}(dz1Oslocn zX+huTsLA=1cw+6RYIoUFlFDozO0VDICA(CBbAE5kYx8yyL+27hXR_M-E9XtDiE=`N zDSr}wIuyX_4M~rcaGkVM_Vyl$BhND5P0r zK_8M5j{SJ#o80m+}PHM4=2R z35|IuPpmY1+Q+HYp%2~oSK147<_14vI)2vcK-{{(HZgWa%x?MS?tnQ8oypFd@aW<6 zB5lz4VlyL-`Jl|IK(<@wdHVeX*=wQ2j`bA$&vzGH`&q;fX4}j*s5i&AyAKZ;gx9MA z&kPuT_18HnW1-QZ$18DXV4`&Z@{yA|J4r57woIq3R8HK}u-aS=n^Z@&I|-IBu@7 zP;UIX54?~OksepXa4oOGTGMe%_&6=96$B|fzj7AK!pcknCMDHM3?d096@Q=01T~|k zZxxGo&~PxDC7`FKM!`lvKq!R=Ahv4oQwGTW#?ecOFW@=|sD0{xn8>HUJd!{%nOoy& zMFffG15yMCAY^nY5P%7W0!X!}fD|P)H%;JFQ$f5)fCTu<;3)zCKZ8KQNCDx2xT>CT zcrHT;B9$-!0wi4=jA<~&dSF3Mg~Un2@=qR$&;Z0MNgx44tSZyv8KSRs)q1#;K+QX;Ewx*V~PXu&iot<_a7J)XQgK8NfqKLt zlKN*kqJ~9x{Po>oN!pEgBn!O}LI@`nA|8$RA6!l-__7m<0yP1_#Q&gy;Abi*CJ0h6 z6$p>K91cje4o?18F&Kdqq6;8GL0~`{0<)9C=i$bfJIS0erHyM)??ptv=H!9b@(NkZ zrF>D}=}h^>AV30uBIrKmwgg-o5;FjjCie4uuT#)4Tl3Yca6`piMb-u(d3s|S{(O@X2B2TP--yMIKw-OsIfCdik}+D z<-FwfS`n6{CG+N`tme&|181snJcuEZqYWr=-&4Uo1U9K4t9sF6MG#eBf_?Z!4=tVQ zaGm@B7zQgJ$T($7a1Evfk0`k={#7xfzXb8%^0>fky#f=QlX;7!IIVWvA>~%MB{P&f z$ROlBfJ=!nJP3{mp*EpMPqwiXBH$Y{m{eKS3C#>ZKqn6AP(S*CbjB70#j$5QIu=ndrbKfC|!s81I@5 zmV+QE1Ws+S=P}Ar(+K*h#R%X@lymD#@|}T`gwUl^6WDMgL+0TGB&H59BeF4+fqg@& zvaQwTkJ6>Q#j|^%C@SaRm-!daGtAm9;ZLdB&{5(YT1u)u8iluj@aSTlT91jc?~s5) z5P+bbh;0VpEW?GU0cP`qE#3T9?kzsYkAGe}-8_tZwQU*yRa>VIrV^$Kh5;&I0tsEI zAc=Agt>~($aymY{1x(|GaHx6SxC;vIfa>{XC07G}TI1KZIq^rV|Yb zeF@V-vkftxKn#f*v4qr@fVG4~JurscE;t$*4}!v|km|^T8PgH8U*X7pO^DM)8pkaD z7Crx${*fy!krIjmNPy+i)D;knbR7$yywQ-b5vVR%-_b?OU)5hwc%{aVCWmJt#S?fy z(Je~ID^Lth_+OF6_fz#KZDf9^jtqq6C~HWH0C3gFM3^ih0LOs<=tgzI@?hZfLG0?` z_W5cA@%fWfniKiT!IDFh|5LZhMebK(N(1@CVhEbVSMh3TxmFZX@PF@tz|}wELIgA) zk23dWcgH(di1+T!2eY61oPOSP?Rw=xB*5!l^3~eZ%EJOS7#~T|EtK^J@qD>Q^Iz>} zn|CqJ2BKZr45wTFiQj0bmR0;PEsrwIY0szmRMhn@lJ7#`eG*vB1SOX;F_NP=_TBz0 zvSL+aSzjzsA9X|l3S|<(M4(15P9!J}YCJ&|7m_WT zW#ULtMt!ee3`GV*kbnUYnv}FS0TAR+Q#U?VMVN6qBAvYCEQTVLNSOle30JQ)p;eVk zi{I+>O4Nvf4h*YvgOEa@P%0!E9%Kn@wURir_>CanGkFUWC?pq5qFSjSU#Nzcr70K! z!`8J&WaQIh)8V4#)_;u(Pz7iHp-o-J1Dj4`(Rhy+u+x$uhJUbEfvdyOGLYF;x~9@eCtWT3)A9f27D{1?PxiW_V_{-HlKa#`b3wtw#dLg z9B;2ze7ZhqS_7K;c(DBLAdt=KbQ>X}tB_Jfa%vU?@^o2~>Ga-nJzMbH7kE>s;zT99 z?$xzUs)8mU0j8S5M~D$hDPiNYEM;;#4y`Z7iRSTenJdPC(D7Mi8FF$Xhf>ki-FeGM zu{d;(WPjt*N7AqnE{u<0Om^S$P+1Ni8CKM$+o3KV)bS+V=}XAaZ~R(rNoPr&s7b@2 zvYx}mREjpU=gv&=GSS_Ia^&x+=~Q|10ayq0Di`!6zA`ddBR)M|)#2~5ZU!%j?kJ1C4GgSX zsSQVxsHMe~`U5o)Oc7TEayKxm?LkHHc9;tDa(c~8C5B)x-NcY&ft2c$LsJgAH>s~( zq3@_iKhdD_GF=ihAQNfx4nWGJx7Ue%-r6kYEgN?~Z+4!oiXaiFyPAR+0b$#wcc*hA zjPtghD&*JIUuYXxU#MVZP(OZ(m+)j!(>R8-%q~^MC|!>OK}oa(BCmgAi4aAem z`&>#P8H?htoeNLm@28!Hls(~>7n5tMD|OjgjGxT*@zZ@*!gQPHW)-Kml3t@G9Cxn; z?`D~mhJwa}qgKo4GUGwfqL%Cm7Mir$5@8wg)I})jHr>-f6ZQXGhxuHzKWZaRmRk=j zyj#+B$WY9BQM(jK;><^78hedv@$zU1cwjiADxBAW8w$uta*-0_n5k0hN-3zH>2>^$ zN#5_j+oX|!q6dt#N@Re-WubT|`POJ6Fn|_nK@hGuo~WP9^$ttF`V6260^*k=U$tXO z9E=S>b<6#xE@ewi=&e9AiZn_y@@$EPVkq3rV0VwEMFu_pEhx!un`Aybpq)Q zU%6P_>~KhCF=i{0U*Up*c$DNFQ?rsZE;Q~LC5S47B$uljm`Woi$c?W|q9t#Q2+u7g zQ{q`nXM3|?)8C4e6^(Wlo)g8!9{vi|Rq#}*6rD=}ubz+T56QdO7-;Vw(wwNn2w zE@cu*+mr=sm#XrvRlrsQ>kG@#CgHm1Hy`9YB{G7!pbLTi$pb(`E4@PF^w~#zCH~RF zJUdSO8Ae&zgNS6y;7k&Uk=E3N^$y430FoExC3=34arM}~_H(vt`O|T%h!vn6l?;<2 znr7TH!pA~Xg*xyOjs4BN*yc&9Of2&chDaP%JdF&ze%4#F*;YyOU;p7U>;LIiMaTbf zaqwgD(PW<6(IhFo$i*S@5I^@if%$R7w-hgF?4`$1k+sgtXAq!x_wSq-6Bu;hh|cO2 z^Ly$8wf;Kd%(8rQRi7=`@C6(qLN$3aH0r{0D-##D$1ygi{afJ3gJ#Fr&2`e57Y}gG zXA_Qu2+vW+iepwkVO|hm0O@TB6te&C&C90Anyr?didZBUW7++tT*n?7+`& zhfU>|aFtGI3h@tC?ydR&JsC-VJ(Sg}LxHl#!!<{rjV05Pj-w@~_oq!`{`Ia^4~Ap5 zs{JUdTr*o<9t zE`b*WkcIYDXdHL#4^TclEq~dW@VzY!lfF*rhm)vH^fO0DPK4p{Y}|K0|Klty*FzR?}EE(T(>R|iMYqecK zWQMhy*{!hN#>B=eUPB=F*un~m87#yeeP*}wc^-)z5nOQSf(hM1m;2MiA!S!GqDl3WRNwFZv}Sd1f?Ot?!B{ zhI}d0_5SWrSbhzR53pz`i6$+QX2S3Y6%EnDh7u$abD`tP^I~Cz>lcDxR5_(!r1(!C z#ibB<+R=d1`+k+GQ zO4@hx$fw@35lwC0fWK%B7ve&wMP<8eG|aNmuV_3d*V;8(b@Uwv*YkGt!Fpn;3<=sy zEl)d{d7p2a8D1tn6T+XmHBYPWPThX2W&`5*KQ1^2=f@x}F#^@~6e74W=4GnqmHWO6 zX3&G#Z3d-It3e8aqFJ|@$gj$Hl{|uD;d9q>w#LC*$09T82yn(nt(e1zotH=>fGF?H zXe;bKt9s?_@LeiEVsu2pi#eZ@w>Yo)x1?h6XZvIkEwtBEgrq;Sh6lQqbJjP@c2@O9 zsML{Zr8g6lBJ(fR%#J?G(i$1S(-BMIdR?vTHIeCykT)4F8)&qv4TXqpglI%U>a5EWFtA+asd1sX;PZQudN%j|8X=5G;1^Ags|r^YW9)O#ySfg;sW|5PbKLHz zSfXB`Y4<{l?ZMw3zi(P75&iscBI-$OmL%u#7Y;|psL%;=uW|xeSuk#-l`&D#bd?uo zdJXvNu4=^YuJ+Zs+qN}*x5LspE^fb=Oi%g={OfHZ?mMeXA|5r+@mKyF4=T;Op3<@6 z=v@ECCf0FLDmJ=5k$xVfSC-~z^mNJO-+mjBrE=71-~Y?$x9E*Ehp)LwsFZo5?B(RK zk^e4_48>0w?~fr;v=Cs`({DUFj1>54cslbl4jKNt=J9mq?NdIx*ExsNof#8w`1NkO z#rh!U`7tV^Up~O}U=-u&92W&%^Ki{!g?)g$^8RM|W7J&r!%Zv39b&*sfE5f#5J=da zQoH+C`fM_+-B0I%fG(bspS$FeKK$(IpRS(~fF4_(o#$OSk!#K8!%Q*k4g$Z&FFG8p zo7To6`rxgpT3S_(Ls)R9|NU*u^U0!9-|U!xq40UHTCL+~N14`Z-_24~nTyBWlP9-T zH_X$1+ew_9vqz4{li&WLj|(iy1d(&WkdGrJ4SD4#0DLm8+f}if`Y{J4S>w$t1-=LY z_dvo6Nqih+Ec)IW2s8<2@DS114q4*OP!=hw&cq-Kx(iz-;!DE|^n-@=uM)7^U`V;D z8)a0oj}_JfIn*|o_1EPwaO2_3tM)d zT<6(J+MnhPM2Rs%Jkg0}#bLzNL16MT zv~{!letc5f(0%&h3uW7mhk^gn$;gV=1PA-8@M+2|#gq5Jzn>rQ$^Bg_F0&;c9&mMU z9!3LJa>bkmHEOa2-8_%Z*SdnN#oAmwIbPUpqH{wmxAR$G4ZhpWlXc>0@x7uGuoL+8 z@w-P}yVLjZ%-2u5rCDjhZgv$NzmBmyjIOV$qw>U>h)zaW_ zF2g5Xp7U`ikAEZf9#dW)iM?;zIo`Aq6Rm#jc65MYCH!yjv&J1_&zJ61*B_tb-p@-a z@AE8=GW6woJU5yyrg7|p1^}|$)w?{gyS?JvkMlTd7Z=~ih+~D&;m@s~27iU&u@E8dJe#Gy!w}f|9oVGxl`NL|#7#P5uQWy;>u>#(B_n1U zyRxbMAl0TKAQ%e82_V^y;jEP7>I_DUK(J*%K_c+}4ma$`4-u%NW^XLAG^6&CHGLHbT$kA)so^!O4wc46_E=6~| zzPOyXS8g}MmHy91J9KNW{n80yP2xm)WPb7AUZ}%=8)!d*{I0_kWHKJ#di(>5J~{pV z7S1sF`u$7xNl8C@Mzls{vk~vaa|$`kzy%0Rb3_~ z%?2)4O1>vg7^vJma1LJ_|EKqCXa-3Cc?OQew=4aA!PY0!F6@N+;r`JW7glxY4RV#V(I?yFT(SC10C+uz$K3T zsMlQ{?rV5HZHnmFb_?0#)JV2!Sc@IVB+5k0dkXhsB(KL^qLe9W=qV&dMkZ~UGn1&5NXRretsqQ zb`DVv%Fu=z2q-qB!DJf@l|pTqjzHY7Oc($^iTY|Jtd@-X2kuZ<02eXMh7dR$?CD8B z#$^k-4c+;QG{X;d99u+WOn+!OmnziY#?9Bg@Ap4lnHS^C#U9LX>>>U-z@+djw1FDg zV761e=o(%}%NTt9bKp70M$NeQAv18(lI8F6So?n6Ufk}L!Ti7L zoc6&B7Ldt~$jLM5X!kUJdU~AbNiWZi@#iI+^%b|gH@W|*r8>7*eipp+>%)aFjh7t> z|E|dRZ^PE!7PRY+kk+~nV1!5X=<`ol`59&~6hFcny$gRZA_0U+);I@AFILx{ds_ij zihLP@I`)K}OXUXROa6jgwJ@v|iNK2O0(a4GV7} zGzVm=dcT`w@~(Ii$Jj#ZKZLRjs42T9z(73&wWtzg#)8lnlRQ2=1OmdZq+;V>M-WMm zhyX=Y)3vJ)^uUoLrM7+goOZZm!P!}H)g3b3d5Nz*) ztvWamiHaL81EZa~%l6D^SKFl&Y44OkTwS8cHP zr(d3T9~OfzE{@?zH3MO#VhthT;dbvIFN1{lwm?z_d7a+V1E{atDULl)IoiV`5YR6w z0(f`0aKAWE@0fSH9%T5p9j#0{S+>qt|73B?RjI@n30&6l=!rHTUJerL|s$FD;6SM7bxN4=+wD1; zcI4#LDDaD8*DM}`Jt82;-Fbj(cVi#*`JzDokd5M0Z#5d5NZd+`2w7Z+g3~}bB12<- zxQcwA%kZ0JRp$q=jJH(7HqVH*FeU|dP#^N9)n~wsmOQ}sNzsKxbo8^C4Xc748`=kKp#l!vc!>^-2C zBkz6pyY1utLiIP9mW^YP$hND~_Kzy=2dRHo8_Iofx?c{1mJP?>c)#0jjoRtjJ}S8% zWd2=Xn{F~FG-#1(ar|!7PWbUadrs+5Z>~CPt=gbaX0q^Dh?GmrV+1K)_h)3ms@N1^%r^Cdz0!I9|ePNf=7^uhIA19*oRNDNv z>*$>2wjDIs{XeZY5M%QmU`l#rA6}*#avu&_`*YtE+U|-JUSzHi{qE`bp-nk=u>5?` zo!w;H_tAWw&dK|*?+Np?$@tgBmH)#}l?{ zcAI5KYt-npBqOTSzm7Ovm*;Wt;UctKrPI4Z*n8QZEqggG;^uc6d;2yT3h?IW&ZmrA z>DTp+LSDya>R4Xl_TXBZv!;h!!19K1)QXrOyM zJvv<0i^2eV)LTw^fNu~R!SZw2{GH5pOAl;@7VnjPAKVDDhki?W@Q%qcDrHk+(9Z-v zPe!hAhD`VCvIRJ>XS@cZL2CReQ=(TEN^H$dBOhkeYM3Qn6QTM3LTDe4Ch5HrJF<)c zKU%n@4Ow%i8AE+f1XTwB9`#% zdLIBSQ$Xg&yD0cak~ICsS8$`vGJR-++;@|v_xoV$xH}NbN)cRsRw{NBzpjI@K1ZWA zAlt7EN4B>FBx&tZ(b!G1gNk?ta9g&@;yC1rD!UM6j!7m_3bFw5PIv1y~2dStkOwE_! zvz6)1U>~G1Dh!Ux=$ndl*r#odj!u3%zG`{uy6k^mv5o8f@|9fd?|D#)6h2b%3d98B zNBRbfb@7};4N_l=@Oug50=2dw4Si$Rr+5|aK{z<>TBpD!N#lP=&D{JGWL1UM7(shs zwEdSWawfK}|J3ARZ` zi6HD~rT`Uj#}|&)_rcW*;qvx1$&RvYE_eVOfi(=KiIHOAjz*85;*C}g@D&W1z(yrw z!&NDt}sb;QN zi*UxA-Nv7a1OMoVYC5i3aKtJDFd1GUB@dcd$(GDY2TYwHwqnYZ z@zIRMm~RRV41L=mKj>^gF04}JAJimeX|O;(-NIao7d&72Ks2^=9-HcHo=TWtsNis4 zObS8;Fzw-~#>1+KY@Ng6B@^8BI7w$D&D3+XN8>5;IW{3pAX%1PTG^7BJ!p=d?2CKD z9m31Y%h+c7f3`+wYBWISD*h_ z|8z6oZ5i?*@DyhtCmMBgGLv&5diNZouGNb8&NPvZ)CUw@-Hpxd?bW##kW^L*Xxq|90tKQ^# z&9Ik6DZ<9v7k_AjrGkwSBHIL`hZ5l_vZ~NbQ2i>`mv=to2@paUf=_PICKbRO z0e!@-xS6MY2C=?qO9S&Gy20#XJo1GJy-UK>llYWse~@!e5jalWd09;{zBU(Ic6}gM zApU21VK%6!+{9x4;%fWTTRwPW>Rk081+#)EoQ zh3rO2ESh-Uq|jV}M7^1+K^E>2FX~oy1MtYD9bX+3Y+Xf_4}`c_TGG-@$@)`oYZsAf zz%i{u6j_Uvht~I%DP$zR2CL)NY6ibA3E$IWAgoen^iuIbNM~}U>VrjDDPig>i>$vw zX3^FEHo{3g>F*QINrkuSN8Bxu=#{}i`NK-DG6&C`_?yJmLBw+_?3cUl3tl9Ei zzq^{lkwVCICI7y~-9rVFLLufpd;cx?J?cyTV*IR=fWq@G8OiR~qBzN0n|TW_OLCR>+a<~ecr zAh8n^43m(to1IgC*&7AJ+C;YtZh1h3=NF< zPN&(C&Wq|gf?(su14W<2ummp*Qku}81#{$u#7pJ(jWAhCmw%&neQY^HP2`SpjR);T zRRskXzK>(?1NYMhenF?Gmc(EYBXii8PGuZUhHMM9Ij5-2%}_Ts8H}V$3{jfl$54#7 zi4lb7dXH=kDPF2sJ*YNsF@;+#Mp&&#uuTKSGqzOm@L&ivY~41Bk8!h!_q)M)CaJh= z{Skjc3KHqM6>h^1;SX;Uts(_KRBhqji-$H8r|iNDHR#FFUa~6&`=t)wV>*g zzegB4W6c09g{G83W%29qi~^^$A|zE9nq+gLo!BM)v;=BCW#LB4sv#g`%}dtzha8om zrrOhUa|J+fJ8>n~%)WnPmT0}&Z!9Y$RWpHB8^#18_| z(a{q5?koRSCf7?4ld*X8Qw$XxDS6bw)<@ZBsimkMgEWUtRjHO}o@Q}N^eoD;g}C9LnCo}K zH5o7@U#ytIX?hgizS5&AG#eT0+M!QUG8>BcA88d82K5;%e!>dr8eP4|%P7bJmD_#%Fvck_q7=GrE^ zUj6cFT8skTS1TlD^tG3+;DU|-OojO9RmT!?UhOdW((IBQNujC4MJ8tFSMBP$KbSO? zbVo2A6f22M(2#))R<%O>a)HIXXe3odnkT0q?bao`hom+ znhTzF@J(DO0-774Gp%OXqY?0Sr({Pn@~_82bgYQ;54vzk_8m?h$>y}6M^?^E7Ti7( z7Hu81xov^6Jaeizc9uvx_8N4H`+l&EL)g_D7NxXY*T`?Lt;b|YFJU(n3xm70cU6jE zHbW9o<8omdUZl62)glELkrW6_7nHoOaysQ1@tnTP0ho>hHEy}kekxnqB z+v0PvcS15kBz&IwU1ewOMQL;rh$uFHk_@`_M0>VIb9tdTua#Z;-^`*6->EYdCU^yI zX|YU*x;?g~z4mz+iM9c_W_Wke>xRgmm5Jk7s1n6+(3$d5X5Xx~wz(igzxH{FX0nzF zWTrX@(|5>jrdX7k%CK-!4-{iN{E~UA<9gO-m3b!GDIJdT0U5n-9*wk2`bPx)M;&P} zZulLZnW8TL#K*Pt=Q@Im%pKw6U5uO*2jM6&*ZI&Td1fol#0UoK!ukO8Y1sl6+kt>S z?}A_$soSz-LB9=^*_>47?#Irp4UEZGg8SG0%kfmPHxRTu(D+of!tM~|^L(m+F(N7| zYFO!?IgS`nr*RUiiK)>`~6C+#G@H6}$qGB1Gfc{MR?a1v4pl z@DCBA(wDN7V3J!HULsC3E9ot){*ML*i%;$JUnBCyLE_cC5Yd{erOl(-8vTVIM_0c^ z|Jo&YE-=0Qth-JkWGz`e&{koo%Ky>m=%q#$j{K)U&sxn^e%Sk3Fy_}gd%iAs7IUK* z&N5(!Q#9l#{r2z+;-hz?y&%2MhW?TbHE#5&$%G>gg)dkvOtS4C_VMK#m|@T-qFEa= zMU3jZCOwgAi>*dm8U^{%YHhRXfyVh-Z~c)QI#oXV^e2)Knf{r5)g76+uZ&ePxv5$z zPgVmD6h6c_!klb#SY%GVgYR@ySV(Vs?6jc4n+8F*ft5&FJDD&EJ zjAhH8%1vbI;j{X13^{EEN)gv2?X;9453`wL5=%`cAL~yFZ7rPlng;Fp2-+%S%^$Mo zYE%01E@;+BqU| zowb^%1@`iC&dWLW^6)PV{yd4(%dTsGO6!_lK!HK?N1H#NChx*cbQA(?zRIh%yt(<) zUNGIJ0(~F#7k&U9iCmASz`&Yu4ddP{tr8F&3Mu>%1=Vk0=OAk^#U9Tr54H6D5wE59 zseiO|BD>ZiWG9hOfqpz&U)v^Ri6Z4O-12-;+M>o zyjzND44;U(yS7JAr88aYKCA!9^5u-?t~%oh`Bz~1=2A6vnoA)|p06N={s22H_H7F$ z0BvnuKApay)5-a|QzS7kT{ZCPFzZz(G3KUBm9}Ri6Ly!26%gpk?f5aQk@Y!< z=VebU^Pn<(|HlaZd(DMf8@r53@sk#NjliKBx?9#9L5}1aFD|}=!E|}o1w#_%LAz4D z&O+~r=*UuS8xPH2G!xHf1W$8`Szj)@>MM8{c<+R^_v%VJSC(YX^Rj-QrKM^qrQ4GE zX5P}jrj3xMS9sYG+AH*mWiudWF*pCFIV9QOg})t+sM8k>ak-YGQx_KG-RL$=D<1A} zMAG>f1aw+PEt##xD{^13eB0BpuQ*{-E%QsBLq);3%upn?+lx)mo3V35NLUC#zoL)E zk5^5t>{5;21{_@Pb2v??f1ceU<%g-GLWZMYpVoJi?#GhV=GdQIkdb$C+Sfs; zwaJ&*;o<1FCY@5)$jc8m?T2jGf7QQAY^3ODtg`D{j5Op+!=kJdtNWtEIzL(jggsNOLl0!dtewa3dzVHf) zD%YpLI%KP#v${Oo_Vzo~+nqKbgn$pT14@#iuN-Lmcb2O#zRzI-l3^b*%a8RcO6vI1 zlyU@3BYw3a(8F>=LCG&y79)wZ7#KC2VYhsD;SKL|hb7~j)DM&ND_?Qq4l0FrYCl|j z{uIY|^xN@REen>4J^j73n*EQG<6AK#{-}l@he^|01;H#S7{_~}Pp z^sCEGmLaTHyl>nWXCv|3E>W?6khPpwrXZhBk%V1OR!07Fe_=7wOsDpaZvGD36z_@A z8wc_$*cVM-XNoIwA*7*ba{e!Nf3vX;MzLc`M~~1H>>DhTBaxd3DK-ikf5!}1@?Fr4 zdG^sz^G#zps+CA4{a=R8#r~SZ?iWQ3u?8R^OR3$y)q-`((?68+U(|>V+N_0JxDz(W zHFd4_KLL+VSQg!sL^Pcbq0UZnZA*H&g;6f8D@7x4G`~`wMD-?Ou(!8hDO1B8B=EA+ zBjfYCm(2C$Kx9fx8YLdzh-Dd)WJC&`ipK#5p&QPG!an7{Q(SFARj?viDc!=DL>nY( z9usYo$xo;IO*}Fc&I=nojYp8o9@|T65xJSRLhvuA0ix^Nnd`a$`B^q z8~ztfCI1v6Le&`azplPAAdaA0c5x>VAh>HFxVtUx?iSqL-62?TcXtl~f(LikAVGsW z!QYU3-@D&^{cCrmcWlq8uBy``-WZEU6Vh$wdE6haPD`=(_1VpAKx!nm9&;eJ;cyH? znMROz?_G6LSH-b~j$?h)CAiH>zKLF@%j!l*rFu;)CMaY6KZzmYk+biqpBTB<4P#3SKaPSoH=Z{4d?m`PsiP$ZZ)T_f3tJbqL50sNg7SK zde1qdzw5F}-0L5I&LC7w=F_0*K~%np#rH9Wh9GD&m(iAY2o%I=8vN$dkc;T3Ckh4V zxXeL?1BUb`Tm_bQ1gs53CQA*DQCU-)QxnImpfBJgDNXS2X?TUau~v~CiVU|nw@&$< z(8z~q6%@p=EVTsmTg5yOG;Bf+TTKf9Z!(72tO5fOYq1e9wmgFZ1NqUSV=dp7%dth| z?BiZgsb-@o!9!=ic31syd4p&bdm$wEU}ar}r2Zi1 zBejI>o{k3oWKpWr{2eh$^9WOSeASA9Lgw$>fDQzvJw(z#yV9-+q@%tYaAvsdnr$fU zFK=iL7W(t|Bq{vQKDgXuTaN)Gzk>Mp8}bv~fq0;UXr@rkEtjBpJv5m5xp? zj+={%E!{i-CMe!wN|McK^o~E-PE6jOH|H%3#0rT*PTz&5t0R`Spif=#nJv(!INWc) zotzlkCyb%`0-UA=9@4)#g9&;#Xz_&80N!K^x0HOCCK&-cj<_m#!g}Wneu<@+<|^TC zx=4g0cFx|M(*ACCxeJp*K?RMOqu4X-ng!qCr30U$-vf$}jI}`ZUGv#?A=AGbkWd@W zX!HHJNQxR-D3SVe7)nMW+ouSP>#^ou4&4GCov*bD0lld*dJ-9)hED;3ZA`x450fUa zpN>G;<3jr2EpJuj5lVRP#d@rQde?1F8>axC>qxwudN#CI=hSc6w8cna1&Mq`zMY5? z<2+g|RbhM1e;tL^T-7lv>=EAKT_zZj<79 z(!A(*^AjW2=fN^pKqAX;rH*xiuTdh7sHT>HWvazJ)y!fIxrofIKst;>#TE$`1pQXk zL)}lvc{Jy!q@(i~eCGd}y_4db>(gexkt6tYaVL}V6cnL5$<>5dl&>K&7+0wN9o zE`5mFMC*~Orp?;-dNX(1xSH$dpg_PWS;u+{3v2&aB`XfZ%=7gB%&R7dU@d&^$~@)w%oWRsbur8_-u4NRs12IJAN**n~WvoeYt-Td@eWz zdEA6tIrGj1C@&#hzcxMBP0F$+bvsCW_!uW zwfe7p*pymHuZJ`4Y3ZJnYhGt&0oc?j2L6}QW_#3I8c|5L+Aoz{1n(hHB;5`3Q&gon zj0jmZ<#_5oEmFz(9M=yDJe~JFKi;*MCd2jj_e&6Y?(C)-tVcUr-yVBiw+d=#ba<=Q zzh0bXgTg(Z#iQ}OjUY;Mye1PDQ6K}DvDJEysG|v?tsWQTGL4XJya@I6bYmAs8UE~jIV#Z3%h1ozsroSsI?|w$1wZbuJ7c`nX4B_!3jT?-iU;uh?{&iyM-`R z(EAl-tq-ftbysOl{B(O#QC|M^awj7#eS5OHpQBEcl#-(F^{3cb z=bZ|I)n3oz6^k2HUe7U$`u^JnylzBK3xH}gGcyC&&+qas3p+bIo0`~?tupNYUYct- zv=p|vo$0Dle8C`tKsob-iWN8=^**w?Ee(pXKeNy(9Qfq5PxQTWjRh`FtEs{1;yxl` zBTR;_G3`&=>b#NQ`mKRAC_Qj)_m_j_IBiwxQqn^Jot2r+m#Th>oVQ1xf0dK{*nX)c7pedjaVAS1PzyH<9%mhI?AJU;{af{& zEa;6OKoJOlH;CpddQdZ1l)}HIT6T*f11dyIFs=T@z3cV)^>JHpV=a;F)8)na3_bg*Ob{H}nqdoI&kI_pwo zKE-h@){Z;MxXP0fU8x-Rkz);_FsZ&&|EuI?71)~e^~ajY7JVHge>=H+KSyD-9ku zpYisYH>XTe?sF^N$rEX={FsG8jDQc2;@!R1{xWUHW?Rv@({Z~HnrKIKd6az@w@@6L z&3C_K_U)TctK0`(x67E+Up|ZWiHS(YF)AZ)1FGv(3BSt{<8*-p*QMPx4@2#4@m|*9 zau1o|GZid_2quXswr!!285Jb|%^Xpr*^$ho&C>)*VMEl@WOSb&{6-*k4%dYS?5j?hI_Iad@h7|F&{8W6@c)9E9;U!a*pE5Q4_FeeE<|Rtz21cZ z1-S6&X{37RxZ3+VD8Kd@OCQVh475Df%2B}y{X$Yv@b?;9*|~%O9hvKUY~Yuwp>mzX znp~oSGzA-NPJJ~5+$EeGD~?~b7X&o8L5GL>Y3XX~6&z(7IvN^qtJssizl-XvALr)h zO?8h_F8haf%^_?Ie74FO&vY`CJezBJRGS6vb~6HM^z`Z+!*54eL3vr`Xy}1br!hFe zkr9EbXVmvvjcpSVF#hRK??H_Fn^UA*w!7lg{VY%QJt^dFFxctpcR1%HyO_mMK@{!%)_CS*&`F%G3n3lLxSoIw zh&hYRd7M=PweFosRwc)7;MhptdoQR<-P6q;Q(*_LIyQ3ZufingfzsttK@N28XTCeX0L(4TYv83Y>*UII(NrO2XD;xY#D1k5@W_G z&F|6F>zA^h;ZVa$HEK2J(_gRqvB+5_SXRBrADvc-?!$iMAIGd&NWE+S1dj^mgN&hw zM#C~)YyBNsSYASkRW7rc=@s99;8?B_HkP;ahwcmaPMF$g(hs4-IaagUHlsCetlcXR z$Z&0v;}`cu*!{k0(qu5{_5ezJ{{#-d-HaNrdf?e+Hk-U*B(4sIa>PdIw%NouY^}~} z85fNC(eT^2xcU`U{Ch7h>q2yA9oDS|5-x(jfwExaAROq!P*}e(n(1{t%Ljvcn^~-B zJ@V5vHZq04B@B*V>7~8jt&rN)n*x@gVhXARvKo z|C&~{PA+tN{;h0{8f#0#iiL{7{AxjopoM4yd{YD+kRIjZQi1IRwrcXmWBzv$=` zI$y#Wd!sNW!;@=uIm_k~D7l*aPo!$9z_y|B9C+~9Jk7RqbkuT$iu2`^T4)T(+z1@z zlzc;ImJ_Kij)(jSp6UX@9)7#hL>S(7tck$h&IQx2!=KzTU!S4D|E3>?LRl|V$@=KqeH*q59{Lc#&{aKB! z5|H4;E3a^_( zcGHn0s%%qpVKjtzNzNbpD1Q&Tg=?!G`(6?XIqiO3R4c(Ou$fKs-XSwCJ}B%;V|*qU zSaX=H-re=!&(hZNtVnRs@7m86W3rgyZ%KLAbq73Cqde|o1fP~CngFZ>q-4j@rfx;HJ$#Y~0awZsnr-jha zSQE2coJ8cpga5574@(OQ=m-dEiq_AIfK?i2AJ)t{c&O<6*QF*~;R23ir9HSHepZg+ z)smcd+>^b}O9tbfas7zk-j3fkEJMh@7$O$!QS_^(56YEfR81$V}J}!$_e~HdBuK z4OZ&$xOd*JSU+C>+0IcVI$mqNDhJ^0d44#Rfp0S~Aaj#s%@dtLg8>I-!{ndzO&$LS zRCJb#xXf>Ax}K3??07tF*VEu?(g+;L&?m#n($(yh2bb~;0ZyOd;^Lc|n^W#x3144d zOUrU+YZr@Jp<<$V1p8uJwyHjGT5_^&>2fP>Z4l3hYmlfnwv`DLx57Bf@Ywe}tuWAv z6HE)f2pq)Qe>2bwSI7{U+RO~P(F-4hF85%&FEJbVFU}y>kb;CrT5Dz`*+8_){;TvA zF7L;C0{>md0cH$l536a6Fwg9!P_Q|vRpx@2Xl+%-0^QFhHCr6$0lVR$TszC(p5*>* zrlSfH6&Ml;t}U`KzD#6HXD`P5*rI9HX;;;@<2%nslon@7~< zMv~)-<(nSwR|griy;#%mT$P3T`Jb1tn#sAMiR znI~9GaPS_#7AP!LAg)FX-yi8(ls$7E-mbeynKgN~F3CJfs{qnm0J>ab0|_wmWsPCu zv{3;r%I`!<@C?3*nXrc=8EV&^zM4`QdaDUSIMZ-Q7|trHaj6ceX|W}_vjb0dO_ZSl zBFDPZgHbr4+mg{_PPXn#wty?p7-jjN|1eu84x6yFa!q~nZ}6zCi8BOti1f44uyppLn}6R7Cr zeAq~oU3b)e12kR5K8`HuvQ&%f*8|1o8+QXhZ`g6+iFVp__;yxI_?`@lz|kg zDK?rf#`)Jf-GsTfV?Gj}t+$@dK8KnMf8QTIf`#Z#i=y4Sk;}A=-}ABF(HVX(-?0yy zxGp3`nW-PHQOl@7-SMzsrq=k$+-id1gHEO>ZC(b7%n$>vjjX>N&RK9N)0JVw;3}PX*u0ixX5}%~q?VO>WahjZa_KCSp%G(Pp z=QWb}*k5b#V7pstyYlS!;4Jx^o!evkXzz|l-UeeM(SBPlmkG~!fF?lm1g9|Ls2%XD zk1`aSJFLR9FT0_)R=#2_BImfDkgujaz9T?ZnDjT%v8i|PeoWyECs@o)Z|V5)TP}H% z6gWCU73X8h-)^_WTsS%U9XaXgE&MF6f1>EbciKLmj@o+f;0N1j6Sq%)#*Y~bQuG3A zb@jFT*GLrnZIUWg(00+^rGJh+0E_kM|J{y~t6|Q#BEblT&8@;BOFpWtW}gNnj`+$DK(pKCQe7e@4ORLfBm)okX=g8Ae&!AnWV;j18$z;~-eG!sZ zs*6CCxk8t-hWMIN<9@WC-iF8iiC(|ya0OP^58s9(&2Y`JPU{!;L`KFshx`4wTvqdm z6ZbJWOxMfjkaLX5PtUv9U0h==k!9n39xHBN06u}Vy<5k=W0%NB6nHnGUm+eUkY=uAi>-p;SQ;)X@jruzrEdmm>(?mfeQ=o*0p|aWr%Nw}c z{VyF`$cp}ihX57Ljv#5mP{Tn(Z*sU6IHKR8em&gTbYNnqR#$}zY7&CV2V=zBfZlzR z;)<6%UhinP-{`da{Za7Y=BNc2vV+OC+IsV|Sz_YxzD9fJ)P4_LVbf(20_qx484dg{ z`mu@K*Bno^c6)O8y;B$s*4y3f-*UTl6)72-2(&UJXU}k8dNbE7EPeaKVI?+$E|>p{ z5B5fv(sZpxt-eZ$EHIPil%1=0lr=?W$n2_@5@l05_W}wLTzISqdvpYd1&uqPqfB{( zW$d7&g%Gd#;Xv9N;gZoH7&Ed2~qM@{09Df5?@9@vKtM5c5mPAvO zLV+C!GTwpJ|ER;$*F=7*2;p#r_5KfzE&M+@wo~9l`DNH3<0C@OSt4N3R})PCe*)~| z|3`qW+=PkpVp)TB8Mia`%@G7_jgi;YR8;Pt&j2;@c(rAczm$)Lp1uP>BxjwEcK@zS z8H709*POcIYz`ZB+GJXK`s&(RcLf^3!=ob^8JTRILQ!69OA%=!nF7mqN7riwBfY!; z3hB$gsd->F2{{P+3Y;Tdue;vn=B9&?3-ytLpy(INtEBIz=-gZ`d=avER_!or%YW1h zG})^)BH{&qCA65VZ^!g?s;g8a?8iL)Nud`cESI!touS{C@ux$Aer*MqMt}w1E=P3#IzL}jQ z1)gR*|FvO3AtNEnK=UGNg#Jdk;UKUCBfjyv$Sd#p#A%JksP#Ah@8?1J&WnbaQUA=H z-U*&!AH%DfCFt*WOZgp9tXe@)78>da0}^S=0=HRF@}54SCK)@u)4miXwZk;H+)ZX) zxiUoIF)djoNM^Y>-t^5Kz>?|N(m3_dKIh#HquoMmD$}jdVZIng@b;8Z{Bz1f%z-8x zI#AJ8!=OOb==%}=@GgVQ`v^+%q_VP7NAT*pbg)W}ff!Whw-kmWluZG75aS4^Bha~(`K*E%EE)Ty~J zb-ov&g%h3jC(iC*+SOjj>H){=bd#hOz!H;X$blmWCDU5H|uy|0my&NGfspl{S0 zVVtS4w3&2wF@n^5Is1xFO5QtN-2Y7!Y!%fP!X7vePI4iEK(MM4ID+o;w+GA17CTO; zsD$EjXaI%-~hr%{P*OpRUTJgBGFnU3?Ye zHjUOIkL6y5c@2Rfao$0zkxs-e@vVNNTr2)|f+n|%YMT=JHB%ps&EH~Q{9vtAP5)Vq zeH1^B33#(pK?f#2{?~Y0X38sqFM@d9)mi&B`jca0t3>}Z>~FjPfwTd75W1H;Dnb(`@IHv1-mchJ zD?2&HsJ0%)qZyodV*$2Kq;}sL7TttF@yh31({IikVNwYE%lH#<16xxIIa6bf<`wek zJnHRz5xktXZLGJFuXHK4ZN2M``z7eDsA5*bJXXng(?b(!&L@y&-r&=LXw7fK$8mOC zz#&4$RO66BuE?PECjYV(=kOf+@E@aeUAS;Jvx4C)wM!HP+yP5Ex){}LC&KEQ8arA} zS5+=xNS$phA3-K6>{R(LHfgwuh_Z?QurvT~oB0qDp!!yS)S>Tn1GCwkE|klo5(Zl} zf&0XLFJtO3JcHl0rBnUCh21z418~TLy`6; zbI*Q1a?(EB9L`&hBz=6_lzMnbOgH`Njl*r);l6-f3kxcH6R2-h#gMpAcCC4vy%Bf;3~99`>zP8z!vk zCwgpujXdFxAR=1VX5gc(OPC_#rg-vp|uE zCl41_lSHIAJaJkYf)Y-oIL{?1ljNnN?lvGi`V^qkgbW@dQSAvyv!oECNSouA^1Z2! z7$QI&FJEqY8ozMPT5bn)kJ6jsc~vgHVxj3VMueo0VahfgQa`-x7y~SKR-*=kF+0yA z(w7P&z{Vda9g;i<+KRxw~iyfB(2o`yQs9Mw^m_1SMGdCvcfi<+gEgZxQ*?e#(ka@&Y|1|A`L##X}8Tgby<8 zA|&1-XmuyJRpmokfp3ZH(~P7&Uf?H14<0%Z99X(6Z>L|oz!{Q7idQH`un>g|f9aml zB!6`m$9ubqU)bWA(50==aqD>r`vGCJ>8mB?FU^&Bhl&K?e2xNpB3ROr%im{znsvMw zDvbM}d^|!|k}4DVnBILyB{yQQx&Kb^*lRd{J`Gmw6F+(9f$o}!*npFj zszm>xtN+Mft;Uzv>epF=m#0M(ZiRGp7Tf0M#UZ$ai@{4>4yO;8ZsJmrJRjEhN9!Znvz#?;XU^r1jYt2@kEeP^^A6^l5v%XGc!48q#w2P; z_wNF5sk~VB7mR+f$dI$$Pud(F7B^-e`6&#vIZP%9mP}rP9QRWQ(_m2vbw9M9I7CRY z(zbH2GBxUUjQ8G*nMZyGa0@mzC6Bwb3xm81tvn{>Q$fL+<&V(`Lby?Vz-x)?bDBpg zqh19IlC-P9W06!Ax(tk`MAS~z{=Y^(vXS{iOG?W074^MVz4khCHUWb3FiyNTTFQFI>yezxf9uYGrQKkAsS6ObpO3wIgk5u`x4A)mHwfzQ1 ze5-#8dil&pEuk`un%xrM10tZx=@GsrD)lyua$(3xfa57LCdBl3u-_UM7Ula$Fxhmu zN-3YYT6A`uNxzk5$LHa%!loe8V54Q3;hjCJ;u#7~jo<k3hb18o`@G8d}pr>7PQ-)z`vQl}! zxtXTZbib58?h%$ANn=Qc2w4}?W0CNi$FZbPnhl|gX6vz&QA_-N3>w+iK6QrkU{BRW zqY$p?C@hK=i**X~R1yjv6PvbIue zW5`0n-LhcIy(VN)@&d%f!gSOq`F=58x8t>DYxk2Jeph1uA9slg0?RFDi3+!#`hKP3 z4bFoo&20H!>M=kf@@1NJZ*Iwix5jltquTSq2B+myUyaT|tDNwgWliXh`~<<8x~yn7 z7!wU0CJ^~oq`qTmjGCH3u0yd>rd_Mw01D??-Tin>%`6Wrk>~Za2w(88_t4=f+etAw5N?WcZB+3UIT^D1py_vS=`u1j@8i(}Ouhh?uZ&Tr-thQ+d7I9Uo@v7Ju`0KS}JDIbVn znqXZ5>{+hGxI*G}bL6OM)SRs+z&cvlVECajpDWD8h_Cug;yXZycd$Uku?emvMrhxc ze6w^Fx2dGPs9Vbqh;RSa1EO|Q7zH^i$48NA-9mL+q~tIdQr@b64zXD_Dl-zr0wBFM zfrH_@Gpw^*-l9K2j*)S8eKkw3g?!meJq`OP;6Tn_Rz^7>$;s;lr^zPEJHFXgJ`RI5 z2kIgfXV=THXm0*(Kej%v4ak z8oY=jvKfscDr$`6d3@cE3(M8s5Qi;0y@r4!dl-F6U}8KCb(x0IaFkVo*KvdF=}U{8 zA3nq92^Y$uv8(kn89L^a#5mlx&Fiysu`!iQ3TpJGcnhQNkWavrc%`h|m{isqwX9u# zD3<@LXC5f&e>U6hB>PZ(%3DPsx|wO51bvB4F-d*bxJ(~pD)aeNtHq~}AdQ`wPC@_0 z#KZIgQ6_d(skI4Yc=P2j->qV*fy&Ls#;yz5L}T6wKZXM5+cHJlg4F#9_sKA6SFz#w z6y-wZYDkl<=>De+ZP?IaAG#;nI{mlBYeZ?3fyx!!ZO;ZK6!-THN9D z%Z=~S@Y?)#C9=|M77bTRv9?BjoqH-VTDzF`g-QeX5-g}&bh*qNCcPu&M^@I@JzyEC z+&q)G6*C_k=d9JHO15T*aXSYmXIE=i`x^YzkCPg;Wkl|F{jJ-EDh*0GmI~r{=|jUf zmJJjc4!>8K<-&W(;{>#a6h2KO<0+eBhRy@F$cBa=z|CthnwSE-x*v*dt&i7&Y7%_Q zj@KMToi*@P{HD;VodDk#b|sG#miUNtdh2OMJTl`(OlmeSYKmNz2LI_A3k|Qk?#-7+ zPWE*3-4{nFsBP@91hBNLvQgXiFClCXzN1TLH?lkl8mL9%Zn>!3sWdrkE6$Xj z%K@yJ*s4qPksrGZ|AZu5P|AS9Cem3UQcRDiL^eJoGtr~7>-VwTJND~Y((UUwHx zkLn5)IN}Cp=UE6lCY($Z9CYRCV^(*%{+c%D{z{~lBchya{?Rq1Y@5kb#--~mq5Cf;W z0$n<%hp07IuZv68b*RezcqXs==`XM)BIMpR>*Oc?-6Rzs`rbUszg#Y|Z-{}u>v#R& zb;n)2DSLBnR)_Dtl0*_mc~0~XM~3#qVEPfJQ3JG69?KQ!&IVrgJ~O83PfTL667v&zj{%r-F?4jfdMj9_i1P zP7aqdYHvUd+T$rj_m;K|Jqj)PDp$g+Y4N3}Y;R|%q;M;u@A3E-oWIXa$0VWtLs#vy zvBWs_bL`cx2G~1qLs5*C^BTfIDVRCuJ?97iKdev`7P)Ex|d5lPqg0tIK=pltN`5W z4s85I*7!Z?60A|Ski6#+cg~->r7nN}mYV*;PUYBu2oK?YDfmwzl7C|@2(&dE8z}Jh zG$RM{`+D!dCpCoI6OX;i1`PPm$-?ITo>PO~cYc?{0+ZGV(SL0eU0_7_$8cG!wZaViubuK8Ht;CelV(vtS4pkBXI*ATqvw*zZm> zS!PS(x*_~xtboO`fGh@iyhxU5+E5jc?rnb8nQn9ZMA0Xd8HpW866{nR*!?{&#B4jH z(>GNTq8WkWusa2f5tHn}%QnkpTnE&}N)>-|>m$I0prgW3!|I+|z>Qx{jiSyt=3uK2 z>(!q1f~XNt;VZ=8WnN85BLHvz#DjZ-nh8cvi9me(677N&Ej@x1wLl+w0VB7+6UUgm z?bNz7U?s|GHG~C8Yac)t4yj5#l|P)!iLy_M2jm`*BC|2-7@oSaGK=Hv*Zgmvm04^S z(0Ix00Wh(hfG&s_^zm1&Y%|5k7Dv$t1Q~-5&sVrzySyuxla^Qhvmcx`U0DuRVLq-z+ z(T+M705S+@ECJK3O^Kr;8NmK&<1SYuB7N8b$g=J?n|aR`33?31o5NN+*@DHkC)VWc zBbJealN93wCQ!fR&>cZVJI<9pkT1k{w<2iZ^BnxnO7KJy81PH&GgA}0ZehnU)II%= zvf0&lE#&BU5f3=^?srp(X@KLQA(;H}u+GSF!tgTk=U1EiAIUql$BRyh*GnFB0~f0< zaU{Y2rF703c^U3cWGevPo8Wi+Z1;zinO+P>TsaoiQ*Hp2%_mM~T-G7+n8Yc#h*&KUk(vOMZ!Urz= zy${6}8QclKbp`)g)C)hs)@y&-$axS!Ed6gM+e7Re6d;ZQ5^1?=#WK5zVq~r-lW|{9 zK1gZ#MriOTBxOU%rbIfnA<7sJPJ*olLmP?aH`b@Of&U(@-10dkej&OQ!8n)CUUQh4 zB#nGQ9Ft zRr4vmw-?99Jv-;HHhwih>Br_q|PGP79PmWREo_$mnB(Eu46r7|`i#VJd&sXYH7zjO!cF zkw2O>f55wM>Ahxe>pu81D{=Q{wp5|X1l|}C@ra;<$ugH0P(J|~6txnymM%*Bty=7B z`D7;*XE3HVR=jkh4&CeU@%loCpEEsMM1-Lq2x3}eO%7S)u9h4>JSbki6p$6G2upv( z>$d;xoqg91Gr%Z6!F$xi`@g764fhqo;T=MN?lfCod#vHBcIy5gCbRn?U0q6V3s~@D z_qxvx0`%4OR7O~_tEHx9f~Vy)w7gW1-^|wO9u#oH%J}2#e4lL5*J$rgOA@0zgCLUO z<8LI1Y~PKQecDvU8iw}$(6g+@!d_qECgH;Q7oB(tjLcq$53`LtOqi*+R%xXxFO1zr* zLZmC$SmpE)1j=$rTycHVBrnxHX5_4ME29|;CV%Dl;IHfQRM^z4@xNqAmY)o_7(GQd zsvem|=eAq%b_X=>(dz?hC%2#DW!3Fc46ggH2_0+TP6C`2sShb1bYMVdF%KzD0$3jXlC(yDuokE%&jVc$}!Ye8vn&){Dm z{TvWQyw10XEK+bYU1&u3^Y-PKj$?3dW-hWq{3zr7-G){pdNF3IA5OUyS^*! zd?hw$KXZTKobW4~eIz_vsHr*2^t;{N(B&td)CH*Lhnq}x>jgj} zTqtUc72MisKW#gzA%6a;fa$F-;vuH+^!a6q5%nq_LKrU?1`-OREuA{NB!cavpKogA zZoY&gLljHIL&U?cAn`mZMA9RY3z=4ZM( zIcNtTg_u>!)9_6)ij#(%D|skIicfq+hhq7j438>@UZ z#vJ|}iN`@d@!@=utk=*&BF~c(_i#dgxqV~a zxftKJTm$dNCq@D_$>smeP4mdYy}f4Y{&Kg&`_7JKIsgQ`V<=RylFqhZS_FkOkQJ5} zGa^d<1e>YrZ4B!GGz5mTjj+e1Yl0 znvF|9vW6A;z@r*Mju#%}aB*(TK;$=O{sSX}m4uf@@mWMsod`8jJha4!WC|%e3;Z_r zx2a&B0{>oxGmUUE!KUp6Xaq{b0QjiCVV`kuu==5 z&GP_IL6AW{1HypeVJwqun*cVY-_JmPABh(XARq#5aTZXwEGSQ1l?4=#i{%QLE%}cfuVL2ruEOny z?nJbN&3C&yjVG7Larhkx>W&B)iU@#2(}EX*5ILx7GyE-QqSt?pW&VMtsGPoQ`BTUi zW17-rRlb{ns_;tBC$9eBj|YxV8w7GoqOxFFSr&0ziG4Jk*DEv~LbF@M!*Xd{43H8@ zo={)_e2x&Q(7|^Ir&2}A8#>i)HEv@h(l{EsjzpZ*ovM~^0e+ifW@%Z{U;;D@VIf%v zxSzrx2g zk>vA|tZIb{PxdzjkLMW9&g){vZ1;7~u`e+=Y`@@#S;#VacyqKe*kIAfDAKkqu6W1m zkZF%FO&sOSOx&V7K5;nF$>ASev{YjJ2zHcEWa}G~{VDtN=g5p%Te>qxfU)*Ot3gE? z#0SPJydVe=bf6ap1WN0W{d+{{{PMv%S%P%uTlR5VqZ+qNOJs}dKUjaCHwl7c$Uhav zWRDR*%ToA@=6QxoX7>?L@-LH<+`}l&)U8a-k&ou(7uDtJK-&B!UW2DBoX>UwMt+0# z>h|iEJ0MVe1X}kU-&rWOJ`S73)Sf%XXrjLFZnDP9g9a>#8LSB@PJF20B$QxJ&O1Ly zK81wXF>EYO5zY43&>(P4X=E!bF;towx)vkO-rwHCD^<@q1w7LNI9QVp$U_0qLBb%C zJor}eXO1&0Gk-|@D@Ym|JlE6D)2%(eY(cy&A(3qXO$8e$M zYA74kmL#oNJx5pUZ=hHji6|l>NT9tS`QItRZ}f%4ArNB_c?nSQUHhKHASxhmU4lW~ z2gR%pDO@7%INErPM10!1!M77-$R?*Gc0*+1Ufq7-Ts|%Hxw4n(Am(D_xhbJXd<%c5 zV&%2330>S%xVXF6_|rolS<-68aOgtzJrR;DD}WiR;tqxb(jsyQ3@Q?Z*_1FxFSfdo z|DYOE@QX3q+*Wg2O27Bo zz$;|#d#^gcBA8f4WTfvqB`Lu1jPC^=h!EfLWe)eflN4|HsYsFe4o!3kE5M>U&1lp* zm>wad?-Z3Yn$6-BM_G}v$*piPl=K>9dN48_A+5Nr=$eX*L@(fEnp#mM^89^{!A@oF zXN6~m5BiXlaDhVCz0{~_I^uNEMw%TC1g}_ZzIjPbyr?V^ls3yB3V9AWRXcG-;&3Rd z^q6j|?yvUU50%M$Hfk#?SKC~VV6b)382N^~(Yr0aQ&A9pgEyFoAxhukO)s7qJbKa$ z$T5kJ>y-UV*hn|cgC6wW=qm`9q8}cT;#^Z%_HUsr8*Vk$*VT6TtCt-t6EcwydI`-- z1ZR&$kaU4KW&}wHW(#ZQmZ#0fL(34% z(8M}5cA^TPseI0TuYIri&J`<^q8~!d=`9W+h!(@EY|U-n!9^u-71WtK$2&&c^&9r#<{k?lO^`@4Ju4ST8o8{66A1WL^IsoOj{ylzB(0ze^}h~MjYsUBdn)>@rQ$8!i`@v4~-ixa~+x)eJ_ zWH_3|w4x(g1435}m}ETX-hs9yynoIGRsHQBVv&rn8G>m5r*WxaWty^$5KR&oo4^Y) zCUB$~N0XPSaz9tIhvB;tHBw4y&nN`OOgNZp1%Wz$?*8SdmNI$Nx*qc=C}fD8L^ zKhLCWx@62klt#`5?%(Of? zjvXX$mK7E41IhyLPF5ESCE_e+OJeXj8Dv}+iJ|BRt@|PKrgl>3v(UC6ZFIBr))1Q} zzWrEF`x^ph#!yv%$aVKY$6)4@jHZCKGhNGyAAa-q3h41M!9GT)4@<*qJRPx~s16ud zaab4ieXYc&So`@kqe2qTK3Ll*44S?|rk#0*kLM)VQ|{S~fHj(Q?-C#) n3mCH7Z*MWOp9>~l{Xx~eULyRQpI?BNM}VZnC4DRl(!7U-UyA#~q-2;K(t|55v-~oc$&v&2iLv^3k z-K(nlSXJ$_BUO}S&{2p{002Ojg-WRb04(8K6G4J~dvY6|*8g@xc82P@0RSq_e+>r6 z%zpap8hD=7(fc6G9{b+7~g@0A>NYYp{7e39FYe-iQ$0V(oM zYIsOsHHqi|+(bGiN@S2+1ZBZ8o@yVKv@|@)NPYxdTwFj5o+=Ak6v{8eUCP3^;G&4A zvBxc+BKx1+xBHVXElZ*Y)mJ%9(}>@Z(9)pXs=NVc6%yoFzk`PdhPHOu!~;=ioBPb`S5_rxVhO5pu!56(EIPt0|7aA89p$8ehMWXOnxE&#<7f$0&IkU z>S?VgX+Vbqz_pSefB?T(0S;MhD=1Lk27I3ap*8|YXaI+5L?|Nw?*o{OP*ZyYAsGPf zhf8hY3+7tT0n?kNG8%#|{_c1G#6N`+(&;4R5VN)Yc$ud*)Ym7nd8z?fvko05+#OYH zmpG}+m@BRlsz`|>#zES-SBvdUmPa_zOEsr*2u`u8ON`UqLRBarsJ zTkAu8GT{r6pc&|w07;-&1dzI#FjfaiFoaFklQEgFFNl-zd{?yzOLoR!>(^|@5OKzQ zFh$DkW9SYftr9&NuM351BN7)C3$Bw1}k4E6CQpqRsLOIo$R%kx+1U5ryIQB zu>+;QBlE#~Nq|ks-$Qj2bd-KU%fX~HJXkBp{K#-2s{Qm-$>s9Rbe&lD1B7N=oZ&i9 z7V4ka@i^=tp9skTej4mZNiO=11X$UIVvRZMxes%WYSf1;6A+1WYGDqcDokZQbLa02v(z@J9 zL#)_O_c;6 z%8CMrB)1&5c9Yswij^4RPP)row!0GY0Yll>E5E1>+;hflMv_t&G$4|Y>IZ$6#UoS%`!&ej$ysl-dv@ank z=#uj4bu2qe&+Rb^$W?GE+xYbD;DOYa{aNGr<3riC44Mu?6B-S|D%upG@F1^?lQ0?k z@al!Cq~Q;7$r964)2~}0i5;`TMT;L|KVZh#4jJsw?0g*hI8;Q3Ku1X@uXv<*mZ_%L zQOZ~qp(dw>_Ged3R~c4Whf=aqRqjvgAN3clqpcNfMD=^W5LRnjKeqasTALAA zw++_*I7|MP?Az%Z`z(Tp9=?oGMW#pQ=hp0sE2t&7kvWxpCgwZ%FYS=sT4x$G{fm32 z6=$4rz&1xcYhK2hz`DaN_$negQa)&$?W-tT7Rk{1$hTcN_iGo!t!&5EJsrE=JBR{JSSDhFD(98j~HvnOiTEY-J_ zcvaq-o)d`Ph`Q$Oi0%mUZ*Xns8c*HC=cj`w))Mjsj;svRa4=NzF!Jj?l&*K2l7(rr`fK`KpZBg>jo8B)h8$IB#I z$z~_K!r#f$DK^Arr8}{xlcOW+AWsTmW2)tIbm-Z9I=u?t&e=xY@gYcOA2D?PR4~>5 zFSHE5f(@HRFil(`LP;Ry?|TqaIerZ7C5{(u9LlGDvVLnS_F2B!h+mQhOyo+JP$tFC zNhgWjyq{qAp~tYqgxF|pscqFe894??tIB1bJe_D7 zTTS54KF@nS#qP)6N@^_$lh&;k8X|AXm=&+c!nzK6G-(bzv$4IOEy8ji!5q){38GTc$`SkimdX@d_ zB*SV~aI0iTQLk`&w`JMr)TEG@MzO{}jRy_Bv$^#a)1^Dd*)tNK?i-$y#Z~?8+h@_y zo>fg4O~pm4MaxIo$EI7c+Q`boyR^rThBZnbT~3GL=HQ+YsWDoYIu;hm=0r5q;(sz9 z%U}#s^t|Mpd$FSPp=-uw4{cLBOMTisyhYx;B}W%r@r?1Q-a?$G@FcS)W4DvYyv+QN zrJnhyZ>Ha=JRv&!^JwGqlgugwW;Tzo?kBk`jZxc`!=U+O>&xkwoYWj&Keqcdlhwjj zp9Ax$O*>4d^G=Za)|~Wf^np;f(3HVtyZdG1>K=}EyLM)spz+5e_aot#{`*eZ-`g1WCBC`JN>a)}B;O+G${<@zl{qxj#*RmJ= zSxvWcxA8ym)A!4g>*0%H`Y&t0&e#0yzI)|g&92GZB7_D{za(DAV@ke@&xjunLk~O7 z6%d6$w#8hZ51+~;r!A)GatU4vU&d<*@Y((D7LS*vX47X2zFvM!?)~_s zQ2!8l&!{&yr_n#H$J0KqH7~OBqD@TY-7jE&hF6>WhHLeivd3hiThXCNg0RTrP03etS00d4+#)BUKnB-?!srMS*D<{5Q z0i=Vew^c`Hqe5B9{dRcop%U1t79b)E5X5}y7t)TK09q@D2?+^BBTQC&6X(c2#*X+9 z*DMVY$9u3iEHVvzlGdkWK84(~+RvL5i|g~;^EiBr;$rcG4vND^N4HhCJ_Se?s3rf7 zjb8=Zx1*SSTAwcB{oRF3^ZOxQLZ&oQQ(uzzhK7dTq2f;nKN++c8@O0vel_6`aN6j0 z7tDFZp|s%W6i@rgZtVAORz{|1RzgN{An6o>D11`?L#<-L@tiGw*lpAIHkO$8sIB+8 zruO*kjtC2U;Vs;@<|@yEuixRiCs`+BcSPT1xbrrCql4ehMQv?uDzi2URUekTD`*hQ zqk1eq!duC=Xg6*Ij_7n05|U@(!m++^L>(vst~ z@hLVoR_uOMSwqt!e1-!B4<}sTv7_XzgFyo0wMNV6RmR%(#)D`>YPTsjD9Hsg)e8Uk zebcUK^a&IR>tQ{P!811R>L5UgKjNbtig|Tcm(TUlqLAlF`(B#9g|6pYpKzlukLMK8 zgBxG26x)Q}6m#C6L?vMQoZ-Zbt34n3m#$YeUz)OKd^VlIY%RsVOfr#w^9wh2Bo7~7 z=Z-a@G(y1r)d4EpGM=`=vZEq&NUmKYF~Ft8pSTDFBtO(wq%=P_1}nq@XLrVgaJF&9i!pR(T>&vroItyZTHJL>AY-q^pBHK3)e_E`lykq_|kU81g({nSUVAoLxB&rhdbfKjBF+ z8rB1~)1nxwbY^xvl76**|UmqpE5GY{7{M)gRCllW2p=k9MgN!KaI z=;pMTA0=k@B3pm+S?872F|OD8r>onZSGRGU2IE{*v@QxLLrJale}PtExcw*L&*>@I z%)r_#NggI)8@t}0Uq%+0P6wNpaGfYQ4YdWd2Fu=$g`wMbOY8f&;37)m!{#Z%!*kG0_@Wxa(~^hZi4~YpJI6X;OJr?fwT-GGHd^cre_>(l@QW-G zD3rg~kzhoJhh=4Dz3}et>|7z^qo$!gqJDqn9}xgR*YL&+7=vry7l;P{Sg)`F_6!Gd zlhx;}{-e;0p3nLbF|PkCczAdwvLW+{B@8{;vXm8db({XL&t#@1 z`7saRpInKS8KAk<)yKDVk>|N$%dA!HEHh;UPh$l}R`00gEahB)fl2II$Y7=o$DqVT zf=Z>)guWdighNy$B2eieTrcT)4tf_^npIkyL!`WZqFx$E2-WOAQF``RqW13Wr_yfU zhRc_c7)|49D6XuOvxAtgcPa}C3a*(pX#fJ$OUve0rZ%85%I@=NQ}IjZP};&q>;y}Sf~2?6)r1~odNlxdyV=%a zZtXA`=GYc(NR;3lmt9m^bwTs*A3Y41w6gtZ8%IoU^=3i-+)eT7ff=dbw;jB;0n4)6 zzWEvpnPM9NHg}c6`Z8OQ|AA zzw>@HBr2|S6*9F5v|yP2FpnK^6lzVLs*t<^ojcXl4%7ZjJt{@aCVa&pr8$pXE9g8p zn8c2s0EXpKjLi|f1?S8*S9Yx*jX|M$mV!lBN&--I^8hphkKb=GPM3gI+wL!j_p!33 zvaUvrSIdUGl)mVc;-8Z*>MWEtveh4C{~A!?a?9DSR$5M6RaI+eTPa^gb=EzHr`^MV zk4$xtSvrIvVq!<7If4Jaw85RCF(vot9Z))?)2Xa{>%zJvil9CARZ33G`6sSotXplz zhe+ny6J)N1Y7F>=#oh8D!QM^nZH0~cV)*p52(KDg@j%lMrp8`(((c6Ues@E4EC{7W z8lJ4ygm6nxKV&C6QUzU(R&L!)$QWMLV!C{&^K66Wnz{Hy<@an)E0ZNX@XxkoRjtO6 zzw<3r;b=xYSUEl2^VjRNd;UB8&5fk)QlH>v_2SmFjVs!agg%hI2okCcSGj__C<{fq&89Q=jUyui>Fa z|7E*Qf4bj~MK{b}ZIoEY{?9qePTkLu+M9Yc$4s4;JvUGyvC@akXw2)!7)b0iv$5Mn z!On0>c^yG*xrE6`Itk**o5@KN&_)6yBRX>{Yic!ig93`_eE`+i^Lmv59Adok^=TYp zOLA#t89qwwmf|Zj-k8H={o~CqUe}v>pF%-@A7H0@{@wH>>p%E(na^&xGZmC3S6HxQ zM3g3R^5!Ve6#}5>8+R`U`2p&f!`3QI^-&$FjXVV@Ue?Ks+T+S!(qDLZ2i+By7TuXl zn{900$90%nhU_jBl>y)Vvwib7=^wiyb}Up;3iegZ9wK|9#M)y^+K%)w323ZM zWPuGDmgNOhzge4Q>n{S_Et2v1E7$Ir=$yw0_uod=xv$@DU$Qd9Doo&{@mB2l5tYLG%S)cI&}&ny5M8_z zLNMp!*J+B*t;~5?KTM#zX}hV+=!F4{4~bNz47ICXY=`D zc3vsn?eM*o^f-QY{@7q~R<*b%o(DFp(+0fShg1yA%V(DF8 z(|5x{WgSytROcm?CrE|)?l}Y`n`9}SNTZu%DKXMYw%%C^^W9wDNP*V;)%$F*W>tvf zm`Qz908o*=@%F_|1;9BK4)udUs~^4E=()}pE&KHSq)WPqL3mpN7L$@Ag| zz;QeByvq0Sqhoo;i#|cII`WV^|9AI+aB!*}$6+i%+G$*@+tJn;TKlA332tL59z*td7#G3 zbYIk-z8l|pHR~KA%Hpo#CHyP$xSjRWio8w?x3;3P8UV0{cCH_S@D_W-kpKbi#(WP& zba>{V0z0gplFARf9C>1dXqqU$ABLOiUfd45#O|h}bG`rG__OP`><;3YK_E+Da>nR^ zG6Rg(F;E&!$PSbDjzr_cI!-5m+d}VIt9bpfex=1*rh5mj3=X7wQ*G3B zpZ>$TOg+-3xU9GCIK{lw|I(I(%3Ih75OBWXkvp`dCnZLCAP~E2uJ#7RlN!@(j4s!z zfWI|$d6)n_na}s~(iJh`yJi|yAi-jgq8cf*>YcM{7Wr_ z-n}dBCCzuyiX?F8pBtBO?385MBEPfpwi?EMY@-gPSE-|0vGk9HivdwF=l1sgg)x5! zzFngsHuit~;q!VfnGXo2f`&0_>Fp#=@K=)d@aR?G;Lnekk`L28C!H$~s@Ywl zNmwc2U%UObo{IeMyXb>bCnFf1Xfatok>$f%>JeSuKT+1$hYt^rPt&>V$usv)o;^Ts z7{Kpg%a1EED>JEbJ%PVV3hw~9ij%rnFF&O8nv_UfyI;mPn)l1a63hzFBvK?z(fjFJ z3h%p64X!CjS;_+(-d3evUvY2yzZw~Ge?CH#$KcdH70dd<%hpX%qWBxmQXk=$s@g78 zh}I%c_jO-biPMW9`LVUat#@}p6tOY*?v#YU-foNn?eR%-wI?KW0GOT6&46;lRu z;32r6ewsoJx3249aAfo*XC>arzr5g6cDWD;iU0ZTCcM&)_{$5ncp-zDqUGMf!v|QT z07spiw^iR#JSZYF4ddY(uV%rvzM7o^9<6dZCreoc5QoT5@YkQ8 z@lsoos%dakOYM`2?}G6HO+srcU~QiQRirfyEj10ngg5t+q#4r$Gaiab7810PYO-48 zG`5G$?4UVb%?t0~0=f9%X~?{XW)kk;j%K%C9eY5wo0Rm$!xPNl4yvX`WQw;}bxgwD zQ$gu0ai3mY?6PSjt;#=q!i+IAuhB$N|S5#AWf4C@Tz z+^Q5D+(|7Di7;{k65&7+NChb%31mw@e5BA&Me5Ngn$Z!6j1n?!%4dOtmwY5#a|IbG z*`xuhv)`-SB~*V%78mMmAC;spzVbj@OY{umBi>ZXDIOFMQ&BOpdw~f5B$pwiN(=r} z1&CjU0OB`qi?56YdqGLOI1;5);lf`#3#+=uFQ=^jasyPFys>y&#QtFQPqIm581l4` z10?Z}i%q>LpQnNL6?t?itI+yPePZE2ZroX)nE2P zs9#>5s!{^BtMa8>A#B=FKO!G<-v^-%zJefJBB_5=7yk?%WdBlG0!5arpE09R zB7qwTX9v?0)0)SIVjR0oUR>fuo-<_>@17Q=l8_7F2P(DM%G+Th)?Q#;y;LKyV3XGT z4$xo%xra1{G(>V1I`}GDUjFSU?=#%Ws5@@r1%Xh-22dCxBG@*$`sWB_7nT;D5Adu- zAM3pM95>i-q;DQ*MyX}V^RZzh)&@CyPn;OrdMjf(bcd*sX~OV#g~?Af76kx?C~GzQ zE5Br`7$U=_;u2_S6uIO!KcuDjTqJuR#$0d*T(~Lw|Z28R=KIYADTVmL@X;8b&skusWWxMCu zh0a#TwsDk#2pF<#RO-xVcG7p8Hb029KghYG|EzV=#ues~+VqXsObkpBQU`a~>F%eX-@C=kx z2B{zkM&2GQ2_#x6TxRMNH3?)a;{o=4?J5B6?M=ae4c;n_9M>z>E3dNE5D%6FFcVcL z!@=g_R4y0tQ*3`T{k7{9xxL6!TNs2Wdv+Afk#2S2zk4$C%mfibfZ$~J2{A8C2t7(n z4VpOtg{umNKtq>)p5A!o{eUf4OJ zz^+s2zZ-cp7dy&=Ce|~-ssc>UN z-{QHTN=#b71R`W%W9Hmb%X+7laF(8hl2b{0#ChEnzfH~ljkL+EJYKn(JpTFR?S$K^ck#BhvLy@N zRGNP-N5QHrlESDr%Nzm;!#fw6Rbnp=&!2|~tsTZveA8HT=jP{|%m$;fd)mxpryRQO zj_8um*;c;gAGkn3#Q9t0TUk|pBI?%Wnb~tl$8GuZpL_J9j28dpQioy|_y&S8k)i(b(|IxEpFN+W6lN@j9_SZQU~4 z4?F&9h65}jgDl#_WA1rjv5TPrLG^?zW8*iMAoav%zW)1slH;?xGM-*(>q zWi&8DR0!9Sy&gU&GfsGXc4qYLvxk$@IqO>i;A)azNaiD68uXic1Z#m^gBqRs;K1OX&onLoE+4ukii)tLZu*NhGkru#UfrRKO~YIf#L%oJ|>=c zZ3jo0UMEFr&7WQqUr$N`*R&|maIB_Acg6Oh5^_O9B^>9LJV~9l4ah}YvuAEpvgBBq z6n)~=NzY^YLHK>U8h4)@`Klg<%oGWA#y>Rm<@fSP;8rZ;eENyGf8*+V2%&rJX#_4= z2eCv*|vj%~q3e9xfM$J!**u^56w=A|U+Uc0>j7are^dCdIGLD)#8PIL#VpaA zwx*^ zaa-AJCon+ehevWeI?d}M-5xhX>1Q^x#+0pk23+A-4F(Qz)znOC84P$;4)?HdBnFTj zJZ;1b91IP-ye`i2biFY9yL}=oxDNUWF(@T$4F@W}dozQ?3*M~KT8sz3TZK59yFHjh zoq*;hj@G7-X|%)8yot;(>sG|&Us;_K`cH2RALcObVMS1_;Bsaea|A};$ zqYxc0*VAMDrJf!}vZb<|pN$V4t(@pPf#7`Ga}X*62&kxsGGK#we3k_ZqRDt&r zu*jH5ln}}N0>d*FY?}{s?I{d{Pz2y(YS~dGFRw*h@;joaY*ep`!0=o7eP)0JO1fai z!4Ir=3C>f1F^gO^BRE5|Ci6Pm@-W7)%SHi{Kr( za-lNL*>_OaUHo@PeT#Q^?8dG$^QLWvQrWmkRV>H)Detp)sF(U-ur#Y}PGWBkZsFr) z!B7tip4FSjQI!;|38I7_b^vt@6SN#IQM8%cC4J&uxsgQ=UYG9mX@ zoKc$%p>Ff0mDI*EL$JU~zI0LP9XK1Jktk6~7UsM2=Xu&kxC8^Vah1a6L-{6iGtR@S z8&)*nzy^-Smb|8CQz2r;v!BeOo*Z8}=?7CtRv1`aa-c{uG(Rl}7-8fBRr2YwLBNHR zX{vG81&XLI_ zsUbhXV$uyB&Z>9$WEq7Lo_f8ZG_u7kuBxJQxD5O~g?dPj#Lianf|y6VSO`N4po*%{ zr*l9J0OxNB6>ESx@4wslhhA+BybSgu%NQPwxT8}mYfhcbLJv9!SU@8eZ@Sgpd>17} zog=vr;^E=pD(WB+IF}w<&>p9TVwbP6HIaJWON^$awBhAhfUc&3BYWcg`izH2F5tsn z))w+(9VAgc5a;W>sy z*KJLMH2N65c{`yMs11rp!`J(+Ai;bacYk`kz%POtO_xBq@pXdlL*u9iO++>bIWgMV z3Sr=1UMA&y&`J_gqC&J3A#Db=8F{pmo(mwJErHHC%*><08(Y#>`1`*8OOs7Vb+SRx zTsebG0v0@gK$<}1D#t?WD2$YB&@#cq`S--FfHZ4{5Tq9c^Zl*p*0G&ukMmr?`N(T@ zmz>N@!UW{^GT+>>8*TjCY85YW+LwLI{ydqer$=uSZZHvQY+9s-3__O9w6<8j?xCKv z^vc*>WiIaKVKF8BMZ2j+gwJw#w#K4lZ5l}?Jy0j;vsnN$}x8fGo(cC(%Gi>UvZ7Gy4+LSPVB?xEThu04bc2KJTVQQf;q!KlBMuQ`PGVfX zBXbWs8gAgsZu^p`$-g##dAS~j`F`wwpYNtfb5e(_iKt%||Ka<~6d^2sQQwUBl$K2+ zA#RFVBrG)BZ6pk41a)Sttb=8W#rkoZ4M+ar@p16$w3zR(U3T+yftC-Jrump@kr9M{N8eEOf2zZI z>f%`AzK1iHw;Lk+e~O|F3s)#sF57|nhHShUz` zH@TXBeG?WjaDbjHiFjlNuNfh6gm?%YyyPM^B}4X(Rwfk)43$>E!j?z`whSixXE@A| zXd{BA8y_K)4Q%byb}k>SvcI33H{TIjWYUx?$zy>Cn{sgSyB>Puej|J($j<_3Xr z2I+8ve($!||3i}Qhfw0OUXA^$wRXVDgun|L5OBJAO{iNt<|Y{QV(O`aFvz6FK236q z)(IPZ1deh9r2Ww2nurr@rDs0ug0bNx62a1r3X`W=&3H4Wd69&eLFuMM@D3Fk5rB%O z>eaozKBkDz(C&{RB~b^5LiU+`WK^tOy+W(XQwr(c)S_qX4Lmu z9ClDpAedHzOA8+y0*VeERSgbFXxJ&ehufm^O;C_({iv%Rf$z54jzWuvFUv=YFTnUI zs?XBcDu8Afl1$N}d8pk+e}v5H&Hen%uuALc(VigBOkyr;7V}bHn0S| z-L0nR!0ayWv_xW1;qb-WsPO*Z-LL4PVPAC~1pe2W*5k~(_UPovvUA7__Awq!sn{yo z@mPpd=4433A+efjV_twoQd>6c`#?yTD6gb0dO8Tntdd*`V=Wz~=;D&nb$*BHWg3Xk zJsyXpQ9@H2&Ws~6@|K&B6>M8*sX&vHzT2gWEGcVBRw5N1+$T$~4mV{oiF-ea(nv(+K<~D1H=t4^Vi>TCWkk0NV7{#aM1>!u7$yIKR`Y%|S8eFYs}M*fan}9Vlbh=q2ah`BmDsE#X7GIYGEY`X&C|`vE_jiZ z7`choEJkAA0kuihc*d%DpzbzwTBz>q>wV71LELD1M8l@m5 zNe4+(FgQ{*mza73d+Cf{`=#q#sIiStlv&1dK|CWc&2;rP!n|h6*ZaT#l06q&znmGp zRt=t6C~dILhd34Ur!27aL;}Y|?rYNa*szP066rHKozhCSoUV?UB%%*hZ@qd*7(I|} z5hMDekTWXQ@)FcA)3{DEJjPKr$EWlIr5(;kA@eYqGq6VB`l~tLFU(NBsfq6(pIjBA z8Td3H0ERKQ4^W}QR?SDyn_Wx+(S+dOw&1m6&253I#Zl<+tX`^X%l(hy{Ec0#Eq(1< z7CRqWuCYth=qUiKQJhabs(uveF0ECIxk2(C{rPmzy1Zf|ZdrZ|llY*lTp zRtZ>H;5nol6%b7M7kHaP-l!SI%_^j?524Wm6>s9-H^H^uBEK}Uot-E<*|PDa8pGzf zvKK^(g4=O9$NhHXANlCDc6AW`>bHAwfSlEkpgLFg@SGzAlgAINbVV((T$q+{!b#zv;)`>wwHO54pTasO7Q5r52kYLI&h?W%NGlPVm<%xXUlkOfh(gBVkDCP=Dpc??c@X( zplh7*WnvGJxv}|S@tXbhf{eYc+{vbS?IdGCxjDj092}xnkRm`IGBY7`pwY&e2u)GG z#O=eDAJf&Uir}MQNc+z~|8ZyLNE|z<=QdrQ`=#5~Ka&A#p2r^iYwj`_32586Q;Ys? zEZFe_*p=aMUQ&t5S}#Hr(&S(MT#OwJwN7id`1Xu(*xM18o%wrDoiTZ9@aAHwrqYEV zRTz89x^FLvq_*j@Hn80a=pH<_4OS?or}7i8gI3py7|xFd(@~Ab~jz1P82; zep#O`%PxOPRX;(p=Gt36&m_t;=^m!TvBsR?MP@Oz%J8t9(BAwE`(dH(xzeFTo#lY9 zVXv{sjj2c6iyLX8UPhrMPgMZ2OcADfsB>MU66W((D8{xoixQuBT8w!G#SXGH zTpeCXRxi`iS2qO)wR$QYtwV~Y8_6NcFaTgh$JrhoVeU14IazlCfm2^9ZEFz0+eZgt zeqN))NPkkFi;nevyi}4VaEAv%u&~UvEy{!Pb)j)>q*#o+GqmK#_h&6)%yaya-t41p zO9zDfHz&z2JvStdOr_Qjk1O)nig0TG5??TmW8N+>BwF$Xe>Y)r`iY>fmy5JfF<8Tm zbg+wI1+*s=zUphKI(uigAm(d1qIXI2J!QbQOeF$YYx#}Bpva8?I`LmjD+@bb{r?rw+ zLy!j=Hd1=xtqsZYu1_q7v2Z zYZE@>ib&g}L_2~zF)q0&N_un$k{Nq2;xdr{(Jg$#J6L_adDqSScZ^D; z3FanD=cnVS1&kgvNJ-WIx3eMu6Qy9Mn_Qc$KGG=woj zdzu_2upk9}uVQ3%tG^7u*swg`E2!xMf2*O^VjSg!0PI&xENlDSS-`<5Xw);Yn_No; z!i?cqM;oU;TKC269r<5-`>7Wh-of%wu=wq9*DV}uD2Y88A9gs|XxA=GeVV(@%5;o7UE`6^{xZzMerd~9D9h!)m#Y^z%GDijDq@zOV9!wRpP3}2!~S;M0kvB z&M5)y`9ljm#VUmZL8`5h8iV+lY3d*I5#1mADTU-oW2J<7o`DZYE<@b~bc+e9Kf`WX zH0(332gaSZ%+gS2Uxsx2t=G+_aAzjwc}AU7?W5hS`XY!_SeE6A6BHm8Bc5)neUs#t z4yf?0H4cHT{?Y61v;A!;YI2b>s!v8v;NMrDeN*0uk7+ol)r2iEeVJuR;fo|(CgPm) z{!;t&go9NA?&BdQS8v73 zI9=#D=DHw1Z)|0OH&Y?wwwB4;h4&ywqfUK>W6C zH%uhm`}gm=jL$vN7Nc3lp(RT&z@b5ElgRQ@rQaPo@ZH)^(daYTasz1==011bzo*i$ z>F!1rr!F1NM7M@ZHiG?-(P|J%2n;lY14EpFiZTS|odlBf%%BY%UG{a%;C3Wbn36H~ zxm1B%$kD;Wvb~UMR~1(}tuOVPE|1|7j|g$>?Xa1CtK(+B!o?o%`<;}t_&%;Q+h)7#hw88l zmorAu%`5ljg5B$BtMs0p0JH`Q5Ltg-9F!Lik&vkYgOxP0W{Kf9}m$0 zqVcYeg9LAM&)&_oTZV&^iTU_8(rdA9+u8Z)-V_pu%6hs#JaRhA`291HljtNYHUM2D zpY58)eA9lEDwdHyJK#)9>LiMOH3q`7Yj`a-GWn6!ZG6?+lv#lru&6L;J8jkK04KPL z%V)4u_|qngiL$h`zB1Rj3Cid?RWz!>gI!TwDe89SvZJpLV&GpN6AY^Dun#&rrBc!rvhCCMcFYRyKM#eDLU}3Nl+3RJV^=-h zu_YLti#29+#a{ND{NGY$l~&Cda>baL`_iElaqbx>GTY`9zr9!w=Y~5mpyAlA?Y-jRA5EOg znVzBBF0FS}ZuH%Gi*-24_%Qr6dJ8}J{9(!C@ci2Qyi#`hNpJLaOoz|#t{4=U^$wx{ zDhL5lsoLoWB*=w;VVL9usfIUtp#D65W25v6t4_wT1!JBfm}g_PCSe23!7#81s*^=i zSz@0jtw~<5hlEC*I}3V@U=wJNqbn~0H9IIcog$&BlXvUfTR&S95R(YD5dlD`^Dz^{ zk(}E)=J!>3>VgfX@`R_Q=}=1=o`kK}&~n;}gm~NtOh>8hs*o499Ke`vx$iNQRI%W{ z-p#NXD-0IV|B}TLGU6O$GHrr|SZ}%FR*zT6`E?#=0I^NN<@?_<*KxkxY<+n{=cxfB z(oa?mP)E&iDaTOiOdc0LU;8h-V^@^jw=X`PxPedQtiyQNLJx<c$K2DYVS{U5{Kzh%nAvKptCfz~ z{J!XhP#1e-3pcb>6zo$>ch9XaY8r2fBWE5vCvFSlFzRLag$%Ipqi6iJE854TEIk@U zMjGxGhYy-*;kMI~f@?}bZ$K2aSXZ~wg**!C-JHhGmEZ9FetO*~15C4j9OoPLUHP`|-ninO3dkSsq1AZ1;4@vCA zFL8%a2*D;+BIkOg5VJ`*VZB8mZd3w3+xGFySVHT%mDWPqyI=@2P3!Iap*gP?|ZkU z*Pb2rsxZ4vCTid_S+xA}@81u0ZDn~WvjZdAxcR5@er>L~v>tRux&3!e`1G*wk6+p7$F-TMXLgSY0DAUBcz-NoMBi;J2` zG&Gg0>8$kBDiAlc(mG@XmbEgS59PX31s4Zg!Dm6fdgCy70D)b zIq6hcx$^QB1x7r|oQx<}n?B$aHWhiu2rz46L^AlB- zyFaQn)BM)qGfwSKIM%L=!%=+Y7XN77k_#np3bcyK6Cq`13F zvEo|X-KDs@I}~?!D{jTzDemrCytoezXTRU!SD0(|OeV6DwX$+QLXOB}!Rxpp6B~+! z1w!J1xDd^_tZ)$x!+9$j?R6USjaBnzJvQ@IQa0RTZFZRRr3#ZI*gqvj?J&qBiUxkT zl+7%M)C+|s9FCz}uzpfaSHnWOqX16 z;V?8mJ`h-A*9abi1FN!(45iv+&a1aX6w<4~6dbYA!VH$#0R(=|mwQ>wHVPEGA1{B& zU(Wnx^P4 z=ilJ;u1-TK(4v1_F)kZp=N-HA;O&!&oec^Pj#T?u<~Ye7M2WTUpkyYJeDJMrTTb)q z_?TlNv4b5Wlbj?Ke}svKcLNM3eh30Qms%9<{-Yz)S~>~^UD!RLiwjqGd5h*7xP9n4 ze=L+b*B29>|86C!(kcs)@k5}5PF;zg2LtKv7WZ}YgjLE5+I(NP84v4_T8_@2_yTQa zjtT_axFucwDW{Z3&rcd0RmSF*p5~KK$~MnW3zW?E+Rc+SkNow^_;*mks&z+u|H#b+ zH@#NUYhDjLG!Xq+f>E7jAm;Nto(D54tnQv@iVv7x5WfacDuu%Hlziq)R+hO?_UK*ecA&$$GWaf7UDV<$Y#M4CcWcH>h^Ozg4^KLl*fN zmf>obDUMt7^9Cw9@OVSAE(wf^QXeTQVxfn4v8CPwZ z&1kd*lTJ4?hC_Lvj_kpoPjjj`P8rcU<4~DfjYry#ym!7M;Hng=dF-b1+rZwHUk&J- zJfcYuhQ*F~*uNKXl(3{qTGkceDU@9orOH}e7ZE9(To+-<03|F1ON48CX$6WVQDvE; zJ5lK<%6Y=gE=ERU%t4hEEYD(pYyVzshDPCD{FCjCkGtX;jK{Z-%it98J?EKSInN&Z zcJFHAm-qocFrD zvDu`|K8=CCE>k#8q1og|Ba<^Ux%dfLZ=?&qy(mkz78u4DQlTg_BzHv`nhC~`8Z>f* zcO8@y?yap!n@>qY1Xk0|U#+jZq6bmJ8L1|3G!=~;yud~VxYTfUR#3uBis`O=Y;aJ< zRT0tT6b<@~N-C?NY;NB0WAw?&`^!${jHH&IYpO$yODnTFJk9yI!m$fUaqKJRa`l%U zO4HukTas2RM8{dC*h`9=TnIQyEcx&hOmTE7f72dLsLyC~YB2mvSD$~I-A|u2j(imR z*4?BPv;bbgiq*}JG(ZUEGX#Z~Clsa5w2C7jd(tJ^Q+24{FHM)Z@k~tQ)p%W2IMzPp z27T^+yinPCl~=b7aNO3ydzunL-5olv-0HB>9c7G3>MQ9unrd~j+<$NDey|zyy3bn#|<3C!TG+d${brseE{Un|Gh`+f63Z*mjy^ zX43T76Xf(QMZ&=mFYcLk@wmE``|3{MgK%)5@qrBT_dXkqn&#E+vYb#FZ$=@%_cqL{1IE}foIsF+2+a7-Ck0wIxUpOvn_#qS=?8^)D58XgZl0}7(MP`W-Ch-UZi z6y?;1n+}bdSv-mdyk~P6+dhx4_5wcdhG|occt@KKF3JjbHql4}wOs#rHHa5*x}9h{ zuX3)0qd1!w1^R}ByIf57(A@1|HNBcf74_aAdl9!0roEvBIz2-lRTO27g6Pw*cot>i z1e~s!tMSsDm0!AtJk#`T^#WQck_OwKVFH>5C000_zj^HN?gU|NI~PA%Uhvy~yO3$z zc+1(8{;B7+rPYhZ^?sf}{SF@avio9sl&9xY<3OXRh88=p+degBo-LBENQ1%p&JIiK zBx>gS>FgiP;5SrJ+(;k6shN?M!zD=mK|xUp4-hu%H!&Ht8=c;yg(W^H~ zr`>Rrx2%qN?v=Gc5uS6GNO+lhk1u7(HkE`l<46C*nmcTC)Sv)_%Tz(#qd*cBjnkh` z$k*MikBMgr+ny&uIvTDM*)7wY#5^b-@gXF4Ws zqV<)hpY_q<{yooiWBt=rA37*tsnXBObMFiDhVSkusP--bj`^{C33A4%X34SUj|F4* zPFDx{v{2}p*A6cmQKv(S+agy$T6MO!!up1_wypWg)gkWKBnXryh{3&T)hPd*gS(yg z9^8B<`p1{B(PPnDBggqkY!_1B%jF(P^UY>mZMo6T4=lX$;plOE#5wIzvNxHOV|Uu0 zCHO2RvG3<`JT~O)*L|1ya)l6$R z4WCq84cY3r0$zs}MU?-?$M4G+IXRHSHovohd;T)!etdAb~TQBQ|pr~YogZTFU&-_M2{1h<`d z%$HW~^h-pOL+Sbm2vs)3QTWUp!GhDNH}8(ET3<`PAcqahVf*`!@&wSbl~z5wuw}nK zeIeF=oF6BCKUT@A;oi&h4?+A``t;R#ZToO?^P{17xsiv<*p6$p)vxs$Fnrhodi;A+ zaPkwio*mvZAg9;?JR#F_wQbcjALc>!9Hq8!acj%T-}+24?4>Y{AhbVRMoLebC!aza zg#558CmH@pthcgFNtVm0Ex#R44Y!3t zXXj!vJh65g9}my1eI_JJ~Enx|pQ>bXTepOW?jzEKYme z^6`uY()5Sy9V->QAL;&~_N&)WHb-AXzT0j#Mq^|C8-ks#@8}-mPZAzDqDTwpeA{cZ zBc5}or|*YM^L5A%HUK)Z0;suX;`UYrFS!K;HZ7t=!dD-S=KD(BstH zi2Ju~XGP=3e#G3F3jxO(T$TvYn`sn&B+!KHyziAgik{nSNT71mv#Oe^mkDKx{Agrp zc-Hd%7sEV8BLn+K(<(89k|RkdqT*@iX?}DpO_XI@&CL=*&7(sPQ(QuL}FvnYHhE{nuj9 zeSanR+uK;BUXalbnHF<#um8Kxtd4vS!Ta+q?>o;e70b23!_F|9nLK2GoC1F*ox$ZL z8zE8WqLU0pwjj7`H|{Umx1oY8&q;@)Xe@7aMVN%VU9-DvK5QHJUDgc3XQ66O6q zKap2GG-y$6N0iS{d@=RCNR6?|D#Wiz*_2R#AOLDjFk@G%|BW*M{=cTmBm(8R*`(Gi33l`}RS76rnms4F8P-gWkbuKMut(yGd2f=edOQ-Fo7@ zC+mU6`Zl_XK(N_~&-(V&ZmaNv;}BeG?^RfARWNm5XwPj@W@W#Di`^F#H^H_2l~um; z>FDY$s9$<-kXW9x!Zerf!)Scf?`E^|A~+<;cI#1Bpo--;`;^C(2%Pu7{SJ-Iwr2us zsQ%xU+;2{rFhAd|xZiFT{a#HN%9RG0X%wkl_?p@;u+E@5FTE;c^T>w29rc)#q<2yS?4z-h|jG1n~W|hI@Nr>;m=G>Sdm7DFn;r_u2k8WroFI-5cInl5hJo;Q<0mCuat4?TiNAoCp8K(-uJ zdCaY@G7mIb7yNWuafW}8e*?s&+@S54Rs!2-RC2!d! zgKx7TZ^Q{bZV}C8mtEO=Sd_$bS=OfKICJ$S4FIn=W1KtAF`BLq(eCeWEA#YUFwvY#)Kq zmncf7zNma$5MId8b^by;-ReAdk^4REfMz5KxMI}>Ub@j_K>JK@W?{jS;eQxHlDfgL zM*-7$HSmW+K#@{->>|p^jn=Eo2$6P8dU}1KX_N>9Ch@lz;rL_u3|@O`7DdM$P8~jp zn;t{`$BhMwbqKxu8E34x7vHoENPSVvh+CAk=Ped-bA(=RQ7iBzdZ4Z>4em*0OU;2S-@@5ft~@RbC!32T|0DqG_Cl zTNnbf=#F+^K$W7A*p4rm+1>QF`dpz>lf^89N{og<0%h#ivOK4Cvw1X{w+j~DewJ;H z=+`Bh#thYs8+TGX7s5KOgx|%^v(czu7Srn|*%=g<1(|~gCl3Y*9vsT6cG5(eZ7)m^ z(6}$pFYO3<4}U>D;Lp&Wn5*X94~*Jr_?Mf^4b*+1ZnW8Kw%u59)Z(7(=kbWDG16>q zQmhYh7}HBYwlK?a-K zlp~p?gZc;QTKV8eNE--Pum^*k6>?np)kSf&aS=_Gb=39Wg^VLjBbHR3=|%M8$RGkL z>MR(#8U#nX_vr^xKl#*^h+cd6vl4v_`M*hg{p*ZbOg}hydY$cfQ|JEnKJ91ltGipj zU@l;OV=Q|$tvA|GtI$2Yw5o01+(-vPGxz}S3=4|Q4V~5RjDc7xAEPgy!9%U=YZ?jt zS7ZJaEhhSz`Cf#EXCz2G`b(!NWY$QXwQblq+`Dh;A)IeV(DiMM#&VA~-(bcI+X%|4 zAf$|K%Xk z#MTal-f-<|Bg+Ku=tmp{6>ex1Dw@Wec5;-aj#yD!cb~$GyAOCYJr!Yb$MIc=BqO{f zdi!WwChz!iZDob0qpjOXLgP**mhy*=9D_BXa<$mYOTp+rly3K@ov?{rrqX}Xt4&}s9E$9~^(%9cbhilI~u;#X0Kv(+bN zQJ^x5+8)q+hg%z)ML>bkVGYzt^$rTin3q3Ohd!bj4#6GoPmQFKjx+xWGouYlW!$P+ zE6!SGnV{=-$zz5kv%f(yb90=u`>Jm@JLEKEWNbU4@Uq8mOP%8@~7vwq4^c}S8!6X7tijMoa#}v&_7w&U5TZwgMu6*g7r5^u}p@ABGc6%3R za%ZK1lt6fibbjAF$7SEWx>6wRrr{oq|_L9eQgck^j}F7m`4P}#t) zD5q|8H-DMBm{Mhh5K6c`ej)BW+`}w<;C3@7UTk=y9Ep2cCs)yF`OWwD#D8S#*Kg=> z3aA@ryXQFT(thuU&E~%u4aELlC2Cf7dorAP-Vbfy)R8a+!k0qKM5p~OfByGg5+R%Z z^CNK1%k-Pu`%bKN?!9C#h;;blJmH%6F5J{;ZD zb}%kU>hfjI`oO1GK%jrk_>F)PHku0lG8QWE4CbGM0)ZqfxR~=Ar~J)#AnVFsO(+5 z@XcX)P%Dr=Ye64`*W#$Vp=mfxQio#Z~oy)HClU{Yj-hmk>| zD(b>cLP8xp0_`&vUtYB)?eB6l#Ii>lFUwOE&o5Cb9q*5~g5o`XpB-{9)K!F;Q{cs* z_q7#xa>XS@E5Nia)vBG}0C-elnB`v{N%x1?JYDzI=<=j^RC=fcN6AyB&{kFo!i*&r zRCw7OKD)JKb!TLac*=^l`6T9ci_8+5F*|Nod;k68(!7`R%^t9fSb0^V5Wq9I*l0DL z__xa2Tzz?Ye0H&7B!R{fx7uymFIAfN@jPcFt&2Psgp%V6UhR3B%n`^ufXjy}Zsv%PGcl1I`c> zr655fCWH7lAt%1me$C(3IzN!{jFCVA>B8~464e=KOCa4Zm>2CtTI&CFM{su~#pra{ zEyTF^UYk@l<6ayE4VF-hZ8&pt#+Qgd}{Memtr!jsTx&=6avqg1t%atWohV;sM*e&WcT zUQbOz`)=bJ=kZ+RE0Ul=1SJCFgi4~*UI>Th=$d`Y*6)g{^%NdR9!z)B4>QGK^heus zMp>Kd$oDNll$CK@8Sq{neS=YJ3P3{I^QcNHP4AK}<_ZSAmsJ%=^JuZ!ZvQdvWM`j< zuoZ<#?WHPrdC$%i)H&sglIBr0GBnEnHVO$H zPci!Oe9}W6mfMZu(|!g~BE?E66fly3jFGpGAXz^=11@7@tSXlGyc*483%M4NpweYFolNCQ7pkx}mgma&huxzou+ zzed-`+Tnd=DWL-r=pThHPvoTWHUWV~zf)R0N>)RG!u=j6lmz!dK$YKaOP3*qb~ig}+Fn_hMydI)CJeto zQ0cqwX%OqV>=nnwcwTf8chx;gfKcD=u&LjKm0#->2NET2Xkw38zu-$?$VzKcWZzC* z5J?rt#kkf}q%{73C*6ruB>8)Je7Zfmx~ZtKmq}IKdUH@OxnkEWN$^QUS(?}rICrz} zT9h6$mn%)yC3T!@U9+;cxsUX3kxf@$=Tcu@s3y!>aA_t5$-RSuets#% zL|^WDZRvSG{vh()q-b(DZN5kOxMW5o6j5uM%HiKptgRE$SfS)Jw5_>K;S?IP$N$9!q2Qydp(cUa%00PqsI$)af zJo{_&VQt%yo$kZz35vb~HIM`MGk;7|nfEGue%)<=(`NNpwpdB)T1~P(O*um{G8&1S zT(v+o6+>`Y4J2eT@x{ao4@5D@JgPtXB_2bNQ`@JWnub}wFOhN+l^^682R zU$cTtj&)iq>)FjhCH*aaVciPu@RSp;`GY_RzwlX;N%Tq2U=%dhSSTa^IuF_2uxu{3 zqxwt@i3nf0+rz-NZX0>k3Cul1iU}ns(m=Hxy%b~ILuvolW6bGwC|gQXICSuem93O2 zK+g!L8P!)Jo+ukWK!_yMPL>WH3s$^M2dXIwQEm7gjrn7OuhqDzVNcmeaIj!==w|?hp)(~Y8_>pG(qGTR{yKYIwwvvXzQ4UoTH}UN_$BHqK0f((&{~3|+p78+y2>SWtR}T7qrGYjv>FLz6K%As0IlA& z%cR>TPqGxe`3=Pzi#(s#>m^2=@0gh3kE`Z+a@kyU;gZ^4ZfY9ZeX@lHQy zv|WZ-FV#FgHUOKn?l2Rei2)QQJZ#V~vA>Us$`?>$OAE7JyUSoCCNeT|wH_-4KN~d4 z=o7a7)linbQaSsqdQoI$Kz{vcMMa5n zxh4aEzjb{>Zt>t(Rx6%9ITIprUkwl?JGk|dUL#v?w!MW5s%JQD-&*6TE-o(KX9Iik z`zpba>|`JP8Yz*>0tt0)0l2iYl{#P;B7}$>IP2QVU~P5C`s6s@7d%z<&lCdxS7&qZ zg{=|pdOUT!R=kb`#`5JR$UIS`G$Yz z=|qLnK1KI4kc=%-LEznF9c&vYB&m+E@AKN~Xgm~68|HXNC(XB`$XVRd(o$bPXBV}9 z@$WuVBp+B4*VfjY>>BJ>^&a{bqp*PMW$X2(YW;KWzUQ`ba>Ez$Rf4Z+Ju;WH3h3o` zh&A0wvXv@S(K&41+G<=FF_gKlN7iq%kAJEAVPq2lG_xX&Nq%@dFe?;k78V!p#fas- ztEKwT+yb|GTPzAsNpK51`0EQKF-e)z1<>;h91EKHC>1Gi5;0LAghT{%di)ko7G;-X z)V`xt(9y^7JX=unU7h`NDoezT8iZc|A@z<_*WTXV)zzg-VriepHm=xL<$Q>gMrCK8 zqt;}dI}dM>(e0M*Y@@~<(;>U%by?`a+BO}WsuIhs+UV1I*s%3JB9yW+(=>tY!*z~M zgS+9Z<#T!Yas4pNohsQb4*KM9xO$}Tde1rDNnypR~@Q(TUjYpN(S6_rA;X^{u4^m*0-b zB~OSApX~&@uXTVtWJEpj?fMR)0Q$og<}re$4U^eEQ!W3j4h*jP{`38BQ|@a{-KG$F z{5`H|=#2Pl&5lEHTps?{M?KqmZ9WH?XgnGKoEdz+&dbAdCN2dS5C$xK4y%P+&g^c6 zn_a}|xU8?Mr?)B4i7s?aF2~~sP!TZHQwR}EI7ng?5z^?_o~*(761YMpjK&kE_oMYj zPjv94$;$DVFR${;3#9tyPw6|ahtp46i|2^gj5eJ2{!f?9Y+|L`_l3Tu)9Lkk7?I)l-#?Fo6b;ai zzF-9J6^Cc^(YB-97MmyUM2duhZwQcdMANTN=E%>YPO&g2Mx*fo!OGHQWac-grnH0`oNhy zrBDKIO}1o!?56v6leOS^oVckLl@Ql%@X}If=<{zw)gJ_aKXaxCO^fkKj4a{#`I$^( zYkeL66LKx2<7wS(7LmnePzAU-yJhJj$U>)W;&E$vYssV)$tee;Iqz3Zm+cfo$K2$a z=BwfMR<~B{%|D$Eq(j}=Oy@Bq--||>K=PwadHKRtlVR~;;|s_PF1x!I;;N_RtjiqV zHC^uxfcn6IA{3KC4Xk<&z$`dftP~U3EmJC_l1;w?NJz!X<>tAbW?P+}gLNip$faGF zvalf(9Yd?1Q{x5(6AdBJjpCKuNJg>Z$V%0!9H76hx^Md~`8``wpeLE)f|h^l6;_=5 zn=O>d<*%|LE$vs=(6C>rB_;T*BQ6ztogiOoT&F4Zsc%0nwb$p5c8%WB7EjM7&@bOr zVEk&`_JF|x0dy8RPM7t-gs-f}Y_)~5hP8Y*X~4dTh4mdL(wyV*S5n(Xm(Z}fFkP9p z;O=f{lCRT?+?JQ$t5d9XoCJS^2ewhuDk)!)1L2x!2QDZAVm{b6AZ{a+i__bTUYNe z8ut?=MPF~!w{~TC`LoUR`F#Dn7D04m4d^I>A9=pur@MLA1Pj?jiordd1~*2?SR($C zM^EDjQR9Z7?tB1Yf8f6tJjP?NKb!eYYEHUbP?6J&2T{UNhX zqs0z-R8(0eoBvdwH#QSgI-9?rip~WR;V-Kx%-c)!Fw4xID{r~xyql(KTjRZCTba~@ zY1YacCUSGCb*uBa?tvfsw{CR?Mdu^`8}EB8?ty^UXFkpQK3l4<`|>o@lxIH?Eflv) zKj!@T=NcUa2M5RP;UxV}$__s+-}17m;+jrA%e*%qKYu9_DaxdpuJ;=Haj3*sE!Ovw9VgGF);o)2GdnI~7>Pr=~XNn~Y& z!I(V1b|$ z=`0ufKTwiciRJt$n$LpbmRf9&;|73pcwk%T(fh8#h~neuc~|@Z$UB+I@9|#xd%Q=$ zA^%hM_VR*GC2$%cZ7`d3%G(T}_@H$;TiMdw>Qj&7znO_d(V&w)_6({hK}qL0?L=gv zJF0b#<16Y@uiq=lvU9qX6vwh5SQW{eUMG%F(@@9Q_8m(eJzer$B94J1t*Y9K63ls* z{GHFLXcFYW#ZdoweSQ6044+yy{V$g7E2NAmm&;9E7>XC@D6U=D0>Lm1=ycP=iHwUc zxX&s=G#VOt{(nNS^*xj_sCUCV&%#c18TO?D=BK&iQ!`=AQrtYy*;T z*$h_C+f>HnnO$cEJ@ac1pS1<_TNPQIxc+i)<`i#55Vze@!pVZPN05D1whU_9U5N${h`I;Batn5ISRYk*M+>v;t|zY33=80+G? zS(a4-S?fToLGkk(c0^!q?$+90a49{Y7;sw4h%e)mb6zdRs;ieBxDUxMjZjrteQ~xm z%1x|$;b`w~vR7iu-{o5=VC&qmnPP~Yx11#CMN8`McgWb{>~^HG!e-Myhp5xW+G%D< zdi~s4D8bR>?p8dfttY2OyX`IRlH>YtcPyL7Z*0JMIF^!t-_B5DG4u!SOhIqUs6`-T zGnPDf<#1GeR^0p809!t^IBon=T>7}IWT^XnWQmY4Wk<1!GKiNjI%28nDVDGqLPqRY`&wV~E@5x5UDAv^zO6OHz1{3e4|;rkPs{ax9#Hu+i2mOf#-UHO zrJM-;*>4M{wSzmCR#J)J)b~EvxMjY3h617{RI=F{8+_7SnGx4f)!FKr`T8$E{K1tO!obOM8FM#)C_ouC* zf}fv1KQc1qvWuKI4M?OrImxQOe?IG@$6ved>ZqAp&(7+n{BM}IJB&}rv%h1ozbGOTm+W#`JWRMzfOnVQlx$ zI;C4al?br5D6g;m_%(tx8}t@WW2^J;uV-`hfQ-PA6ENVqe`$&k`a7F0<5DI!U#?8K z5Q1=w0V=1anwqPc8V8wtM*SrO9I>*M>3otxPcL-Pq=FzqTHcJ&$9=_CHA3!lTjl=u2Fn@B24^KKR_%IQSkR*c`aPy25^ z9I#4c-%9G@wri3)QYvMTH_NBD?!Fx~m=S+3y$Y}f7AAT z%dDP?EuS~TXpqtFcKVk6aHH(ubWiy3IxSS~dONS+$9LP#kiKeu!u|q#y3{){uM@iW z|4oi415c{8kZK(pt;meMEqnC!wD&traizesgZYCzv`|3%^APRJ+1|AWC_p(=mO@pH z|L1Os`|<5W0tmf_(ql%TYeA|DAo8OMjnb?tT{3fdKuzU$4<| z{^Kcu(*OVMm+aRtol@?Le*U~3R+%;)X0nRUb-dtt?DCw`vd!)Wm)`wxHa1pKadJ{; ztTSizoIF1r-xY`sm+3tpGtbmvCv3fi0&Et?@anYfGM{t95$wGGwzB0yLkY&d=PB3+ zpT=5W$=hA&w>`)DzfF&t=8Xd;=ZW=%M}+omKJUHJVMpXNZ0wE6^0VFgsoinN@JC~m zx8gE@1yECyD^{-4{9RdjdeL#I-|68fAraQJD)@1~bbO?%{HjQlVe@P=={)_q7tbB0 zkj+P#BJ101C#T@VY%=ZpH5Twg0GgK2rGRBJ1%z`61FJ$%*c4x0a2Q_E0zGHogQHX%SM z=Q~Ce5dmsJ84|)hq1)ZH1fe%%F$kVO_^9lpj14&91jZ%*XP_U|PqM5N&R9@jNve$T zbXOeyJ3zo=7_E9g9s8>7^B1Y_@HLZUicLkTE!ZY(ZRjyp}^VfDd?II*M`DVN(6 zLZK-&L)8aDjG%G>4KOU{7=p`)gw3L09T|4y-rg1~iO!{Mga(IrNl`@aXX z;ZZ#Vip&xqmZ_#Tf6Q*okRu<(oLPOEnJQm88}rX~Fl94}6xL6Z3Lc$g2`QtsWb_xt zueT1QABuWQ_SyIhf_Mw+T3(9Fjgg915tJVuR|%AbnRtMUh{}Q(K z;{T`u+^%jbS6Xh&=74~suG6%^eklCaz%D0KIv*hlgf0KI6UB%d1IN>{^Qv<5N!MJE z&SC$d$-kwf!O%emppvA+P*+>BN|KDaHm{TaY|C9@SM!KE7y1b=Hi0B3_i%Sd;Pe+_ zGA5>;!QI`x=jvweLGU$wZbBfs4&XotIuG5k6lU2!zqg3TSY2FPEG^vCa<#X2bhvkk zkp+mVEt;^dZg1CA9Ov-5gYUqsL+l(?$6gFr2fy0-rvRFLhp7nC#IIcg2a^7I1dht3{xAWAUQ*aOb(#< z3ys7E)158E3UB`6*Kp)PYRkc--6#pG)0tFJK~Pk&uy(mw>!38qHp*iT-C@lo@XLv=06NTXWbqtY#!+7(#`^MwEP(j*0zuWHJ5z)(F*A(-StKSYU zxD6q!)N7QwQed1UOl}ju;k2{OM0g19m+S5dCcR*|TWMO)o8cBL1!6(uUef9ukK;rn zCb6jd$tB}U8P2LI`hIB81is`$Z%xV{qcf*GpJXh~An}^wtKEmt894tDvS3&LK-JV}?);ddo9RN9YvL(F z1uk@p1G_>k8dl%uJInc!|Khq0=F{)~AD15oKcwu$XwaI9Ew#xKxBwP6r;UyC;wBSn z+OiX=TNzCsOPHY$TRMjX)E7u@rul3^#7w?JD(Mskm`KcnJ%o~n24M}{Q53jh%-~0) z8s-wNI3qh58wYzrh=BXNX5YPvn(gPLbxeSljW!bvCC=$40~-Bri~Ig`q>#Z{3>;=$ zKD_vJFY9}sryIxCO^Y}wZjX@XC-PY>lr84{h9PUSFQ@m0ANYAnLR-*{#)xSndbM5$ zZL9Q>y#IAAq?SU4I~`B$)5!k>;!52B9_O#Tln@26b98I_-NGf@>8>9TFuC)Pb$`^O zNQxS|UgG=BNm-N+!VQ16ZJ~X~F-GCL3h4J3Z#H#CM=x&@`~DrOU_IqO~kPOIQc<+xL#?5kI!UAi8xdnXLvL`iN&LB zBJB^K<3Le0HKnJ~ijN}8%*|~(Vo6}fJXL_6W&xn@`Sls#h5MOEQ!ODu@RA6w**EKQ zNd#=g;SupHF!cb!(Xm-3lA7(vcBFs?f)`M@+kNDw=_{1S*6>?Cc#jyUmC!9T5$Z=d zkDy|==4;yo)+q1kbsJ_o6I>keeDeJ#DyeSsj>kmqRM)xf|Nc-w<>$1g#`e?8tl#T! zPy@x#R9-g_vF@@GL&&}sSyU60IrE@MVb|+GLj1fls%8TqbE{dlu0{WbN|mM-!WJWaqzmvpj9&a87Kk;8f+O@ zi%gONnOzh@NrFCqJz$H_bt(6)E*M7&HN0e+9{_EIqAA@hVKLeeeQofopgdp@)Q0{F z8%epqya}MSc8dVG7Mwyopjg*_zH|!u3&_=V?3D15j735e(nBQ!A!NC%Z|56r^IPc# zjdj4vI#(nG9Dj^*$^o1QUkspO(i{-s2P$-o(y7AB1{W{&UmD0>>WkDR-^^efG6nxR zzJ+F8(75#m+iiCRSpL*1Gd-a*m!Tj1&2~d!j0Qc@h=KIsT4z#Q4@_xp=fj1Cg_S&G zx|Cgl0WUH#s@57HR`fg#9lzqquuS&fuTvFu6z}8ulF$u12{Y3}X|-U%{)x*h#gY9z zI9dgoMJC@IZ8P}4yFu1nUSQp(m5uqaSkZ>(@H#)$Zarn8`v&;>@Z4?X_L0IQKnzcs z*7f)|*&MJ1QG`ar-6P<3lBG}vEG7567HdkhXaV4^gJZ$j++jF$|M|aTTh#RwGOQ_> zQp>KNH~P>;0#FkpZmGE=qAfn?c}M8hss8HHzz;9VG%RrN7)u#`{}f6O(Y@l<9D^ZN zf}TL3v7FNAIN7K^#eGy!aoj$|Wy~W(rIKxWGJ3>3ARpry>07cx)&dOMRb|}jleoKB zqV+SBM|jF;w%bkEsRmZYucrooH`LKrZlX0yB9hE#6HSf$oYiGRZrJKSb6vThzA$18 z6G)c}{xlT}{q7Nm(C`pt z94w=}m++VnuVk3tgS+;5!aSJKSyF{5;i2PO=d*0M&F^ph&jd}@q5*TMHO?|DYEJbM#9PP#35lhy~Ty&Bm!62geKWBH02?p zdNMW>e*R5j-^P;#6$Q-kmR44V_@wWuWAe-owOtK;u?HYY%p!DhkSL^($iJCI)2H>b z`Y*_KS^OtPkv0wV%&_q)B+wbre|KbeGT{Qk*Bq)rpkB`A&KHkXaFUv}YxTMs9n7ax z35xIhIFFF4{}TFr-!9)!xTlnsA=xPTLo5W6VH@*Smi63-AdCeyi%Uk9#ZCgog_kp+4TlrWS% zQX#&-M<5Lg!#ckHd1Id&-ahq0fpC#iNgCann#v_SUthM@eb}kcESjEnA)coY9%+Yk zxEP)e>gZL#U4C-=wI-H;h7Pgg6sX}TIS7RcpGHANJIS~wpW%KYFb|FrBddFVcOjc? zc4M4(ox-72SdI^*p<-QOe29;ExI)}YSr(#<7^^?K1>&!<+va1}*tsp&NeWwj&re&E zS&*`~EL3gxjJmjgG1ibj6Co5*WUbY&c6>i`fG!v(+C|Lu-Dzt;Nnflp9Us2zIy#)_ zU?tg!b{x8M;o00KwzY>7p|iGP>ICyz3uw08?F=`Wbp9+yZw(s5#FlX@B~5HH12jN! z*(0H?ta@C}{bMbyG&`J3x2JN#FZO3s@+$%!r*hWSs|hw29A+PS%%%eduYH0 zQdT47asT)H5T0<71h$G5M}!4`?;s^gELYyZd9IYmj*1zWhe~N%dkWV}!yY93L@#J9Zi>cIl@KQZT5A%UM?ygW z-J>?9grH7t14_}U#>o{97ANR=Zcd6sC(3}2;tNI(^ox(4XaePw?r*FFNBWzi*(5n` z;Plw{>#Xp^*Q#<7+i>wYm8NEhC;{VB+j3A_ho;-V)1;2*Lj~Tt@CYBxj)%4 z?-QSLYN2%Md#SFoFaKo$<>xf;XJ(l!O}Dx$Wx40arf+d=a@n;G)?Z7VCvJ#PiQGU} z?zDsTb!<&)2`tAr3~1B9{7_<6B;_~n5|PP%WIj|eNhAKeeI(4|_sPu1VQGfXPkVo0 zeYKGH{-j9Rd^&n?|JH=L#95hf+~p0_wZq0COe{9X$dGax8Wtkxn8xKq~04 za)k(Y%_;Z3jyY|O<(Lb1f*ge?i7~hFUO(5FW;WXi%H&p=VBZa^%WN@y* zO;g^-AdnT9C}M48t(17dkEt#t@1~2z6q4FFiR9dz1%f019U|#uN~oZzt80N%;!g1c zylp4letgc43=0Y%LBTfs5Ge&FJ5N=_cdd1t?V|Lja4%Q?Gg3(l4Hm+;nt`))yX`U&cD-<^CsnHQEp;d2;khUCGV{`P$V5Xr)z>S<&F?l zMUg00A)gSDBcmm}6?=nr5`PbO#E%l;JO;_DBSwUN{fwjq>pgMY54mN!>;;?QJ4$C^ zXg_JFs>^l08%xXe*wfeZI(_c>dKAF-Yb^jK;PaX2vZQitCxsmPUZ=UDQF46OozivP zUK^#dbpoHP0Py~Q_i5W> z+(mQCR_Zcq6uPtNfkH`rSBd;q_q`T|mT%Naw1q>bct>Eu_ z0dC{y`vG|_G7ZJs$)Y%|EKgLjgJ*SB_25&`J8G%f<9knDK(8$CEY`hu7g3)4OBCxC zXU@z%OeTJ28NS!a5JhgQ-CW^_p8w|*hW^J0!B_A7vXi4J<`52S&f7l0hW62x(}Z)& zX5r92nOm}{K4CFg5%ZnUjF@JN9WXv|{SEIL>afdshX$7M0ldjmYjT62%EEm};DVYJ z74YxDeZ*O(DNCD4MBN&c+3=yRb^36jj|!X%R|ut5)_C;Tf~m!EsSE;7$;v9SQDjL8 z9v_QQ^lv7IQs9WVE5Cl@iNSDPcHRs9yCJx06;35JOjspJ{JxzP1~^RhhXNe-*39Fq zEMNEW+{58WrNH#;LwD>otdgl4KC%ctEgqo=R903fR8`F0q(}Ul=+dnS_}Vn$M2aGX$C7~l*Pw*=6ZN(U zEMOC80g?<@Qu(cdJl*xlmso1Vt3@dzU&y+9&-d5k_Iuk^T}o9nvwi2h1{&N%3S@Vv zEYI&n-XHeO$FGj#7t%bb`mEQmE(MZ~k>g7?%?{-&r|NY9j6vKZQ z6_Bm(IO6Oo(y*~9AjAhbMLDl>F3}(+C zJ$b`V9z9%!O{7B8^n6rwpS^jxjU#D)`|yjVA}N~76sjbc#?ii`ih79fHe9Hp#?k)% z@Jm3xj?F?!3>aB38u%G8pLz!DH}MTVKCAre`=gW z8x%_(z5p_}vDW2P)ird_$@mNkFaV#ft>n|mebp)}MYZ&5iFP&ANNB(dFMb>?lrO(` z4INVcVZ!0K!JpcO24cjU(FPGJV&JVHQi+961RRUvpAP0HIL=n0R;E@QM*^91AQ)qQ z_7J%aC)Q;yY0zAlz+?5!f3da_<5+Bdc7vENN!x|%e6!kJQs06CUc~{UD9phCU3G*- z!e4}wIN7XrE{r@5jhOh1ImOBV!3=l+YYuTcybRQ|)U|XtBW>~pDO<$+b&k6paY`j@ zs1VTB@w{Y^vF_kv62ZtWPdIJX<{-JDeo>X%yVZk+nmh)l(QW^Tn@w`7;STr^^&2s$ zYZO};w;hF_J;vE%DJyF$f1xQ%cYg9c{kVH{fxn$fBcnQaj`Bf@D{S>Tkfv;YY~H76 za;b^oC`GYbE(hMkQXSxsUHCAdbEXX7m9gATu}b53-1EeWXZIdLe*Uw^Njjis6I`N+ zha?CBr0C^mXwpp16NSZ-6#-J~al*Wp&r-`@_Ylnt~x{1TazFU+C4H5B-fe)WV;9e0CJ*r}XM>87GzN z%%!gv(lh#ZH%S#9{x#TXAmOi$1kY(-p_8aZuF}OO?vnu!Hbhzm4C@*vC5+uj<1oJ@ zk3`HG%+I1v?~igO6C=8>?4FsDXQ_x^Q5wcIj6ql!^>-4O{nkx!uE(u0H$jZIwtxy^ zbzk?ssF|)N%f}Hv-N&LU({?CDA-PFL*pUJF+aEs--IWXOCPTkdF7`~(xMo@5u3nZ0-%}c3&Y&V*n4~9I*-9%K*HVJ#`UgW({gt@in@Fk zj%HS>t+jg;*+?eFW@~*yuH2vXmI$BL=`eU(zp9s;BdmhJoTh6eS**(P9GAt1$w*IyGkqkrw0-&(LP@6=UUF(-tJ7jnwf)75G3qpT8o8FdE~YL(^5Is9(|fjL{t-=^vG(wEPMk^LXPX)-h2 zYV`$ZHGTxQrzJw+&Q98d=Lm$yK=~pPOOCGAUe8!C%kI^)$cUtI@kP-kyL@sfmP}v}GLcG%nPj-#ndP6L_ z;CD+w9E|qq0$dXVoGkR5(MWL-^7(zPtaWEF+KS{iL(yAOGgAp za>E@lMO3;R{L>L#hkQ4;asc-P>a+y;9(lY&Jr^kQ{(T8pq6KTFTv^c^B>*}~giwkX zza>CqfmKzNETVY60{EYClVv7(*1D{Qd$x0N2#FM^xxwflJ^VscU@+ehBEsH_GSR|H zg8+DS)Y9%y&nEt@ft@TgmLegRUZG`+25HAFxQIUgJvluS&qmjNUGVzZ3}JqlQ0LqX!=pyf`2IMi@s0$}XAfesJHO&})3q^|(^SvnpT78wRPbe(3hrmhGAsIW*r zZ_kt&=H@BN$r<3RUoZLy#KQa~A~M`I-A2hnAWv?5`T&*1jwRiLcur^}i&?b}01*-~ z#h4>jlVs{q5(-eD?gk@DRuHOqQMCD0J|_eN(I|@C5kV>|L`g2-8Q&+Jp*NF+3t|P?eu(~z36HOQ()qgmUY5g`=X_vMJ_wXEC{4bKat4G1Vilp?EZvD+IwI$bEj!^5*) zVV1=ayQ(6+W+l9{66{1DBX33&ywU6jpTpeP-st$-SXEeg=PmHk7ubl9pS+GB9?rBq zr|?@MfDl9^zZ6OVyoUr7(a2965R_g*3-@V>ABnh&8vyFyj6v*2){6vf@)xCw!B{Pj znr2mI_jgJ5kj<2&w88cddDzd8U^RJDj?__P!q5qwEN%-%_0ZtXo_=4h$+zgAhQijw zfn*4W2OkrBsi!okzv0wX`TZ|Pk}@d}CbkNc-Lb!s_jevI^9Y#c5=px{KDLVD_^I)w13vAdV#bxAe4cX#;01JKt3r7I_fUzl z(u8c}u^~$Fq>@jgk%g4_Yb4SQ;;Cq&YNXDv)|IFSr5XLKvLa5F;ViZFpQv+K8_OH-j_%J0==8X{>Me~$`=2X%!qY%#Hz*8|iiJN@3%c45 zBQsTTAr>-r7$(G#mn2y4;Rd1r>{EAeL|N~F%y2>wBW$7J*XjY{LQZa?w#c82VO-eJ zo3jS_llqs?8FeJg_xiU2BF6k7qn^1WQjF-O5Rf4XiM}9%em&{m=tnLRM~SfZFkG!! zw?zq^-V}1&0lNWx<_>~;<@@19l@n{oQ?+Py0U95&A#Kh`dQt4CLQ;2eQrKF<7PlVU z$W(>OP-Rm{aPr(OL$6K&CcO1#k7apvJN-yp1Cq+a0^f^0N=R>G;^zQ3t0=R;@FZQm z2O}+tSl#-&;8i)>*A0TB50M}0JCshN%P_|L8n3^q#r^Hq#KCfsHSXo4!f7WGWymt# zz_ugDBgZQhOjUt%pc;x;(5fmbDv-Q-2#CUEjMJi>skP@3BFw;$fl{wQtEa7;BvUHK z`7Z=GH=u3TR?^j_JDnLFVLFyTGM|VZQBA1~Tzlz~b%8I;#xAPqd#^zi_m=ey99%Z5 zc|~zsk8?W1%;+#kZ zCglO>6D!vloKKVYKv074bfDq^E+?pYdQymWTtG`QN=bSg@mgAg>+$mN_%N$7k2i~? z&Er2WO(nMnyO!FpR`h z;+|>=EH<4rwDvjc?(9|Pk##Il1+&oe8@6UVx{ zyP>}B(iY@-=&+*R!G3KJ)qJr^QsC5?#&}v;T4hZ{nIQcD&;AlAxTzS5!o<;>LrW)` ziDn`S+W=XyKH)wlRw>(OK4aWyuT z8t?1F>errm&b)W$jiq_qRLeOU&+A9>`qt7T&7X1v-($`=Bg@SJ34i2f`PIn<5vdTV zU8vX~c}+OaqSx6*u*aBW8!i%=QG0wbsANh6>zm;{66>MivE{0rGfL4UfW7c3mePb` znEMl7()AUBt@)j8)Vds1u4d9DO$!U3Zof~C?pru6@7_pMXhk~072GQTG=e6 zt}e0>&xBMLd;90%m^zYa;KKY;=pp05`VEN;wz@URjp{+%skqT%$7iryU4z5^5(Lu0 z+;>4?8e>234KyAMvNcPtM}`JPz7J)g!zNBHv0%bI4#P)PgVJ&fvphG6CNg}=x5Qk- zgBX;X+vuDn%_DOsB^u8XKbE^7Qr9%TA_Br~7TEfSTr^f7e#}5j8Fj0Oq*l->OOgZg zQV1#0UG1wtxEyI_^lZ-&4Ng)Ry!EkO#D32S+FfE(LJ5#WDCv>%ghboo0DFv@+Zn8) zWG7uHsRTqJOk~3Ba43_!o_xuCZ1KWHE1@j;SWIDLrFQPm2gwotcf@xH83D^gjuX?$ z?rX<=kY1bzTsO}p!?bGzKn{*utXAOJ3_%Bx!{0OM;o`Z;w|Q>h2qE#EvIM?aD?FWHgDkwI;bEYZ1$8!?M;|Dh=6 zYUu|Uvn-^Rt4BDi`Vn{11yD`^ec;ig1?!}o42S`X6*OvTHG(0 zi?=Q<*l9`GZ6fqrHVY4qeRbXp+?irHXaV$Kc|jCZ(~%Rk`qX219-~h$-JCtSh#-nI z@@Sc?5#cl2EJTNZaq3PEi4Zpd6b!sL8&DR)OpP=R0#Xibg+d-KQZ7PSqJrM-jv~$| zorZi)K(hFQF^$H(I7gzpu4GZ6(FapwTY@AQ7M8rk(F~9-o1)h5!897#E(UCA& zK}2o{9M*Yr5i1TjPH6=LLMU-j%sZFJ4d`^Z&Z7BhBVWtI?$Y0f5a26m=mrJ6br{QU zzU>{QXn&@3XHdxV9cC6ipt4Lk3YwcE6og16GmB7bn7S~c{26QySdY9JoHGth9Lp~i4u`16^fcnoo~(_JDi8fAuK`Md-0e0;Rhq;1 z!buaYTWr4Hmeh4UUQ5C;%ga69B6vxwKhOE!|I0Kzgx8mJd;);h#vS)WU;q(EGlB*UfuSf3p@^ z>RYxf;tK4pr3A&eLd+61at;9?ONEP6P}0lWq(*Hq5>2zJ$4-FX8Ouny+V^Ne(07p( zNq0@*SNUSfYC78TLZYq$16Hg5ZJo$_iuz}M|2cu`M)GAcgFT_?1v1$AA@9rhM~1xZ zQXJmY?&-b0l=WYE_W8rUl5PGbk`%)YecZpPW*nha_Ey{-(MQfu<6n;|a3Pl^W0DP5LKL`a8=nSL+G8LmzK?uQ=2vRB;x)wQa^PsI^gGJn&=Qk_9xF<-Die`H?0muYa;Np^EQ-Eok$V)cr@e>+ABshDtdC{JlN$T;=JVMc z-$BrCht1Ey)8s;(#FzoWr3cxXUz+zq<&mi3OxUOEdb#@jTJU&+=efi7nR~-F<8W>6 zWOR;lpf{aM1qL<=T=WE5BAJ*FgF72KW&CGcy{%B-GAGB~O2la(6e#W#Op*hm7LlPE z0STcK;;W{`{VfSbERrBR78u1qoTgzNDUD%Czy{a%=h(E7bM(X?H63AaR#zTm8u3B7 z;Y1nsvWmI{a~VVsYKiiaL!=w`zohKPLT^2&&T_7)RsO~--jEiIvsCaVmS z!sOx-qh!y}W80yGV|PyoQS3yX2!)fs^lZEhJrRQh!9xHAf-nw2$$&_ITcjVuxZAV8 zB)~7Nif6SlVQdX6R14N;)M_-J-8Pa3v_N|G5ATC#xO?`LlgWqPoImemHv}$nnZ5Ko zVhpuNGcwQ$LKLV!ey6JTabdtjB%1;B?oys&jx)(i5VaOqCtw|I2;3MGsG)D?{tsc) z$6H>!l^gsoXWpd3m^2@`SPhvmzBxyF6sRP7v#NmG#WbC^(UqhGdaw6qU?+*lw{y)~} zvi%mX_qrdvuW2_SmNNhT(zpU4v1&eM{DFdYw*uw-Tp!nrKmVMG)z(uigeT=)FPJ~< zyKh#9H@iEIbcZ_RhjPPyE3_at@|+8w0AWvm2;uc)z3(F0sN7l=4M&@%2gKdnPVjB1v$`Wd+0EjQ7oWlGoXV3 z2cQDrKg21?B;o-?*@OZ4;mlV@wD;^N!R*kN!VM=D!Rv&>x|y_TmMTazLl89%bVi!e zW>if1ghpI2WZ+Ye{78eWYXB@OvsJ_Dc!;Agq*w3kWN9xz;}4*@g^noL)UnpFmJUwS4U1_di6ifA z_6>GrL}G}`_-%~+-$XhWamn95#uIy!PoAX65l#xE+V4e*$YYYXJhf`t;2B{jffRnH zK(QnWMHf&mNgAWm<1lC2q6Y;4QcJhsIJOc>&Z3chG}+|vD2PQC144NTB>CShzm;!2 zTx2JpkU{_0X}_y}drl3h>)7pliF43>%*krTzt4@Q?7Y4$z2c_TTE_C>oOlg=na>o5 zCZyJxZN&kn1of{w82R71d=H6ivQzqA>*}aR5Q#Q+mV53HSKV-%UWtW(20zrUIgZ94 zCL;0WhHivp$&3+*#F2Me$^dFpCvNC}K#k*ct0^#*fnm%?CJJGM3?XFX@iQ1!mlt_z zKSdG!XEHX+Xy(IIVs!9l@@I&WQOO?8Z$WKOG}<+=!#9u`SoF23WiGScD3vjppG^s4 zW*UkX8aCiCzcO`kqY&-Lt&z12ahkG}-S7pp84ebMo6aWIedWNS)~T0O#pV^*+c-z# zYlw4waAWrkQqz`uA@?<*yJ_|mI zDIC^i^4qaHecd|eb-q8Vg3pq?YgrA4f~8>1G9Hl(*Az~5g(U+@z~}6KYJ(i~JE1i) z@>Tdgujip^of!Yo2$D3*NhqhRV4jtccJ{>^ z+c(5>C72RnHrv|~S)B#YCOYWqa-&ZimoD3FISzA~>n6q!$2NRdYi`Y@*PgR>*f(iZ z7uMFco<*=t#j#DzWQchdT7zeEf}5^uCBHu}0GEb+Qsrs~K^zY z1iv8PrQhZ+0Eo})4#)d4&h{#JtO_8rNT=fSCsX;`FkoM5|B3syv0CwbjHnr&u_qKX zG|yI~Lk^Szwhd!~6yh``8!AeK$qLynl1%JXWA5X6sx^U=gdhXEUW(;NAe2lGg{m$; z2q`EgvK5MKDZ`(!Fj4d@2ATztYT8xIIMYsT859JF(q{TPv1)~>3F>j#-8huh7Rj}) zB4x0%QaGVAN?f94+@#aiK#?dTGa3v-!@r0$DUBw!>buI>OUyF7N=1$Qn4b5-*S_wn zErJ4>YsB(UGKW}xB4F`&;0(j)&_*Imfs>=!Q3nZ9DoidqJ9L8x1(@AQ*Z>*F8%-~N z@&!8eCv2>%p`q@Q6&Ij6DF`)xi+FRw0D{Vcr2`3@OVvb@N%o$ckf9NGa!E-ujH?cl z9Vg+>2R;IK6k2LYC&Bvv5yd(Yz5k)F&H{d}P1;s*Dt@!!Yp8_-*Q)s0=ut>}7 z${aw^Rz3eoqu&`0c9RgEMz%AOYetI+o63c*sw=)B^XG-;Uqnswf8@;ODHPqTN^Z;) z#wB7WCmetSmwN@+;c3**pPU~fK4+m%1)(W5pkN2bbtb>R)8)Gq{0>CsUklt0DbTmW z^ z2yR*aHCAq6;L25jRX|jpP>GiI{dhN=g!J*v{W0_-80?^{Lo(_)o!KjbL3>Q(* zJ#L?7)m?-`O_zf%Xb>`$OhhZ%OwGS;{KP%6=`=q~HaOa1C%J`9&SfYoDre*ap)42% zWimR%szP@TGnt?bX73aV3*Z1}cI--J6T6^ddwQ{?Fny#(ZYiyvN8O}%IJ2FsXh!{0>cGYR^=Z_Gcnl(hIk0*c>Js&@of z$RG(fcFdrBa1dX+F(m9ie{!oC4ao3662E?ZzAQ#DcEIayyQ~+#aUD;}D4G033M_)Q zD;PzD24&jwl(i1fP^2mSIux^DI?iT!`M&UV55O~Bdghv$ymY@_wqdtzEKU#<0#yo9 z0)wVD0t5yG7=S$ZLhxIE07QWm(RYw;;zH;`B?wUBa6!ReKlz9PLsD(tN^QG3S|%r* zy9IKoW}39wv%nAd^#-=u7LGISc^=&b7anwgGA0XA;o}fUju7ify`2IVm+>vpE$+sx zUlL}$JM7P6m3&RTqK0aOVuhZ`bOzPaQL0w-+DPQr$aOnN5ZDb3@JFi9hYwsgtYHj+9tcECexhggF>f z@?-L~^k7bJVH;AZ>koiqu>wYm;wW-U5+o#xu(^24lgn#-jsn~JVcWI>(Bo`Pm_4(g zup0O_JeR-ElJG{5ECdnL-=IThnBJ zwxrL15o75U(T=a4v>(jWz7idOEXwDZ*}uos`JNX*5!_X0M~r~3XA@HYYT8~?99a_t z1-ym{w^R6W?Rb>0R{9NG_TysVy6U8xDrjvu{fn^|zU#2YE?xZw^{6((Kmn6Dm25y| z)W>yLiYsg?&8UE2cO`UU=A;l_feO0=3l^ru-fF*JJldQ`gOWz3OSbtxIB+(N#-_(BN6P7wqdBA!AnFvO-{EFIfh?yH4-{ z4FFH2jJ#{K_D>A2loxnitne)gwvQCp?_&6S zB7kL+3k7)0`Wk)kGmJ%5diUC4@_)_y}Pj`R7N$+!#O_E<%kfk;WfyJ7ghny+J-}&yY18IuJg~Y zEjTqEna<*@&k1l;{sEOExKd7@yptzvSUEq7YHeee+ay0y-@9VJ{?Y$q;;)OXwS`T& zbP1NSj*a+IRSu_Zb(~IP|&5*~@7V)L;&e_c{W0Ou#k&8q7v|(N=2r zb}y{BKLt8flL=r1a@%h`y`I1d=$b!JN;1#J2X*sE;QO7Lw|O%h*}~dInIudyiVKza zWAwPl*)*F3(0lFYp0yJMg;Av8I&-tUvjy2P|ArlEIvo#e4<W66^m-}T0ebKi|# zTCYIrStt|Bh27p;`%xN?J^OzQ(7=7g^$75LZ=MJW|FYTUwp4OfR^CpQ=Cl z0J70X1|6k#y%ln+%F60b0uX@$fj8B_Io@V z;J<}2n7rOXE}}{~5D|F)LNK9yokr;S{@26b?+bJ{7ga=le1yXHamY8-lDX_S4cLkC zyO-LacjVQ5gt|`us4?-TSeirQ~2w`PEcoc3H#`#qhRC z!wZ`*v0VQJ(dZsaJl@QC99am60CY$;j$Ry~(@Z6$t0v188l*ev!~X0`Aw0CW3?B{fsIaZU zj=i$of|pN&ApILRs{Coi&WbVxYJ=)%3==_XA_y-Ljtf4;$ep5S7euAI02Qf8V64WN zJ7vOh{0!;eeBuE>fN$7;=JA;E+mR+|FY7hS94#K~nSU^qLguh*%eDK2}CANBFY(>GHIej zY$%*%&LqUt-h~0~fk*)hg%DeQ$ZdG#Wq*nD)w_1oRqwt!DqM5ee_3E*L(7n!GeQQ* zAO||Xia=vB#)gcJ5wjSDZ$5;OATu|;FwE6riu73JvT-@B?(IQ(uj#9^D9|Iq60EiJI z6w?{bHjsvzPt73 zR}9*2JfI75=4n5Wg~7n+!#rKo!@R7N=OXHpa%4kLDR1Urf2}j4fhZvIrANCf*;0AA z2ZFp;S6g<1NrRN;O5PlfO*3zBq<=GwDMJ)za$sP=phRg_Z&}!Z{_G1SD21T-a1SR< zw;KHiNle3f&RWVkb^xIaZXkg|Tm`9!sF$#YUfn*d*4EdzlILwV{|luC*n3jt>z zIAF5rdTtBtv74@#;X(TcA0M!ez)e{}S<&7O`_A-pfWMr2#D7&SYI}p`+$gNpd0-Y6 zBB^pt%2HG)IOBo!h{e!JUf4PJ4Dxz?E=OufK9jkbHPS}=@BJD<=W17}f4Ms%67pk3 zsqb0r%d}xlW0uw4%V#VZ-uuP<+c-zZUt64ob=b;w8r@&+G^w0oFdQbS);G$K$u3TT zOARZc{CJoJ4isNOA`9fAD^n8Qh+r`t)$Eim_z!TwB_L|Ftl8{N-~b`6KUOd{*kGgw z(D13Nlgw_;DuiJc(7CFOl9g+Ot4EA1Sh`%qP6zBXNlW4yg*J>>v$#e)4X5CnR4=s~ zCYDfz9j1)&tE~IK@R0RA_aa__4Dxi#1@;;(H0&opIN{aCrolQ&7*gwWIu?u8a175u zyf8JwxoRv(2N<1H`crP49_3l48s?+)TS-S+hO4>RZ-t}?aZt>k_tu^!O}gupX;_(yW+lLGwKNWB1hlr< z`vczGVlPwmZ&4~~QbO7wRl%qw^XYl=IdVG`C!t~F4(*1~AB2LS@D|I&S(t;p7tGgE z%Ip#Nlki?aop6`z0?arSn%SdMH_@7uw!`am^UzF~jaW*eg%vZzL>08Ov(02*zAr~v z7(Vw|uYrMh=PT;xR1N-CcJ_HLv%d)VFaA_+N;Ump@i%$CUK>w}SED_6G;%Dj+li>q z6p0BLorEk_iVtDJk@#7d;|m6N>T;jXL=^f8dtxuc)<%XfTomEKT7NiX>rU`J zswwZ&NglhiQq;0<^ zPB5@OJV2SO>abk-%I~75Coevb*QEv0khA$(rkR9jdK7Fg} zot!MWUGpF>OgSzpe67tB1IO0Gm^8iTdr2C5=NC7)CQeCD^oIZUEsOc~cZa~{$3UJj zL_^0Q{J=8Sw%u=c5yv=)oCvwj(HJ9L9UAmT->$0+lSe=c)j@Sj^qL?LZrtsv{Y*rV zixWZCZ<|2z&i+KUfBFY4vEF6pt-B}t-6UN1ZnY#M>6*P~rrT^t8bj9QyZb84v(Zj} zSHD|Yn4dD+HP3AThJ@P1eS+)y5J{0lnf&^`U%HNUu?(p&#s1}z-~#~g^Epge(jrmG zi50`|*c|6|)hb32!s1X`1<4*}@-yphzVke{>1Pu-dQ#bchCrCR+pM?M(_*HpeQ)04imqr6H`IE5F{+LcAw z2gw#?p|cCkae*@$;k=+bR>Cb%c8t>qYgDJF%HauIHz2Y6%nLMVf5*#or1i* zb$CwZolLOGmlRp>7sp#;@IDWDC|{cGgj=nzT^Ho*)EZp2M~EnLf(dsfNPtbfKpC8+ zj`8UHT>EB^(}wy(bmkIf6Ap^N@{Y$1(eb9kd=I^Cnt!&(Y2uf3)vs_GGd0pax>+sv zflkdl{dxb1P9)U!rJQ>`%$#!$-q(jl^E^i@W+bS90-djEZvxJ%bQ11$isV%*n~m1Z zStUAkg*_P~T{@C*q? z3V!6PLhnhz{`foL4{zG&{(WKoJKJSG!93@2`3HlIPIKgYCdIh2yyB80i|{Z)+;UNhbTEz%B%G2TfI0?>IQJNp?AdzQj-x99>cW zcDA|y&0ai{!zKqp?sJK765MUU_Q&1t9i69}EPzA*n6p`4XPrjtfjR^4>q1&?+uQ5H z6;H*W_v+UnL2mO+WKT_pOC0qb%5x4(OHU*G(I=E9g6Rl~yZ{)$ebf7!%RHOBJ3LgM z^E(?^y9E0To4Fz|FtEIGy-nNn(2+VNF$cDT4`)^WN>C2mR0GOQ(JfW+^|RB4@Uh|- z4<^wM&Ig^G1(U^s*uP`yjD(*Yyf9M}U)T3B31Afck&N{s4$+w=I~HuRf1m@Vj;*m7jQ@7 zrs2!=KS(+`HIre>O1WrKNPA*oQmX>Ph=De_}si#?4Ve`436_n+;J(vqr4ez__ z_&!R<@gld;d9!!U_DYE*Q34kJ7HV?{A#V zH-5-}Jt=bemV4X!vxN=yrRh1{oJ=04^%|#{!FPM=9#0WO=)AQ)zVGJ|d?w&5gVDB; zGIOI~1VR>HVvhW`WxA**_kVzqh+^@zFm@#L3pZ>~p-rDg&k1bs5=u-g12Q z-Fx>m&sFoPYM0R!ZnraVn4NWKrBUg4Q@cM^e<#mKMm1UBXC%xp@EVcF% zr1Hd=>bz7V@tN=v`~ng*@VDSb54qYO9M;H1^^W)fT3QfKU&bFi)mu`ZaJ2s{38shW z!*bzD^5&wXQ2`0)bS)7`26+|IFGUC(vfb(&+;92tNTgmKJVyH}yx4o~;+9c^Ux^cD1U;W_fOKB(r(!U8Og>8`+5`(M0epa)&8EiaA@K91 ze*mFQx7+7=jlg@p`S5#hl^6ht1cgXeBG(*ap(QP+gA4~4q!6@$%5D4t`l!i&L zE)wytS|c+azrn8fT|C9m{GI0a++o=Agamw?U3jMnd>p-K7WF)xyhglX0uH<;SlzY# z_tD&ExWCU!P5<~Dg4o-4Revp7`nb+C-3+j|3Xke490w0@?4vj;b;Al{yvf~ z6uI8F=(iVq8#?G{$LVsPKS9tmMUjK@e!Y5fxJ|!1{dQ?ORG*5}fdDvs<$O}C|F{g+ z<36`$xn4-kCiKyV+UeXYiINlews8cF+i7${ul}$;7S+Gf_+Hug7a%aOzoNr-{;%en zo9Uz>RsV4vq2*}@G|u1e;dF)e^^WeoIH#`Xc2^i+cI6mFnk$jrvHKvf=~`z|I~kGJ zvKy_ztLHXQIy~7Pa}HO_VuY`(f&cwp#&dC9w6PA@#qj?~>N@C|;p(t?DN=GCoC?z! z7sSeCA~k;)_x^F_9fv4VZ~ASwjG0O2Ix5#l;chMU{ThZi|H9_wgZQUYlii8S z4W{6;rHt-Z$q{a37}B}ReHYX^e6Cvq{;;HHG!zLr!%Rlwq^*eu0 zpn7H7?=Xdrc5vrMEghD0>m!3Bu!v<*#KKbFZ@DlWe{n`sr7})9j@EosIy}Fb$$2aj5W9;hd9>>;b5Rf9 zel?Zi@RdT54iZN*^SZv*0w|r@_8-bR|2OD~b6Re0$=UU|e~NUEl5l~+*zpWCDm0ZjpN)bL zUQsPI@Gu{Ef-h4nuVkD-Cajz_3{8P~`^Pm>IfRzxPuU4rquU%)?Y2WR9A(1jfJc&I zwJO?WdE&@QB%Jymmd-jZZs&RUhdafJL*a0D*8)Wg6pFi3+^x74cXxMpr?|VjyA^kM z^7%f$yZn*la<6Q5C$l@VJM%`!5iXt_y_6@YlwjdjQa--9c2S6?86Dofwa*JCysMSl zkcffo<1s~q(k)vDaJLUk(a46aas8H7-dv9B>rOu*G1xRrAQ42#2com}{<)HKT90&6 zL?)EW@3-BIzF!~IlTi|TRZ97PTncr-g6^|G)n`mL;`6Shr0SFx+9v6bci&XCYz+^w znho|%-`5xk#fo|}-d6aJ+Mmd>P*?U|`9{U3sWNNz78X@HVSe00Q)bqJ1mBvRUMhjK zPK!3YFqNGL8BVr1>E5eipk_y@kAhPhepg46r=dfi^B@-X_?O-c7YHByY58@p!HmO< z4w97b@f+1Soix}X*oc9@$Tj?)?&AJ@G4cL*8La~S9Yp16PG|4d{tRH$T142N^|ufc zPRmT1;O$+C>n$jSM=q{!S?m0f>^ExCXRy-IwI|pS#7W67WgDrP#@?jNjJ)=Wu1P8E zz2S;Bqb|QwLpPK|!-U1Jfj=I27So-Fj_B-Sd4n%nK)vplY-@B>JVuHpxHBEK3zHVV z4MnwklWQn+N(VeyOC;B033S!$caZ?9pXOxcOZOjdhe_4U=0iI9*R9?zH$akGI{h9w zh)OKhsOrLYs@^aUd$TH^p0Z4IX|O(;61xN~?y*2>4^!H7etAbi)x8+{hU=m(70Ch) z8h;zZzHsg02{rEmad{x&L8&a?wuu&?3FOTFM8*l$d0a&$^#TVju`oKn?WWHXY?AnP z`aDf5A6F*7G_||ALrGeH%w~Y&|1D3_Kc1Ol2VXXQ98c5|nBWuOpPs@xxUn_|m&d=8 z6p1L%VR6*I-S1f^lO6Nr*dd<&q|DX-ve;odEkm_MmZA8l-r|qCP^p!4tSj+4jL_m_ zwx;nXEEHM&IL;8K@Fs}+5lkQqeeab|25wb#P-#>f_}k>?*UHiD(bnP- zeHoUH%`B|gWImi59neNFc)l@@oyAnA4#Cj#qXl-_G|AQPJX7Dp2d?T`^u8+{DVO1N zI40ddegyE6`p}0HZK4{px<$C#p?cKDC|A{z{jW@?D3*qhs zH)C2i(_``j@1w3u>&eo+*C^vu!t-)UJHZ=MULDl5DRBCIc8Ghs)MCrxj}bU;QeDs? z(X3%iXb`nA%e6PuLVsI{2LJM|C}KiP91h1L{l9annbuW$sT}87++S3DY`q)2cU}`* z=()7@qtdo-MX@zVRA=g2w>xhx1qFcazXdcQWMKmu4jG(;+QCV8aR$h$gP6b$Cz{aJ z<2B6`ki;UcauoG|))50uSb+|^VTaLeJLtT9HDTNz`OTIoC*JA|5w;l$sy0Y|V_^iE zv0rOKCoyU-cKuoi%W>0B+qMs8U%)S&Q7?r|Zy_07Jt5Y4z{eP*e%)iU9_`YhSJr1xZ!To`s5PM zQdk^{|Fj78iTuy+duz0pHw;UhPx8MQc!kmRhzuVXbvzb7UZVgvYZ;Mn>5;z4sG(7~ z9SD3hhAsDeBq87NT2`Q24JUNdw}8`>L@f#JlOxi29<5OHdgWS-QYGLBSP7$5gv+#v zh=#da%J6hp&67fRQB+x82Ri7# z7_5=uQ%12ac!q`K4;Q#^x=>~c%x73rpGI{M-I9z&WC~tpkNs5F= z{@H}kUD58P;6;@u!E1=_$&Q=n+XRDL@Yfh504D9nXi z9!3%5`e)CtgK1bE4J!RvMKuYduo$0DoVkPOSv{r~r0pFbBqNb52t-R4YaSvgAD6l@ z2Jy+ja`0nVyo|l#KnBqvKp50@7?_d$he(9w`l8k2qah?KVfj|ggIOV2{k2ehhOJF0 zSYFZ4Auwrl#Gq1Htb3MfW(!qoU+OYn`$P`~TP`*U0Ea8l5Pc{E(1Sa`z5@PCT&7lK_%~=f@#%uJM2IzWDiB6Xg?RiTTgGT%E4YaGKS2 z(YC@KglsejvJz2*7zPt7JR(;@NA(D$NGRP-4M?VA<4~PU$RgGHyIE*3KX|pQ3_o)4snODBAc{x z6zqwtjN^uhsfs<=|EF#Y6ZdhxQekILM%MMx3i5dv8=Ma_j zKQQq^!V;R*%}M_HBb|tENy7IHpNSdtpCdptFMFetm)eDy^pe{eAS>wSTG25Z1wn+f z?D*L)kmKAtQ{F%!3}ab-jsoJS_G=W+4cXty*V4hQaTzcj zd7eEGgDQh>g61l_B@Y>DZDC&mSj?X1hT|wJH*1};Y7BoUqnA-u$Le0Lhf$Dz4#QZ+ ziX3X&jrq0ri7&+jwaUqmI1vp0XF4y?ryq0$6aljYjXrv%T4Zj6yV<2 z-8s;THswjF152zWBpH6jg-`y9d(Sv_bG-M+cMxY7{%Ty;M4Zr=NNy zSi*_5_DhwkEeS~F=hK&~Gaw-B#YCz<_9bMTwDw%(S>3 z)A>3OIF~02!3ke6p*Qgba69?t%J~qgV9IGln};abU#+hsTRt1J@|;xogdKT{V34sK zstnRiOU~5um#=MB{|O+iWGJ1eUZ}6JvXTuR76T_u%Hy&f=rVP33(v87 zwU<(-EmXdd>;}v#jGY*UH}d|XFfwvlN@o-N*wkGz{ZQwyQzxJhKW)A$%5=V7ciAW+ z;apr~DI8j_EUjg$mbNIgkH%fjK;|m7X|WE5PeF_E37;D4i0^|Mtkxl|fLMV1M8bst|pu zT+OXM(Wq?J`@F|BA2HRhZ0?!gL-7#^(s*?{3v_)4Rh2r#XM3vsCTnFbt9Z56Ls zyhMrb^86xA)T~8{3U;wi^zam8ed;KqU4y&(wQowgoS`{pk3q5}rl=jZ+&ndch$dt^ zEjlK>hjHAU`!}UrGPK%dirr$&X`E86F>k!SWr}nIZp$PJDa`W=$q-gtCe;mn(MVd(Q1*|7r;g2dvQ^m%g)6P0H|395c_kRzrM((E&QZ!3@0jkeuP7?*8VQg)q#v$ zbaJx*SA2Ld`nMXi)mC;uuXA$yB4Ju1e8F7PyG z{0&6(*GKb`{CDONOzvUGMf>Ma+fyR3$%@tnP_`!DE7YBq3m(??f)JX3%q>%{X~?@R z9dNjb`4)Gio@*NX{yb;wW?HuWX`;m%H`RL2F;ADR@$fdnE!A;pTj=Aw>Qh;cq?HnP z7(8mS!{45=&P=@3#^2`y90Z&$=S$O@n^|8*%mUkW=>7DO4||_7AI}zMnUR^1SzY>l z31-lF@Y1=do{$dH3Ho^OV4D&(`v!BTmgpz8g1!coX^GO;EOI>zuWz3BrXYpT0{~kU z7Goi*ogm5Qeb~dk3a91>umNV#Q$+>^XpNDhM&toI7!5~uKr6%)65$+KAI;6O(Fk?> zjH_;F$k1-NgSo?rTy4PLJTkGdk?`+hjUilX8_yx1yZfeEn@UW2V{0XlubDh;i<8?#KfcLbQnO&O+J2X`#Tw*>kh?mOUx19we)=hx_q4y`F&gK%g5$>?7$LU1I zo4^11+gm8#t%R6nqm9seFj=PC`_p&BJP^ihOKiYf&SPRamp3YX+jErd-Tn>JY*m+z zpbToZR`cyT(m_-Ua{Vb0w1MrmRFX@($NJhOga_Q-ezqFyB|%u$hRyp=Qytf{H$8t$ zEPoYPv!)`gjjJ^$hbrhtbRV$WKqlQy~Zorn12POmH z$JOJ_7G5@0kwlrmm-f`Bs$6FYvde~vf!+6~1U%oEy4uf%2R}GVN%!ZPq32?3OYHvQr7vX|cJPSoFU z_0=CU!`&oap^f3=iY#k!C;u!#bP)5n#oiPnB z=}2}das@LbSfFqMw!(@Ug+-_8-(4@_z1xclRMTlJiCqOgIaHC zqhrZ`oVHQ^XiL~&Fytw#N{$9<(o>!%szyO^b~|ZP{){}Yzc2AL&sr%O8)OdeaCIy! z#Ry3L9iH^oBqqV&hIRd91ms{#KN58~AoQM7xQXPi6^z3ZFpmdC73ZEUb#{2$GMAS2 zi;({M(lMzWX%&o##)r0g)#y?_%kA<`sMh%C0s;YSWn|R0J(YE(`rjX(JdrK0$DPLx z-UfJRwZ=Xm_zu3rl$Vc({iR6m&!$>5%ZRjEk0GnAs4aUcE)7PPGov+7cDxghl>xks z1%6X)4tRfU75erk%KlgE`{lr>90K<@Li)q@ZYcWL&{N50_unT!X~3zqlY&yp45+Bs zb<0ry0pAQI7_;DfnieXx>x@TFoKEpiPk>8%?(;y@)_*X%E07}1h6o+j@pC!EREcIm zvxo1JwM)x)gYR8MtAc>me*eziYWd!YqMcUh!s_2Y@fpEJ$!92#t7FNzySE9*r0_1) zkV{g@{RA``hoe>NMw+-5v8XdcfjxE7<;Ce{V_uuZY9vZpljTx-0kCJq*V^{-{O39_ z)mN9G;i{W3*X4ZUwj}kd7h~on z_(_Y@0bI-{`@89*lL}4$3_}%5GO)7cRD}c8gP^C=ZcP^l%(Jn}gBI7J$`lhjR|w?m z@lyZc^n6#>*)vi(a|lE>pcPv#l8KtOo7Neb`bQ9<2B}-#!&E0f4xMm}vR%@Y1P$^c z1sr|AYtM(Lk;`@jUW3v{E1#pBDf}HaRu_fh>55BZT@rwy70= z4y%ZWC^4#K%&<1IUO+M248i16t(XbxXC|o`N1xZYzG<0#No44p4|NmUejZG^lS^?g z>rjR!LB!d(VJCFH`+2BQ6WtV|GV^Mcv^&VizDx0|Us44_0C=C*Jo|?31~(oZnbi7& zw)!NGu8J7hKp=e7jz}G<-ysJ!U4%kTq{X0^?Ltds!RP0?w6?~wQeNxtr^yS6t&X(B z5d-DO5o+WZQR1gFB`g&Ty94z=0;3iScU|wsd-Hj5D-T=P%~k9W?K^8K#WLc+6iij& zl0K?ByYW;<%DTnR8pB<2&@VIdm1?(}d=^9Ja_u&|aeQQ-Xe6OX z9DGpe&up*lVb>g3;lPW^Gon{&mcz+TGDKy&(>J+Po3>obIyy^jik`!AEu%nTC(Yg_r zOt}wNogL{AEeO_gX{FVXVA0u}j*VES*H@d2S0fh^3scP$0g?2rmJIK(iiz$k{0_ah zy8>BU-%JEjVbUBx+1*mFTd>+_H$PwTt7IDhJVv1Dv*EbKa;+zTCaB*SOcbFvgJBY) zO{pKgGm&7B*fhcjy`5+p4k1>KqA)_MLLN3)iB*I6X*^F1gq#&)WJ6qm@eR5+@|SP` zbK3n%>1wK3c{>o@Dy$3L$}bt$XX~&`#b5o97v|k_!opHFL7sq)At5%QYg$49P9* zs%vo{=$meEsp1q@)PZJD!YXifxL+X4?$DV(J83!^Ub%j1HaA=nRZuQ0ofhkX#o)ks zy>)+qQwroTnrRc{!e>1OR8rH~5y7mYt~+!?Oj6&c zilJv!#ENK1#6yt!&V>XxT|=!+w2ePEM2s9;hKna+*3ds_bL{lucrt&M_UEXEPgPfq zz4jq52{jgC9F;tRrmV3!Z-UO|Je!%8Lr90+1OU9NUA7bi6uK*ard$yL0fEI;!V3Hp zeF@^9{#K_`m2$Njt5r_WFDt7I4vU4p5KN0EJEJdOjc>_7psvoVq)%%uRbP#N6JVl? za-ZL_F}`1WD|<*+!UrdbZ=lA3{_43#XN&#IF3obbyQ$7{p0(~>AT2q@hMR&=EKy=7 zuCg(!(QPx57fu}2W90I(e2N|*uqj`ww{vJ^6iwgweR?hxN12q2?c`K4uGyFfihX~7 zw_0s1m_2T6Y*eF%1qF)a6cw3{r*c$ORHS^bSiFQYruV#yXo0)n^5gTk0))ZyP8lRw zG}~Hf15haeR3RL(>lW!BLdCXKcVqtRA>BdQH7e||B<;E%LmzKfU8?Zpv9bmRsX+ND zo8f%$vUm?YU3Q6IZZ031JB0!4ajOnJ_RW(AXWBZzK5b&`U{91}uWwvQ6}5lyk@$l< zvY!_NFDh>QWA9FufQ#xsR7^u|d;!eyHE9W=I?Zklj7k|X6nGAaFsbBlg*s#ZU@DXOi~7Is3kV3@ z-QCqP?BD^GL53V)T(NU;soJM>$W*lZLFbh?~7dDFvd5T0d+)jtFoGI|T_1Vl6j21v2DTslnnv%kpMy zSl3X$9m?fD6if9WJQDLr=!OTR<4Rc}yNemHa9~JD3+Ddn(WEp0ks{q$RQ!IslLaye z&6+7kfWV-Rw~ID9UGMcNr!oW(hY_m;p;NuLrV)J+O!bvfo%*%|z`BvQw6r`sIVr`G zY;8T5U`D8t}%Kl zZE}BpE=w?MqeU1Uj(d0$TY3Az+WyD>Mz-tsKVKmS+SL?X+`mO~FSp;4Jj_&m#b_l1 zQcW#XuXr$OP9?`Eri)F9DvH15b-%GLR;stz-5fZ!%0-BYX=Ttz1G5O?dG~x$Vxs=t zzm3`Pr$bY{-2}59lF4cXZ6uc;%{2LbG=xlgQ5kDZKM{n2~Fy7-axJ zFI|+Cmnthk608OH@0ybv4AP>-uyj)#{Bmn8Jl}CsiNx!^{8$@hI@W0ZrJqD0A6NuX znr|!)Un7GG78x{nUAA*uP(T@BRj206C=hC`j>{Bb*yDdD`jM=vU_rNx+AH((4Zr?( z@=~kaR-MU5qB)t)g;B?Kb>=upKFN9CPHnhodU|ypCZmZVjmf#q)#-Arh3E!n;?kq_ z{Q8Ng+myKeaO3Z2iAT<fvD;BP*{6)Uv`9dymyf4$2|ew_4HCJe z|BVHrWdwl(5VP4#{=<^kb9T7A_j7mwQ)fOkVq(1%JT*qdM3(o7WNTxwN@MG2@AgV; zqN{ZoegqbWK(vY7_1|szmQ}@qdqpiG|dOb}l;wT)%KnxZP z5YQuCxwc=^ohNtwnojRW!eQ(*ntqL(FqY9jo(YsOuJE!OqzDUOTxzj28%%#HoXxR% z7a{$d^gnSxUH*bzDKJ9kGM2L1P>!>bu034lCI|H!kPhAhUA>CM=>-s|qbx~e6-GbJ z5%&D)*axVCZDJstiGLxB=TurOv*(CZHSm|NVsmx`}y!Y0R7D=NkvupNWqXM_ zGi?NfvL0OQOV7b=_#8fOQ%Q_F6p95&ab1B+x9klaV0#OjQTyq`*V=tReC8|8Yz|`kEGSw(P=_8MqS7)f=ZOLZoHU-mV-E@+^=woMoaykqiq@&LUoD(8Extc(Q$?n_|FDpmO|0O{^n9PM z;B)r6P3|p{#eZ6f{O^N`qt@8aAn^LHm!jIJ>U;jDp~v$oo8Lz{aG>mR3nY*n&;A^f zmWR~78aOZD1O~5dU)k!+1TCuH;0+4O$>|uwdHmM1sO#wD=QlM=u)DZhq-}Bf#t~nfDILt?B4xa z5Qfd5W$8|ie=w2N_OCEd1_IdGTsWSeg1|q}VgBH)No#yUVzP`3O>}lVQy6b%%-}uW+r4l*x-8pNZ+p&Y zm{y~hI$*)1mqDSdXODeh z5k}^(14~U^Z|A2rkNsbOHG~!)n@q{Mxw)m%dlBCJ9B%R)riPf>_pq;V9>7S5ag(hbd zFca{w3&x9*P|xMXsf%r?%Nv7N^rnnoS2V5D*TC^yHNWD9`Vf7M?VCF~de;^ZKf) zN#9qv0ey;Zw(GrDJee=gf6&{;>LkO%QCb67CQHoj_h&1Z%l#6n@YT~fis6?BS818|w(>YsMxmgW?4q&8z z>?|L(W)cyu*@)vYB(N;3t!e4c>jSQX;BcUYS-bC7aF4qY9gq+^HLCT>8@(qLaz5 zvsFTxH5CH<1XI3enBW5bMyy)DH*~@~3YDYd)2I?=Yo!VS1FP`%`e>nsn#C{OIv-1z zU)6}m$R2|OZp!Y@oU0hXQPT|LZ%{x8AXJ-ub7v<6bA1X?MFSt;#Ze$|hg=bv^{zl{ z!jC+wO#8x)TdN=|yXt&q^u0ue>QBwC@7WZe#lpk=U6oo#qjQ>tA+!WP_T8jr(Bq#! zS!L_#0&Kt}j(e4Hn@cl|qR$ljcXO6lfgr$Wsc|iDaGHzESoaqd&C^JY53MUgo@lx} zT5#O;d3%Tm{2{y`4vfug!9rF8IbTw>ErvR%_Jg{QJA%k|po7!&wyi9U)hRgAj3!Ts zV(bjXA8zk#mgW+M^G{D_3by;U+HHW4;jD@>nWo4Qkk5pLd&+ z5-6r)k9(sD-y#5aD*kVKNdH#*;2U7n)`voF^!6jQwUg64@4xMSBUo$$^Rr>&r%@F0 zLhYV!VgFWUOaJd*(rEn<7|@U;K|^R*<^7WX{~zXgc!k(hL`82br{EyX=^a}oQ|2>8)(-2#fngbA} z^dq{gxa@n#ypIu6j^rUwwSV|G}8c-Zhf9NDiLdpR29EBs!i zFJ(0+Zq+W4kMEmuS|$xI+Jha!8cfrGJG}8VX1}W4b;FeD?D$-JvE`uuFv)&`%W4fC zbOlUWNPO7$3}y#W{I7;HtEGne(7`+wVUk}J{|2*?4TP^m;G@Hrq+1pyfBAj?Mc(Uq z45mh`)@lssz>6aB*i;naEuDQ>0Phl+1mWE+rZ?Rltbe1|nP$bGwZ_i5SZ^;1&O5rO z7S&+c2Ek1YjOu^!x-LOguS-oDZ+uu1$m%?LP5-;K;AiXF;5vo()j#Bt7k;TpBGiwn8Mc?S36r){z7g^!&>x=B8( z{RHc3o~_U%L>n8rcF#q(2d2j!ApxW&0ruTePm1E|Bpff+Ni9~xeHv^?H}StCq-_=d zlb{mWok~j_4K_&9Xg@3k;qKH2qbSs%=7WqT@hEF|!~M{~kNZW5FFJ$~;sO!kDpkMV z=4L0<7F&Xp<@M^WrdRd56Li%<4?_4xC}VuP>}s7R9j3=2LT<;0Y!{smS=&GY@zSiS z)&m@ZGQOni|GOz~uq%18W;(hkctX9R)^ie7?CA1T`)=U$!{d3lNu_Eh9SI9Pk?fE^ zQYK?W!d-r#4i6Pq;0D{$|?L~>B)9c7jo}C*8Otx<8^n{b97b6ZROqj@ig`y zk^IxhqN&&0=zMGG$VKCSufs;KKPH-88d*OQxv*F|n#EhieUL(r+G65(P$iU)K5n{0 zFEc(qum%o4owETD5cT6l@-_MHLxr6I+@X%rn_I(0Y z)EMmS?1=C@?|D>S2kn!Y4i`_d;m7T}t$s zW<3pJdVAmIz+J4HUSsKKHzf~x+09#&Rj#P2(GKd|;k)YPz0q;$)V&`1UX2D;c28gfgKmK0{DlcSMliJH_KBL?1fc{!kRtWGpqB;mVQX5+KTa3C~EYWy` zG31HMuexjkh(S?uK)j4(jolSfKO_{3?~i}GZh2tgvFdapKZhr##6A}XkBR{v9a z^0F9M^FXF$ZAc8dp-83Em}VDog`$w3CR(q$L`?La7ge7aF3vYfip_uiWMg*T2-G!- z5rYo}^d+#JEr0FfAx$RSFFoWU*~;aw;S|5lRQ(=rfL8msEkWe6$1=zUyJL5h9?E+x zj`HolPGYx1FPg;gm$En+{33P=1V(jnPPD76Nd(9qc~Vpo1e1Z-z^wegl2O5lLK{Jf zX+=~FJrDL_m8+AJA<$;-Wc**R)gar0h91+L0z-&qiNo+@-eeAaj-kp`^M5~cg)@)7 zg0?#qwL|M@UN#2RHQnFGXnuh}0C^TwEM4+n#$0tiP#gg&OpA@AZD|2$w&aVEmD(Qx zc5=|a5clng!f|o&Z3Z)y45o<&vIt`bT}eau?^SGcH4JS}3l_m5%6cs<< z2LAmRGbs1|7?Q=a`*ZVc_>RmV2`j8$;1fBdNN9ga00e+MwCBnXxYa!Y*P6Qf0+or`0m z=`lz1-Bn)V<*~7m6MS-c`5?Iw6a))$-Jjp*dVO|b7?0Q;h};h9euA$z9y`2oN0MZh z9X-71HvmHAaf4zeaqLBTw$Ew*i<-|g$LsiCy^31WehMR#p3{n}6G4$HMgL7{zT}@K z3@MyiXgA?R3D$3WT3EGM*Y z2=~QttG*--i1oISPiEF%ZL|uiBnWLhRZSi@dEk$RcS$TX3l!1+_1{Nww*Ks|FehL3 zaghE|U~b~%KD;?fxCJmS@|%kjhJopVYuU;-Nkx|V7sDss!vp81C0Inz9^8lKLq=8k z8L5%zr#`(j9X5dC#xqQ5y^SQ|18rrvEI3*(eeWBLuqO3mSatc|SYmEk5CVh|(g$1t zT-;!wFV>^IlkL6%Mi*A3$98DZ($&?iQCq43l03LXS>v`=e&!J1=3-~uXI~|^*_wj6ceU)2|>YO*{%C4GfqT4wNU;~ex249?|bqYupl6MXUq`rrIQi2 zU2nbJ*L)Cil@f!1(NKlUrkjk8)y0{o#2%te*W3L=PedlK)5_aJo7(&?{7sjwnib*# zV4d)JH8ne9mJ%uCeeEar_4NTkXU|E({1FH+9aSo@BAG^cud}EknrA)H+ZArgqo4X$e$h z<->@6v6i zYSXiCe^G$^D2BPP6GF3AU5V5}N)Xv)Wpo+R0H;^E6p~<}>g9NcLfkWn5$grk7e;^*u<8f}j-iXm7j0%d?W>z^IjuT3}2w%@ia5#EB z%Ojw>;Z7uaSkU6Z(Q9U18r!trtAsR(>d2|^lOW67r_8*c)T;h=+0%VoWSx{n-SFPR zO7OzqJ6qLp-PWxN5@^=0+9>`g1RhTf#-XKZOddn!We3Y-v|>gG zQdAT?^)&n{MUN`0Sln6>1`wtq&a?X0C&KfcAnGp}W1k>N*mNcBD-H=qJ+r57;1IEu zi&YVj&4=DtdNOU4PuWC3-$bk(92Cn#NJ#}CK|f1larXSBXfu3(^|!$jZ^A*9R1wsp zn^SH>e%USg$;i-|Q={~5PY{%l=xXkw!C1|n0N-US# za<8|HjZ9#&tMlZf%qtsLp)M;3p+<>K+6YSl%XlChFHa(>^C&mWy7S3IDA6|NS;oi~ zRhSlCHm#A#Zg*Z)C$c#7*B&u#H7;ydE9t2Nt2daX?)(_{1j0aBop|1yJqMvVGigfW z2!rsKj9U_kv+PdvjfA+)_@cuB#ci9mu=K#($t^dkGK4q+40!LIZ4^;qPc-x{gdQmX z6J#5I5OO$SOKXfrA`*Q-;5u)liX}Ozs)Gr2I8gb7s9n%$Anx{kMw;Gq9 zcwtjz{9P|ohhZtqXZqeoL>_q&opmqiE?8@!Ow$FhWbPn5gr0SXP;6h~aQMV` z7@TysgOu4qSqn?c@8lR)uCM=j!KNj?oP$D$OsIas7au#CpDnR4bv^Qzi5WI%p>!iU z{k1$4M2{-)R94oYRc>vkg%LTu1(LEesY}xZhS=xjkAkM(QlGLd@)5j)OQ8>{Uof3N zYFh7Ln2HNL*@Uh6G@;5-hWGcNl4E}hPl?1@ef?zbk7-Nsa6@(ZwJa<~i3kcoIk`A| z!|%$zuBPL24V{lfv!T zl80q9K<{|s%I1A!JohA$BuwsoEb8Md>k|?-VT0u#kR<)mT?+ImaBlXoV9HB}A+AGJ}z+FTMn!Y)w zNfUL^6A_RPh7(4yrjEv>akM$M0V0$djgQB5jMzh0hi%?g-Z<2`#$g58ZAy&!bNr># zzbDA$GgEoMK4Jl)kS&erAz$^H)WJa90TCt~2u$&db4ia($A%{%B(Qynvh%T@1?gWR z82kxgMzNu8mMnYv-V^S7+YdN8Fg3isjmcCQ@kn6-?~K&F1lcEt@s|EF*#*n^u}RXZ zqO`daWCVCAw%lk-3X=f-2WBX71m|7omyK?sx)O4wZX#UUbyK5zRISNWWj~Kdo*ogu zk9=Eo1W|WERdxl6Wz{SGBIc`e7FiF@8c)I(#vDEbqJp9J&Fg>kcJ!YK(gf7}I>Y-& z=5Cu?0=h{JL&CvNM1k50i~>pG!fK*1CpO^2bP%^4mH5uQG#0zxt%VUieMD{h!H$=_ zR%yn5I(haFVOk_yVu-Ob2!iFsQm_FEP!V*6aE8+a}gD z`sx`jXX4{4nG#eq?Pn+J54z+X1J=DG#s9sF z#7R$?TJRpq3yw}ozuI+4@5ici?^@D2Z8m>|#LW{BOb23?u+UH_(2h-vZxX11mR#o>`5xQ2;2hklUOpvThJ z%1e!eApQy4p0kQ(8itF3A;4=_YE<0+?f6SYdFknoF$4lmmK5V4A(Ix**E6@O(gqN> zlKSA^(mKf?QkBwKsh$h(Vq=wwT7>qjTKfpjrgC=QigCQekYP8E=bV}>AKZLAHZBxV z1ey2%MNZBOF4d$N5`|Hquo%sqocvlB%Bjo6{~iw)Styj zrQ)(g`Lm{vV(^$iz)L9#A<-C}gQQw|G!a`O^bs*>rK_EdReq*+;=Nql-`*~lZ+wB&n4aSeik=pyc>UQb73=L zsO?+@DGN3@_fx45Ffw6K#k9cqCX9haF<%czTkOdYM(HvGAZo=W?Yi7E&}v5LH-Gp> z!h^=nCmOpk{i^fZNgVjP%WBg_U<|04sZ|Pyc^5=zx(~yEXr4rFYqe*lGDN1H+Vb94 z@^BQ>P8Ep1IqIh6ydIzCOe=y@izkgR1R9o6Afe8k|imNkt@!*h*O$${HVBQQ&o?NX95=ia326Ozc_^)ix`w3L$(#iwXQdyU@UYv5)2l_d1g*0;)ZtL?0+xg5o< zT(imgVy#71R`%KfFvLt=oWRo=RZUHo>n@wbLSF3xRO8$smND>RB(|zHZfO0L5lz}g zSX-cf!Hoh{Skdu#!lb|JkdbphCJ?aC(x#=DQ~HdBirIQXFxFwoKUj|Q)~LyB5~80m z$keXbajPZ*`%B3*>0u(tAeMZjx2pK_{o);oo8?6YtG;nw68`4tOn;yngI?W#{wW3v zKNL-{cA$b*l)BDp)ZvnI!yNn&sAbLQSlfcg*U%%!Fg9>4V=EQmBy$<+sTG)Ea^8w* zzo|ZSNv|YQxWgq2O!$|mQx*&W1~W`3T8zFe5JrxIvX9dH-Q7}Oi>^WStBhvu>- ze9J8r%!ksz=Ykm0cW~JfV^$h5GN`;Jv;UL95T$NrP|2Ky@q~A`p9ej|8=sE5e@xaZ zPlKWSIe{ir11h{094V8hHs`3#1*8iUXG}T_>ZP)&{GJX%ZmUTsh#*M`77-7YskiL- zc7%j^o2;mxHU})X5OkX8(?Qh=DY|g6OI|VxCRf)T6mh$wLPsRB;ePMhQ|) zQ7H>hBi|T+GS(KJFLf)2OiHSk2Q;G{w-Q>lpW~`xRKM~nIsmfKP8G{pGcfi)-{6gn z9z0!@H}o{L(S2CDveM+V8b3r#cMwC8p+EHXfw1A=iwWVY)k6IhPofv{N{acy2azy< zfk-}fZzrpQ;mb5W{`tNf&#=bTajbd4*HZVVA)5h%ks_=NH9hXg-x7Py1kLwKHFlL<`bAl^k+^wT1aDa|wN1 zeH}sMb}Ieulju`$C8j~LE7_+qM1v(Ocv&P=Hy!ciC7%R!s-UjAh{3xi3u2lql4_a{ zWGE2nEA}w8NFiJqK4wV!)Mqp{LpfG`id)Xl>L%AOfok`SPljglm#emaZ>r9?9J**` zsle1=Mk}|KADl#JMx9o}7gs-ZNgBh=*K8K%^hQPz>$!!%>`m+!To&g4OcKtfFRSji z)kE$8{v~^Bn@cCqg+zIu8PX+nsEdZ7a~XW!^bG`?{9C>@&z2}x6U+_uFYEIKIciS_ zBl`o1)jU71O6=~o!Ge(OWQ(PP#qnUt%by*UpDLUc3*eywRhLF}8IFmMH!8;3(2*sj zgZr^Hq;#xYH4~Fn4u}orSuXYM3wb;(a7jsja-*xFW6g^?4F4UjYEXclGPtr|y%ybv=?!PN zx87f^fgg;T{)6qu>`X}C*O!Yro0rFhpy%lbln^!cTyc?6X`1#m_W1A+4<-p31o^Lg zdD`WfNbXm~J*N6eA<$GzGylrE%^orPmSscm_2Mf6L#+*4_(9+)M*&r8%hU7ah1I6( z^}DJHZLZ|epX4IwFt~`p-+G7rqU9q?#|n||{)RMxJV^#!as<8x=M5P92e}1{CJG5K zKt&@gc{kLQF=K!QSu01cogg#ms#b0kD1|btE=zKTE_^U-h!A)-Wc*I*tkd_?g%{No z(w5ddMkEd<($}W5M(Q!o^3!FhY4~Df-0Qy*XcH3z zg$QoH2s7q%Ud#*veY$0kYOf~?jH&@+fk#m!hu1uJD*68b`9KE06R$d!7Rr|z?33lg zw7iMe>JUfVuSJ~fMj@(fizkSE!PZya^iI^abA)kE{N}FGzve8eR<+5=g@LlkH534I0DVJktdV00g zbXDU^N#=zr09C1MieQ=j&~O{;f$cS|Vadp#i03U(C5cC5w-)Ez+r$YmyiJlR{aK;V zphhk|=Tr@7*}C-(jf98a)YTS{$p2;{FWJ93sP9k-rN7Aov}A;mvPLI!e6Jt~b-9t4*A+J7IVy0(VWQaP&r(R9dF{CYko+~ zj1>TOB^tUvoylSh3SL_Y%R;0P0TQehFQB^nP!WoNCk45h^JF!Cls)a$lCrpD*Ot`M zhY&Fm37aS;-iWuIa};_jan$q}u`kU3cuy`jq!rQEpTIeU!&BssYly!Tj|NOWQRYAb zw+g93vp_Vq1TIA{za|DIfpE zy$|Izjbf@lB_T}UGQcuo#iLAMB?_**pAbPGDbbp@3KtMk$P}tFB!pE1Om!}9483t7 zo(vuakVc*Y#_+sbWYTS^z83|N2&xKN5|Lp*A^+*)kINfI zPSZ^76RkWjs@R`Pp}y=eNr^$^>OPrYQWBu|27ug&)uP__oCbOI?Mh!ZmoKFPiwBX} zc?G7gDJa+xR@p`#hBTi>=GU`J)5c(k%*AkJ93`mm@5R-Dib}bCa>XJ1=Ssd!6;4TtC9)2Ip_e!yT z=AL9Q*^5OIungmV1{9!SnF~Y{i+KQ`QsCodL0F=-G&D{fJ@)PGT@;UdR>4s49vPPu zLY1VDyPHm*S6$at<;)zJRW@;5{Tg%uEmbX={CU7wPSq0Bp{dhL;NnhVKp zaiN27u4?+Rhs?fUdik$;#5z#SPoCuot`3~fAhaWKG-M?<&stSs-i%r6-0szA53O`4R zC@{<|v)jEiBV?I{0&TUHT$S|E1OfJPEk-h;h6%{&zv!9!VLoNA#wVrdsbVJjLI3g-)gsBQ5D?KZ?!3EVZG6ZCb zG!ZduwmBlwuE(?7TtQNUDsow%cXr#6^zySB0X;o1xS+`oJPD$J^8$(L*!E{31xSsu zZWAx}ZIJegeuy=-0%t33M}|DUGVU=I19r+H>iE&E>w0_1&Go`d)-fENP^U!{0C-C? z{*lx7fFK^Jx|3Zjv)F|TpxwK391baG0GoJu7h(-OcE5}oEekDqg< zY3*aju)vu|00u`QiYRJ6kGf&M)o4M4S}YpzxNs(52samTe%=v>AGQB}V##aozWc*F z?}?}DqKP;vsxR$|8@eHa0UteJ=9wR!d*?r%`P-|@)mRK|0xMZSN!ErHagib*=uio} zTu|Y!K^SwFwXqAA>;jI^SJuiV02F7#tsRxk2x7tKAZPAUAQNY)R}aIAUIM{Y>N{W& zC!ilcLR?!Ond_{tD(XJ%<2UTs&LQeb9|)Vb1_8jdi1O=S{~7=;zW8DRBqOJ|ho$F^ zkVYSNPpXW;RDIkkS*yeAb%HFa63p&Y3Q%j&^7kN|s6i8?Bz2nGeF2eE}3T93;Iw^J*An!kZ+-HwI;(LEyJebb|Kq?mh?iurc|Mau3Z`$NK zjN7Y`tV^n(6p38Iy5jyTa_V511rxL%r5d>xUWPG3Ko#mSLL89;htu*`2LLV(w-Bl! zza>;j9F9<$%23v?TpJ^)Jjs!D)qShcTV5V$TG}&!b7mMVO$`w>g5<~})0NBtfFk)E z62u0x_D*u?lpaf{g>js>&3FbK>0K zh9L?-6jc>|SVPx{a{yE#s-mih3^9m3(EVaKy;;a#neQr^u&X4XT#Y)}g(>KwRPm~F zHe<09W+325R*I$L+M*y=nD3ESr1nuIge+DPhr52r{`s><9{~X0{q+3r{dqAEeD{p` z0Pxvkj`-%E?sogQT-U28N^@iVmcap1m~-u6K;k3uEbS5*sTRLHgzOU4>Ix@4?HHtH#dw&jQGWmuE04S!CTv1bfePVer7RzTcawVW8cK8Vg%&bc$ ze){|0vxu5*YKo`QkG`_(%oC13^{6BN^4#TnB(53%#!$a5pv zzcEW|Lr6{?1;Tp8YFIL|_~E<(j-SiU2<2o{sEH6K%~0dfSVRG!z?a8}MhEK~Z6GP6 z)Amn=x;h(3vMr-5j$aQgDRR#H2M4)f#M9|yLqj5+QKMM^m^fxkVQ3HlJ~Va8G3S47 z!6!a;$ysN7bk3|3F8;5_fBnn<`ORxoN>Z& zmz;G*=jJVcS^7KxWa9Co&;Q)FzVNw^A9X};SJyW#Jin*E|MahYOVa`D9%KV5OWWW>Z!wf$Y( zRlRa&y6W~*?P>C0mhP}K3~#YqQDeFhuaEJkgV*9KBRGNOn;Fzwy0k!(Kg59>YD_J; z5_*#FDm_oKa?6M^sT2Y-rl?AUDT<=1h`6q+OEloReer{ZT<*@lKDuu6mT@gD#as>m zn4&~tanaIFD-=F{$cF&nM>pN9YsGv1{=~Y?TgEmw4fXW_z{5{HUCifxeDiMs;8RC_ z_}$KR6GpfG_`fgF@_DXnKmeS;>fb^E3@i3kbGOgSN-J;|lT*OpL|pWg@qf%J7IA1! zK!il1(!unRk;FpcZa(79uXJ*?c)#uA9?wePaJ&E*Uvxq7x&$->so}26X(pXOD6C6``>MO z7m3FbnYzaMjA&#H0FhWMURM`QCINtRL(Dcq*J7zuJe@|y5J4~I#et%UWW26Ue82P2 zNAG*;=|x}p@<0D@+uxTy|C`4im)!_~)e$8E;N+(ds*;V^TM6$l&A6Odm`(uTt)g-9 z#TR>Q5qZg5I){pxnmqCdv0QdawU!Mhl(qlTra)lOZlvXf-@WE>WXai&Ro@3HV=j2z zq#>Ov!!5INE7Zma4d%b=7_O1I2PmAH8tc=s1j>r11xDgiw|!eApSO>Z>g!GH+!@IZ zCU)+y{aOGJ9~!FP))kZ;_5d~`pAd1d?DB0KiJcA_R&W!d+RL#P-9U5IQ+ml z$k-Vt9G^+0e*XJE2sac{RHiES3Ela~qX4k*i=PL8(~dd1y>0Z*Z~voEdzq@l(#b@o zPP`3FVQMUT#jk$-%BoeP8XAg2Ij$E8xLZt1YPOWR;0+8o9845su(^!35<`YnM}PHf z$zR*eLSVU*7oDU;avb|L*DYWs-WL00GySPBk^v zGvR&-k*ZJUw43|#HxCqU9w^Am#gdx`i%%EyVF}oZFuU{vtxlkii1RAU5(@u#YEH%Q zOiO2CFc$o&=B}EAe&Hrv8EY@d;sF|QHLEt<9TEcpoGR%J&J8LQqltK1V;unx^NJQz z$;eP4UzdvaXBlw-NMy5+b&|L^vSKn38yeIS2`6TTD3Ycaf*OhZ=I@Vl!}$A+zYsq@ z_V1-Xz3unWcsvq|0YGy@!#{riI{Gtn zG56_@=+>o5=L?lrVC_;+Pk9OjL~V9a9ra%?@jzMw6( z^$kGq)nESVfBx%BH!gnAz0ZK7HmB>Ni3Dul32|*Mcute;nOgG=K;@^>r zk$8D*Y}4EV4^P5j7-H}$Z*OQ!MUXI7d~wX-PpDZWyLYHTPb<9C4&6+AhLLH=#8fqO z1``c5HA531Lp_m5Z{6l8CE& z2pNkdlgWm9#uNbf%aSF(zwiEdDiuqm+3V9>nP`{mG;t=bXAqVBsM}MiNp4^?0FZB zhpxh>2D#dTg|Zq~db_HI>XIn{97h;fYs2qv2munT_!ZHNOd{FXSm%9Ka$x}?TFl_L*12v2_jveb!x4l_g)=y0hb(uu6r>H{|%f<}e(#&|t zTbePlZ&cNQQL+%Pil2rjc8BK^11B^hvbo5eIYt01j1@RMYb&4|P&HC$Z`qW!5p0oo zn87i`Z%nG$bO;R2irSd5Fc)AQi(F6ZtP8yy;AoC84rm^L1dt3yMXuC1!3vqI5` z#lk0vX{SVE2~~~8Q*}ffktvY~Q`6m+rJ;_VWFfL^y`7KaBmotHXbSxZndBBkBQ(jUR%|0Sxh6|vnBMkI@I z?;9<*>$Qq(tP8QeGn+`)lZ;?js!QHF^7UJ>j?k1&k8Nw|-@M6)D1Znd^#o%5r;FOt zMJ>QI@>NS<1#G_Ls+;j>;;f8QCsY8kK>sJYT5d}Cs;Gb*fLjM*01SwQvfg5Ov%0Ls zMnni`v-LSAOyOy`VN;1yFvf&Z)+xi$dTS=hUU6+fiCC5pn4G{MHLp#cG@&jLFZ1Lq z)zXNl#aI*oc`ORVwRqf6R6|ubBG^hahUyWhC`?h*XjC=oVn>2?Q5kyq^vn5|aCUhlsh!f}RM)%2H+K&2>1{(pMDk-e9S#wLSb&0{ z0Bu79eLkW}i$KGupnOf?(RGDV<6al%Fa@>&4o53*fnh-Dh-?2cPcXT>86KK|pz??c zI@OMD%uMc>@K)CrN+qC5nsKmlkURo0lzb2|_+FImzchlw%Nh_^q`|B8#SOn>uRBB$ zo&a1!hX2?h)5!bOv~W`tIAN|BE6~x09ZX92nJ95yzM^j{?<~}yjJM%d{sIbib`51 zKFNV3F*a6m}l5)Rqzyn2)M!Wy3#*% z>c@|ZM3thhhrad{CLJ8ddVpB9#BXKqAPFpyom1c=vX$G52l|)7WMa@;M-FEd`USMp zGYZg8plh3GP?1|$B22~7JoD9v{SxmjmA*N{F zenLnp8LCxTJk>TFD}UxxGF!Sfs+KC~nMG>wQ77BeC`&MqPN(YHqezhzd1@i+|e zj#NrNuqu;H+8hzaFwqW2?v=w5RmUTvVHS10y?x9Dr+xAd5B*KkbR!uBg_(i(k|M?? zleaSk%WzojX6IF4a$T8f65wt_L~x55Wi2Xy6^OrKR9OKX$j%$|J{cj`TP@OtS&B+c zxW6YX60mzFnru)AoSTJ-hJl8GMFTj^>S&*T{Lux2cJvPb8}{2G*&dc_#a%FsRHD|3 zhxt0lEg&lG`GbC|+1+v~RLLQU8inkGqS>SiUCj!SWVwKHXM5o^bk=a*Ybq-WOUgBp zn*tzWh=4+oCq{?@q{$9?mr)C`GB+W*w3rb5CZKZW2$gWXbq@@T8r8V)i|0PDk6-vpLWjhag z+hvCJYvKAX7|hk!h@~f^^-k8P8$EZg+Tq`W3a&^eaUlc^V%Z#OIsil?k*OUMW=@^7 z&zP~}Mm4>$VN*fVc6|oe$_OEO9Tu!q|8pwgF?F~6@C!7jEfj`kyLxg2ygPIX%Y)o3 z{WQgtw& zA`zZW0&(JoeH#sKSbK9m1Oy+*0(f25Ip?~r6Nzq32IpLS@eg}V8Bq{Xwf#v1M4U(= zAo|d_u|NLYc>{%f-%zfo8$-pyKrX+de_-3%wT_A{(yxe0DF6y{^epZM5e!r~8GuuP z0p)yH}>uC0{{Tg`<-?W(#+6StrbL-q~psNWR-*=>hWdLn@?0uNSL|t5T2|oR5I{QRV#{8XU@M`n}IQw|r+Wm#9~{VOUC^10+}j z5+cLkVi*S3bzRqWKahxjiI@!}oO9KQOK>1&N{Ykxn||kW|1PIJRWb$1C2Gr3M5D2L zUPv=^K_ljZ&;#WT*@`6RR_h2Z*Q$;|C9*acNG+omT!_aj@(==Vz zG)>cWy;v*~w+3+{G7Li%^MwOv#7tEhaKNa*At1YnLus+O8+Ghf=d3zSa2SHpLO)jfr31wqx6 z9$1~gtvb&Xhq<3Jx1Bt$s!9hd>rD)3RB7c$41XG9CGVpv=vQ5H#u!7bSg0bcIrO;< zM-$muEC4q+ca&7ESQJU9B$>bH*zq5%EaO6999K~}3IUDs7-LOO0QZg5_mFb&sOP2UYUMSTFF*%w$PUQor^H70Qv z-wjj5u0;@ZE1X0_Dq$a5{i%FjILqzkX);p!MMBx7jaUI-gsR-Z>!4RNC=)!W7D(6# z0ZFygBh><1HP?$69vd*K1h%q35_%oDD>W9Sa`b|vf7L(&RLJE#oJpnPaG{FnaQ%9Q zu1m^sE;nQW372wZ#ODJCBm)Bjg+gIqU;qGwMIsPoaB$ED5>3;J#iF8MzK|an7|=CM z)3~nd!V{)xnkwUnO^#w1MpgPkYeZ>P)dWKou})zCFko<NJrGvNhZ@exzoI@9nZp5Y7!UIM;PU*9=|fy3RQ#gWQ&f<@CmoODL&`OTGnb+8b45 z>3~B?QeHecf$^#Y?nnVi81OS1L6_99EIBL>093t2Qa-^Uc$+|Og=+3|rShD-gl&}p z2{(oY2Lr6?s^8&dNMXTqUJc?!J&YR189l@01?Ar0CCQn86*_8wWzNi%4rt~IhqSZbK z&1Hq4}MO29V-cKrksQndtQ{C;-gkqm3Bi zfNK-xE_e zHr*?R?hLJ{X^D88hz17-zxc&3s-B0$i332WYfJLgPD>>^;?d1TeT7bhit{EI8~_YJ z02pFQHvsCq3E-&4bZ4&k_F%3QkW@XZ%DN_kM9K)Lh~#lOQg%kIH-FN28#Og+<;`xH>%N!3{;m2FD9^A_#0 zWEq(iNp`!sn?sksh^9>D>HmIZ@|dZ+6UF71i`Hy==g6P!zhh^wDAuZP%k zR3Tpoy6;%kof4a?s`A2%FC2CBQQ3h(-%Jcpgs|KJR8@KYh360d@Zp7gaoDOhA_z4U z5fzoGkw`SEMxtsYqN)+|UuJ6Cb{`DWJx^qqIl-I*(6vAR`Pi{zZ@caHoEwEgL6wwv z&WH(DD-UyhkZFi~xS=l3`Rhe)Fr}=DLV!D%+Ee6XRdz&U-E-ajdO6LqVi!ahZFO+< zdxb8Y3Y^y5=hQMd=Z2;mn%1*%L*J^E-}=VaTiZLf_4NGfwH2J?Ok$L2+wErX;shCr zln0Ym9+8pNPuCLcPLp1;)11-vZrHoCXBIPyKTVB1Aig5<+0aToBJ{b@LVO)moiHl- zpsUCdb~0|r%!?xe;6w%|PMmXc+A)b9#E6VB1<_@e1XXmGoW>!i6aq)(Nyfr2ceg+Y zRvv;34PSWMhq!f6OVKxT7KJe&`+o!X+0oXT%jXA%a-OrnD)GYCUeTu3ma<)lfM{rN z==GJW-+6aEH;6c&y6@yiA6$~_#g)rf+ie!qKmY8j z6$|}RO@k&)X@6ze%e~w3&;RSy5(Y}QAJf$MPhJW54EDsZUl&fC zb3@k)`NBZIwtnsZ{nj^I#!uL=wF>|e(FnMEfmm&t2+1OaXBLOLjVfr9oSU%}8xEw( zc=tcT+yUFfarnT{=?sNVQ6rhiLTE`{w=GiI5##}bDw1C-!5AtjZtVni({;g#$lx52 z3=(|~#Jv!G0Z?J6AY;N2Xx?Jxn1y8sbG%};grVds60Mjut5Ua7N%2pW@MV>6Lx3U5 zcrZhYqfRk{$N+;A0vA|fvF}JMdSuN}Pl~%!1Y5m&62#a{K9dC8smsWa5t=7M-u9-5 z=#|caj54L#nuXv^2-8Fbgf!)DiXV#5VLHHFc`LmSo%3uqyK%z?K)m9LE53itHEO^l z=EOr1!RUH`@(_V5p+W~e>*R^6XpU)2r z^mo4d?)^Kqc1)etxp_+>8bjN7u8FhvpGVJn9~b|-qJtoT2fJ-^Ur3k8~G!z13HUBuoHLAL9y04uUzthNM1z&Y0q zgCXji10r$`gur<)05aP)Ml;CmC+?CCwt2_;Q4M1XdSOS;7W=-nWJak|yw;X=`9cpW-t?GiTt+8FoA?)cs2E~b&eqjFQki9>O&>w2M3Sn~Me=YRIIL%E?;JZ2q}d4R-}=4jdg z44kIIB!dNl+2hgCB0VlUt4oy2-*4F>Bnl+SrG^qpR*7kaknKLRx|ld+?ck!8*%h}- z5bp|w_^o_Uen4J)UfB*_I1r?Psl_`puoM8S$UVaeAibG#F zFsc|FZJL0}y>`R19m;nh!{JW#%5cbR+DSw}1|kF0zz~;?D8vGCPZ$7Q-7isaKobd~ z4D_A=0l=2+8)h6oe)TgOQcbZBpS1tJM~<%_onH0Kx+j12s=@g&pF7}yk4+xfF|_)h z8&>^uU13n0`LT&BAMG61+F`zScAOCH%4kAl3>h#$Acko35CH|7cLE7)vde05T1JsX zODvj+l~}phU&!q!3|kfOpI*E<7Ojhl@A{xd1B7YJ#k5?Zd+V0&)_mj4`e6sCaNW9f zU--foRIds{1QeY9J2O+4Gx!$5AlPs%S@X)P@l<;3zM&_#1(noL?!}j1KKMf)+C9!; z91*}MjXPv{Uxhdmp2V%&cN}=|ht_V~l!!!~7!gA|p~Y_6Yf5v*Y%9bpB(`D|++i+3 z0%E4bH#vuq&=&J{FdpRwicSY)6qrIb!@hWDEj&ZBcPh$VVf^pFi1)iD2y#F8LK4nP z?%R}eG8p6BupI~@4TqabD2kjnMPZ7EZ19%Qmw!PyyQ1OO=J1R!!G zWX${}+#-R%mdw6iOBg8j-lCbEbg+;-8sEzUDQ6}r_Z{WGXrCa zyku97wPWYbIdcwF11u*(zt<|t*tAUgrNKOf^2Y%H4EFSPzPkM5#~i5}#^0CxW8WhV zSEJFuD_yHo%Z}~Yp`mm#343f*={leaUd@k`Z9Li)y);W-aB9?#J;<^V$4vwHZcw%)O7J3;Hy22zhvIrln zq&xIoZdbXT8Q_Ts+394A7>NKMM~2AJ3`8NJX_26nOl>AX3yXwV^31ITTmM6J{q15j z3oJ{biiEDcCi?FIRw%uP+cV34>NFg<2#te*nf!-D#1uvb5kt<98Ayms(IY5+cvpbs190DkH#YaFzqAl_I|a37KxdaBK8{u#Ei*nF~Z3 zJ-W#3?QnwiB_N(bQUe>TIAvpG^{~tcZ%f4=+I_IH6It&NSlcrFbM z^{Q;RIUWJuIH)PpIg~GkC0P>zz+i9hx>sNO^0^B>d+Mi%s4kxP^WUG`@7SaKt1~n- zf;EFf{Dl{eJ?7{V=g5kEnGN@5*54EBT?qiWmJesgp430#OdhQ-C*OwaP^cV`tP)NV z+%(+aoHIlQs3^=Ni6a7JHczHqBVs~}9qO?BS|GJFH$%pR1RP8$Z?4XO5jZa#negMZ z;We|3NeZEp-0YS~Ji-=-82t?{PgnY~jG z36KFpB!(OTtxR}vJ;=m|toj;p$zFmil)?^H6h%4|SvP_Lj43AXprk)3&`C(-52*U~ zMk6PHM#dNs_a2Y|apDRxj$8rcCRH_(d7p`s)aY4qADQxoynb8Hi6Wqu(*fYooBs9c z-&POx<;U;Wy5PGf*0*K=pl|!Yy+3@sbNQxZeSFSGr+@s*M`{HF10|KIG!X(aWC~-% z37I$b)(sD4)vzB+*jfk;>)fJW;N_kTSl;)xk2a;1vPWeKcG{2I(%wfz&SLaMq>36GlcIz-C*3DMd>k^Nh9RaO04{M%Snii5h`<1@cx~H9B9()@f%<2 z?$@)uYw}Be|I++#918&d_~R?vR`u5>n$nG_j+x^LsBhZ<0e3nxpk?M-K1>2YhNv(= z0#0_%I@`5n=Bqd-Kr%w0yuReoa#8}zVM$+KpZR4?zrC=2QpR4s3vQHPH`S{ zTy*{a4)k;rkiRNL_|Ax6K+|7-ZRJ6;X8POfPWacSdnSFcXVMqaU4QFqKSSJ(p_apk zS`JU{c&>HDchj36-SVO9Li`HVkq=^NPjo0hh$-(x?vNe2MFJAMm=ent7tN~>7$Q?t zLCh{@tCdp%96%xS)(H3!4PuB)+h4qw90@t&M7H0BtZZW9ma~T2sq-RYKxDT1usvQ3 z7y$=DW`R)!EePXU3fo|yi=Txh2#R32vY{Y7440Ux^T#S!>$P1Oc~Ae*$1g{HPsLoOWykThWd1qJ1N-x#md_vAdVu~P9E2mt(oQKSilSqGL!ZKyEIh_PXSTe1Sp;j)r>s)-PZ2 zmGjQI;I#Sn!tek5x?AtMXZq1c8oB`hUZcc%OE%;S(H-0T?-MKb0YKxL- z3-$Y(M{N19qV;Ds+&eJlB(GgE9G5=QuDcDSiO7KrL-1pAgL7dJi2s^yFT=1)8bll% znOP~KF%(kYJSD;AV6}TP-%V!f(w6)~+sY%`?Tlu(7&Fz6q5 z6#VKoxAYOKzlxPG;cCch-*(%#UdA2a*HB0b2cg}06RVA2j4WtW+9{IcEJMi@v0RZ> z=Be#Bce@}gaw`Hk9O0gNjp>%RSG@7ozdNTL-T?r~hIkUQM_vn&!uuCykBcX71;CC;G|I3q}8q8`u6;{&U<5pX-_Qg{`x` zXD{iUcxKD$|B3a#J}~A)d)C+ezj5{o#o3?D&-+p4|BdVaKby+Ehm^Q)fx7+~vB|Dj zFx;wZ&^1lx1~(bcI9UM|iyDg|V+s@T6yZx2UVSF`M@^y6xnS|KF#s52hzuF|{PL#j zhb*_0*a6sSDq?3=AOe6ma-pt+0T!eQ<(Ucaj$XG-gIU z^z&yfxVC;&hZ7lI`Hy!PQ}#P@AA8C6b=~*<=;=(lxvY;)kR6cQXXTuv+ob5}=^2JM z$#Kg1utZ4npDkJ#1~8?oyQ&SDBwAw8y4cSaEfo9z#==G7&_7$W@EZ#kt>3zNR>Ktk z9jg3d%?^qFDdYi?C}Ty=1DRDfEMIZy`R81C`h0oecfN7?cfN7CyyVq4R(=rLI$< zZ??Mrne2jx_?Qn><<=+n7pspICr+BK>AIooIyZE#8-|ob&yXn!15{Loz?jGYMpJna zfj{J&3pa{D5<@gt6!MVS_#;#-CIE<}qFw7{M7tXbnVKU>FR!U>Gr_wBC|nF+2W|)v zkxPDGFxw+ySzx6~qRr%ZtR*)b+94uOQj|^0Y9pF;+fniZp&fd12N)OtGnrn|iV^$d zrX$2HMVYKBY{?mCWdX@niQTH$Q$9=;P9}%6O(O6IN1FLhc+Vk9MJ`QA{L2nTVQX{K zWRs0Ga_1G0Q;16ve}iqAH)mRgwhsK}zaKdEa|h2lW=bxbf9%))e)r#-0N}t+PCNR% zLn0Bj;^}uE|LxK^uN&3cY7@+%$8BTzQ;{*o6td!$6ipv|O z>s9To@}Fd_!$y>7UF^p{__{dgx3By;&l%rXxah|}_&Nam_y=GA_LV;mf2O5%XJ@Gz zs8<`B>pENFv20I36lnb`%RYV5@fV(cYT27|;C?guySD0@hHf8M7N8{_D;>+|n{Y<& z_%l4~#QNR<07dKbzp=6ms=sc0_N<4DF$dLOH(qZ)lJ#~DeD2?3IRNPGM-HBLr}&<} z>y+HFKPt{X-~JT9bTmQYRRock`d?32Rp=N0VhhyUG`LKZ=ICQ z^*{Nm7azId833$LH0`!;RndQv&qRzWr&Pf6fSm* zAMI&mql-3FyzHyrFBKyh((E97iMn@thsFLvi0rn!Dg6ZqGK@UCsysccIN%)7EJ#GK zm$WuE+TCOC^+wWxjqE3{x@9Ti6VpRWBqRoHO=MG zdRFX<3~c}aBjQa0PTzfs_+q1i?cCuF`wX6TCjg}GKU@4-_q)TDEid<7zM=lQ3E49r zG{zhRM5+7FDIRcs?${qjU%Nf|$bSud?%x7za>xEKy8QQjmv1bcaxA#1O%xGuB3iQv z_Ygy33K|Au%;1W}`ozS40J%fXL4cx9ug&?(k&sLum@lv;?kWNk(GuIpwS=A7SH!Yo z93mAFU^feQ0gwn8Ltv(vZ|aBO^lG=Y6{^hM4htr^oJAsMP3j~`E)XHxyCt-KOJZ}= z&x9bcV#-y7!U{1tGfApjmNJRRDY~&Q%vWL}frZoTn|vy#M-MI+CJ&-ABrn^t#qmK{ zm4x4OJ}_Y~n@LaNBjrFa3uz=OX_74x(|u~mOewp|d)28#X213W&3R%Or&Gty45!yY z51d#}kc3Xg7}}8x0WJn{iK~$TK;MR}oQow3cRwFj5N)EDTP3%nklRtH+|($+dg7P< zfx|u`LsTQGswkADI7J#7>M~7r^$qE;lMmEd?2L*~AR!_o0z|`ocH48gIKrUMx79X# z*6;qjc>Ji=(?5P<=@WQi*>VEl_H|qFmK4M7xt!nn>m7ea!^V5X_jupy`#v@k0P>mr zy7s?%sO9jwt&c@=8v#H|j`zIC17|+S#~$Q)PsQ(r>8FcT)%DM)>z_$H^?w0?ZCk0g z9VGjy)D6!J9R76zC>(Hp;;Adx=9i5z2Ne%Ezy7-M#RJaw6n(p!Jezh22NJwPIv4H6 zxFB{%1Q3x4OC%vf0_2PUP$2-|3>g>F&k)J?NSrJ_C5}j%VW45oeuEo8B9MW$N5>)~ zG{q=K!C`1k1Iu1Pi_p+CU#!5W<&!Y`pE!v)5R}L?Jh!_~87GTo10*tie-ahCBL617 z8eEXha>L*{H*~|$4Q}SVS<->43TKL;FoiMaG95n^xk4lIYl=>7m6H&_$!(Dib0|z9 zDMOYq24=;*gn?Gv*{Y&@FZC@E+K4sx(L7<0zc2(&cKwE=;##o?af1zR=-f~h)p2Wq zo$V1|)SBuMT1^wopj`;BCCRimWRPxfL!29#%&4fS3R77ms_I(76)pGGtGf*jnH3RA zaBx-5trCVM;V2%uPrr{VAm@Xqf*cFiI*Ouj&LfeCyoKt&DL`JXt-Nj^k-@#iB}z1! zX&?W+8-LBYamL9Xw*&Q;Uvc#Vk3Q-R_%t*ac8rAEeUcTXsD8C-V9ZBtAOV1(=DFLZ zeRZhiaPeo;np*&XM>73wCkByqmwyEYg#8h=rJOTF1VnoCzEJ?Zd0#okN)}DF#mgZz z#;`*Z!uQMULUD8oKHO~xxT(9DQF4;p?_?M{alNSJ3tFL|X}WF@7~HUOUaa|ThBnPZ zni)WL6_}~pnv%*+fg%x^vEl+~1zqe;SRyXzNZ0E4rph@=>~J@^F~nzdxoggyhht_~ zb25mFqEN%&Hr*luAVY;Ql?nD=<_07;n)y{ecd`sgj~;yNTUE2xA~2>f2GK|~5sM{~ z@pwEAz?h<#xwPOa>whoyzCtH5ZmKbikQfq~g`gbF)DW^gjuK}9Gs#JfI;~I`RN`rd z3YeVO-hy~=_opOsxDYTfI_&X!n`glbg+U`-M8=q+kkxX$p}w)NuY271w#^&2<%SA^ z^waA8;}n_%Ij`h~*#Y#xek>^^`VmVzJBAT5fwK9*6-Z1pvj$is5=o^}Teo(#wzkT% zT@5%D0uTFdU%rrGthX2tAj-6k22S6<={Eo%utZ_(x*uL0O(!3FZfX0WCOwYHX2ZR~ z_Kd1RBFhW6sD^GeH4QG<_gD*f)?}zj5>04V$^KqdwD6SC>*1m8l9t2Jh{5edILz zkp4p?C!nB1HsW#onc9nC7-LRs?YetYYvY)>8fOagNYp^hTF!DHg5cIL_EE%t4W8HY z+k3W*J*~ws3|mRa=L#2o{VUgAarOTD?>BYEL?A`i4WIdoa%Q)?iUR%KSh2jNwQ0Wt zrXmCpc9nBW1;Rt~sK)&cm^SPvm$1DQ#uSCc;;~d+B3+kEr4z|?GL?=eQi)_b5sj#J zJ0s3P$LBW>Wx&Jo+sB8zS+}vrzw383zQa|#EXFPvTJ2hJHd^$w3?%k|w#J7tV1iUI(P%<4-f(xMd67nj*CBcbpx zGuCKT1tJos!Q4=Pf3`kT|A~(s)zLnIfN|?p)d_TsYU23)JQSuX4UMtJrlv_96ORSH ze$$rcUw&=#maPp<4RxtBswUUVd%F=Yy24X#avDU((Ggf5g8*B5`o!)`{B? zNpbHiM9Kyj9%Wt!P8=Kggww~2J-BVtmhH?;K_pGrX^6h@qwoKA(G72`d{fhkp2k1{ z9-p9-bFGC40KdECHn+FOCH~6xGV!nTyIXFB;kL#S6>ExUr=Vao7EPw&$y7X%iYF5B zL@FLn#1qL_B%(;k*kl+c|C6p8MNNxFqK%CWCx7yj8`f{=?sl@GF`Z7|efK@Ty6GlF z28=PLJiM)c(tcjz-me`x=fQQGjc}RWzjbT>hK*N$>0*H;0FcWUW}S5M!LZtzh~|@NZtN%&3x&d9 zHrvy^^OhTb_1oXv{PK#GhOTqNY}seC(IGIa0vH%m9GY1(H3t}D#K|De4cgJ&)7wAz z(Rs(t*ms&{5U-)efBIku5d~Mhz4obRpU-5{qeitT3RBEPM;tM+KawU1IULxW>zo?~ zH!R{ggPW~lY&W2rI0hy7fwty`sH)l#Eani7c%54|=Z{Hr=U(W&R?7os2U2uh-@3gA z2+WS|R^3u08c8JLLiwxwrpeY)`NmT|tHoheH3=}yeGs?GVeQN(57m)fYHZyD^9#4! z>fCxV+#+b^Hj5k~qN1wtSR|f^#^cdwJeG*7u|zBuk47RYknn(`MJ1>k1{vJYi<+is zMNNBm&AU6cZ5tdK%;j=JLqlhtafUlaVtqG!q$Y3f?CD6w-*WdKcG)GPMsd!+d*iPO z=*&-k0swBl{ZF}`UW4;6IX$^9l~>ggdPF|6-MOeXfkww;M> zOl;e>ZB3j^Y}>Z&y#8MGpI&uW-*vj`RGq4Wz1O#xD=<_Wx^Bq!qj3$W<6n;sob}5) zN@Zv-F(=f-h^^OGspfdAY?)lXnc^I~Z3LLXlE{-o9Y;Cq@4H1C(VBXY0VrUmY-;ul zB0tZ-2CcDe_1lCZ>IShLmy0h%!*?W{8^~aoIOBDb==C)p9x=TI+wvj~vz&l2`i&Wc zbNPN`y-Qz&KyVyl6jG6bcw^d}DRN*DDs8qz30k=`vubMCASr;jpdc&Jz4E?9>zcl`L5dQnC^y5nsB`@AoaZpYPK;IT8}(cNw|igKYiTCb~Jr~73H!fXCU zt?&1+;`{WD|70ujUeu(8MUMN(zhbHul=5pFU$N;I7O@T7?MK%!y*TqHN)Tpnby%Z4 zQ|<{Yb4VF@uAs;OU{+Ns@s#I#<0qJ~S=LjzbNjy?Hjwv!xR9YLwD;kON1Gilc2eYX zGb_kdls)2o3K|Wq=Dp!5o=zL8*3OdAWG5qXH2DN-U0c1Hb;@ z0RTApBki#XWYTfh1;Z1fpd=+nfv+C}AS#EW*I+f+#9re(lb2-Z0P?_{EW&b?2r&%g-fS zuhVOSA_7KCBHjoa=D#?O>%WRWkG)Vfdpt_}gFyTcAoFWbgmT3G44lx!2 z8Rz~84uFJgii-pUYzJCm1RF;42R4(;_;i&cWj1{XU!pGcyYa3|6!@j95ab!pS2-|O}l=ggdKT57|BllU=#ev^`}VWrtE%t%hc8W8%_92 zOLgJ-KynOc))?7gO49J?_OIMf9fLkO3e&m>ji6ZM{A;3df?(SN{{kBIJUN%H7zI@( zo}|JSLCUSgDE_K#f~7k~L*)-a)@GKO;m>5$u zRgu8-=x_;>H#-HG(xxqAO?8I!T|2p)005rDST8!on2-aI{b$Sp19vvN4 z0(V3#$gBB8+&fo;u?uErh4m|*^VB45MGKaHtk2bU_6zAhQ!%_%#N!)9qj?w#W5b-nA$T9x5cpN$@-MqlN9*>A619$)u{2`77+`;%W&buu{R zuI-r{NqrAkuwBG-vl(H2PJ582xIZy7A_ogw7M%mUy%!&=8+q+F4q7 z#12W0xI{}xQZXzsIk&qin!GzT@`R*;%}p^0D5hvn<%yi@zq*gucAWn)6Xdc}ll;U8 ze9LUZGfEIKI7qt5EFHq$*Kw;IaW>!*3sMaq;^e6MLMj35vIEwl+}H&JI_Ls7Kjup^ zS3vDKSt$9BtDG^ov8#N%zJtaF6YA-S?2;$wv&7^{!)c+^?iV@i}QxwAY${ z4I@BDq-h3d*Zb3st{4=Gn-s)<1JlH^Oa&Tnl?ei)vFKM<>K+I;JCL^g#v|R4WkESu z=vre2kOB9i)p-_Ofx--fbCz@Z%)(4V^v=d*e#!HLT-)7+?k~t?@FH z9JU(#aRdOsWYID!K!D|;=11m`yg3IvA|L{_rkC&Qb+&ZdR_MI|2v*QmSWsGb72@7# zt5>&I97(xE{y~U~!p8jPj_=#YT~pVHKxO{nU3~i$5%95n?dzL5S)k;Rk0*732#6u; zn?I{`Ue~X>!LK`5eF4JV(L}bbmH$Yp=;<_0F!B1qY^@LBDt{*JCr8Dd_%;RPO-IX> z;BHarj#ctyt2-T zOccv|Blw0kKOw;&%K`ucVZLt@bBQH#+*WHvSS{ANi}PkL`;SL&_y84S7Thx=0+u(T zbM_CLNi7oJ%B)G%H6j&Dj$$w%FD95fp~4Pgc-Y8}J}TdBKnVsLko0+m$p}IoN|=Yy z1kEP06&etRYuaW0fP^4>m4@zOE1l!^u=!U_K9}kI@~=7;-0v-pYK@O^u;(eh8{yiX z7B4T);bFela(i@5pGnxuf^fi$`@ML{R3NIx-AZvfohj^1n%il@m$X%%_e!DDX9!iU z&(j5qoGj%YfDxEg<9-b`OyDFU{vL#?9c_n~Io+i&VU?ypOXVe7JdcceQAH>&Vx-pYiXV6#;MtbVl@L z?AL1+YT@qJFSposyq%gkX4tBAUfB}E;N^>YA2>R3L5fS9+wjl@Iw8YcVs5Gd8NzMh zkM0{XQEgmAtZbR+tRllNFa^NJ5RR0}4^EC|T6oWwYi9od$wf?_5;UC<@p)|fj%4xF z=sht2u&*C*-(OgO&i5x;KLO&?&eyZ`>2~?Xs)(4#tJbF)&1L%6yC3(K2|gULR5?D7 zfUDN$FCd$gtQQJgkNp=HMa!7++~eb^{{^s)PK}Tfcth{I=QiA`g#D$o#Ssz^m8#1_ zDQRn#I^q&f#^u4wmA7|6l81u_AbY499 zG%J7@U21`h9AA4_y7(DP-tIFGB?jKj;t-&-5%q~?&oY7NH}}J7)donTVdy9T#{t99 z7lCDM2ZMra0yns>=Zyd`jkW!yKXD>i{Ucn$*vlId!2a}j%xYuw-P>Qe{d=o<@f_cT z?BKe3>F=O0AR!-)@S>5;&Ae$Ef*d~#jf(NyFUqT)`jw1;*r3K*&zRb=&5wjEAU{7p zW%h9rA=)6-b1lG0&)wj(Vp%b(h1uFg7Dw6Rvpt>b{{yz`YzxmJs$_URwNagM_o(RDWwaBklD zJa^sU76 z=tXHt(WORbi#q1yBNv zR%W2wwX1>*kr8+YSHE)>AX9Vs^MngD`k~?YLXpjS8rsg2Cv|<6F)Jd5SAOgx93F1U zPBjDkP*Jmx6bDA+NN-9)S+FElN@=gfExGjdP`FoV3sB+woC3?Jx%2Wx>rFTsC=+9s zEFs`z>NRk=5Dwv@C!-Y;bGh_^bwVBo^~37|j=lJyy)S-TP^$uWx5{$TDJN(wR!`{H z1&4IoplQ&6@!EFW-xtek%bSdLOQm*S1JWE1{P65 z!_saDlGi2Hf%2wD`3sgjPg_+=ZuxMfuC2$4pts%BQ47Tpi;3u?IyF>^$qVqo&7zEq5O!+?JYr&ZflpPL{?j7(bgTI-uP@2~_?Zity6PJp7CHroIq$MJDM zm=6ZR@dgW));5~f4_6}&uK`URn3Fjc%n?)FM={dtAo_d7>N)q#gOu$rlNlW90VYeW zOIhBNf91geoVyc^I}xr+|2i!ipL_NX+@VzPr@!TiOe?xA0Qay?NZRXShkCR?P6ler za7Ibb(D^PM)ikqFM(LKah-c^L3^o-8k=-XnEja&_f4@oT73 zM?@BYFNNHwkpkQFcr|5ayf(==hKh(th!aDqN~omSBA2LRfIcrg02!3+jX7Im<4=yc zzu6(CBsC(A!3bJG>+161sfz%**HPAbGqEX5^+*l!d%cc!FPA;()T~q@i+7;u6eq_o zjgies4H#@xfIT^&tBitlmge$3sr8EOy8H7ia+=3wpg|px=Y#CY)$^4_{+Gi{z7z1k zgs?LB-@1NV+Z(n^cMZ6>$nY-4V&vY|1hIc(fC~&yWjO6|{)~o-ouaR8YY7Q)^liOo zh-rs#M8GrYR3_cF{6vUB4;eC2c7qaE2+ z)>k+(>zj%q>YpO>idc6*y{RE&3nz%G=7;S^!KXq@wLN)?i~i75CZdfpzHGqu3qg=C zl}C?VQ>H+s(XMDU5m)3E8jMtKV~Qo^oX@6!WwAZ7rB-z2D5&UrEsLL!2rFdNLoXS! z04)(4GS2OWMrPblg;0VVn!L?+$WD=Dt@Kh$Pr(=k;NVZu+eSK#3d1g9*-C(BEH{b) zGcWZMJrj@F=11`u43YZ{pYB-T%QK6-8PwZ>eg}5tZ@t;JqwL6@yTv?jXC3Fq*FyR4 zj}IRdUEhm2O}#)-JMH+VL)Xvd`+}dY;6X|{H+9!Cbu;Fh2>h-4A9QxKk27mMA9IoR zHxPENeK17k9S2YRn>5`z_FJm}`*or#bhw|dd&g3CD;l{LmLms{PUXh!LT$R#mY!qI zWhzV88L~>E>x`bN@GGIp3!yRBu7(CNO+kv6!&T!v{Bh#P0>I0E<~A`Mp3HM4M% zh%nPfv>X^|gVbca+#~{`DpLvewLc6Q`_t2|IxZBZR@g)9uG3(Z-te#~y_iEqrfZH- z7VPjl7x@#EMA%nZ*Mghz!$^>C4Fx0rQm(BJrEq@J%$r&R`MzK3x@=XAnC~KJ-zu38r7G7ser10WIbSb@4^Mku+)^=cezV-V2?0Yif4@%$ z&|-de7;vXoNq_r3b@TE@kotZrZ~jV5)FCHvrGxgmnOvZ9G$D3%xs`-Rg#GqbAoNqg*;l=7@Vs%3eqF`6~68g^ydRqhnd zqN9e|T+~3q$(ju6a8a2Tx)FAzLvg0jU)bmKXd-^8bfvT-eKL?tl4f?yXefg)GHg=B zA=HfU@QLF$S)Lv9W83&Yv3cEcKrm6Mb3iwf+&2RA5~KP_a7 zpR!EO=IQnw3Iy~v$fQv^4ln)iSml5R02burkfw6*P;uF9l|Zewe_nmbOIPwWx0}pZ znJr~RU_DnakE1uVSY{}hnXt>_{vF%yx5+7kA|(~NznGUk;OJjn6@8sYmCZYzr46iw`iwCgw9K|}8J9XvH8Qr%W6UV#G!x z`PWmuel&q$0lLZ5ayP)rvL1WDQ02VQpw73V_Pmls7&XfyYuQ_+8!P$^F6sJ1JTHUX zU$_C^JmXDZs)Qm4l&P%k{HKBa19w+t<9#bie+IVP=^GemAXmyFSlNPQfO}BfZ##R} zYYbFeNWha$3pFhE4M6Y_W%e6c>bM8?>q-~5*nrJ5f zgmuQ0CMS({lwvPo^b13=jE1XmPSdEoUBe)B{3_%FO3`&RF^L1~A{06}oGE9;t)!rT zYtm8Hk>RrB5Hc51j8O=ZePtRV5i(&dQ&yGP_4RVYB||v-yRf85glJ4=^o`)c17qI- zY4^()2oxfBApPxckh1#vJ&fYX{LA-_=jZ1j`dj<*FK^GYzsDzET<$NmIiw>ZGbiRn z9XJa9{#Cap>d{Wdu(hobbKo3yr1HZ|se;5a>90CvCsLvqGc| zA7IAa;BBls+(CvK#vg4brV)izbnNmn&`>kOvEmG#7zQK zohX$Of@U1DCXjHJ5`{O^5VMCvrN8z=9>3R!@I>3gl)2uV_*7rIL+OwdnSd4;bnx!v z?b_Uc2$l(y(^J$|R#LQxvtCY7qc=EfD)(@d2{mQ4U{w|syD%RO!x&Z8ctbH1+lvql z-65s_7!-3gHk|x1kOum1g__)csC_LY{q{EJDn`xh_U;x21_3O{>+>BTkVe_pKR@2z z-(O7gP1K=qRzls5sgt!(7>XpleP@#k;2+>jgK1rSqnLvcZ~1bT>Ih@5t-S~{sY0qU zMlrn0wL;;r`#}faFcB;SomR6JF2o#vPcDTT&I%W1L5@+35*_>pLzLJAF=+su9)%Rs z@gEvVewwix6|*2o5M!)p7bbItWK=w=1Y)9TkXGlMY?v?lT)HHJap8MyABe!s8>-ZY zrtT@8-ZrD&Ht|n+$MX_Ce)-aQ5Ww*P`oSpDk+4rkaWjv;jCgaa6`#1#|9k z_^EJ`ZGVbu%4E}%7uwGP3u;n9)BGe6xi>mC{aYqf_#ivAD=aQ=+0E>;o4Pnp@mPls zjohv7Sl$)^5(}otR6cpL^{ePFZ#G4g-QeKC{CpBWPAGZ`M08M!>UhyOuwO07bg6|C zK{9AoBt{h4T+Of~u=_y;uLS7OfDF%}M0#b((l`7b9CB(2|mugx$@MV?qDJE>P+ITXY3eLkK%A$g# z1ozdzl33roi1}k(IA}QGoE!!Q1|YbY|8B;7C}M&(hpeuGgmri%cRHzBUPFT+3SdKHV}71Tq(Ybsa6bj$xc)tqJ{?tyY!D zERs^m0F@dIYPvO>mSS~~IQ7yuDT-e&QD0JQvA$y*%cWs};GB^GeFONv1YCGDrgYd8 z6RfJb1c|+HCVrNGL5%QVLqYg+qj6b0*rQxQhd79Aj|!7y>nNbc!yzEh03mPhKo$IU zWv)|yDBJCtGU}fl9=D`JtyM+f|LyJw9Cu*C{qFqReRtYYE~Y^p1K4g|tz~A|`q;M) z2J{ebOhYpWyKsdH6r;41K_cg!Go+>D%02^)#7rWJ)6zMP&>CW#@j7)fM+RK!C7O3C zg;KID80l^{B*FXbY|7zD09ltQM%EK6yTu~jWM0O0qHJoK3=xG~KX)YA?T1NMdZ8S? z9Qgh}tEinZg@-wPE$<{pmJ~E#1&rE;qBIPkV;?6EuM^$pfpg1w9=OWvof*Pl(|El5hh@pn}3$?DW}|a)MN?HFZK@4)xGc4 z2CFmM-#h@syjL9NBa4wekfI{V8=XH)vzec6LZv-R;NyIBx7cWobTRB}f3NxW)ZhBT zFkP4Y=4S0a&}&3%VaikTPr?b%zk3zm{t@I&?apS8zlYNKK|<*1xqAKEJJ-a|fdBoa zV;~~7GgVZFn^ARk*PH3O_&2w?b@_*Twfq>OLb>1|h@qe2frD}kxmcb|dq`1!3K%xT zCi%Z!qaF7U4bNK)!V3*O`JTzM%X-#t%;5IrFu4xmF15} z4~Lu>WbF&YK{K0f;sc68B$Jy_(2Pp3bOx420~9^8(1Pe8u5oYS-MFZsUTX z1KfWli%SLuB#&}*6KZ6W;K?gtn97e3H2!%cToQzP8kV*&bHf?q@4K5P#zv<}g$}4+hVV57dC~c<-MXaV+p!&Ax5OZr3X#WkcaZZh zdwk9gfH(m9_j+I=H_VTnxTl{JymJ+oy+z zgKB$F^z!KF>|$@PNUae+61iVX>~u@?r^bAGDLzL^7%sV@Dw!%X7S@SI{xYd4O|}f# zHF~v_DHGgjqgog^N}Za^?-?_i@KEeWjI`kZouFuL1|e`sa6C2#Qw|c0J_>N~ArL`h z6xaA5}`S5sJ6oKR5PwDe`wWo5KK zl^eqBukHc@U|0w_-B0pdbBS3NMtZn-AnJU&u~U{g9U6qyKaRps`4p9hkI&MtqD32-2fPH z@N`=^wNOHS?kq=LI}!W{AD#IIDC2-}5QB?g4qDJqdTVk-`c`-^??2hy|9XjU&JLL@ z9#%#j96rhVKD|2sKniIF6}0WZxOuvl(r4%?syY?6vYz)1>Nz=D6`f6Of>tNX8QUb{ zn?;8)TSVySsxdcdQy0aD*X8e^;&IdQEZ5otQIvD`qJo@+Mqo$vQ~EoP9>47DogAO;9a00-MI=L6G+pQ{qqKcHgIdc}q8}dzm+#Lj zDxilP%lX@iQW6`TjK4wHJixYBP72gAE8!2L-rxiNhQOD-T^4>L4@ene8~W}0?GKdW z-b3FDDS8M%!?U0j5}y~=ZgE6;?zg?9!f)5GVGB(5J*jVJ-CW|mKf7&ym^jBr^JIi|?Nf~YC@ahhE%mp%`t z$siF)p~FM)gxuhxA;(D2f2c#T;f7^auJ@jd{QE30mL?r$_Go86y_z|Hq)o0+meX}8 zJv+{AL?U=0=`Bsg-vAXzs`wGd=FGm&B67^2qO3?#UcuPU7=-MKgajxnuYiR|ctnJ$ zuBZe9M7h@qk$3GWPw%VvS@FySarhtli2}Oz^mt0h{&$(<^!c5=o6p%>Whbm%s$VjgVaI#0mIM)sEvpykt($Ij-W-L01|&5 z=sugo!E_1+rubS6M0d4dTcO^(ePPi4GX&Sv2>-pSJTx$N&ssNb`b|Ov1P`-5m$C9} z-HqWWoW}hQcwal$f*Vl%q&{#G%u4HdB%w0JT2}{Gs32&PdZWFoY(AsCrc=V-IX;5^ zkb#5%4YT9SzhmcDD)yFt3U#!XUqJlMgzYv1)pDw$@ISbQ!i?f0fcVf*jDco9j}V4V zuu#B3 zV-F|@ia_fJKpTMMwI9GD2f_5UjP?(p;nENcMR6q`_JlEE#2(&W9PW}F|0yDR%O`rX zm<&CBmE+~4vp>C;g)Idyh;uC1tS zGSu!FE%8s&%wcJjjm%SUAa5EMPp~wQzeexG>8fy`I#mB*E*Tt%^cRvxtqeAto-q$I zL5Q_}-tt7Ju$4i;t$4;4Z*;`RH5{$DD$4&L%nwYgL$cf9dBp`7yD}ND9~hH$8lMu6 zxSZk(N!(tp2MR$lL2%sF{xwRYUelCvha{Cse*7n=_&?quYMLfs|Xo$zh#IP8N%|G^wk3&-Eh>5#Q--!?p+`RW&jgol)~9`N_KDW{`jD%Fce~E%AXn?&mYz! z3V@l@$1M;+6AoCn9M|*3%DbiN8^OQ^xQGYHY*C3K1*>e~Dg3hS&y(X9HtFSJFIDgv zy02!q12%x)Snl%E7Z~ITMlR5)G?+rbXOP_Eea|-zS_+yBn}5mUYzg zyYTzO-(+W<-;H{I`*)69CRNygxu@LnO4tS(lgW<$PIkycCYn~_u zBUUMAZj6T}gr|p7V#XbBhmu{Nfe#tyT9z8OZENKW1%HEhx;@mG8t*3n0LcpAJ9p(& z{|HK+zDBCQy*yu4!Zx!!kG8ve9Qyb+Hpg6G_3&^@Gd7KMw*0fFh3{P}$HWVg z=_J29=ft_UAx{k~R{xnqAi`T0U0PnreTMqmOz=x8P>vimfBfu3wGWvIRbpW0fQNL?zPL~-eM5+i$ zj$0=;Y+395d6;VFTQ50hE2wI582>|$<5j2T=+LSbOEd^dG$^?25*EMt5dmV5!u?e= zqb{!-W%uDbBA`G#zq4v#x<{Vsx4>ED_&enL^5XImuq`f9P*9|seB02vsE~%xSEnE$ z5%F3m%`R5DA2$N8F!1Bt9c}UL?cGLuJ~Y%XqM3HT#$pWwF2Ui!!a!0WQULvcBM_sV zMWJYCa?Xnil{_UdJ7g8J-nw2!QYdKAJx)Xoj2lQ|;uaQo{bYM+eR#`2>;MK2fK#ud z*q&m!U@_}niWjR#~9EnA~Q;1?^hST zk8J2yHi)Bl6}La2l6$u+G1feIEB2R;Yclm$qFADc;ojm9w5=(8U4b0DfedyBMfSCd zYVOn<1v7n_UQr2-79#*-JerXCM$BOJ*%Rs2&7-wr)=&-I1|Ca2)&H|#0@t_8vAMg( zA5kv!-{RsSVPmNPH-AzueL$k}RFos41eD@(8Bcbi6L%?2X{t1WmhPQ&dQS2#Zq=V% zftPY>U#revCJEw$8%Thbi?hke@6oqm8>$4HA@Ex!+?r@72_ z-43Q&AuIwSv7gg@jXVyEz@{XV6#6E{Ho;hfbyZD;H#J`hqTDfGa1B6I3NY_MK4VOY zCvJ$XmU%2`%YV{l!6F)(U$;!7a9Uc(*UES6$&y5qd3e8LPG z?trRRB0&-aE$y`~i5Cu2ICB5f)^thHkmF}jgV`-y3hG%VVHkE%6(rJK{R(-o?EHY~ z`J0W&VRQDuY`Ai{#?t1hMtPl7aRYZzkM3f7JNK}Nc+*#PSa{3`uloD_;KuH=$gD4K z#8WA11fe`dM7gRQczG4(_CWkmvo8q155o9S*cz}3*kxkB2^toGrcL5Al_WVF7l3Ah z4 z`}f`VyRm0F?n`l1-In#_!S$VAR!|Tmo9jeCaYJ_}X`UrvOrc;;Y4lTK0R@Fo(G#UO z29Cr~vrjE+5+}Strr~BiMZ9Q2aA;!~01iD&THcpR4UbbvpGn>gO5tg{Yd9D~(LqXK#oGb0F#+scU-P@&?A+L&c7`xV$2p5U6PCXAINkU$FuED$N+AeYJG&W>XRqi#u6;WK`pL4gGGcUWfmNN){d`d2BAPiO24srd zjieO-8;p&t?CeFLjPjaer-x^j>?IT?9KU{Ts8}X{*8lFg>L>EyMFwV7?CohO>wZ2o z%7ZmLy8$0YMk?D1YN~|wBv107>Px`F%ldc1W7jEI!^ec~xKZ zdkY&KwM8!1V6mM&{3g5-^!5@*B8c;*dEThyl0^;Q$4vP6_y9tUwY9a$=J0Y669WKJ zQc{Tcoc326T)w`(w5d&&|JGpPMhhkHV+eVs>SWFQmC98ck0(fCekUBbN6M&b3k{+% zrl6OalVmLdHF<4)b5r66X1I*)W)1w!HG*v8$d}&^G8Wcyd;3}_p_l$r6;!4dW4@qw z#29TAvZN6Op!b#aw)6^dV*+$rgDe}GwsvHoLxf?q5xIEi$fVf3y*GG5A~fHsy{}ng z&qMLFo2(QM_fOySda~+Yx=MzlgWZ;zORwEN2tXRMiBvA1;lLjOf!-tT!8i@zo6L5j9u78*_aAE968|7Xdm?35*)2Rq!bjt=&y4qXwU^kg=k&W) zSZQ}-w~!%7`6YE7yYWn7I;Iqa|?ML7KoFn4%VxyxT z9c=-t9&(Pq-yfHWd|nK^y$Swd0~mq#toQ2o6Qgk>E)4bgyvDiHX86S1{pH>nbUIS$ zT@pq`b0pQCghMNIJJzpCf^_ER6JHjdIy@uu3qJ-Ali}&C+UnYCA{=(zh9MKZvGP{s z#SO`-=6QYPdr1>XNu4T*(~Q>EmbTZi1XS57byxRMt&4!q+c)3qm9J_A(k-8F_}=Ry z-n$2uY4%W=C}yZaudRX}`onlNKLhL#0~LHKU(O*NK}}uV^V411$D7ObmP`IReooe^ z)KIEn2l)Q7#j~w$pWS%HPa{Y~Y)-e{-hZFhI69U_$;YR=zc&v&8hsmP#Ylzi_fSs; z*oBjR#CB;?`p~Q+Yd@%IMX$s}q!bn)c#?BbYCkj3@=y^413O4>HOf}}B3vy%@=VpO zXG4A=N+FYC(mwTMVMZbgQM1d^ow5vI4#s$5;{Ju(hOkk2YJd*Hyi&B@ZbTj|xnw$b znifLuus5h$$*uR@m8d6jFiWgfi@DrUzs+btz6aL7k@QXH%9&(yyQ17{d^PR10hg_% zrKOa#baFIs6J=v#`}&flr|tv=WoBWfo5WBiWo~NNNU&Tg0V?~9CCdQhYh2TWlpygf zYUUg>o#&Zzlil^z&4{_dR^2yDYy_YE&M>9~rI4*)u_auP$AbWyb~OoV5Oz?Kg`!3a z&ZC@jG{P2N*XE{Yy%M2VhyiEv*yN-HFZTZ0*-akfd zgzm<+N2e_G-xKt1zS_PnM;z*YVw<5nn5mz!EB4k@(HWdKSA@S>J%aDHLK>+mD zkzb83gfyVLexKIBl&g-3|z3Mx_JY9khMl&fikda-0j&_)?nxn?h1_>{xao7y_ zrM2JuxN?m(p;y=Y4~=bkrRD&}U^VjK#qR8D9fVsBWBBwBB;GaX{Xzl-FdOo9v6EL_ zonwH}qsvxqFVMkAEc3x^KmObq5@;vJLPmht#{hvDa_mP)@L_4VTUG#|nM#DR<>V>D z2E_p>qB_8uU1EP`YprPor!F(@G*33Nxl`!!klwGT#aqASjkU4r+G1%5(dV?FFK{}i z$N6R@oeOEB)Or~YezJ^b=f;cCa)FwkzemsKRTNqR9u_ttDvHow z`bzLb;KJP2*U90LPigyD?ceA}RKpyd&XdMz{^`Y|j`nsiAtK*~{Pv2s?$N}|i&wcn z$+4wu=h7mi4}_K~_80^qM&lw-)fcQYsu6o(c5o_0VA$8zpB6tfTxT+B&iD%jS3GPR z|9R$z@&hht-cfbbu7SWL8cbCdM2xLj$v@JXnsM+N4e|$k@K~B?XmDptttT+S<3Z}{ ztnYK8=S#uN=auFY)osB2K- zq6uCzq6wH@`UdGzo$k6fU-!El`aiwBBc$yJf4SE@995U!8oi6Qcw2{x70#N=*zyw- z>jMvSF0CS&@gU*hxPY?GEX@MR2T%a@Xr~U28L3=Sk_xDsKf95)seoa{2%(fydut$l zoJ1z=Pcxz3K0=;Fue;f|>+W^Lh$_++6>Y%HjBsNrz4s7PS0q=eeM6XGQ@nzeCr>Sv zmxrfrS4s3-(5jEZM1g1|yRFRh;%`?+m)pCiPq%(ZnU_)Jk~RL>$AUSgK_T3$ZrRL80cunTy@`g^WE{vIs;_friLnr@Ck5j`0*Y?a&In)e{Cy*$+YG z#5k>HgV<+f*>uU0o_b0)QqUiP`J*7OT7E z?aK}?w(Gk^-nLE2YDYCUjFxcAaZE2SFH@j0hDvvWHdQJqL(ECa$j$-;Hu?r8R4bKO zj2BbXbqsaR-WFv1S_cLI)$|!72_fph$E^98egg|hfWZ>movuaP#U=kw{-;ad*v3fd zM3FfKJ>Qp+e^dlys4S46`3qNAne3nYxmL)A$U@Nd!)Gs&{{F6;_O9{hG*-(sx;;ML zl9J)KeTdmcob6lw` z20=mvfj{B!k&CtTt`9HsXW_6ImTB&fHm=5Q@i%Cudb~f`_)Ck$5)$Cy!J$w3A1YJ- zU^qj=J{YOrwtl^CyP!|5IQhAUq@<>%rKaYpewc7y zL@S)QD= z2PP_#;O~&MrutOKtj=DJmf{BJL0y16(zC_wzShUq8ZGDoJ+$L!G#*C?B7sz{#Ca|# z$li{!oAYlar8y(S9B8zF%v*bi$K5@~D3n7c#kF_Q=fhuuP zd^Y%tfH90f#0(uGpeT8Ixt|%Zd6p6oP@s(h z)9>>3-A(TX&CMWZnPf?ZD%4gqkAglUZVCrnb`doc@zh0#{&E9K9n6u$T8&)XZBG)x{AtN4$9}z zNb`mRL6#8@4FI-22kLzZMr6Ss!m3Qwl$Mg&qJum@F>T@R(P@a?Y(Vlw<_M$qsOwpJ zCDbs40BDAJq@+Npu*i`ulIe>j;!#V818@YwEdO$gvKtF*Yvj70iTt*eTg;XM+&tXH zT&&xzj4%PCcv4hA8FYh1WCl?fOX8`(Ndk}=1)!59xC2F-)PEB3JJ$Ki$cTs(WoBy2 z%0A}(6YgHU+tzFF?Y27u%jgE9PE}A)aK@lzT5QIi9|0qQCk}!()ZmsQm?mB2&;1?O zSys@%tmk?8Fe($}U?2zr;OuDqsC$2ZHv=4^{x|Gk;KZqf1~TO6B5@Fl3QZBM1dJ`` zxMwkhTi+vvl5z|+ApU~!inIRyg7o7{3o0z|f$lyZL7qsTt)=zdOKY>9dXKIVDSWkr zb&IXfs^5xuwc1=?BXDxFKQGw6`0B{HcLPBOmqPjG)=p+t?qi9DV%`BDLM7kh-;v%=1qU+z)_(B$r($?l`2qeHHJ`iFb-a{ce7=i?Z+Q-V>| z6Vt&XOEi~BG*>2;wX~MwKvjL!ZT7o$?$;YsrLQLAacU1X*HO1TA3@VcAlTi~;(3at zwKMf!FRaFb9vD1D;Ba}mgX2^aN39NomJM4%H9!M^WYQfT#qzm+kv%#u2Gcd0JS+>A zZ2f7xspF|W*}u$eyPt54^fWr{uJA{?UAl0vH0$2sB;Lm1BTID zjChV4sdXaHIdjZ!aW!(Aj&q2gD3=0DiFipToccJ1vPAuc$X)Ow0RSO|Kc#nbgL<*} zYrcnf6jAlPq(WC9QT2_H;{%@ip6(utD(YjZ~A=C{H_C{+TWWdGa{{1ynNj#2vOY%0+3l@uvcR;3LDp zrWh#(MLYii0KC&iQSLd0P*s^72k#_Mi=cE^zEX#9*CX zXo0EKFh*6IKh)=bsi}VjNR&(DGJA+$Z@2k(=Q~`DRrI<9kpNqKd>DV}BH-XQH#Tf| z(@AP`Ehd=M8Ac(ae{cDCdwG49PNunkdieZN#Sl6< zkq`CV`1{^*xh*2{*gSk|@Uu!gy{jE(OWBiO!{KW#;wxZXwJ+kH_Ms|q%X4n?wJs|MJN12Nc>j1$54tAA~`NP$6` zuqLD}(^}oTRJF<12S@GG)v;k8mqDLdBcO3Ka)Ma%v z=ct+R`Slr$JVP&|=S?$;BD%DtF3u3UYOVYL+}}=YQNwqTgW~k(O{!?LsZ*V)IjNS* zSxnj3*>iXuWW2xufg$ks4-deJMMOZbT40mQeMLS#SW}Uo|E&R&z$e9SF(ODv`9r+L zE&}CI3zStkA;fyU`*{TJa~t>JZ?Hi@Qlr;a36*HiZytg#iX)lALQ{9(9?_92i492- z5-%NRe@CjNBTlA8Uq2ayY7mx5ZVDE1(+y_&i}l@?#})tk)LzB8C*&<8i!K#eC_jHU z_2(z|DUhc59dQPy>WSqtyTJlB|G;@l3E<~ChP%zQDr+=5=T_S$;KU6D$YTh*VReQ?-QqAkz0XiiA9nRlRdj#H9CzU3>+(0i zr1ywWY+KPs`OlWb=ut<~lPvol8XqCk#uH1CRf8$!x$E?y4RFSGx!w)D(7=NU0MHoq z3s{iBH}0E0KjMh&#mjX-G83- z{x_tpj`J&{>%XTDdcgq&>w(9wcXy64`xCGlK#M{$maYTMVQp@{@|}J1DIFFU3C1aj z%v3OVfsT*fYBT&yWc@-~;_Ga0&qz|#&@g9B1Z)7#KW`WOd>hE9_}I9p8cEIEfm1f}J%w7(lptS{Bt#2JqN#e6RO8{R0@Ope)3KVD2gc!tu4-vg5%4TG+ zoj8gAe*IrvR~Z)77xb?PxP-WbG$P%NETGg%cPNcC2uLFxf=f3@2@6Pxq)MZJba!_* zOCun$@8$pPectCi-|oHVIWgzVnVH|roO^K-78bU$va&DSf)Rg+{ZXoXlFCz&5tN_v zw#hGZ-aaj=QP#|RijX8UAHn#}Ioo7hd3f_Ly5+h>GsxLO7fL5>pc~|6sOKd&MM+3F ztRknIpa^MBg`CN3`N)BT>E94ZgMEP7?Kjzz&Bb`##_MTq4EkUK3%8v!T6$zYEf+-b zvXG9{PV&)+#JgUjWiTI@jOIn7JUZgCpFRQuOt#kdWxbXAgpxZ`p_GNHcQfoluwoGe z%13!~iSAa7vl3%y3ewYP-LVxuXD>fKL#hu~0W9&L%~p&kLMZM!>@X#yN=sdRu9TCA zjI0xkxBoej(sO(*3o)+_j4_$*X8g$jNKICYa!iem!e2}`q z_Nlc>6Z*P5C5fx~wm~kMe1hSvG~2ZX70z8ZFB$R3xP4ED<*v?lH&G}QxB`27z88nf z3W>~Y3=~lURQKNMl$T1Kx1Gk0u&UzU{FBAR#&ko=(G^vGfO1~k8?8wU3R)=x5h^N} zL*+YIWN6~GX1g(J_qO;IvI<$~3R4dk?vre&1~tunZhFGG%94$l1Z&~8rx^08#~cOm zWV?IxlBIaEZRE!N{U|an?3!Za*n`+7a*(6cretF%;S>6Uw5%-JCr=i{Xt6ZIm=Kh+ z&xtP4{u^k^PcO65(C6(dPNLK#B&Zr~(hXRkk#ZEOG~);gUvyafv30o~92^WL8tjSP z^XZ!|*uh^G+3*%e0GL2riv>jG#{;a1WN86SChkQIaVRi(hP?g-VFr|5-`*Sy}o*#Ryh@Q5RqY^-tRW z7clDH+$E9Mlw|TkU3xE}frAjG~rq?^%T(bhU zNnf_YC7-^o!Z^u`#st!>S8T%#;Scl<)f1(OLQKEe7OQA99@K@Ni+s;wi=1k19v@|N zCyYPquCy*wdUX$Q+Az+7;FW)uYOIr(M;vFJulENC!K-^NVpOs@;luZ3h|RXE+5uj2 z@*T@D{UU71s4kFSG^rF=mc6A!fYe@GA7ak@WW1c;^t_>eIM%Pkp9`b8qT!zjz1F|( zWQmL1hpAEb1qji;06-|>5$ zslToi+7{a{!`{zNoHmSD&np{KU8!V{;5{w;>7wa@fCxlXD%u~^vO$tjg+=xuxZX6Bf9QWS2n-n0r#Ub6)ik!|eT0h?mBuOIg``{p} zo^!GDLs~S_`iIuS85M!sV@lIcHU+o-wzL2%&%om|{f{h6L(K(SfhQS!((#0C#2Qt> zsoFF0tcXBMs2O7*VpUj_6B%6Cj-LAU%=i%7kh?3+@BsE=#!e!~Qyt&o45A>a))ZbZs7KO{+MTHx19 z%5^Pvb_+{U0Y=0HWqGTod$S`pMH25ELAFJ5H_Hc$I z-xR3WeJ<+6RB*82PH7Hj4h?@#ETV#lXPw z@~Pp`JPF}R)0AjaIO!FNf1Nz~5RCLuWhFepB^uppfK^S!j@+M?;2%_U=T3&O}?ukNq?_RJ~5qlQZG@W@JpVG z46!21Jdq#^uFRvXX@J6RKSF^j{>A37UisOo(rbfxGHsL~*fFllr4u7lem?1)>Vg|# zA{pGy=0aS+BN$5tmbq>*U{Zp|4N4ubXtPNl1w%1{D$0L+qK&4%Gkvq2 zfS(6EsrmARE_rtrA$L(xQJG;Km`=3?LNc(9D2h?aZfVxJ0R<9z12xt}unIr;orsut zbz?&|G$^N``NUUA7&DxceyralEJH{pN=91p%z%UhiHlT~(?hK60~o*(W{L?MLYE4a zo+%Wkr<=-#LHq6lX1c25S}tVlyX2tUQg<5+ACUHt5e6`%<>`1(L!u^q=PvIvd9B*I zOkd{Gx7=IWd4?LCCiCxkp=C7rG+*aHfk9Ov_zolZNX&UaZjRu!g3^~JPX5?vkv*K;Rm#S?i zCCY?x`uqz|6DYuuIP>;1GNJ)$>+6eNv8$;Kl4bd^D-u_4tn%nqU%BF}KLV-#gfSif zr?te_8b_)YK)xDU(9z53vbJ?}aDJ_Bs80X{-ui11F{`G#&;orKd|Wy{H&?VVyvpaW zG?S=pDp^p_BPV;{lwQHMctA6Fe{89a{I5!mE; z)1+}RmV*VvU0>ve#vn`Vht4rcH9Gb{>Z!Zo;qt8$iOAqK>n;()og)9W6R*nRg4zFa zu^f8RA7;8Q!M4t?ztaLQ#Kc%SqTfx2?~9UtIiSAVCLiNgs7VyCC`{X<_&Ugm!AN4R zFb2M@hYV(+z=t>G;4Qq5tT^diyKh_Nf=%XeoO2&~zx1HB`;1i)?R=fpJ^Dn*|JGmA z!O-J(n$i4JvM6dfnR+V6j&#rk{Ho@_ff0E?LgIlEe4rQ(>a%*RHsR7im+~s)z}Wcs zwx~aGV)mm z!DB_rymyW%T7u5&G_VWVhGeJ>cbzIB1_FvNDUZi2flzmNBYw9@u>W1n%y6;OkF~dB z0S+Xj?|sU-dNspIQ1^mk3g7ldb_Ym!{XM`%Cgrs#X8v{BNyhlLp6`gew3hyeMeS-+ zk9V=ZL}SA5vAx%Dt%7(}&idXWlYP49p2T1f1A9pjQcZDEcGzf$=f!uH`Lc{^>7L!; zmMsz0e9`ozhX8xhPNM?xX}xT(-)VhEcOrA)xGhk7xNBKp5Ss8bai#r}k|;r)ab{G4 zn>GmZa*GHq6H7h*t2kxNQ~I0$Dr!BxaJ~s%9NpxgvUqh2F&!~JwwyASiJqQ~tg^!* zfFMs+R+bX8z?J+!H9O&t?JD8rg*Y}`?TEc+fAnyWkHA@^Z_R0)#LXp8-fyWp$v4}NZkY3?qC^iuUdtUg+{mZ~LD2H!6czn#}{ z*2{z{VKMXZ)0Vn#l2-f?>G4;*6vXS(s;o&W6Wpzyd=;ZECX+u4iHH_&HXfZSqP z{w@>rsX>?8dW0|EIhk3`{iIH{IpMd!WVY|gs03Tg*vu=gk-*TIxDj^sv9ij})fo@@ z$dgt7Y&sx*t*JebeD|rYy#D@oeeYuWo8od~-@j~t?mr6`-M3xmKK`t14LCrc-?f!W z7Qgw9g>%2Bioq-W1#^qW*gB##k@JzT*D)`modd;07pUQMDtk{7BH2~K(#g_vd8j~+UdiIJ zXQylZiXD(>0D-#v9s0p{#PgsfWsw?OgYv_*-}_YNeCm zDJHhzihvhC%u2f5{8kbxGt%sYqLVh-^Zr;NTMUE#tJaHvrk*9A zRa$0WS8+FycVJgH(>#mb`s5MJ-NCI8o{7xGf*^<`_9L`Uf1CC98TC>(>{>bKn@W_)RP}$?wG=29^CT;Sw_BW!5MF&SC359a0g2OD^sSlgWg=(|85^NS z*kUZ}I)`=apbdv=Fa8Y1Aa7iqoE@B|Fvtld{83-vwHlscjN*Kiu8v|(BYj(y;6AbH zu^R#h9YmcGdCxLpV6bL0({z{pp;tROElloFM z&0@g!<;c|A;pXOML|jjgVg-oO`2tI0+ZE^wr1Lj63@BXh85e_^%DtuH@|xRibVJg=j@jc)HI7^NQ%`0fibCvIg0@M*drV%`47Xtv z-0@_1*zN$pI&(aTgi%kU<{eG^SA^HkB4yVGGCh zOC9|>5{G@7DtuD0bb(0ZFNXudt+wWx+;|KibCb$aP_VjME`+PR@SpqStwh7oz^d9; zPS1^XiKer`@}|YFT%5xc7q9IkatufC>0&Lf&Lc@1jhi%5jdee#8?(yCO*)X+;3=|m z96$^h=;^nd(oE-iw*zPbj#Y-s&#U}CFMknozp}V}zv^(5L$ProVSI(Z(a6UFrh{(w zAzxkeQ)yFs$+g8kfMoKjLbc%`YQZZ(N9G;xyB=bzex_)!OB<%xZ0oTE&%orU$Bi6f zf&YRZz)eP61zbn0di&ecb@Y`btgc8L7kuHVi7q4JB6L|V#gUh6m|bgDUL86klD``_ za_c-SI(}G5&@63L>f|ku!0b=T?3GXLMKJ!#%LmbAki zxC8H%p|MgP!fGyl+cFjH=4l~w6}eJSx>#jjxegJ0Mu`%>NUrCSLEL|e7_&VKc}S&c z>=SLN8)6D=CH2OdqbjqRqzE+E*ojoa;;!?4cK+?t7FYH3evnNCxn9mxXmU* z+injZJ_MuD*4Nknw+DWz?m*J@x#PP+^g+n^{rl06Zc*b0=nE~Yp3&|{0~rKBK!9U^ ztejfIZ@1-=2L%+tlPfEoncm&s#y?K8t$IzG&a`%`L@iH{#w;JLc6LTn$;s93E+NFw z%fF~z45p-{xKe-BE>6NW>fOQ$6r!Z0e1mQ}&w=0U&(&$Ye*GGZpuM>66e%_wT}W|Q z>V9q~QC3v8O+}G;yI8tYoqEB_DoW0^ffMm7Mm8DsxsF*NE=HQTh%50Y1)VThm3ZM~KgNvhA!?6|YRP+@nHTW84B zi6lxSS`s$c>vN7_z=0KlQ@Wu9ngdv2(t5D?kc#(ueV_fC%4y&ir&OF_UV*;@t3=`Ix^IaE@v;408^dS*snlz_woPx*H>1bBI- zZ{+Gd~vVGWjujkMIhmtw;-F*5FB~z6v z@%hu*YQ84_`7k7hVd$sev6ab|u)FEyeZOCRojIE+WTd1RK=04<)7ZZ#l&cWO)n47n z=b`K)b6Fgp%op!Bj+l5dMEycYhjT!`D*Bs3W{xzO346So5h)uh=Vwr)^^OX#$}2Oa zUo7>dc{lWtvL|hciP^3lezGQurRKZdtK;lp0;x!YA1ME+-o41Zvxf{ z_M<2bX2T!B;j1eHnZ5rkMoIOf?l5|-FwDY9M>0h9_q8P0;+K4PHqbLo9;L`dOdsD) z*u!F^!u{o=B#5|s$TI?xkb>%SAx1lpfS{3W`ctce37Q>`0v||7`a|KE@#KiIe6Rr! iN0YvTkndi1qG_KM05bOf9Tbq6O#lE$N;VP_ z%F5P`u8uC&j^D^-B_zndIXha~*jWI;e=9j^R_bcUctQ^wx8m~Q0m<@?s<Rq?0* zoCF#M3PcRKaEc$xxGKLeB_&~rhx5Z>Vq*iMaaEX5B9WF5_9zNsgA2nWM_;zR3vCxV z9}Xton-_%-t8Q`{rx1EUD5)|WDqI05<>I86Tfsy9gWG$|qJcRLVZBxA!unalhRGf;xpoKn?RdniZb_kW)QLma-whDi~~S^0`9-j z-n{)ciB>Z?$sOB*X7u@_2mS+WYP$QrKUMin6acne{iffUSQ?1}1mFYg-wUWOV66?2 z^W7ezEE~{8n}Ph}6|I|Z|DPMlAMtI=%lmtKOLG0;{3-u#a1P{YS;p7afkxliLKn$S1&XA@BFFS^b^ zL|Cz55Vi@$N;s5hq&8(N2tOnAk>ZyOELId1`A9g93RpgYONLD~Qk`5whU8kv8JaIl zU#dMpU>INzdi~xh&6XV4pdvJf(k#(d#zPb$Re=1*+?6de4lh6Jk8=}|P&D_C!#|bQ z=qqu;5<{%LM+68Q{dTO(gTKY=d6^KC%*N`$RVbB%M0J`~FdY$hW>fVZuvmeTy@=ef z9^&LCq+&AK3fhWGGG*kSs5miK5P1+`LR9)_!AWKEO*HM8PyGa@>}+A$GE9^USaH}a z7~bI${XA4y5fbdQZSl~u^+oD4STj;H4yu&LOyyaeGDMU~BP-^%4G4V6OyrEip?f)d zzxO!yi1#S2^^kH*MV*Qs)pqDqN59Gu?qlq8?!#N8vx{jIW~#22{ZPl`iqjRZ{?VdZ zs}fd*&FPlOHxY~{D_>k)kTOeTjc@&6Q+wpvj=7#fs+jgiYi8_N`Y7!P=GFrR^*e6x zP`DKxVHN=bffb<#L2bH13E^xM;gC8j58G+_VFr4JqlPv^3xf}C!YERTTnbGJF$0Tw zc|}RZMg_9QjmDUIT)Cl|Z;g}&huUsA;#_K_Mn#VDsT#4GRk=V}ScO%Yqq<0upUztZ zyv}ch-%1iiD*5$ByPbpN$Yz9%|1nY6qE>!)3*_pjsh?Q(acAgAens(zCxq)*@ze7)4!l}^4W}$Cek(!pOT`5zkQYn4f z#a(k=np4sx*`f0ih$c29N2^aOZ51~OmvgALthQc?REqaSi2tsJxx%)X_(uoCqsO82 zB0aa;Fd$dKv2??;>+t!LFUyUZ5$%ScOkD`DOK68vgSi+zi)iIpk7RqH^_?~A0a zB;R)5m^UE=)Uai=N)lZXKbIzF9DYsyjm*jH3lZOe+tgzgEA1(asU?ox7VI(lew!S% ztXXL*e5*E>;G6KM2>GBf<}_jEEaJiS;jTS7*E=VJZLgWToUF#IzVoux+6(Rrn~Siu zym8Jv`dl3jmp{LUCAL)dr$vzSQdn&_tNfHClme}q4=Gv9SQ50V7wcM!Jt`hdF7bu$ zg`M+ug?9ycHrO|GjK+C-TZdc6lzuzr8ij63_)~tEe|UXN1Em4fP*yMzfntGr&@Yc( zJ`_E%BK)fs_YKSEV$u0+Vz^>)LDfO~zp5#$htJ}xDIN~fCle-Z&_b2{ju!qPm>ify z{q{ql4Gjy``YsatEnJ&unk|jXV|q=(WfSrYNrh}=S+Obc)qa-aVi2xi{wlb_)6Us0 zGRSPHGd{1Kqb+ME|A~*8p@!SRu6y(K{3dKCX9s!L8$X?8*x;MzkIBB<&{Di|W-KQD zR8fU+Mc(AUVi*i%c+u3?*dEleNS=KpeO6$WY3}LpB?)~7QpIZ-hA&=;X9=BLo>T)I z#Z3EcA++W3oeHQ5>skD{c$x0x_UuCZU2MUL3Gq(i6%=2RTC7g24lLcrsw_eq-Ul3_ zT3JX_5Jqep8ow?YuP?TN zhQCIGelhekx>ZWGX`Q5$bDofe~-D*d0i$q&t zkKoTvi_($F2>}uHBK2GKXLat2ne}Fq#Yczf3u5oid(N}@RlUxKH{p@)RShVOFY}i3 z7B8|djSnI<5f#UesW0{h)r$5`=R+_vFmDKyXf2CvbMquKLh7n<3yi1IXhUS(?>Uzq zpHaC{HDa;{cPPI>Joka{D4 z3r{bcYa|-Hs%H61s*sL4}%_do0PetdXoMFR`gtK zSz}87^aFfo@YH+4T^zauTwF%n*mu<6twq z)qFYs<+0{La#^^EuC(Vv?oan&{ZxOa_NVkEi7+YY0~RLz=GBbj^XfmmNp2>i`UL>I zr~x1#7yzC={)NW?;Km97C&mE4pAG={j)_JCQUG9XAPW&w|8M2Y*CRl4VE&!&aKm8b zA}EN?S{e2ie1SFCI{FtCyq$HlAN>Ly1RGb~bl}2D3{IYjAZD7%h%=%9-2ZACBNtu3 zDVeFg^A)3r$--k(;PCZ5-T83i!Pf)dLI>+`1m0uQd2B7iYEsYzNfS*FClQ{GQ*MSl z)a%KW-i~H?&|g1OB(v$-!cMU6mak|zX$=3TV#oxVP3VH%v_1KONZiwh+4OeZF?M(d z_IQg(YCB}aP;wT52La1w`pxVnhGL*lV$`5|@l$yEyRFec0nKNxmI3_O;{ns|`8A#a zAEnV-Y@7S~C{LIP7s<=$bo&aLXN=S{p~N1LcRl$2Vn1p&)b7=)!=b}Wf4Qc?U?}n@ zIFiv+hA3Ydy#mN%I?^|ATPRM;b{?hAIy=idyl8k6)BVQ#q+g1|Hl@hD<8XyMj$%PW zLVwr3XOx1KlqeI?!Te;pyjVQ0PpdP-@DfrqfZiY(L!)|sGq5h6NqCx0lH_?HAzJ_G z&sryWx=@q|VY-omhqz57n=b2zaV+C(&&_4Bh!SGtC~L#M?f4(=XV-K-;#4z1rcAg< z5td>BK1)wx`7b@x{Nfj+nc$O|G@X0PcGq%Jx7+O=&l8&^=x;M7VTyjYBYHGn+RqnO zgc3FB}^Mk`C{(GCqx_nOY)jUobpSts8#&8U=T7u0Y z%u6H-xxk%HA`ah-qSH zG+)aL7?Xl1Rh*M0in{NU?9xpT5JV0H89#UA9AQFX(m_K+%`rr=Ab>I$+)f4nkzGkm zMr|}$aY|>nU@+DZats}`ID{NL(_^zDZnhd#*G&jZ0R>CtkpPB-ph4czB_S#hNWyzs zIH)ij#0Ca~VZ*`V@`>%oXSF31lH`%##WiRE@(fiEfR6m^^0*pouyEFy0*rNkCqzFs zqIjLf1{};lMSy+f!}kn~EKR`5f;UT6_PT7or$5cQ3lsYi5AzH@etBa;gTp~k7@z5)#v}|n|XC9&3p4Twjq#22UO4|d&69UF!2sPB1y;zq@Z7Ke=)U$ ziZF$5aSRWrGv7YIsprt-_dL=HnKiS@;+OEWlS;6$md(7tbXuW=&4vOS!sDt8PC7ic#s8}Jn@H}l|sS(k!u1fH776;2`b1~ zAu9lphg)KRPd0I3$U(reyalF^maZ8owH30!jMPJEIEWPr5uh_Mg{2ZR`7;*{0#MRp z;UqJ0`rSGIJjC=dLFfQjDz6{pWmy`cQ-7f&$2A}T3gq8g5;DvbB97xZkv!?y9^>{w z4uLnGRzj-o3b9DvC}YR{5sCco_GRiw6^o^VgWG`{2q@*0KqGBS1lh7y*(X(q57j!g^*%Wh2M}Y@VD~WIJ+~lBq3OiPk z_N8a$RwQYU#)5LW=+9PeI8e&H09^n|!7WNufp)qMEI~T%sq}9!9Vpz3uOP;Okv!^D zH5CIjiV_4us-p`6g}|xI(k-L0(3Mc1udf=GC?zPy1b~5Xu=xsFgbqbQxG7+6ZfcGr zK7EKQYH9+_{=Mqq?6$c90MiYi05ap`i3_Rh_gu?} z;cJ3o=5PtwezAm60TWHhnVW3_S4OTLlPKXU zINU+f&z(|Dg_W^c<_U}jp3KwKFj3BlorVs$CNffV3ya6~@O8OmABiHhC<;{CeB6y}(JJZkN=a4^NdP{x=O zeO~k7B`*A2l6f+>y$JB+kcp>Jkg|iKF#t8^tKOu&Ct_Y1UpQ6NVlc82m|McEh&auX zcwk%i6%)Y9C{18axz-J96{C2UcD3E-gwbS>#d4@>eIXVH%rznOI;SFt0acQ(M>A8F zJ`IXJY~~$`L$@34kGPCp1b4qxS`3rZJ>Uq)WwA6zA2c5iPaU&;Czp8?e^L*Mzx~Aw zd%KD#WhfXv(w3S7vyaCJ+a9(~aWp0+Z+x*`S;4Z2>{w^hW`FtS8O!zEG$Yu1wR5=~ zEY!)O*Fl_&r5Bw2rXZE^1)ZAEL~?ACQ1u!PVRAxpe5c9)lTA08BRn+b$nG(ft)rAVp^$tm{N22@oyztuys&SlH0Kn^UYuaFH7(?= zocjz`^(KC!Kq4Gf^jPzWq#66chmU=`hiQdo`#U}~MO7|92TPNww+cxPQNE8s4$DMV z29X1~(G-3rwZ-tI^xPs9`pEs$ZC_CQS=7o7Ze>o^7=VW(h7muf5uA|#7F7pBj&O`& zap0rbcLFagGw3I-%MCk@`A881xHw?I%cTK9V5ab*iLb4o*|V>3Dhkz>0_d1FLjA89 zciI#Jo26NWy4{P3;ib}tEfySoO?pDb$b7O|YP!wx0(w8lWyQGWY=vVW1cANfO8|fg z(p#{6*@;$Kcst(qzP%hG7133{j#DCj)rvivrWl($O2()R(~cq*O@yX}^G|rV^#6Ey zG>hxL&$KlIjyBwEzf7y(NMhQow9I`u5ZROUD~3a-zh^Cts>@> zOqIDnh#SQkp^8M|iy>Mvi+Er#*Oa|INJ^eh5GbWR+jNw|O;KElO1VRhk?E@f5v?9d z|16A2fdSjq5e_SJbY9W`AVSyY8eoV)1%Rob08Y8~qSZihkS>^Q$jbic6s8mjhk#@K zOBg5sXK`vbQ?F6C)H(x@NU5)`<@i?RM+18HxbpI&UyJhrC(N{Y<&N-gB>iL*_ zNPI}|Tfp=k6!@>EE?{&n{{JPyzRe@;9(t=8d9E}ltE*9r_DXFnCya**QCZ$ztodQc z#l06^Z@X9xMX}(4H{^sP$(CSwqWwWz5KdPhqqnR(pNi#NlF_iA=cppbi9%7 zC?}uVD*revYeT~4(cM{YDELGW!%I>OqFavnGDex*w#ifpem*-N8H(q(dK_&ynvn1w zS_o3~(9OXdKXxeZR-DRy*dx3;|BoqiG<#FVfn{0yU|-OuVUQ>JHYqu^Ltkz>S^q22 zV3UQjkf-30hXm^MQ=8hY<3xyEK(#ZJ)L+l z7OXL(m>{{2u0bwsIfSZ^z--XvGb5$;5FQjTQ%fu+DJcC_6wGD{15F-vAiewjN41_f zIV?1}xVS{V1B*%sE;)nxaI#!)I3$7&?0ja+g?@czEnB-#Mbva3@1PQN?=MS@%ud#b z_ak9cC0n?9!XKLbA=fh*T2o%Gm6YvJE@DA@#IdZ6L`E|*MUIGgsDR0C@xZbd$_2n)-zK)L1Cn-iynPp7!GQ?wnsEwLgq^){Ywu8Dx$g{CRx~|asz6XZbYZp*6CfOxMrBLSgKeHRGjQU;(5W+s-2rZv zcj&JwjW8eC&@DJy?x4q%Z(o}FPuD72yXyOA!e76hPCR2{HyDqR9S%2WMMrqIA}-m| zZra_6Bx3K1UInAurjp$q9XA}i{ySD56b1spi&UZ`?i~IDD*cP`ZU%R6iCNe1_l}yj zvymEDmAoo)ymE=qCPhNKSiT_;NVtL$Ehe566{n%}!k0ftr?Jhb2J#h>1q8VZ2W40B z7}F(u0HGlbB)SP9+bLR1zR`VEu?PFuU}-K`1qZp{Di#7siNp;@3GWAkf-n;RWApv} zCdBig-j-r_GAQVJVHEeuKR5hP80298obw5aNm6La@8-D*?eSPbe7GHRKi2K9Q}fcX zB~wg`)y)bUtuQh;rSoeihp7C8jh5pt{mjYirW_g$376}Y6S74J%{3napzzHC@z;P0>7BxYyY zkE{6}lIcobWr)D5r49e((qWM~rjF2IZaoWX*Zw$EPL3=JG?^gBi5#K-WvhDtIBEGU z&0<3D!RU63=e#_wdn?w_j^&v2AhXrqWx3L*>txTstvRVb7<&!`8M(|7VR-$kWx>uA~3x-3&*qka36VHbY|R zUz**;1!kYU=L~P7N0AQoC$d-b!AF6u@ydtI8YYWcgWJEKdqT;g1-czIM%;84C^z|T zwLSLL389pHhWkGy|I{7lf5l+qz{bX+z@i&~P5?FbV@5zqx^&VZYyx+qNqOuPB&s;x z;YGy`yC;DQ0nPnXG6CWX`FQ8m_VIZBT!$qa2+0gh!b-n6yuLiHh>lYOr=#TG-|Ilq+93@5|UI|9^ z%iK@KZ9JA|*}8b;_=3#i8Y}L9YeeDubM8t)&O7MqWgu9AkbDq@R5(=A9SQDT^!Ms# ziFvJ))6-ck;qo`TcW95mQFdqOcu-vcv}!;kh0{q3py{D=HyySyLvc=Bk9|Hd2-Ypd zm_a{XR2t`h%>Jb(S@b5g;r$}KnD$Ct)}-XB0li2$Kin^%Z#!=Oyl0FJ zUni>zhc@eflN_F{OI~LR9x$EEH~Kv_;-hu$o^|mDBWKqO@X_I58bfd-YqCHx5I|f7 z=SkCfVGuq!90Z@|`F89*SEqIgOEr@h0fsK3i>!DM+;3UEvu&Qr5rSg=xxbZ5ZuE4} zFT2Tf?nO!MP9ivA0GL7-@WvJp6w4?^`r(p@32*Tx$#hPhA=yO^ zW+kp9TvyCd`918ETH0xugM+C2U?Oe?m4wajiWA*j*F2UPkY7iKqhg#bbX!iSHYphy zp5B~MQwtUkuUfzgyfTAQLZ@ip{4y!DBzw#}DVd#}BWwfE;$2xN298qQc^v1=Uatf*CJ_w@N; z+=4{AF6cMzsfB#QBkVgyxOg0Ay_-p(%tjYi%W=<@-zsL@rG{}%CBuw0I$m8X+-e?k zH(+@8Oy>7Fch%=vEwknePoDxjg8!%#)7$P~$djzUlB7_R5F)!6MgWM_JZv)H$*jEt z#?~Uej;+ZzvPv)d$rYl9&i_pHIyB^VZ{R_gkUMkcaejNCtLkVH#f{gbMgJf3`{3G@ ztFUtmx{ajD5M26XO)$P43K7BD2O@~OMy)Bq!h>_R4&Fq$0H;w^U%5(~i$=CDk*+I(AySNu6((xi z8V@=egL2i54UodYlp==^U}K3vL~G2TF`zSOW!!Dm6lP0;=byDs(@9qgV;m86BlJ2r zywKP-I3ty*ritF~ThiF(JMMM{-c1S|^*EjvHv zFnvKz^WIaP|Ba?BGIhSzK4)rm`JL0J^^~D=-bQ{1`1e$AW?iqlT)Iu%-N}=6nxFQd zi)i^h9Sv`A_m4{{fNQ*VpJ!_xJDgNH&sq=9JDTyeq*6oAUh8hJb_aW7)M8hT-)Lir zDQR<^KOFspZVO&mmOPJRN{!yI0N~TNY2TisF4sP#T3^DgeU5H)+I9AQ*8i>_T`oEB zT}O+;&{v)AvUp=KysKs$Sl?JIQ!()oY zArBF#o7(aP*doEti;Y%>jQE?&{@WQm!brek-p!J*mHvb8IdKdgcr|-u=?S(6f;QbL3KyW)-skmG?c=IX3bvy`X(wcRX8rRiuUAfBKRf7~UZBp1dM@*ZLhrdLJI8-Shjt zB6es>V?x)Y-*iOfrP~{w85IXRvqpmQ?+1`+Gk<^LcJB)mf&xz7g`M)EZ{!R#=gkQ_cXQ2S&$K^%zWi&w8 zZ+}Pc0~%oc+b{38R=a|_*NjZsehua8E1m1{CMI;c;rVyPXkx*N?AuC;$XYYe>A}av zsQ<-(I10W#+`y;jo6~!ZkDuE$$3O>(=U{>mW5SpJ7#m6sl0$XUp~ULxEH%$eOJw_3 zBzN4e^&b|AKwd$(D|9&KIJ+3ogTa$7m*o${Fi6LIdgXxC?S@ ziD-RN6j(QvxdLVY@%8a*Kh(&74Oz3q&9DhgT&BD$4=C{dT*0CNHgqCiWu;cznO_Gy z%Ojkqro!%C{3BKalNI2hG3${D4!cotR4h?~WZ`80kDAsqHv; zrIH1<3gjJETz*UMGIzeW+fE_`oYwGt{L6bDY%g}VunP(w?vQEl)+;jTWHieMT~{Sv zH?wROE1rRXC95g5tDrXdxU<=`4e#yDo{!tq>7UB}e#eEShG=QRx3^o>P@3KDvvK}^ z_ehk;_^w&vNT~tF&7a!{Q>4y=!g{~GLAf2Dyv}*J1{SaK|bx$JFaYZIAe7img{(EwXpXYxXY~^Ms^fKA# z@Vp+_n#&rlr+u+V9b5*L@-^{B{u)4uvp z2Bm#-U&~DNu{O|(UI`A+iTnI^-0YE!w_3>vviR|Mfh4$<#LHNSt$9eyQ zQrGK&L8aJNqn}%;J(te2VnX@ulfEu!A`cMprTuWesfC(#x5cmPur7J8TghV%&n9l` zL18sMTO)AzZ`N9(0p)5}*~GQS6nUMlzerlU<__D%Z2kOCdlb9(G7W4S94u_{grBRg`ygL;a0hkH1_z zI8u>`QQR8^Dw5>n|B9`Glc6(pU1^Gltg=?Zd0{}uyKg#aj9#GXkEEnQsH&K?~uOVAjJHq(TiMfmpth0xYXeOmA*7OSk2L^iKnEmx`G5K{xo^ingQ@hB+>rC{&SIz5rU;Uj$l>b z?|i+;C*|Mc8s4#wP=;4mUrF=bWDK7+fKt?f>~doNkZp3obCA-1XwogRuDdak0)9 z&iIm}r^nk0Sl+hv{w<(08Lq_0#$#k=$c<>mk__A>^4^nP?X_e~xoL4ij zjzU{q?Q4%Vp6jyjdC%%yUH&`QO}?a0#mpNFeY> zn$-O_nC;zxxZeqf54G?>{KyZmAkmt7_U!7!bvAAxm zx!w+?H$ZcpT0Pqt4m8q1;i=e>rn$6A&rw7V7i8l`tn4fx!P|=1I*kAr!x^bEA#~(+ zvtJ=qIgoT5>l`&kZ~+D)VZt=;K*W4bgc}it=pWgV=>JHetXUF4f#B#n#+AuA?-nni zLAuGI>7~UWa_i7}PF;j1fgiNV4NhBTn?Ix-jSF1TO7w^AGw~2ASW;dcK4iKL3Yt>m0R`U}y<2V~56hq~A3!{Wl z1~?2DDseVZaM^4RmDCLarVIfH*h%Mii!O{@TgZA>%3jXLG{IySHnSAoofIJR>6M@A zdL-EJ*s2R_8GUNE6f||K)qh_4ca)#MFt06d{=9Y(SyJl~xa+@iescV1x?K2sk$jn# zgq)wMpctWw20BPnb9_s3=c@nybYj;>N{_3b=7BdJ8p{fk?fRQC?6RyesBUJ%k)IZJ z>6MsCu5?U|e^{Fy%0#njE4b9(4?9obDzJ-x48dQ>O)yHe%0>QLLBEt%B^4Ar#=tlb zJk@S87chBTQuai(ROLH9N@TwBGM!DJjj&ul7S)d;_fdgE&Il!qQl*BzoN!t2DdwCO z7#~M^MX>@iWxHhwc&$}$o@K<6jL^W1^fSv%uTe63xmCGZw;6mWUHvNBBdbtU(?94Z;l7>^`T)D zJ0GRrDkOn~9G)=bmxUdUmmlim&~;j^3@TNwzZo?7zkt#OBkbm^s=e!|syHDbI!Fs;>Pkg-q?pKjc^%KtARqJMu z7*w%HzCt{0K|Xd)f+++X8RHZ0^^ZW)_3#RIZ)@yu3$hE|9vEw)>XV^qm$urTL8Sk( z)OE;tn*Fqv8Dx;DfHC7K(?tKv?p~|04Z_ie$(AMx$!_feTx%|dNxt&Ct}5DV+sf#W z!&4-t+vQWT0sSj)OmWSmL0ES!H4jNZZr9e=O!;MXx4?c_HoA>!Y zGU7t;uXpL&ZudxS_PvO=$F!_nNQU=0AJV1JZUpuCc;`-@f4i0<=}&C``>Cu+ua|;Z zgvBERtSp%FNBpO=*-+=LUtJxbn;E``uN?iNr8~CUj0isGWZ0zXPc{Wa$Riyr>yIZ|J>9;v#W(FA0w$Z91IPNpJ0dq(Sil0>h5G6ptivRqgjdHT1EE=X*LFEV%qc@fT8~b*qDO z|Mce0`ajw-NTGw`KkDOgu)1s$s3HS35^)lX;&F(OL($gnzl$j4-RMxrZulSU2yDX2 zCW@O;r~p-oRI*s`TaaKl2=z#dZ)}jXqt8Jwm29#u-z7_2->~p%rpKMfZ3rcUNy@jx zG6?+udDXh=d0Y;o-B^9aieHadBaO)O0)q+l>o)PjIMMBV?)>)%ZEeKHWiqRS`O4Hj z!xwv_0q}?JEpNcGcCgOFK)Uox& zWZSbx*A@E|kN;+^=gnqi#H3DSr9z325gXD#I*Jh+C=fAF)|XK)+zHwV;ZxC<`5FIB zOg6C1xP`ws{#&0MnHn(weKey-nDZ%uP6}Jw3}TQZth$QAO}11Kuv$jLkU<-D%93ex_>qvh+KDHEi~6R zIm_-$4;^mdkDR!pfhHF~{I9nYqrgmP4Qy>#R7r+1QHBB}eA{y`Q)J$AFz(V< zQ_}Z}W=R5|-TMh$9ZbI0OQ(B@9SCk04YLC;ar}-m?n!YKBtpeQ z>sII|iC%x|fw~Abc9ZRS?`+Qrbj5Dhal~hBk)LPpLKPYfiBKUiYWAh;J>IYVl~Y1+ z-Tuog{_NfN(Js=fS;`S|Sk!e>8}c>6yKw;E{c*eEXqR@BY*~<4WcHCz_|Sb;6E$JE zl|P-9*QAG9L_rAcxZ!fF;~sS}N_Oeqx0GW&shh zU)_tn4-PX2*S)i~yk%BIgy{1fq)$m*HBa*?J%94Z9+TwJbhvS2c}v6O8<)yA>wcTe z6s*9&2lfU)U2eMnN&)~F#kRiz=g|tBz{byuzAylg%66JyCb5|46Vdv=}q z^7AX9nfw**!WV~Ou|2!r+g5sBs~Eqd34IhjIJTcdcWJc^$)@>K3smx(DN>CJN-U^w zctuc0rqr2QnA@^Rfg0tOUKvNdZi;oF^(S3BCh;*Bgn!WG|8b!!;p~RPh}Vg@*C*%3 zqbYPkW2*?p*SFUHd%N3I&nXT{q+xaKM#2nVs2b5((8b{Ht_b0WYE_X2tubRXfFdH) zoNQ2F;nF{K6->Ao@9IbUR=>4X&yuWs+VNWRE{|40zA@zg)@7R!*W~u(;u_cQS~?y+ zQrpe_uxiGV>AFxJ79;4DwvKRTZG;#KpTi0Z6+k6!hRBoi)P5X~Gg8z}lM~b*UGvk~ z(|5O1GAhsOte&lP{VmSF8_jUTvQasD#qIU)+XLz2?>zbf-bh!U!mA&VU4r11+3#iQ z`NoQP^m!UZ<~X1BID#Gt$GX%ba%-E@h*|Qi4fRVfMcfl_Yy`8>z?X0PLuxG@Z)bry zZwfNmQcZPxGwby?dma?iirtDrtxIwAt{)G-_o%Vs(?^IkvI9EI<2`8bj5dhiWGUmzew?=R=jLWOUgQ}iVB|t z|EQs!(~YIWzTG=Gy^iBuE#@vgKlkN7=W?IKU$f-Qt}w;Ov!LOoI{mY&e^Qgg8Df*f8NhXd z!=xaHQ^gMv&mcGY=8$L}hd5}YYJ~Dsx{&wKa2MgmiYxXx>$9_N4heV<&#hE z1_=={@vP4bH)WU&q}DD-UOi{x-fA_MItPJWCs|uxRYPP}jTsl`Wwn~-RGc{*?$>3Z zVSI=AEVzg%_1;NBs>Vm-{-(ImmlH>ni@T~euHJRK!_KpW>BehBwX>2=?GDUSnJ=Ae z$Z1TYqp9L0ia|$(Qk6I;UPy+QOb5s!#lVf=c++KdD6m^8F@{lCUO5pQRB-i1>Axc7+DFyFN#TG8#WLIT*#BH$*8(xc z{!*?*B3M^B-@oFSBRUN^UPl#|IA82$YpVsBUSr8IThgyIrU>QN~)O8 z2&p&;YtZ+^X+?HTPmMy^?5x|>fWIN9INN-Wj3i!Sr?p{&Dl9MVNINUlXt-?JyxYqI zadIzoh$GnOV6?(zu?t1*nYIr!=1*K1VAeM6$?-dBD_RXD=|oLuIW!!{ync5h%z52c zCm*=ReF1xZu_8i=_=MWxnaO;jSZxK{tUjOy&yWw;{pnV(Tb_ScyQCmxa<{gIcY+v>a!@Mc&0;1Io3vEKwU@L#B-DvbuZ#~k->yw|_ z5)oZ5y5Px{#6T0n-g*JHQ+G+?=-)fx2u4ZpbrJ0}*63?HjjH0k zpiHz7{qy!MF17n1AswtFryW=a1j~A|SloQbCXGolk#aBjbe$Lcs(6#2Qel`8@KY&D zr#uLksdpALm2vnI|D&gYFtZ^oXu(CbAthda$+|uZ)iPq#bMKqVcN)bg70+9%o$hh8 z@7{~BZINT$CbrOfpB-DROiw|NZK=EyoE8HZ_g@*HOQm->Ve--$M@qgy_k4@a@@wb< z8WH)FYVIxNBTRiTrb7Jw<$tDw2=g9Tq>v9f8{N%HRfE?Xhom5gSp(UpEf+ za3RBS2wEOAUy^lO{x-M@>{U5JFIHFIG+MhY-C32wR2j4`+=Psp!}CyAW6Y?Dwdl&X ztksOTK$SfVy3PGit(cy1r;zL|8GM$H&@!FFNZ(l~c^5BSoS z7J-Q8G0=_^dN05(D|Q=QsH{vJhw}rJ@BX_*EQCLdAM?k8P0SaPA755WUAlsP7~q%` z3voegVuE#sQ+NPqJTTimm-QvajIeB`^g#{adAxH#Q*#97&wO>bt|pVG%a`~HQ);A4)JA^%K>w1(bQD~p;5f$ zKZP7TQVtFEH&E_bBfi$B+Tow~?9lS=iBstv8GR;$I?d&tWc8ew_;)?3nXdPa3=AVV zT#Ib2jN6B~_I*waJ#%y_v~#QNg9=FEjw6XmD%3%Vve#iXoLM8K73zJX>C5d>GJT;% z`MB7&5v!)y+!ufNzagbVNXz{-`IRwaM6$Hx7TbnikTN;MVtzL)cdLQQu$-0)C8@yJ zy=4zm3SMyGlua3$)h^+z49VfQ=Egyvp&&X7mUSA|!(VxrP{ge(y(3cE4K!fcE@&rX zfVUVJwOlE?4233+C|VQ~UH#E>mdN?;lx_?TR@_D`OiuUY83&pW^F$h~I%9LexngxZ zRZ2_RZA#Fsi9Xi~GB#td9JtMO8YS@c4lRC<(AC4N1rb^WPZ{b1sZP z1*ep8{g5XVdm6_!(CXjMt|L?~^y&@G4FmW>&N!pl?LedSfU^4bYB4QWu2u^Me$hWT z8GR*dl*Y=Vg5DQz80S8uIaqSPwDDl)JO|I-9X_GTHlOqt&F5x$dCJ8i=&I^R#%`^hLel+Wx%M%`W7z26IjP)DpB z$EkHDWGHR4MO%bpYmI`g)b3sW*jPc}p{Qe%Q&dOk<|A{+NP`Vxy=5^C;BcWZlrv}l z7{*kZ7qwzgSGz~G1SoHWyLie2u-f<&4OOVn;=O$!Oi6A5dJN?dOp_3dAM>@pV0Xzm zFc6Vgv&0df@tVds3+{ENh249h6Ua}k3F@h*2r%FX-M}QkL=ic8nf?c!L4Dw`HPM0$ zMOFaDY=dJ+pWmd>E{>`A_AJ&CH$F0>NwKz#kv#TM1ZKRo|0grOM)C+p^#cx}$Q$qB ztA=De7`BN|@mwr3reww4hF@LKsB6Q>DKR^4c^1mt_3*gi9GN@xD#XQ@t--B1DVmz@ zjY#e6^4bmGYh7T>2ON}(6Co{@yy11tzlBiyWijot$CmP7U`1V_Wyg+3=P}ZnA`7mD zp!EjUE-r%HT{$dD2D}%`H+CGIS7f2ZIxPapX!r257AIA=aFv|=pY;-23d+pIy^DFZ zs?vBk^|)4e0jn-%ebBe0C;TYyuQX0BHWC79#dEJ2^kPAN8!V0_hbgd=%I=e{Q+%I` zkrHJpyyd=ky9mS|6H#-8DxZz6+WSYPTSM*E(H8iY#n|#UVo}@SS@`wJWJXSnm5nm3 z&=jeEo=I68m~tLGqAhBKZkaVvTUdZ2MYR>!#rQHso8yaufe99mq-%-D;Cu=9Fh5*d2lH48?i&1)a$hNz zI`xi=Wm~qKb+HC!iLyhp7CKGq+~ldN1?dPamTNl_H8Byckov(MFgx95HDdG2oU0yEVQa;w-`=-{e9R?@sBBe)>%P4&zgc?9LCP6j1wALaZi z5FxFR1yat`<}C5-BE(W>#@wNi|{uG8cV;Db9_w{lT4%I@^=oO(Atfi#e};3%DQ2&t*c65AW?Q(kN)c~>}pqmSA|ts};q zYVif=#mnKLdV#m^2Sv~<04-sU0AI)2Kz_-9pGlhj47#jYy}nn^ppK9-lfjmuhSc9q zR^17-#3_5xY6s1Rge2jjP9`hHokJ|d48GzYuaTSj%B7RJ^avkA>6#*r0p+{$fCk#_ zB`peQ>oX2i9)t+1w%;k{#LdI+tpr)#8QgkmKN(|h^^g_RSah)YjzWJQ7-ook&XPw$ zQIk_RdhXDMi{~;+W1GYB!Gxdo700)H2r!oHqo_~zxWm!N$wV^>9lSr{FqRT(#Qv2_ zjc!)rhjDzXU?V5$Bf9Hr44G8rCq=?9-GNSy`>DK4rllEn3M6WAqRFdHq1R??=+K<_ zj1*miGQXANpsL!}MaI`=(Lsz#vWQ-N&4W-i<+0s`2i>4f8Ft&eyaTbf?C9xyL#i}S zWBxzXtFF{N0XdmI-^=6YLru;7E0WVg=Z!(BEAtux8RaIGV2+KNR94yhTh3~uVsm`_ zLQHu%SuBGljOp<0DZ4%{8kl3O;X+lZRnWSGXd-K4#{g>%?L%T#HQn9_yH{xekE(E; z&~(-w5&j`E4q`;ejDs%XeC2GaiSBiiCJRBZtq33YN-Dh_HC>|GD$?U^Du-PY^5KUn z@a9&T-`(8yr#ii^ZZ-kp;9tmW9_(>4G{VjAsy8G4Trrp79?^cD1!2$bd^7xX;d(iO zKs{;ig?REdO&Rsu3tIIj^tQ#S-Aj>Kjy$~w5cit*qOxpdLE2jDJ7PM%P3w)Q_|F^x zy{pT74jcRpxe2NvJ8mW6_=Ay3>F!=B6F-AkjYx;MMK#aAh`N7aUlS716*D2G?BS(p zRn77x<$7y*#mpWk=RnJN_*88Se_f&pLEW$E9%gG<%dY=sDo50#f?J$8;BHX^{NIR7 zfphHrCwr*p;&uBmTyiOD(U^e%5ra6j7ArEpRpB<0av1)GB}r-?Z|;HFMj>x6;^RR1 zgFwTJpL_j`LA&Awp?k~oUGCe4ta5r4@5!&OuCFeyEQxN?^yb>6+cA(;+1dq9;6hre z3Lg)fTG$&>*Pn+7CLPI>-MnRQ)fo*M#2h(2>-loWiSXtPYU2#xKweVMl}hQ4%GR)( zG-79M_szcPh(Ty%jDD7znVGq;mic$@Pu04R60WdxUkTFNvPdRp$s2{zeQHoFAO@dB zYtY~Sa?4Hs+t?}9*=hXa@gvQToWn;Bn;7V)*M7wa#TE^e(-2|2Zy%*V!Hp*V1J1C= z`x6=FL^;GaEi@kVA%5|cEa}Vr*Bn>}6A{8lK|wLrN&pUkvLBp@`LF-s+P%$gJck78 zY%5ur^}D~$otDA2lDW|3BwO%3r~syWE*W1e`V6eYym`~6R%pEtXkf+F8{@6^PoDg? z9(5v$^u~H%Bk1{^N!H@uK6uJ(83imhv%OhI zGmtGT#hjliYXn=t01zEa`735?w&>5BxMI$egWIo*-ZCmp)iq6AYCeZ^l#*@DIdm!~ zKZ)lQ)xR-x&Mb0k7V4=+n9_zaFf=4)p8fv5m~&J7woO^yq;ilnYFoI_UnYgfEgl{m zXeg2Lxb1@5>sIHPF7@=F-7kbtD3s?_O=WfUov@9KjXIMq%;rq9e!Z#G@%m&>;PEce z9b8=4(?~`o9h)wn_wmHUc$O}@`mNQXVvOFD@DYV+5?cOTX(z;-8@$J}K&B_)Xg07Q zxYK9LNLTj`zzI=f*l4Nb;<8oTn@|vPw!Ywt3a*!rI6Feq=3B|hea?8>zzW(Tz_ouW z5BR>uvNf#C1_CJ6K0>tzo$hCth4`;eltmDbp3O8^@aWf_?UsbXPZ3zT;nIGKfb%~6 z6T>+c*Ud)F{x9d-;z1|7{s$|XIbfHoi&MgfZ{*rs7ruVGM?`euX6u9#Upa9W6Xw0f z+OQ`~O--Ff?XIMxG1WPjNV4d^`a$K<`WWmo?s5J!OtB*CKqkaJq+*o@bJkB7yuy#} zd9(aJ0eNWB?UUp`Ha{t@8Zm~$aAK|Cjn=) zu-)|%_qEdA0(5o4W75lc)Pi%S3_Y+pqsmP9fuzHp^1NzX3G{_x@Y~gB^E{g9=zLVO8l>%gw}!t8ENa!i+;TK;F?FW}Zr*5^ zURNjSCwV3GM<4XvyjQfX`E4~w&10G4nZaMINit`rtNBhHX+3@$tZ(Mq-TS|=>cYSO zgxf@fwwbg}m*9(zT>n)WA!59M-|Y-3k-xt#yoLwxc0x*DPw)tIUks86^z2`t%+4w? zRt{0P>sS#mbY;dahS6gHp1~Km`Zs%Z1zLZpQS0<>gF#Obq*g^r`h$zLRpvZ%gNY37 zH#sBSx?|L6p_sxpQE47rWMX19^7yD{JMeJpc=7tpG)v6WgUx1ascu{*Op9$he`GAQ zm=YBqYtrW#Kl{4$OmS=9wwD+g3 zSoR-l()O(Q+3>^GB;(Bn>iX4D4xX`y2CJ>(XXJwh{j&WZ_s1hoyb zr=2cY9*fep!zWA9JHdfL*FEJ-uBWuL;wb8v=h=t7FWbwF&8^NfsCJeMb~w<9W`6UR ztMt>m^+}Eefmgk&W`64(w59>ur*LGg$zx``up`o=1R4RucE2CtO6oNHrcEBdHeMAv z`JFCjoMYA}8+9w%79)@}dUZxI40lu6qOfWvx2PzMWNU;QDR}Q`9=G}QZ!&K*LzZ4j ztXexu5j2rewsyxK#VW$XGk3H#xw@QT<|<@z$C{YIyl?uHRS8m_m@VWJ?!Vaej!{ta zaNlD)w&)`bIb5YYaYB7GFgnN0gp_;*el*~2B$P?;$}>yIw~cVYH(uLoW1VUNUIT3&;eH{&U1XV^_JcmSNT`#e~Ylr26>T*5@)b^9AE+MRE=p*#gf0?;2_UQO*q zD|6jX>5J4WK758oi1F5H&g-xA9Ju3sCT_OuEvDpR+w1ImU*J4_r4P?*-3dA8!|I2B zzDDttI%!TXn$rop&%XhL{b5!4GLN5tLnDw$Qld<__JRrn%%Ftb_DAeVp_{9dWF@`DX*~c-vB8g2%6#eT@|0{PctvaLyC`nMqQ( z9sRq{Sc?s>ITmZGiK-6qa~=2glB~=|Z%Wx-aEdUzYl)N&9(;Y^8uz#D;!k=oFnc4u zm-dxwz%)M4J)`l?{-mk85i@c?^C+vB3~_j{5XV8~cV;a%G7Nt<^(4h?gj-4l( z=PFU)K_CF|X~^GA!)5|fdQrRW?ql>>NOw03rt?z1suU~G7gMIOeSH=j(fLPQ9p!gE zc`SRjiHR`{{WBuA#m)IFld6pJxdCNwBEFH?n&@i8sEBEB@K~XIv)zbez@Ci7<~=*6 zZDAjRCvy(EmZ?H){|=sSVW$RYpE=hcpiBa{++ogYz!u&BeyZOAo{1&+VfsQH{v>Gr zdxyT3QMcd3FVE{c%J3Xbb#Q*NQKet~UXmccC=+sR zqXr~|Wyz%q-VqV~tn`)!Qwc@eFU=jROAr0uvC>aY`-)V!z9iYNT>OFdbMlv=K@ig zmU!?XQ6|TvIYigdDh}-65OLq+#U3rT)a1cu`dXM-%12p(U-*U#b1&U$JJ)qN+-4h% z&c1>tY>L_WlAZpQpK0h2I?4Mw&U~1|;tQd6TZQjQ(L3B?Vh^ezH+i(j(noVE3xDdNZW!%7e8ARHP5S%)}>~xjQSI=(|GD3 zS>q0mWs-0m zm-b1_UO47F;^P$9YbEkwu*XimzNGaWiS=Fgm9@vCOoF8jtp(uErhRMcnq~$+q%J}B zoxpglHou86peJ^hJ=wQ@!!OMp;JslKjhN~@p5$(gPqnDTai5bn5s5|Q2C{Wj;?X0r8|r+j1`)&#RE=Eeg6-cBZ1 z$O9x!yYk-CA-pd;Nq2&n?Owk@O{7WrY|oQHTFhCQIm2Sp+$TCNXD7*=+E!hAWKU22 z{(Ud|2p1R3Sf13!#oG2x34?`3-z?cH_?s_GWA}YFdWPa&y;0N%Oo6Zy(^A?jQ@rA3Kp=0%CV#Hp^lguX0LzG+;ZZ(?)i~h$N80@NDCO= zGSjFl$$8(C$F}T=4sVSJ-qNf$TEF&nZ#--KeG(!eMMbON6i!e7Smuu3es~lVQ@_Ho zfi~{dxw(PXyYGd0wbJKCcm{rx=g|PbOMU%%!{+jEdIPbhcmn_s`K#7gw~gQd(KA3K z@Pk2N82r@ELs+mG+O>PN>rcVhxuV00WKy%t@|50G#gtpu#&0EiQJ?u=V-&7F5_2 z^ZgoVsNp$HnUdW)|LfTE(e*+8b^;TI#5-=iWXKk7zb7XR9uS)!v z6}SHo!vdL7($_~t)_*Tz8gXnn=U{5E1;@+)-5v3pwMJ`e>#=@oqJPAjrXpAfcJyKq z1zLx_MF3oFB_-^dW2=NyK`!!v5GWSFIy4JZfJA=Mh9e(Ig#%Z@Ch( zft^k4vRJExlIv9X(|7EkAQ3QCng_tcKDWA=$ zs!zHvfvg~076_mbT4NPi2?`%Q|mamb?jx3h$`#)8ZI368_8;MOPUrVEiHvoQfN8^3fd>N(}$LOP3z z`M(IRvg`+%Hj)oSkJxg0D0A*37c^Y81APrvmejpJwWcakXvT-`l#|=(+Gl*Y%!GsSqyN9M%Mf8EY`y@vso3v*F0i7&?JO@vVzqzD}aT9r}EQAyLVe1 zqofxAz=q2P0hJO7Dc8idfAR=MVn}{o&K%pqt^#%zd(My0$GxrjMzRSGRCY6m_KEjC zCeRKqyzF<|Mw?a6h_iZaC9Lz28N0CArJz7W+8-5zq(Gers~H%JVpz& z2*q0!1UtXs5I$`1`;nqhv^PH)UmunR)X5^k8 znTn}PLY!vxr&PX2QmWu-yRTnAms*L;QNHq9V%NWf$rE_3zgFa={;;9lSfsnWvCX(* z;(dkmopq0~yTY_7Mw6luwR5zcg(Dw(TV9)v@kv*$C*vGwwK$o7T=HN|g6m}1MMVcS zw>@=npdywPFDEt59Pm16k5i0a&Y(;b3_gtgVZL3M)rgufMP>&Vmf`)n`0MH_O6}V~ zv#9jxFL_=|dxy#^VF5G;Q$TJ1ERkI7zZ(0R%`x}!uTjVa4~Aw=3k!*>%#skVrDp{p z?JZ(;=A*e1KV^^S8x+Z^Dl5DH=Bt?cSE%3dwOT7}PbstfM!+QsW(K@?`KwB|OO4sS zrjWE!hOV=Ju=(fH&X8}>SmUhxb_?F5 zAOHlou$-T{JUiAph=~=cZKSTZ!sgiG<|**U%)o-rUi+_S3G`ef$!Z0=d{HrW<8)@9 zstVR)m&3t{NE)^GV9qU(EFu@g#>T)O4Dt}FU6{aEL)n8l4l zhg**>PgZC=65G$;-EDgio0$G%b+y@sK?%=D;=_w;6W^`b+PNX@HEURCCZiW!TX70~ zWqiJuAn-Hy9Mi3pUhU0b30RwwKiV{vcyqi35BV+LI@fyM?SJqH%ZM%Z1Ty)~yPLfv zASSY(sJx?fvMjRw&-9*3V+g(WygqBGBBk=G*fNxy3EP%2yv936*jDqEbzuAY}tXB%?@=G zEap*weL{pKHgdqda%yt|CKM@-I&WlujhXC`jQ&-i%(UvU%@ z%!M`G#2UE5k+r&)IfI?Kv&dIa*F48AoSVcz-c}KtSu5~S8658%ec5-zdxmk`b8b9h z2?}p~TMAPm z(?vn=$I5E6TlJXoO%=xXY?|H78DPqCKzYcXN9_$;iPu6};~DFh9n*$dYo(9SHM^lV z=O)Br_sI8fM>T`JOuBX0){wW^@iG%hN50kt6_0XR#y@c_pJKUrjH5|EZT?BTd^FHd z8Uo2wVs5ylr{^Z1g6M$Q?cQm+0I!|wZ?M#8bO+>2&EFF91JlSF^ne_etS@s0J2S3H z-Z0}MTnt{yj}=5=)7kY(o=_HNqW^gLxfJMReXrgxv7>Q5LlTjgu)~{9wzk&xZXk0} zZuc#0*~2WY>~3ZP?(Dldd1FLp%DX@Rrpp68)=v#|&o_QmE0)|2Ahk_1kh<_yLnbqIx$iHx>b7FSjz&6@NaHEs^=(c*O?0%%1{) z&3nS2O~wd=$XKPP`g&vrA|! ze`}ZdP6YpS9}oh6kTa~s8yUtN-L5Fza9abr^T;IL=fP7mR_uA5fx8qyh~V1IM66BX za=UPv-JG4(V}QN%U1(O10R|pD?D$DG5|Wa|6%WB1|3@CjC`APVQ4pYRX5Op*lKRjm z{#R;rouNwJ6#~B!;bv{y+o7YD=~kFawaFFea~6eI+V{Txd)g{!=jttY6~Sm5I(1v3z2J{8%*pH$?JxFi8yt!S!Zt~7snz=0V3w^AFXbT)5pxT`?y88DnQ=l6 z4uJi?QFAlB^YX%6)Ghk{XsA@zd83=j<;v`M56_AUyFBP1GiZ2sI1?v{ zN!o6PPO1%aGfiPh>B9%;^JIow@)3fO&7e%HjI7ju=1 zXFnH9wmaqdvroh|5rD7z+a@s=fJb=&$~y@71Ba>*7nphY_)%F(b6XbOW}rM7R?nKg zS9$SA%Q%lY<6=23G++3_c#%hnDd1m-n}DgM?gyD*%vI7O5v!#(8<7U6+@+f_Ck|bm zt!*Qe-YWQu8eNleShAKFGqbr!VRGeJ%wvAp^0do(ByGx<;8vq9iw-+P{i;4Hug${$ zIGVuks42lrdRu(xlL(W&rnL3HA5qXxO=YR1v7M%G0f3n`Pobbk`&C%Hb_PrT+Z6%# zJJ|9E30zNvNbNX>bnJ>Fd7rK~pkQrTt{n?gG}vXZhpFAX-9QPS>jfVh}KuVY5 zq_WDqLj!`*Qs+-kHboYBcCNh7hD`#GC~bihi|dDkOw&ha^##Y4PG-a;&CXA1Z1~^3 z>ZY+cc5g;iW`0?LNB{nb74;hYzrXz!ItZ%0Xr3hhDf1`kaly6k!K#RUh}F~AJ}cTl zL|iK5eGhi3ir*L(Hk2C}1llgax~k9DyKHARlG&M(8BFH5`kD)6VwC{}#+zja{D#m!U` zuAI=z0krV|LbtxKmJ~SiX4*E+Z9Zk}D6Y%KYST%MZvpF(A10w8prXgv-?TH$ey1+u z+Y<<2){MXMoFXGENC*#Hd8^u_!JTAgXm17`lnF6^n>nW5NYOgkG%%R*U%TA_2^ z_xf)1*lMe}(Jga50M7qBsXrSAO~OWrOFcgQYSp*c3hx0`<= z>tHL{Ij)^135=lqxtMLnr+!QoF%A98w_ulmg~E8sEKE{ph!JuZ3rsGb<`So??V5Xi zq``=dmIb%NOC{$J*sZ&0;fKM^>UVaKJS~btz=XJB9mv1==7_Xgad%}v$9;pTIJL>v zoB39v1($DF4sxg{cJoxg$Lo4T2E>7~^0b%Y#_r!Vk-2Yjb~y@YLw;i=~jujD|R$AHjEqm^!i|%-8Qc!>lwheNGIHKW(-gg1y^z z%Is;)nw`eShA(?4J36~jB zQPi0a$RKQN3TzOCcmN>sNX-;7zY`|+fCXp?xzC~m0qWqzVz^rh+`n>LJkLyPptPk~ zwxb*IdbqV#E)W4KHn{dfMljEQQxIxyuzXca&cEr(ARmf=1KCQ2BMj7D7$oF3r}_mb z#*mqGcTR-XM}=l`#xP3knv6fN({V$cB>Wc*nJ}>EJ0lf3PxpwsfHB-nfyoN!`_p{ z9cTH@vY2Rm_ro9I$t%^BSUNJhZ=bN&A7^5?zCRU*p|SvnI@GT*bFgDP$B2#wkkpq}^rG8XjX+x2ArCnNPl`0+(+Q`(~cokKg$vF{e z&+w2j(R}gV_j1ke6BtMq8LB?CfGbI>s&Y*Z%K^0?A&irxF$Vgv8GNPpyBjTNAI+8m zs9p?zaQs+XbV$@dxld_HUbm!XT`#w+}| z!=%&hD?oO~RNeZEQa9k+uGK^1ZQlkG)FHu$>f=DFv*+`xdBF6=sMBcI=wT57qqg={ z?G0}T+nyK2-u6o)*MW16PgcATc%J%2zCXTrpTX!T#dP>ix;|v$vB6ioqf+uq0TN-> zgmihL??+Xs%=L0oAelXt);B!kqP=gRVErdnQWHD~80p)7gOSc#WC)J`~MoqR* zx@xSbaGvqKuY!iRM%*oAh*Vv-_pyrRq!u4Lnj3!57%p#3W|hMeywfSaYDOv<@py}CxpZSwQS@3G6R5J_gRV{6lB59D88)wAce*f2c$BW# z3nu1QYUscVrN1Q>w6u%%mwO!@1^ZT(2z z7Pr@9S#p6Qx+z z;@I#|`TfS`2f=>IOrJLt7Bt%CY{*DGOME7{$U5r8jCF1|QR;=9=4ra2t3D>5KJxX3wPpDd#-8(22n>BW>!$Zo#Kd_PqUSIkmr)m>R;wwLWijU3rU&(R{MjNX< z^8dHLJcNxqCM`eWHLJHSl{NZNK4QMRvT`&Wonp6!!%Pw0%rCvDa819@m(q3rC-cat z&Dt|Q`!+?QACt;KlI2svnD@Hj(5-1D-tzU_<+MpEXI;lHKg4QIJ7dosb-`j`BA1>Q zahlI+daV;&m4}*5F##+UE=8da@c`VdmV<_07Ws4~xCH`6%UrD8o~AQ&XWF>haV3-* zC#07{DM14Y%xns{|BO}F@Ve&r`RtHcAM()`KA_T?ht8yu!R%`zwXX<(kK-P6J#nFG zd?iN}QG%CH*mk+DT;gPgr-3>u$e1h#K2>@yr=r5s#blmItMgMfK&YrDV8hu)UZDaA z1S$mt3gWV9txQFi3_gT7Etg@A55cS;7Ulc;5FMqPk9W$0%yRcFstq51jeCLLd7JnK(Ogs%u}`-^g~|l6q-@ z<)BESZ~;?DBywsh*BfEj|0s|*eVWW6WC!?EmtRD~sIx7yjElWQI}}I%TcXD|do?wF zmgIDMZ{D6A-Qj|X@XIBH7lRtD6~i24S@ng{x#K~fcfx{Bya}^2<5Tn%OFmPQ+{ah1 zNlg4FB*e;w?zw@N!K?tY%DE7E)ebwZS9crG0HN~6(|A=b+V~~;C2N{yH7y(YP`L&Z zjx}8ahVEQ)xli?!*eh{P*$K5*K1(4x@cgmbj7m&FeL|@dvmLCs zP4-<*wz@2>xajrs(RUOSKcl`$Y?K*iPlQJ|GQ9Ay$y-LhOm5&0qf0rmU93sUf;RV9 zrHDI8ei$(E*=S1fexsO#FQgu8;Fucvr}5R4ZQiHW_@#KvmXs29pIGlT6Tsj3nI<5& T9)|r>62LR1=a4!D^YH%x4Mr=a literal 0 HcmV?d00001 diff --git a/wikipiki/concurrent04.png b/wikipiki/concurrent04.png new file mode 100644 index 0000000000000000000000000000000000000000..04321dfa34845a4817769b8956ac3183b616e913 GIT binary patch literal 28727 zcmV)iK%&2iP)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z003oTNkl1GTTrS%7~2-fb3poGn2LXah(gbX1hGxI+8obMlZeU|r~ zcai|paF21Ad6#Fo&%O6^md`l{FS+EBb?esMd+)t3yzoMv=WExl6%lY^eis1&|BLwz z1Q5*c000OG6A{^pciMgqqyLvaB~trUEPlCglyE;7eas!m|2Mt}5ovv?vQ zUWtf^=zg02+7BSsE$GU%mjA%|Q%mvdcDcFjPz1zmieYOko?7bXm%nU(@rYnwv4d+4 zC?WtXA|mFeK2Nod=vNDL z61H0D+hbqs?!~@7)!jp?k*!*_s=vR#udnaE`|g`EWy*Qyo%hj?ezXJvh3Vt2L~3qe z`+#Nry~)*TeiYu@B%2%#>e$%GzJ@&;ZQ*laPws!5>*|TT==YRg^MHgLk z#1Ti_ci(+~`?r5VSL_2kj zy(<+PD@qCn5*}nm-W$5y42s4{MS%ldi zi$RQXXlJ^g=UQvpbm2&(o z3BqO#xAp=AemPP%wbEg zZa-23v2Ty*caJ9J|c1>5eqPYQdyQYNM)I7WLa0%=*}8lS)*I2 zOeuv#gbEQ@w6JEKi|A%^R5;i97;|nn4$vS#L_`FLiZYcoh?L42h$>T=Jq{rVBLaxs zTO6>u1sDJ?3^-zqvQ#x=%ZgFumx4tvtrnfcf5uDW#6`#Jyt(?$A8r24qZtAc0H6XO zL;z8M2teSUG!wW@p@sT`(Mim3FaQ9V>8k-mKm!0E1F%~eTA*+DJ#^mu_0S_zX6*F+ zANAO6adaZShN7U z^9i^$W=v)`7E-WIp`uJxotsiZ&FY_FX;-YW7-CsOlqex)3jz$F%>rN$1ZE*5voSag z5DIHq1dP&PA%xld0>I3g?YUSCO4*Zo>;VsRV3#Wk2UL+FC|T5mfN18rBQH%6&Dj4i z80nA`B*tVmYu;U|<^nW=#E{ACua^Cl1ntKh2eII*GM9}A(a4*v$GmPv*X`RDWj%IA z8#Rh%Boxtz#LQ-S2P_nc*I3xTsptuG&?4UKk@n6RX@Q+s(%ZaA6AKHVQ3(XcMNRYh zIt#n9GFqIjBZCwHfx@kMHAOsPl^tQ?9e!n70RhGPM#Wxycxut3iFaIZs7b-4WQTq6S_S(E_=P=0ZNdA%iW zO40ek(do>-Y_tnDe+mkK1_1%ib*=#bo>;f;=3AdUJB`H*fCm z??2**BksEEE~S)Lno0_S(N+z9Faray00RgE8{^Gs04!Wof$Lqa)sSH1#}7MpZPcOk z?bz;Nu{ajcLquy$%p#;w3kwp8FaV-L5Jo_9TOc9|2aI7h=m^Zr0IZo~?}>fWZi~S> zWbvjjvsf>PJB|fBqs&^!WC!`o=9CT|-PytyL4-An0dDs{_ZeLRHjxVcTF7Szh9;CP z&gcP%+tGq*61xPL-MR{UXs|<~uLuN-)1jk%V&2wd)_!-!2z33$cyrUNcSI@$*^HSZ zk)J4@C|L1`R9?sWAc+(|Cf1e_r^~moBc&3Uwl^X5P$(cESiDqh>+ixE%QaF^5J^OW z&1Y0kx1|N=fE0}hK|nDt`-ehk7EWxi0gKxpvG^}&3fNLn5Nl6F1BB5y1jM(-qQM~` zH1I4Sj6x1%3pO?iFga}@cs?D-dL3WPnnt&Kh&JeGZA#J1nzc4NU$8PkfLTzido#F_ z?ezAB94Uo@%&bU|6thNF#;O!zW61L7GHi$27ts{cg8UaWt0ns`q0Y(zw z4737bWCCQZ0g%WHne{1{5u`9NEO-TDffEw#nr#G!j8mp8{5CF{~oX$pHG^k0$%$iv-F>B2%*02#I1#VMd zHfB1o1b3-{Ol#2rSo_lWfgNi4lg80yqaq^OuLw)R!fl_68Pn-@o^(O0OKh_f8zaXTVPJ z)}RGA7RhtXCfw$1$N&1DpPzNsSyz1Ni`nSt=&{Ehd*_{Z8sH?N*f&o^07!(f(J3OD zK@4V?a|F~Z*xp6HN^O+KZOTw2Ak{!EmsFTCgULXZg%TEK&CJYNE3LI=t(aMBt$_%I z#Z%5K=81Kun6RZbeiC8xlY=7@*rl*`HO7kD^2hzZ*cb zd!JKKOmyE`@`e!r0zl5(GcZYRJ9EaEMK2VN^c#l_R<$Xao8>5G`xsOdodxU2#R7T7 z2UQS+tOG9ubP>hJGXnqzj1y^&n(bx zT9SYZ1Tp|2iLib8)@?vx4NAbyh{52o(=AND;wr!>5q1W)R%M|`@Y!R$MO57Rzh zoJU8@i4`Ct7#9<{V=HjC0ifO2|6|?r%fItAbC87}__*ZxfBtSu{K|WGnNomEv5sHk zK(#iZwM|9xCg)9y-2ejo^wYmPanbQhFIk$2$gEkj3}kwv(*&PAcAEcq&z^%5hn)g! zoV0Cs1c9QLuT1}pt;iZLSBZ>Wq^d-=gRn6!b*}9%T5C;O6Kk!B6rsUZOCS0)qDZHIHU^IfEsk1$oF&_6 z*16_f+)w6Q>n7_Qz{EAhyGxCG9-U_3>`KANPiroT6p8x|5orbzB4vHSN}QQtco!t7 z1(X1bi#Zy4lAZk~%n9hVWYHEx0JR1iE7pzz^U3O$*n_^>C-Vg678Wf@} zKAP;;n$xR1b{1Xn9!$g93{mc~j*TW3P}F@RSOq;cnvaf*KEKKM8x$atC`2+!6Cj~A zF_oL3hNE)mjBMctK5me5`FFnNe>bRk=!~rS!t;jHsvY@&1sDx*A_EAcHqJ$m?$HrF zHi}khB(tCIG;0YU>u{V@m^|e>`c~LYehPz9Fd7g=S+rCBU2_Q zirDF?MKNAV46#OajeWeO=O`>**Y4^x&@dUsSadAB>)lzbaoXsf!Vyp}kQZbxh7B+?wGHYhC z8asOyg$Zvm3sNBFJL)rN3FN;(_16LfT7*;vS^yYL7%rMQNQlg!2n86C$m^yE?CnSq zF{Bm?pBUT`cB?1y)?s0bcBUs)L-++>BeW(a5({AF zIQ5Jcx_o?@Kp5aXGnFvM*y&O8km-2rOw!G!IgJ^v+&gI*avS3$?rj-fSJliksh z0RYJYCpl40ysc@e&wgqIf~T=?o!2v($2GQQ3#Ge~s#43t$P#h2_bfE2A_Fws_F_FnWTkm(a(#`DUCT$`BtQ*y^k zY!Q~M!R-V`yA^FM`jOIdUjlTk8Nj zwkt~pGhr+8ov~2_B2ty-;l#OrAsqp&o53$PYjs7NrYArkN`WFdz7a1`vQZ4C0g3?) zx7WJ7P+7=Ca<(1D-;}^$Hd<9MM7=x3(jP>Nh$gLPEvvff11>G+3KM5JixX3?>1QFf*fb(lCP(Ve#0>CY8=FYt0hrf(G$5A}|PQ zA?rM|>qUWblQstt1xf%6&DU(!=+J`f@^W-eW{9~vWK|Y#Bv=-+6tk*Yx^1hbXYkO* zx_cq>DDtoi2y4wc*JERbS}A}?42T?YmOLs@bYuZIW*Uf=g&+9%jbHzg`M}8^`}2dR z$}!V`$HpAX!;*|R0#56yWim-A3?QsoYXn48h$29a&V-q{0cs(*_6P6z)2|Bv{K3V4 zfBqpm5v~89OFnq}5r22y!2=+|j?U{WPN|kesPo;Kmxk~D!l@Vit9$ule{t&@SHAbm zZ-4Zw%Z}T-2&t;N7sw;GoOsR+0;hcOACKF^y{NS|F?Q0JM_D_f6o8;sj7T}=sFet4 z)=ovX8UTYfgd%rS9GsbeQQAfz+Blw%2PhW~EwXYfdEMKWEcL9JShl*?^mP{)CBLkiU5*ru4g;Qlops;pKXNoETI;0kz%^0fyn|d6vF{s zic~Riy+txeR0pC}qWd^zU;Dg~C>5gQumYU$p<0#SssK!9*(&HcKHh)`$+dxPYnl8Q zZ9*~45nWuI4b@gqTuK1i10tD+f|lS>)E2N+hI}>B>2TVld4@6pgg}aj(Ec;8KylyY zz~JyqcROJ?xRfmCPUku6TV*CR4^)a6Bt$tE18YSYw8DVir#SbCH z$sdk_0K-o_HoSWE6aV?INMOwM3?x&iKol?`W(b)J;wmU4HUYrs!0TYjt|KEO{*p$X ze)8FeSNY4+#-K#V0dfHr&_WteGvq#-Qvmx1hM#;45DkaaIX4gyvx5I23ThJ3bHDiF zhc5i-$F9BY{e!sS=U@2Xkw5yvvd`{Ah7(RCBFcv@5$dp0+Jun-6e7Ii;v1G6GQ-{S z-nZWN-nt|lhh07fy5@&}cEejQyy={SW)==@5^1z%dx0P#B&>u`hyijDAk2V-P_v!n z+Ry{ESF_dr+%pgKA1=f=1*8r#T@0~cK1#?!VU9wT0wS7ql(!i&YYe7Z z#yZC-m?kJ|^(WzSO#>{M!cj;ViU?PmfLlV!R)I_?G8bdOs{^M%UN1#YOQ;!BQR1w! zh#edZ(^fzzHCVe%k;L!RSTKnnSl*tWP!VHnHw)Oy#bFFX)uh}z%Dv28;t zB!WmpyKD#5m5>_*P?vh zh`W3O0pmZ`25T*a$rg(OW;PB*VG+>Qn78B|6cM5*!UEQ>5KRoRB(CCC&yEfq&0DFP zt5RavS|iw4oXs&r>&qk%Rz@`tK;U3KTjR~GZMkcw{qCEx>y=l0rrB(ogI;;XXFl=& zT@0+>`OHJ$*sO(r0u01}T7&k~AraQOan)i}qQE@ntdKJh*Y6m<`)dw0iD=d#7u<0N zA>#TWFg#ll40ItATClmCB7vP%m&8`t7fQsz$d4Ad2@qv1o3G57H7f+64Hu9|M2JX4 zn+pU&VM2mj6o{C-6bPy;X<s>KC599fj_NL0rn@&fYaO$3MrP5(YzdhyP0SYXX@iu6 zRfOVbFiTk@f=hS#M0z=SBM(7M`DfXMU3#6+XWIN&W&HDc{C1k=-G&W3;=h=3MB zG`!rR-5Hsl5}Td{=0S-fgmDHN0(maA`z(X0^HE`Hn=k%k)_(U*-Tf~v`?NvLPk#Ec zzqstv0Pq)=efpE1z6=oGx&GmDIY94|GKnvqZ*Fy8qg)acD?d^l6VEtOpZFocMYnNJbnhMzAz;^-rfIOeGN?>TDe-NUE|iPrq!m?Mrm>hR-^y7(6xh>#w=W&Zn) zKH_~xAMr=WeD6{6d|eac2Pim+hwuI3kyqTkfoS;NFCKNp_iwr4Jx9I&`;QPl^27HY zy>P+N3l|){@cWMtt^MI~fBG$fZ=Ze4317PVIehNkFCBZramSu;+_4{c-(|mgj))$; z{ltaW{&E-*pS$ns(@(zraRTGzL0<*VX=HXinTirVj2IDryv1fBk)9(fBJ2bAw#J_; zVqnxo$Ne#A%2p&40uf)m&$4*gsi8g;>gi4~Nr(ftz<$Q&%(yau;Vj{(#iY(6YDO;= zGBV3wsk+?bTu)yE1Iu=8iGu4_i$L_R7R8I~-#AsqKZKHU&>nTHOi0_< zFL7(+>^SMARVGLMC1Km|Aw>B$rudSNJ=uj#&Qx;NYH*kae-sfK5`kS)NXj$tLn=Zz zc*hC?MrkJsl|qF`3Nz)flgN-LF(^%OK_rkOeb6T4fv3o^W^OX)taF`@>3o#)F>SC@ zHx2(@Yi-x5xQYiRzl#~{tA;{g6=L^!yGXTW&04cI>ydTNdCn#uPUrUcI?r>%<2Cd} zEy89qF|`-WADZ1Ubk1T^1UM{ccS>f>TFg0&F`egH=cdLdYg6sWd8b@_Cw$%A9fM<1 zXcouT;v!-V1hEzs7S4dG;22;AIw+nl^RBspcbwh7A z_V!_KA9eRZS0D8BaZjK0_Cjwj^!Av4_f6gX(o4?G^E}V4UC5>h8myKJ4v<-frsaR=r)=(?z{q(APy>8IUTJ`_M+Ktxz`^P=0C?md5C6nJ&i(%JgU%ua1c0BO|B<5s0N}8te|6qI z@vib8-+17Hn{NN)%niS|?1K+|_V2%U@JxU;|MZ^I|LKjlEx7esTyTbb<+k_i32VQ9 z^isI^hFcGw0kYxeUpVEX-@o+c1;>2pqksI#e_wFzYkzP#EWYyS*`SSS@03+ps)1-Q3y&k|3c`n+C{v`AMNLzP)up493KYkdW)Vp_Xpp81P}8x2#`1hr zn_#EbcF}=2k^?%HuDE1XK+%XK$U1C{#K54fEgb03Xv?Y~0*W9rWDVk6=L(S!^IU1t zxmFEi76FwZ_?p$?5tQ>h7ZzrOI z-&C7?0zd!?O^lY&Qf)y|Sv7q_{@W!NT<(8=7e57g7QX^h`pkF8T(FA=l8~|!95crk z$3_ns{w&5NdlAsNYCF-aBVVon4BdO3oc^`9&IAF(nTLGn(u6h6a&R+&g7kz)H ze>rY%1bBAMio4)n@A|MO0R6!;8)WYp@o^7Z`mOU19kAzp_K|1_y!~@$95fSP!|EUZ z6#nC_%$nUls~!ZEi*s>VBnw+d>H@qfwc?v*z>(hKm14MogoLG zd)*rcAlI?W3I$BgiQ~?iiXZ~TdO8v%H3G+G4M$aYLhRC&$t{kjNg!b^RQ3seSMY{u zDDGq3xg5&ITCL9|-uOIJW3oah%H>Pwam3?|e6!waiwX%9=x_y7ubpFdTtJQ2gfE+Ps?l@RKxA5=NI)dNmA(R2HuaNylexPjhZ_RY5A=3+LZ-$vw7$g0&?Kh9YZ6PQ?)R zVgx{K%yP){90?maYsx97++e5Hs1_5Q!5p zv}e1qXmM$*5*KW8aTSz8oJOkjaWm|hYS5IvuIU4ya|Fx?2vH%R;{*{wh5`T?a+J*p z?}p)b!>~P=0_dLlhtVsbK)R=DfeauQ$^ddfQ-2@_8^0BSoPhu!%V^4!jJk@2?(GF< zJ{%Q$_K0X;?|1*fPd{_#(2DmDmMgYEu{x(j#Yq8Xyyg6_J$}^T3*?;_{@s}f@cS1p z`_#d+N)348d0x)+VBbx|fAFvi{`&kk&x{9ngG6eO*DQS`GR|OOkhqtYskkT3@4_rv zi_SSz;teKT2-Mj_X@&wh$OkeZuEZP?OE@Y!>#I(NP9_m{iYt9k33Hk>ZFf-+RX2zl zrc}!sv`ET~1DT=hR(&87TNM@_moeLFqxY`DxOh-)nIRwP`oMCS^{yI9p6fi%^QLpp z=B7N5S&_A^bfnlTPi&bRf=~m3U72+B1XNqGmJkIP2}y$hYMo;apc<5G&MDV9X+$jo z%9cMAcI+fJuH8J>dDApYG3kW@OorwINTfhCl1V*ale{U2f@rGXB9cKrRs<%}N+Bsz zM37C2rv{CR6rjml2T&C6(Z1}VxB^VBPJ#fC79k4Ljy0Q7xh1uxp!HJdNK++;P4DmH z-f6u%y+)600>BIf0W$<5$Sltmh!_AA#zD_|0!_T+#O425yVEA005LH8Kq~@(>Yd8H z)28?L)sb9*;)Dm|ueavTjJJH?<9PjPm;Bc=)*-%n`9=TrjNhC0e$(lA-N%-%5dn~A z|NHO0Ca1k|FJl+&_1+);!-aqFlRH-Po=3d%-#_!!pRJGLdj$u*s}#o$HNd&zZO$_5 z>3hHH9Y4L~>;JRfHS@AARR9q!yypQQ#c!SUy+>G!$nf3Y`L>+A|7_;9x1Rs)4_|!E z61esB@Caksfdsu3nhIgPOJH?rI+)^;LIW(F3p9cw}VPO2rSa_dujy<%j zVH*OLrGK?Cy_!&B%L2I)8r?)Ym(+zk$D#YyV-ic}!OIR`uNgora^FH60-^Otl`&-^ z`JA2Pdd9rm;6id$W<#1>wPrQ=@MnZ!gaJVviNssC?d|NC4P>hvpz+FP)CkH8-_xvTo|UsdY2N6m8)>5l1p;740@;KD$@AE@Zx$ie<%X zSMD>t_h85Tlp`~wf$c+*LkjUQlS{#D=Vnld$;IyLK`*3~~P>!043+MiAB@0vQTtAASewEmu{ z{n^z1o`HcWJMXg70dIWtnWy*P{|&VZKl2$8zWk}*{r7zDKmFZqU;IBO9%(;&`qzIv zQ=WC$z4!6o`NI8+K7Pb?#tHlRzdL>}c=l(Pe$ZxSo_hT)Z<#4@`ezRN;Kd(0!g^Uh z_Ya>ucxFwBSx>@>azY(}Wnk{9pMU#@FFf_%%;(>+#LJfLKETI*=(3B>89e`n!(Zc2%jgEVoyEB+RS6Jm&1jL> z6n4{AvzW`lCe|1yAV)O{0&aQHnhT`~ILb5e8J%LPK>Gr=)DxWnCsDmOSA|*a>Jx*zK#cVJPYC$CJwaQ^99^qVKy2p|PXb zk~6L`r9h>;aBZlzf||?UE50z zeQ7}iN|hs}z@W6t1Ecge!H|9<0LbD@aoem)dk#M{qt0_AL`|$UYo#@kM(->%rBB?o zakH80oSRL}O;ZL=KrXf2wZ-)X*@Z=oBiI!YCMo)KLT45`+O{iSH@uVh=thL;lcttJC5;=&aTg@PBWL~1b|HXLu;6I5B}x|!#Bo;UM+teH2P&C#*u zShJbuc{A6|yqV{DZrNuV0JLjY0*AtQmtMizf!oaWkkjPq`k)>O%e-YKQLIhuEN9@XO=FO3OY^2#7$(y4(AI+Pic|K}@)4G|96eHhV z5z6EcjM8&TkGNRt3K2j|K|4dpR9Pd-8j3Q?dK%rm-Ccc+o?fN8l~SY{N+}T$&V{wH zjCDT3`KZ>T1~^5mR&99A*14?+Da%M9DNN#jsr6sy5y%-hs;NUintR3ft^1Jb?r}XVJIOiRIcF_Y5u6gpQ z-^ECC`Y9iH-JI8F-Va%5SRTzAb8I52|QMK*;L-BuXl^PZz2Qm_oM5X+G^K~3z$ap+)y zt3cZ#OR`9j4c&1|y*z6OL@km&+k`w@+?tfKvnJTfv);=Zx>Xi?g-B_%P{uW6u~qq? zLLK!&75Cb~$5ITt=)5hCb3t(tSClsN5ELk~uhABZ6=$#@)Y{aZ92?o1nW8LH4KjA8 z&EQlauIVdgW7#EOPbg)dxpNk3Yrt`CiqqQACVN++#7vF2Z%?a8d@;%nu26uxEZ?*?(34<~6ZCWc78V-4egx{N84>DrS z26V+UvANI%&ynUNu4)2NA>=35J=N3Gv*7brxEkpgwYh7NAuKi20jzkD%GiP}tx^E_ z+1)FjT=xthR!?BbK_*=kqkhFAl4Th)d!sX|o#8VsysuTFzL3bS{*LRxQ>nwpQeVZ> z@myL`QDR0?k*0@eJ2{Kb8P?p?xz2U7*=**z*=&yG`B<}=>wK)Kb>7T%$Z>SplTdNM z#`wfhQQ4?AkPAbW=s%WJ8}%^pRcE<^dA@MGaItCufM#~fM!XT=3AAn~EHRuzW2PD& zY%TXyN{Q>PD?-On!alMC%-wInPbed9Ah1o5BoW z+6V&*pa>x`urOmr2p|@y4EYBE2u)*b20`P=7ZA~&y-aAjTo5QWUu9%#H8GmXxkShs z0Z~zCVdRn$McCIVFeNbTVnjwDW^uj7Lx;(t^WQl?L#7JZvK1%*_{iGdtbOz`Q#=X) zkrbkGHRaJygs56)>G2mAQiadaYNZvknZ%o9P@MJF;>`2h+*OukW`Fm;m`2bsaB^j5 z_vQOdiY<$1w*@m`>>F-r$_PlYU3IJNJ}CPT^;NL@kRcVBDQN@rV`JVcn>U*}&vmn@ z^So(7@wsLJXBtNA;zEjuZ{5d*KGbo-Nk|%DU%g$lc7W=k5kXj33NcaN>LmJP=&Z>R zg*KuMm$)raB8oH8#5Kz;4q7O-6mxr|Cflx_JJUA&hpqBh>NUDLG-_puMt!0RRirz# zI7`QDZG-xiUI{nW*c>&9G__x>%`K4$wo|EI075xE)VK1kfl#bLTUX1LVm-7FR0avX ztYg=lGqy}141G7uV$IS5b~^3O6>TR)nM>Bp9D%l>N?zFl^T_R(Sg0ddD!v#s{9(Jw zEneo1rK4Sbmq?MD4^Zg;QIC9kJRLahL*GyN43~$vv2wyUqTn8Z%#|F|Wa|<3B zO^AnC=Z3_TbFOvXWJ_OSbo;*|5flP4aY{o`U_smb1PG99TBeC%X$AzM;KQ*G0YGc* zoW4M|l%T03h#(9^fC8G4Z1)v*ow1!8%Ot8`(6PX@V?hxR4ZbD@K%o;|$(3j|byH0+ zRGq`x?n7>-1#oryBfMwjQhPI(K_8}9l-G&i_>?9Wu$aQY>wlt45joGQ2xgKjabIp04 zYg5L9MQcl9jche2mlX)WSnNv@I*NF}G#KpiO4tWALn@i8K*UAot%lIL!40xz&y0go zxjY|<45~}yXmu5sok7WE^}JC1m7yj7UfOYKq(JnRQqkCG?v86^c9LpYOaLqUZ#%I# ziz!uY?8uhbxfL8&+aADeG|mT~QqXHl=`ln+a>FvuNWI)tV?X0c69aHDzqQ>&qF* zP2t@1NOZ+JMTCv5X}Y=*A`2+{lbk6=);=d~AegGfrrf9PGbgM8 zNf3ybO-oVJMg)n(Sto?#a+D+##wnEew-x({YP43Y>8T=dcCv_2sX%N|*W{uDNm^HX z7RPCm@%f2T6LIp|WAtWbp0okZDBHo>npNP8HLMVabNLd+NYl>rG+PDxqQjAe9>*hU zc2o%)da3<#g+K%-V*EZnVbSN+=7C_;%S>#fg- zm~CG)7h(F50T*hxN7b2qv1W)+_Ab};Z) zqe;ot-Lqv@hTFvfTPJDAIKJ8TJ5-y(2mnz^LgdA*D=Jim%o0@BMnj9cVUa!634Paf zj;KTInuO*^+rSP1x#n}&aqbG%ROBo709*Ci+d(b`2}nQaL`SO3JUT4Vr151XbcQAPkH zF2&LI2D9ZtT`gGz0MUZV@@avHwMH_nqD2Hr5S1x_AjHg|5Cv^_7XYw2ftZ31wq`=y z6djFeZCePKvoHrbk*8Y}E9wM;5~Ge|V%t-fKrRGFDjP*jghR^4K+6ruGvG=b0hE{r zVxh>!IBi+fNDQ|&X4RIA&X^`6Hq>YO!}|3U|aDkNiRTVouLQPms;#9)Q@Yx$8 zyG~7qR>`$Zugq-$N*Nn#YL;B*TC=d^!cmt?+c?vsW>f+pGBmjWtEL!&W^KzLXj??D zQcpJ2bLT?wAUl0R!FPwU5Zdo?As@|$w*%+6%rA~(Rbc0CgrKErk#1{~&?UE&PEskw zUKExP$lNZ~cG|+HchnS$2L;}|)a0?mJfrq_T-1W=8g^E+gpL?PE>3~*{@S|KEVi?2 zu@IuH$uxm-3J_r-tl2I-6tRx^9DL(uOCb#Hp-UzE|s5t04nb&?@cq?M zP#8dg-yU3YC0bsgDeJCHwk7MPW(%LpIl98@rY$9bVqikW%%sd7YhsmTemAw?(WW?< zl0aY@U1$+NP^eflDKfz-Bt&6A(!ho#1c<_5eZtIOfRNEO1^{94tv9R*1AvOy?96P! zmSWW@)0oT$grmqh7UnEO%hpU{!P*BAa~GfvJ1f1D1UjbRVX4ni)SobpaeBwBooHH@ zXhEjPdllHCDy$$r9uLB7fs-B27A%4W;H;2-ij9=rmzbqwFL_&wBAy-CVo(m9SaQP$ zJ$waNRL}SKf=Eb9w{(XhjdZ7iw1jjwEDZ|MAs`?v-Q6s(G)UJj-LNzZ(*3SqfB$!$ zeb{|2b7$_IIq^B?%sCSo6sBqFj+U0JCuaWN-17ul?3L{_Z%ZZc571ulkagw3=}~j| zjTFcmFLLPLdvXIvmRCC};&!HPi>=BfZbBj3pR#jl#9{d%%jstB==vUCL}wjii3BK1 z=BM)IZWj5w$j>JCB6dp?e=Jxivlijuiww^EP&x>m>*0;BWc@I$R)wXtzdS?SRiS#_xr$Z zmb*|$c!4Va0*-QJ3i9}}WMKuK`KW4MovHlscd3;)-c2k+4BFz04-_<>sjcBjjxY4v zq{CD75?vJLYo#k^MD6OBzi=}Ea&*Y6(ONxykDSX;tQtj(Di@q9(+kBirz1RC49i0oSp`wO;+OSDlB}~i!w#XdFIUgI{n>Ax zGpV$;L8qOp`bBGJl&J+SL8 zD^N~Y?#!B$9di#senqL5PFpZ_&-|wjRpg~XUv$BK?73kf!w(hq$@{21i3=Ph(v&^c z%-xF$+i~Is0dfmZ6{`4uEOPvDTPf`%$lYz-O;_j2EC{wU_q7HBx8Tcfoi6=P?{OkTTBb2lo-{I zf;MVKuoiM-ziA+;~L=71UUb&T@>;m#D6sV$*6j+;*(!4@h$NNom8QM z36cmV2THVOL+PI00@zOi7k|O&x$YqGv+(po@3r&K%5~H@B8Sx-9b)786*d$GIc@!y zVG1l&gi4%Rg@r#JjpqXnZlCv=2eEjMj_$KCU~pmdI;S8XwXJc*Iv496bNW?Z^F@&B zC@uLhbCpoHYadE!0ETik7fLYuntH41a}Bijb%lry3M#=&jdkDiQBj6}OT3}YbpZ8# ziJksrOYoM?_Jwv;t}PKnm)$`sq~OKYkyKd4zC`IR=v(ZRxv;j8HlYIL#AiX^p)Kdb*6=*%#iY7U*E#l`1ult!ZM(}|zHm3CG; z#E;H<5-DOXu{LB>xTMh9uZaGsdh!H*F~S6pHV~cZZ?$=!9k-p0fgcaR{IJ48W#;U0nsN9SI!pvK5l7QF7RYnKnc#@c4zZ4_1}cH# zBsWrKXUO)8;Hw1Js02JzTvg%?OXym z{c_532;Y7qQwbkxsTtuj<_|C)^&8VplODyEc9YL8e5((CPC?a2QHMBR^CtjB4s4Fs zGL$OIYwX=VeU(}PJdGT?fT^Zk?AZbQpG2JGwXh{SF!K5<%mKgIxLZc_JUkPu7h|3)zV zk{I-{W%7H2V3G!m1ULI%_uuS`ONb+pY)sE2s|D*ge&GH8{>Xsvty6rZ$_2T+b@m;` z|9dPX0NuzBHm#2O&UpxA+fAT-k^lc5CrV=mlJxv6F|rebi^}2-d1r8N@Z^Mt7ktu< zS$H?p*%<_FEi1F@k0$%ws`}q+CC+VpG&D4H0h04P#|tkONjQ3*p)US#UKRLoAW!4} zBizTw$LL{S2i~~oSZ6h!_1di8&gd+SjMwu1vI%V1V@eH;Y`2LSxSsFzj8|CG@< zSftkeE_gAPqE8vLqhb`rt3ca7zr2iX;xOibHWou6fP;;#nl0u(^n+EY1Pxk#2T8Ny zkDWLhe-|d>d)TsgNVe|)7HCFfkgyc|O;8-9j~mH)=Swjr0^C~$W(n;+iJpzE^NOSq zL^%rE%%4Ecn7taiaN?f8pN#ewKh=1xO+CCAceyi?UOokeOJ)ULoSZ-)6n+svP>Lt^ zu^_3?4Qva?Yjp8N#=B+gGf?x`R%(r)udlEF&Xxnp7-C-go=|LF%aOS^r76n|e=dzh zL1adme1%AW&X0iWJ$+7|w7?x>+!YG(#}0v~$8;kB9v7Dey}2wkTaW=E;8UJX^{s6LD#COQ&#zt*7g@d+Eqpmhjrs>sc*J-aPMK!WluY3 z;6oa_L$ePAc}y!m`C5%V-~=L>x7)^#t5J^uo0xfSutSjJvSv?D&myF~+Vr%utuJZ^ z8;ipTsh`u*{PcxxjhD%!s`K~_nvlATmw?|whnA<#H5gN#!%*^p;)tuHk7U^jW>`1$ zL=~$KbU3~~_5Jp`1(wzquU>T&#R-0CJjb_r?bgj4#zx{0fE$-5Xu64WAvg;YTRpz6 zppoB$6GfpR?$34ShPZjWF)g#*+2_Z0m8V~|9D}YX9OY=MCi6AtS{gwz**h|a9^%d> z7S%+7NKrZ=;|*C`1$hl=i3EYp4l8A3AujU2M(Zj+xmmdtw!PJk_62e#_gqsPUZ%(u z-rlx8i1!TBI=Kk%MY(A+G5jUt{uqk8+uIJ`f%d@Daf5#HyH|Wz8ppMoS2Q#ocYBzZ zqW)c3MPOi+KQP^PXv5Nw7w&BjJ5}yDOJ{~2HOv|z^69C_$WpIU;X+Tpw0pe9haMbB zsXKhc%60uF{(J-C{%zdB%2i}-K3?;RJP2y*L693dVwoj(XqxT45bgT7fSqI%WNCde zB9cPo^_awN(zhX7T@K}~*-*O5tgW(nguu2fn3vscwsV?V^K)9cLoq=}$*bmVzRGH? zd)flnPVIa7j0JXQ15WQg;d1gYx9r@r>(u+!jOvtv3o2rd~ICY9Jn)mZ%Lc@Tshzu5lpSYNR(7H1Qt#)?WN5Hw15NyH4@JhK`k8 ze}XKMwOVF@k5iLo<~1?r8&8m60~rJ;z$(2vEy zMp*J4YHejI>YJiVOC3MIr$D1ys5;le&iU1`f4@tx6}5oZ+0M$XPT(W#ky;9n+wUfN zT{8^7KDu3RzgpSR0k=ABFuLtvoTW|3<#P4Kj!`zgiUr&_75YNJJ!Tl_ptjEPi}V;# zQ)N9IN(mlyPKA#cJHIUd#5V)$gBq8#S8Er6)& zskke^e&dIm^t(HI(>=Kiw_}|^2D&=Sqx0Q7u(wO-8bg^iHm(y5fA?A{5C?Y^Q1qkW zFvkwY`PD*hGEF32dH+1>OuWW@yI>Xz+t6)q=v2b>&F_iQq($Fi;~BE4Px96@JFk|)Ug*j)3jf@Znaky+=M~~}?tXQC{tF06 z6IJ6jh&O0)+3Xh`M_Oy8sodLNCi|q|who8a4+BVND57z$}SHV>xc=`qxf4?&B+;-EHo!&%FMfOFR%%8l` zopDUS%|axcD(?`#&CLlrejOc_vzWZf8?Rg%;Bw-DCM@1J!I$E5VS7^it@?h5Jw@7J ziE_!Qa(YF3$!FS=X1o=%%!8B*>@Zl?j|p>n_y)ncK*@q>kA2@zWWSoaX<_0qJp$Ka zlOa23OWsk;M@9us&YE}_#Q^KO@`%ScjU?o8+czU-=l2iRtS_d^`-01sKBA4k{Um)c zm??hXvZL|o=3lJ&-JcE=sigkNW~cF2yL2Ud z1&9YyO^Cet+iE{=!sI9S=7;tL=pP{hwjR{#R2;QK)|#j(*39quoQrr`w1do+kn=xPO-+kMqP08u2H_ zGx5*k?nBaOW0`}D5I>hk$gopaoG*y7A$%GA$RnB6ZPE2G$s7HAubP=5AiK|r!zp`NECc; zTJiN#pw_U`{I0TVzm61$^Yho9c;d0mz87-6 zv!XIS^KvVET*g>7#EdhLN2mm3wUIa5PxGi|F>+?htsYG)K4sxQ_m9IUU3c;2DNj3} z;kpOxWV z;3?w?6%B%HwnHO*2X8-c3aGoR?pcW+8f}V4XgNni9-)_Op_Qq?32Eifs?gtVirmoe zU_UZ@$L~8uB~P{DQ4Cc-(SRq5u+=~9;HR7At3@z=+`IkicbB9i026a_b4aQ29fCt) zha$9{KF2LP2>g{c3Y(~F*TcojMHFuk>mLYo^x)l*lZ)Y!)wAT7oE@<~6i$?rlMCPN zl81`ljkv9qJ|Inj?_JL?e2);Mv0%@yO54fMu((^mp0eV6v8DS$Co6D#sUWy|V<=rs z-`T^5pL_om0=;e(5Ry>`1YD4-gK{P(U!Ob(Hb7C;k<4@Rp*1x%m6erYG`@`>tK?Vc zU(s!oE03`vTJZtj@k17t?m?RZ6vQ#g@^7fE_>nFMlUlarH(*F~&>CLy{6IzAqri#bDJK+oCD94WF&`jp_+18*8V z1z)^|65p+u|LC*ye!?7dWO84E>v@t8y=dBWOTGW#b*d<|=*w@8d)grM*bQN%*Bgq3~M@Vpno8;)$w`-W`a$(tI#P|$Sn+=S7z&Kbkr@;@6 z=|a`J!=_n8Mh-pOW)=}49-@jwYWo3)<=B~MWm)?FETKbwD{NeTd{XG*t$%c$f?{TQ@U}1bb6F&9>zrn+gu8(;5)eN7I@MPxvnJrJ+dP|k5DDG9o`wET~G zO(OJk1wX!uhUy3Dge}w57W_hjX`N_i@=>#YL}CPEdR@S9k36yvr}S#nWib}bb|=MPD~ zR(0QEI!qkgqyztqc6o7r?hXXfc)X{HWO|k=qoAPFUieg_{*>L4mzNhO{+J$&BW(Ru z%hpZ=Kq8z+tgk!vTr(?hw{g4Ln5BQ}x0QZ&<-%=4VVvDSk-~plpV+@4J^rL>7nL;zI6!0@^ECfa zamwo4`3IHND@*{Z+^B=-fFtOLAE6Zy6XVicHCAQuSy`@XhLa;i%435WST7r4OtzO5 zJvkjOspzF(J9qa>?}*-Q^R7Y{Azs((VVCn(Rb5?2&uI%D>*YB^wwtgknmx9=^I$X$ zc+}*j$lA==^K#x8YVrTg-Y60-ho`uR$rm${%DeN8#7Gw$@UXc0_Bxn7R>WTtKGMOA z(P&Q|>{c1LF(@8rvc5y3cN&GSAyxla;g)stXV3T3$v{{T_1!i%JoBCJY>V5DWA;}` zzRVA3ar)@P>MibwsZl>8Pzk$J`=6W_CWsXv{<{Jd@XZAnA!{7t->qjVTW4)F<($#R zSs=!f?VW8u_D~nQ*$T!L6SNx3;8pXw(_?<@@-L&ln}4QW9%w{u&{UAqII>c4(C~1( z_6&CUb_RhO^WrM~5jX=!Xlo5YI8I>HjI*i^-@UeA9CE=`vTU7k8c|!?46xrib}(v( zb{68taxfq2x>t6I_;PI`DlzsF3c?DSN;L6y#}0+P{cC=Ytrq^@E+O$@)Ag@~AXM^b z8lR4lcR|?5W~|6Df-N)N(;t*Z$Ht2N8KkGH9p(bH!T73v*M>q72O0R&5yeI<>*oC) zZ+2$O_0C3k!HX6tv&Z14#}c*o|IuCQN7s|Z*lQTJG3esyDI#pFPEFip)&FX|F)Bwd z>G=5g;d0T*-Ti#8DBGyc5*r`?!{2kW^706?M6OO{6yYm4UP7dBTow)_{1u5EQCn_j>Bh zmwer=WkQyJOstq7crJqnIKRLRO6W`dH+20Qp{~nh)O4S(B><^^H&1m#2>~dCc0gjY z3=F}4>y}U&E~^+;7(_N#DupCS5YB|ym|e5mN!gf^=8at z);RFirl`Os+gxKloo<6nN)EXUx|oR}lBhy`vt#^j{sAh06L2;?>^WaMt7UamEPjzk-1mr7Z;hn$1RB3Z6DGu6`3O1w!ilvWVoGE$F?yZXU%2ej-MC! z;gUN)FFagvTSd+);ddx|t+aA^i)a2b_^*UQp9DoK`_|_JBilogC1bt`zd2HjeD-4B zai(zSAzS%dXQgat3#W#DGG_zI0MlK(}Ke27K10k zDOjR;?fx+yStc^T{HK)75L4=iMt>6DY=Ac}yl$XlGrIjV zocCBaaDdD=?yiC+^PvlTvl*znI%yT<+Vz~IO-A}A7uPU>L4?>kvN;=xrDW?;5k1ZP zPm9vlS4^((;uPuGjN8;_PwT1dxIpehkK4Vl#Z*vxai+mtpTOw6uU&`tX&(vZU1 zNC9NR!OGM=cZO*`KBTY6ReMnKyKaLb6T54`<5_kb|I=az5FQrm4~(jq4S+550Bc<@ zMI3}E$646Ax^|rm71mUr? z^eG)>?&ks=URPP0G&z^#YlbN+=*+lTSOUp$J~!JbU>WIo+udV*Q#b>4NE{dwux2RF z^%X4)id^2l3B4osr?V#A#4$sVSx^tVRDVJlG(G+IvC5kpLa~J(UzPHl9me@NK}x|t)Uj}I0&WLjyv%-PNr?r4?|~Uh<{5)h;iOE-C5_@f=yg@ud$*))KcE!mLHdBcUOy@rp_X!`^c5Ah;Fq=6OcawWtP z3O>dOzjxT;xdU&85zOG}wO1WQ)9MfZCO?*H_9%Ly*~Hxh!^PyK@jN}sc7;=4mn^2x z^pA+Qn1JKB(Evf;jD4;7&km!Uo@Tn~cg9<0+C6`Z1P9o}JxkKrXu>I@L}G*Y&z=m% zV5<8g1~VS<9eJG5lBW*bJQ^0S4HM~_N6fkqu44V#XEZEkI}7f(-iUh8 z5IyZB5dRY&mw(Kn$Q0bRGc5l5aTm7=?rl2IF*qbW&>w>}I zM+YH_mfq}SXSe1tq>8#u(84>87s{U2K}}!!RPRR;;@ShAp4H7AC5E#8-g+xk)w*BW z7exZ^Y-;v8-QbmDzD(MpR7%)loDb+_$b0qcM{Az$8Nus{euhNHjmQjdSgOe7NE)1-(WdpTambzYVNu*6zd<1P?MHELy8G1QcG`f^c>DV zBH>Axxsbo9fVO@Fh$$v0(iLR~+{QY%7y*|(c<`eL63P%UrxX++><^Uj_0@D1Mxy}0 zBv*GmVWP@ds_(ML>|gyWa`G+<@fCFzQDX}fr4q0?Qe-OP!F)-O8~#lpaR8%$Jdrh> z_cud)X3eO0`R(Vb4=O=_a2P;{N`eUUlsrc6 zuhLBw8vtMt({PHQgIZgu1FqM{11{@O-=yB;C#nf=|Iqx44&Rz98hPHVjMLn~9u7`_ z%}P66#rkC%$Za2^iTiYx|A!i~+aGTaKp>F1;CcwcM*!z}c7l*s{#T$?Dk`ew8beIQ zN8oQsv~duuOy}Wf^@-rsOIE4Yldsdbf}I6Avhl#Dz2>WEJpUF`ReqagLeW{SQZ4Y`M3jBL{^O zVrjtUj{k=Y6G+uLq5ul>8-G#3f8gyU3hlWJ{^#Tgsy>P|5p$}le~`}HZdCO%u?(#; z08t!N(4Y5%?LQ3n(#bWlSp$tWhPPBJ9XaDaAj_aQzw187Lg^tN@qt(Gf7cMu6c6A0 z^9&$T1tUiS2N9|K9}Er8V4>?Qj*z5q|1mL`mdd&QzX+uwGWsiypw8Yw^SlgH!9Mqm zkRP%C9x=fySks>G9V%)JtO_e~`Gbb=|KhTyU#9EJQ3;Xcg5whUy!Px~<^La~^^!!v zlO&eJ!kL#sLOJVNUtc$i6|zLc)ST?vmC%@b)06?x;Klu`{hX1>>V{q#%p=(c8f0Ws zcQk%STNETh6ab1uwK3l%@LcOGLGxX7ut*0l3JS+QGoC+ln+DW$0oxFbrhk8j%{cof zD&ZyZ zNO+R?00|_*I?;HQWmSgyC%hoM(P_!@Pew)lK7H98_00v%{0k}?856Y;P9l##o71=} z)dcFQoyW>k-SAhfKH$Z(NNdPMD&#yUqHlR3f3}2Wc#LIW)&Uj|#U%2*uzDOY?eK}A zVnpu`Wf8TwiUYZ1WKvt$WFoZ%G3_ilb7fWd1VPgHx5`pYwKb3+2q*HPNqc>OSi@bm zdu`)kMdCwti=UJPFLU3+Gl{*EseH&+vL~}Ju-AC@N`X^x?c79*~D4_ zI{L5hReQV%nxaH-0rZiIK$WLh;X_06B42vs56#_*PR02hm(JIu;{TiA*76@1aP|fRo!*%WWB-raD>_NzaKe64g^7L3IL*6=A=c~1pX}4!qO| z59#03eG8C5DGm_ULFH9(Xew9;MtlCtT1k2R>xYpURwJ`fEfMfnP1(rO=vBWO=io=U zb`aHZ#>9HzkJrC5UMfGch~w1gtKui-iJUEYaZo9zo^Tp7dtKgV=O*6$%4E6qinsHL zX#ZYJOv73#sczXB@g_PL8(y> zH!s%|z9C(Il$&{F`+aEelP)wSA8Q{o3TieA3m=nDH!}!v z%X^E2PFKP~KlCOkUIWnYN8jYgu;O+=s2|NN?761OvFW^J`u*!8Hz!H+>JCzP@uanR zRD>yyu0I_tX5E(pwL2u=!$D5LI_xuR@ zwbS>gWzo(k$$#(9fr8ybQkCB}!b4-(xU}$6BRN4t89abzeJm_Dlpv`mHDr4?e(gO& z9=~$5&pmB1`LR-aC@qYP59O8neq@)zri;sylmlbUBiroPio>Jt-Ri7eIaQ$kZWx3PC^yHO ze{cW7tZ|nE>iX^@|B^BEQCjUHZSBk~a@QnH7aD`adH|p$Wi`mY&ly>T8MUc149qWd zbYLy41~&R`nG*5x|YQHWA*UOCC?I5W!{IhJwfMKx<`cExDqh!pe+|%k-U@5 z)%rEfCpBBMuW6jKPmA|vvtR$j!>C9Ryxy1?&#tz)P9m#vu!I(J%eFCk%~>bL$9C12 zFG03KwU@fN2a+DU6ZnIPL^{n=tO}kc0mOW#i)EoO2lz#$0P(_*7zB}S2qje_udBs z2E?d8I$h4n(qLwhl$;5vI?q<7;yZR}ags*A6>efR5uNS%kZ} z$EzJy@g}Hs1*P7EK-2Fz7`c@<0$38T(U%0cD7( zHsu)Be)Tj~aN~^JbH^?Po>)b*V7GFbh;+=g;5n=y_g-fK3D%IbiawMXa)};98Vh*En7TE} zdAoR;&U5Z@ykqg{stFg?MXAvrE{qik&OAEObz*3C7gJdkgG1z*{5n2xwd7^IL{BuxDcNK4{j z>PQhwyX%(0J;Vn(WUUI`5nu7{9y{-x=n|POS%p3pY$$(gw(VnQ53jK1ddXf(D%;!c z#BX^;S}m_3NkuQK5I&^M_Pjz56HzCpTNOqr!{MB(Q7VaG5S?Vc_ZHBoVDo2U+Ekyb zKdW&GD$siBkY>k9F?6d~U?(AVET=fWgi8ZEH#)rYWo8H?$=EkU*~*?(iK6CL_+MNm z767y_wVYea7tDk>J}i&X8CJhso?{Z3=A?0r7t~M^8cJHPN&Rj2^MbP zVJ2yjW#a|;Bj$^>wH1*6Nl0FnkL!gM_w8Y{&XGXDlh#iQ><)yTgzLBV z%mJ@5QOAg!RrTwB@Hy7vg0sSieIg#z=XC)u|9VJ~!8;<<#hNH#{@zFtB1dqTjwxPy zc%Ath>e8OgxMBHnHHQexw9N_q=y+n$g0ERHPr7KS@_j1Pk)a%Y4KC3`DG<(5A+->`WCx;ptY}wq0j+3 z6wxt$NZQE`{A^M*d!g#Dl~;xa0{Qm$_ao|P)MjNJa~d?x*v{}xUZ-#`*KPHb+(?Wz)x{?D~jWtxw;2D}+wfqVIb0rx$Anbj;NTGy1+!s)prhTz1&_%>X z5TM?_N~$ClrR&raTX+WLD&?Q$cj(WGk#mC2=;=Z8$lpCV0R(db^MVTfdjN>0D61w@ JDP{8Y{{g;+Qtto& literal 0 HcmV?d00001 From e0102ec141a227597ca493e754e2b87f42ee2eb5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 Mar 2017 22:10:48 +1300 Subject: [PATCH 0112/1961] 0001: extra info re starting in PB mode Because PB mode still allows the key-commands/menus/context menus/buttons to do both "new window" and "new private window", and because in this mode the PB mode purple mask icon is never shown, this is not clear. See issue #73 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index a21a30e..5d05172 100644 --- a/user.js +++ b/user.js @@ -39,6 +39,7 @@ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong w /* 0001: Start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode + * [NOTE] In this mode, *all* windows are "private windows" and the PB mode icon is not displayed * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); From 3cd631ecd3029a780b7512366c4c3e1f5eefeb1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Mar 2017 00:51:50 +1300 Subject: [PATCH 0113/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5d05172..f9bf2e6 100644 --- a/user.js +++ b/user.js @@ -39,7 +39,7 @@ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong w /* 0001: Start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode - * [NOTE] In this mode, *all* windows are "private windows" and the PB mode icon is not displayed + * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); From 1b28066b828141ef45db8fa1dde6483dbeea4e05 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 06:36:53 +1300 Subject: [PATCH 0114/1961] still drafting --- README.md | 59 +++++++++++++++++++------------------------------------ 1 file changed, 20 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 27d2b31..42e1a9a 100644 --- a/README.md +++ b/README.md @@ -1,48 +1,29 @@ -## ghacks-user.js +this is still a draft -- This is a rough draft, please read the old intro currently at the start of the user.js in the meantime. -- Paragraph here about not jumping in without reading first, and backing up, and understanding the changes +### :small_orange_diamond: Foreword +What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [gHacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. -### Origins -- yada yada +Thorin-Oakenpants, 31-Mar-2017 -### Purpose -- discuss why use a js (enforcement on startup, migration) -- outline trade-offs between security vs privacy etc -- explain expectations and site breakage -- explain this version is a "compromise" or balance that aims (with addons eg you WILL need uBlock Origin or turn safe browsing and tracking protection back on) to provide as much privacy and enhanced security as possible, and to reduce the fingerpritning attack surface as much as possible - while putting up with some incoveniences and as little site breakage as possible (but it will happen). It's only a starting point. -- provide troubleshooting: site breakage will happen. 90=% of the preferences cause no issues. It is only a small core of settings that people may or may not need to look at, depending on their objective. -- no one size fits all, this is a template, fork it! Customize it! (see goals, we won't set you wrong) +PS: With Martin Brinckmann's blessing, we are keeping the ghacks name. +### :small_orange_diamond: What does this aim to do? -### Goals & Standards -To be **THE** template and resource all other user.js' come to for news, links, information and more, which means it needs to be: +### :small_orange_diamond: What else? -- comprehensive (eg some prefs are included at default for completeness/enforcement, a lot are included and changed for future-proofing, etc) -- current and available and change-trackable (hey, we're on github now) -- easy to understand (good, simple, less-technincal descriptions) -- accountable and a resource (lots of links to authorative authors and tech papers, also repo wiki) -- correct and to dispell myths and bad advise (see accountable) -- eassy to follow and report and discuss (logical and numbered structure) -- give good advise (see trade-offs) -- expanded on with more information, such as FF version numbering for introduction and deprecation of preferences, hidden pref tags etc -- archived for each stable release (starting with 51) -- to provide illustrated wiki topics to help (help wanted please!) -- to make it as easy as possible for anyone to use a user.js and get it right for them -- to provide two or three future forks with differnent settings from "painless no-breakage no-addons" thru to a "super-hardened" version: for use with multiple profiles +### :small_orange_diamond: What's in the pipeline? -### Implementation -- expectations of the user -- link to wiki on testing and tweaking in a portable FF first -- backup first: link to wiki article on backup & restore methods -- changing, resetting preferences: user.js and about:config +### :small_orange_diamond: How do I use this? +Everyone, experts included, need to read at least the Wiki page on [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation), as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) can be helpful as well. -### Troubleshooting -- wiki links - -### Help & Resources -- wiki links, appendices etc - -### Acknowledgements -- yada yada +### :small_orange_diamond: Acknowledgments +It's impossible to acknowledge everyone - literally thousands of sources, references and suggestions. That said... +* Martin Brinkmann at [gHacks](https://www.ghacks.net/) + * 100% genuine super-nice all-round good guy. Thanks buddy! +* The ghacks community and commentators + * Special mentions to earthling, Tom Hawack, Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis +* [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) + * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github. Thanks atomGit! +* [pyllyukko's user.js](https://github.com/pyllyukko/user.js) + * A similar project started in Dec 2014 From 3c9d17123bcf2e82beee59eeb5155131c7a00171 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 06:55:46 +1300 Subject: [PATCH 0115/1961] testing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 42e1a9a..7a84726 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ this is still a draft -### :small_orange_diamond: Foreword +### ![](https://assets-cdn.github.com/images/icons/emoji/unicode/1f538.png) Foreword What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [gHacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. Thorin-Oakenpants, 31-Mar-2017 From 76b7d1229ccc8150ebdca3b9d67460dd82459782 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 07:04:33 +1300 Subject: [PATCH 0116/1961] Add files via upload --- wikipiki/bullet01.png | Bin 0 -> 3374 bytes wikipiki/readme01.png | Bin 0 -> 46973 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/bullet01.png create mode 100644 wikipiki/readme01.png diff --git a/wikipiki/bullet01.png b/wikipiki/bullet01.png new file mode 100644 index 0000000000000000000000000000000000000000..eaaacd52134f420398f84d34d82a9cf0b7101d16 GIT binary patch literal 3374 zcmV+}4bk$6P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z00076Nkl@vnbTIPJVNwl}pr}KolPFXqsKEY%E*(M*+nk%* z)a8$~{Ixn17}!Ox*|nr&;W3zpHuo%~eB7QrHj{ju!nebg6mGghL5KJ8`#OF2A|m|F z_-Ejkn-KGY>iI3-e$+r25m)K)h_l2V4;&!wvl8!AQ2h#@+bkq%Aa#o3!I;NV`E|T9 zx)eIGsCpIqFEH*^h+Z43Rmg2xz2R3c|Xn5;mw`_&`CGq4~RPDgN4Z1C;9)(D2 z5n!wxn>KPdy!qj_NZ2V7cFNY=9a$bL&!Ran?pBDl>;cBwv1vmG=QrQhi_A5NyuY4p zu1PlEHOlhvp@{0nz700-0><3fw1Lw3%uJQY?0JzlXZ~#VoMc{~7HzO>L3MFbEePI# z1rL>4uXR2%RW349A@b@-{$?s9GhHrPpEatsEB0u!vJ+gqMb%O-pEf3}BGdasrmP}U zB?YpIOqa;UgjKYlMUAvt&h7vcjZ}XNu_lv7#t8-u%B)cHx!(sN4l2Js)a*ZNpAFGCkI>QG>a2IgZ0f~oMQ16Ch zC+IF5W)CTOjL0Lz>>+J9sW;qU`1b(yi=cZ!4`xBV6Ot}S-J^EhPkP0KlaZ70KgcXqaelzmH+?%07*qoM6N<$ Ef@qmi<^TWy literal 0 HcmV?d00001 diff --git a/wikipiki/readme01.png b/wikipiki/readme01.png new file mode 100644 index 0000000000000000000000000000000000000000..c0c7930e99f18b72de56847157cbb70028db164e GIT binary patch literal 46973 zcmV)ZK&!urP)U8P*7-ZbZ>KLZ*U+lnSp_Ufq@}0xwybFAi#%#fq@|}KQEO56)-X|e7nZL z$iTqBa9P*U#mSX{G{Bl%P*lRez;J+pfx##xwK$o9f#C}S14DXwNkIt%17i#W1A|CX zc0maP17iUL1A|C*NRTrF17iyV0~1e4YDEbH0|SF|enDkXW_m`6f}y3QrGjHhep0GJ zaAk2xYHqQDXI^rCQ9*uDVo7QW0|Nup4h9AW240u^5(W3f%sd4n162kpgNVo|1qcff zJ_s=cNG>fZg9jx8g8+j9g8_pBLjXe}Lp{R+hNBE`7{wV~7)u#fFy3PlV+vxLz;uCG zm^qSpA@ds+OO_6nTdaDlt*rOhEZL^9ePa)2-_4=K(Z%tFGm-NGmm}8}ZcXk5JW@PU zd4+f<@d@)yL(o<5icqT158+-B6_LH7;i6x}CW#w~Uy-Pgl#@Irl`kzV zeL|*8R$ca%T%Wv){2zs_iiJvgN^h0dsuZZ2sQy$tsNSU!s;Q*;LF<6_B%M@UD?LHI zSNcZ`78uqV#TeU~$eS{ozBIdFzSClfs*^S+dw;4dus<{M;#|MXC)T}S9v!D zcV!QCPhBq)ZyO(X-(bH4|NMaZz==UigLj2o41F2S6d@OB6%`R(5i>J(Puzn9wnW{e zu;hl6HK{k#IWjCVGqdJqU(99Cv(K+6*i`tgSi2;vbXD1#3jNBGs$DgVwO(~o>mN4i zHPtkqZIx>)Y(Ls5-Br|mx>vQYvH$Kwn@O`L|D75??eGkZnfg$5<;Xeg_o%+-I&+-3%01W^SH2RkDT>t<8AY({UO#lFTB>(_`g8%^e z{{R4h=>PzAFaQARU;qF*m;eA5Z<1fdMgRb_-$_J4RCwB)op+pFRrU72x1F~4p3Eef zOp-}5>Am+(AOuM09YXI-dJ#~H3Zj5WQ$$31k)nWrf`VW{6hTnIh5`yG3Mfrf)aU(U zpL6fIZIa(Rd_H9Az31$+_bShN*0ZoK{m4GCw&5GO58LYd{rrCG7s&l)tIsy@YPRV` zvM=ktV{Pr*)^7Nk+TOTr`gyCj%l|n0%sPu}akc3k*rwO8{olQH8};4V8`}OJTkcmI zZY+Pvw(CwC+x`~qhQ8VI=IL+W__wo7kIeS}Zs{Mj-__PRYi($(HN|rO z2gEk7tF^Y__pEL6C|bO?DM1+9jW})_a~e0Whb$X&W6f*Rc;6d1$_+nG3Wuua>Q`ik%pLMRnM|1-b$%3%yQf=Ei@c*#;bf$f0 zfZdQG%$+G3&2qyow$@pb#8DW8QEVDt#oGVt`LWK0^l3gIfz?r%>JDpTe{IwLt+TVX z{;U3-0~7QsNgVJkZ1YoWe>)~N5r23U-Giy$VFuTkviW@w*u0hQX%0D|VwueQ3~T>2Y;U+cq!Ekd!j*Guz@)eb}vDD3#Qsvqk+ z07^-}FWL|^G;C}O3nc*{X&hMRV%zSov%j+aJ5Aee{TsJI>`!4IBvpgYh|ZaV^1HIp zRIs2^_X2!aLx?uG0kS~GI)`n%mg+A@z=TI6t(`S>{M=b9cKNm>tpq40wq1N_H;{59 z@IM{qUuLuf6=UKc>Mw3+6Xv%`Ct5hUoN14kK4S2&gmm*-=UmM8(ue1lD(wQz4mMk; z6>K+~)qfWWrBmg(PZMN7k);Z@4n;xnjbUjDjK%u?4 zvdzIiZQN!IER(bwK=+yhPrCTxlXqPRY$NI3n9L)&jklaO-9D1|s{j^g8O5l?6AFlG zkHDIaW+zLreWuXp9sQ?epb#bXVP?WieUU+3h1xyC-jcox?H*{vCO3)+dY_MOPTbBy zw{)#!Sx`Ptw=M#{FYN?;O8JjR$I~Neb0BQ*pZjr3hTgH_Kmq(rAwlFrGzf~>69cR@ zWs>R(Butt|WLn&bbx}BKK+yD54Q9$ffUxc=46Kubu=WZJ|E{Fd(&e?yDMiTYC&ecu zHXq6V&7EUg8O{jiNZUd5h;-(%nFCVeF!3ZwE14<122@PDbJ5=-!w?l2T?zw!DN1nw zx``stQ%;<7j>(@ta2^$U*Mvb50D*}??*Iiz(l?9&>tbU=cGWSIYtd){oHKBfr04Jb zMPI4T_7&iDnd&CAHUZ8)ZHK|RhuLuL6;{9T3a^}^VOs{pCa9qGC$?sLZC$Kxor_?; z1j&7RawPR1Vpq=8h;e5+ul(F#|;88A&<5IY+U?yMvxAX3+8eUB_kOr!M;$;RGA7_%=_7FFt`L2#`@`v_8E2ybzxey3Wy)#n2h=@z16}%D z7HpSC{Rm)s&4vUd)-+spiL><#Y^U=mvj@|(ZjsfF9?0q;j)Yrit%Gzr3s^~5mXS9kF0A#-(~ zz6cN&y}h2O-`(KNO zj|C{^6LlAGf}V$yccf-OY`bix-ptZ?jBQe&D_vdZ-^e*v8K3#KK|nzo1(LQVw^04Z z^|rQuHWehQTFuy4g*WVd)=X)KJ({Q0N>K0o&^YH0Zz!Z`O%)f4GYh zItZAk|HkmP(BhHW_sU%WIO-Ar4%HO+wvLhDgI%!BxrA>D zde%dn3>;Dg2H+OKmzUMThGz7}wg`uP)>i*03fOdYfiQgx$*{FEy69AzZw-)Q*joB! z-e_$cWE!)o1~gb#-hESmBA|Vceh3|d<7lgqJgWZ^m?(%7#^_+Z`~Dvf0bRsv67c0I zL@|fXg-vztDy{vfcKz!_W=sa2{0RVeXstA#*o3K-aLy&n&>fvi=MJbi>zpgXwR!`< z!&NcI3Z&D4@2E42+TmQmH|E!TP0df)+^5a=O=EsjNf-8I0dZXl$7)U2*L_kc0fm1^ z)9csQHsbG1tDUe}b$Ok0E-J)v0PvvTE-5T0k#mU&rtId*Hcbx(GGqu5ob%rudHod~ zNf=n`T;ifK!`JKMlYjo99*Md75AIT_E6usDg+g5J-e%SS7~bcMkGdsIA+pX{*i8}? zXA(H)Y=vdwSN}OlK<|_|yXF#y3%)cF^M9(<*mU>itYZXH05_>CGYtL?3xJNBCaA;( z_^j3d>?2M0_Q6?a;wX+2WBT8{5j)l`Z}#%X=puj_)?}$DVfF9B3PAAOCiXI*+-=e{ z!8(^fH$aDu;hviWla_Z;1fG{30U{>*CA~TbUBa|Q<2sW8e#0iL)0RjK)gTfJFi-CZ zG_h*6ed4jd;KGjT?zR267+b%*br@;_2WuAWtI1$;^_K)VQ|K@-&SbU&R!hUYC9~NX zq!hP*sMbXss0>iaLoL@lc6I=e)WWE`Cm(~3W6Q64c&j7#Xaaz}Z+T=aA5E_+Dw0T) zwKGIfp=;oPkuygHM9voB6aePzL=f}R*I=e5qG?o0H$MU0(qhogu;9FG4(q8?~r*(|CeF#@ljW3vQC27Ics65HiZ&!lP(8iE1aDL7hlNMw`Ce0a)??W z78SGGNJ5j_l`K9zs>@o+!NI4G^9QtHmxSnc&Yew~=~y#ZUjT^o5V0vm*GST}QRFQA z)tGz^pXQFz(dvLw%>#mQ5gegSA%LsIEdp@z zsB>$4C*&Z3Y07lG2~7q?DJl#EU4%&(o3@oATT2C(=qjRo;AyQhK{6dYBhskGq&W6#HbkGME`WC4 zmu>yuovScIb$MNZL~jDHx%ja6EMxUz6@O|GIUHEsy>$>GtKTW|({l;pIE3Z5EGK%T z;tf!|p+LyQK-63%iK9Fu;B3L@ZGVlW69#xl$}m!z;h~J&MgBoMrJ+N>lPl03r~f#! z#cty`2zf}yQvl9ZpI^6_4 z_{#YSR%jPA1AwCR!(|rrz}M$7$;EZG`g-`px^hyV_O~GbSZ6_6mPI(_I58%PiXJI4 zc?2ph4jPQNH3|HFE?@Y;trumfbh-evLEoD(2kV@50mF0>?5BxP48x#YDuqdAFV|{2 z&8{INwdJ+2w~v9*=7ZAJxkX7sY*1U}fPDo~-Q#o4Ia}nb`pyTiuNHtVW9@69u7Ou{ zpDO8P#z9ah$Blb8UOS?{%rR#vV_+PuKY}odlO#!uN#dyD*FTKHIKaI(k(JVRRYc#p zh+(4&d3(~vw~;S``KaLw`8O@ZeqT${>TuAc-l5rc*7M!~R2ZW7{qpXMc2Dyqzx1t+ zbBW!Rop+N&B`5~5G0qe~nnaIo7z9hiANJZc#WoiB%2?b89j5lJPh)9&RO=yt>PLA{ z=coxwS8Td+*_=t^h9&g((etNHO43q_)xtfqrT;~x{wm}+7g~ffxI=3zj@=H z699rZhU=>JinUnh0*nr(WHUQ496-0Drva|hPE?xeiPciXwgM;wL8*2Nr7!^A6wLnV zbDA>z7Hy?OPwNH-N`C<3ObGT2Ng5Q?<^6p8ftIC{<{OSCtNq8{9=z(Kd+f36j@$3D z?S5yTck`2vKmN?~&;LidCFq)00BN+hz1BHLtRKo#9&Eo9Eo}YfHCg~9H)d~Iz5l-1 z)920{H*)5ZfyP-^WNVF0O+W0Tj{xXhekmCBFWuV48+k9eeeG2__*MP)*{heQU+GJ* z`JbQOK9*K?u4e&fFX5!47OD@ElqkO7uW48v?XSWsv*_xJHtf`Gc!)0AWahL+gSi|J6VI;m0rh@sTf{dCG^cdgSddb(9Oh z1EN-|FO?rwy1ea59Jb1HNKN8wErurrd_md;m~xq<$2Vy>DzRT9RsBO05WDM`9@9&m@GH~uV1Hvml6i0n;j?^gs0aa;mvXG^X|lHNhz58;+gvwdQV z{UF^D{~sTbwK1$wN7W%a3oQIBnD%r`n+9e!^QmtM(0Y(|&R%-+pGo@GWPhJQ6ep%? zdcU6q2MOFHfEUDGl8yl=wR`7;#nJ&E|BLjyy`|%Qq%rRiX&rnj+twARL{S{aVVso9 zQ7MUPC_AS_!mJWx z3hb-lzz^hI;7VGez*Rtdu>jWPO%LW-2?o)`v+{3I0V#w^+*orjC%<+>^tZ+MQbHkl zbB;;k(6%8h*oLo7x%S*V0NX&KFxHtcg4NR2{;sTb1GhZ&oWqtMxkttJ&upu@whC)B z#yd7$3q4Xd0KXATl>{Z5D{}KqrL-(-UBD(<0vw_QeK1JU>?|~BL2xgyTmVLIN^1d1 zhK2m>D=+R8FlFw8rN*lt+j0SFzZfa{@F)_7?&iIq(e%q?c5l8sjo!5Ep@O0 zn7N?b1broO9Ch?m;3MCEQqwY!vSZP4H@qo*0=t1yLTa6Dk>>>HCk)ppA1DB@lez%u z{v7+q1vq^Uh%)0lO9uc;wE_wDlcbrnp)3Wg7J!~3l70(R5)&6;fUiDFr(>FkQ!8~~ zx_9bVEaACTtorY=A&-AWVL6G)Gj@1xD5KTY*fP+jXCP!3MVj)8mV-XjRCx>lM*g@1 z9=#4}3WSMswgPncBWi7b>zgh@HR!#TZ3G;kr}Q~rmRRZo*%8&W(Hi))Dpl)aBb@F9 zR%D3bPvUfS&|pL(w*BBV#;6OPzXJZC(FW8O^pkk_d@eZ0<^|p)W(>5|&AlSs) z1rC-{7ZJk%NwN(d!@3Bb)8HIMG`AD^^hJaKGX<2R6CPV15`Uws8bgIa%*g4a8E#|Z zYWRlWdV#Lgb~)4{#oe~jw=~#2<=~%(00&7^{0-i$m!CPJBWfFw)!W{fxmpa7w%}R; zTgXY;9ng=ed01>Sg48Pl&X;rm5QXXT+EImKlo;zFRMW<{#Y|E92Ss3&|5Lxd6D4Rs zPHX~eeU+p|V}KphnIs|1m)1`L==$i}Bc|_9mN^Gw#(?z5hll5Pf6XIA2l+gcz4hHZ zYG(a0{iuLJ-!-7^0QjlinghV}^=GcPar>f79i$Vnqk3V2X7iAMbwcCs(Mj+HZ-bxH z+;scIaEyv7O%Z4&1O=EcXhXsodH} zQ~;>NwZ=fU(7jM9u~MIbA?Fef^Us>ms-VR{=dQnhX6LX)qGg?lY6(-F>kDA9<}+qn zC};waH8C*l_e$yY#AX9zJ~Bw`BMM;;!LJ2O71|V@)Xp>f@-Ei7DN%q~+7_ezE)}p? z+R+zSXJ@w2x*R|f#&Mj~buO49y#HHG^m#y10{)~GP)tlx%3NNR3+a*~Y@w}zD2af7 zX*h6zFGp6A>La^tU&6Q?jlN|G?75uIC%(S6Cw7+Ar?dGx5YGoDfA@tow!V2G-CRfL zk|{$5B+ez}C`z)+O&BJ5*G`9eNvfd#zLFlD1`x;n7U#)WgCIqBs>(b7AezB>x zZp=z^KR!tF0N&8IJG1&uc3u)|J@GKSY#8Rs+m9F)*qH4mqPdJuUt;0~-#K(}lk0Th z;wN5w;o_NzbKTPiWsMfL0`8iVNBd-FggSl9Ydlyv^ed9CTNV0#9@DPjAzj`gm#6}} zX*gSG3XIYS-JdRBij{xTm)2(MK|oLO@ZSNRk=_OdXkN{8#7ACn)KNEh_~lm@ZZWZ| z)PB7HSfay#N~IhDFDlJZL+ej%?za=&0G*xmNYYPFU);bTO9o88`3sD{7?SmmKDSwt zgz*j>_6+kp4LkrwUii}w4THqmJm3sOU7gN_t0cYp*rn?RI@dKgebZ^Gz^v4oIb-4| zC;&`6=oiwj_Z^xdoKYOdaUK7!W_trZEDK#al0>Uugf@LXYcHAUS6~ekV4U6q(Em8+ zJ-?l#8Bk7lZ$`WD#&_iMPyZloe0lz^FMs0X$R(wZ7ChT`)$9>K)JuaDM`Qm zcMThSG5z-g{qbMFl=SeQKaiwXuaN$9|ND6qaa}#BB8G_5cO;2n)bPa6H64wmIQ1tZ zr%jHi01W!vpKhH2I_g(knNgv|@AZI)ME=Mr{i~ zkR)*$_D?-e(&IfnRdZ? z4(tG!BJFnQMC#EHo0K{q8;!LcCX8Idh~C@o0~Uy@bx##p*zMuR4jP`O`F;y0aTLaJ z5{FfkEHNXuJAD0~+pb+RSNpI2p`>RvvvJp&RTD-H8j#swfMM&ddQZ|@|9asE58ZzG zd3$d=r^hrxIuUzlppO{%xdNCA5G5f@=m2`Ws~jwOJnK?%!8>eu8UwYhwt$72+E7V! z))|vTEg?W{+W4I>rddX_?f5`#e(q)cH{Z%5)>)bl6l z-h=w$a-r4Vgtmq`SnFb(k6?c-*t)t)iq&mX^#2T_WSmRjPtvoXV^iPvL1S^vHgp*c zndjpuYeM+r=kw%C=OP#_jVI-P@Ec`MWIH|SqxU#{#-3J4pELkU0VI0=3_aq3?No}O zRuMyjLD#>3!$bh~e{Bc7{F!ObUz2u z0LKfcL{TLrSDSG3{?~qb<&dBlUm)Fk#F7z=nm1#lbKR4sPF*!-_`o`rjsd+3Fj)&> zjdcIC+M}2+4fCtpo94O!ktEnl2S{@OeYGCns3YI8`T(Sd)1zqM*`InZY-=S9rbs)~ z0))H#C&%h{oSf|#1wm|LUs{>d)HIdCm?M20H~hFizq%4&+-7<}FTcCM z1Lu&8+~c~B4yFu*-J_W@FDNnYoVyQQ zyK*eE?v-W1f4Q*#jjP!ypE7>I7 zyjAz<`MEK4C{3!H%fu0%6%+%{J@K1eoj3`YwIi^(m?K3%D#)a?*reulH!{gee7q_qZ3nW^b~!MN{6P< zPy#%rg^dWHDKJ8p1kxDl`VDNxGt*jvtfhbPPyTpt1T1+;W4K(`_6E*5XG+Y!b9gz9 zqc9ADN|Pata3^W!kDMp{JloVizTwo9Pdt46Zd*^Ax$jn+i7#Wq0 zFg7;v{!Nl}(fZ9KNskwNer!VEBl>bvZ7YiQ)U`1BpdnE!iY?a);<&&WnhY@IhIg-? zk;RuYs$@YbNfO0T7z9xi#fdS-*d+DGZ|nf0j|a{;78o#c`X;-be$Bm4|M{)gCH?RZ z(v4qzNz&im)!+X6$`Ai|_h&x7`c!F)jHy{I24#49sR(PNJ0?_p;2!^!{(bC-CZ?AO zfn&7=jM2v$i>5h1b+yk+!a}j?>AoPU%uJ^LssM=zz-mX!K;Vh#_vpDs)~2)3 zquPqb&dVCmQ+#G8VpHKORaf1)?;oB#dVoDl)N83wRZW7q`RTg*f!iTzMD!In-+)0 zIqO_!WSonb{g-{2G0g`WjJZb79u`22a^qYu_t!tXWanwUX|xad{(mJaGX&WCFZ48v57_}7oBQFZO(et*ayUM6X~tV^j* z2C9f{qif)yWlvg8#2oGIj{?xS-FIL9@;aM3TIZaL$9z3KF+VtFMh_4MbbLa8iFej= zC{qB<%C{lscUrDRp~J>-nsg{c{;bzTA_9W$aeV@~Yw9sOHbsJks z%wCsJs#FTVkeLr_%Ur*20MI>Q_9@r>LDIF8tEVUi;%U&QF(fvx@zt6U>EdAA_{=LN zHpekD&?6r;l!BlX6pIupQIZ(fvLVhnR|B-dmc4=rER|vgYDk`97js0-I7IMOtp(|? zz|J4cgklgzz7=cR*CqY(xam-zhBT@s)W?Di5n5%a#&XuvW0(Bqd7IKB zvSmOO#mniT`NBJDlw8^B=2?2>H=+p3|s>5CZjt#?FJcRfiF27W=(Asql= zWEv^XNfcBGSyNAtWO+?=FTP?v!8NgsncvT$^Q{7D4<4X&WvV zGbM#@YqwnCe8b(e)$Ti%FQA_CUM=?o44AcCKe_Cw9f&os(bP2hj3~ufdLMjh6r)7m zoNWyICxOWl#5C|Giol#_C2gCfca~R|y7jHSRFZW0R47#4T8A|O!!t-~8@T)j z^CaNSrPOu3Zjsx)`dB#_{3G?5Qa!gVw=oPb|Jpr1@gLC1 zUl>c9m9n)ynrFmO>V)3w;fS}PsiVTSeb5Ob^|Ypv(1^c81t8e#pVF_EH6wH#Gd}dE z)SExF%r~NDR@Dsq)-c#!n!yZCyljmg07=^bPmCaUEeTr*vR?4>MiF_EI&87aiIO-` zo>maG-M!Yf(y=L`SL(?o`8!KO;4ys(Bh50=2Kpjw2>(^_8}APX3#YvT8<0=Te-cf2 zd4Kj0mRgi!>+o4~nI!2SKe_djCm+7k;yIfg@ugSOg?;P7#Up)kUdUAWtg~+50!OG_ zM}y`ft=4?HzoKp!DI3*AN_*v)$Aw}?cK-$7_`3kDMYC7j))Ch;iZ<|JKtITV8TE^2 z;{YgiGD0_MWQ(>&>s;Oe8_zvT9qg^|)#;qI5bw>)G}^8+W&GHm*15Lh)RLZMeUr}Co@%B~ z)LH~>3zZ04*Qb}}^%vId-dvDY&3ow`hfbx{#em6I+Aq zuIm^;97p8jksH}(aSo&F>=`m3k0lktI14LGDX`W?P^9CP$-q-OpF=c^y-9`v(={B^ zZStln=0ml#qQQtIWjOE-_>NR+z=Yc#$ZR7fpo8+cRej-NfbqnOGDJ~6hRq&c(4`sV zdk5io4T1d*fiHclAtmpp)xhR-7iibh;+#pMu#)dCsRTh38-`cec zr^}%8_v&D;d6az1V|maJ(}2W8e)rbSQ^Q5Z(FjAlV`GzqYpsS<81~*MQlrzSSvA1D z?k|H)e|Ox9GgLK7EtBV=n&j)TrNKiJPbj)aaPSx5-RByKg>Bck&PiZh`~BN|8MO^n zBq~FsL$oDbJ4m+_;golHQ9n1SCR2K3n-pjxPR}7`tsZ=_7__3>wXzR}nMzec66R>M zk7%2tB|I)oUaia;V@*m@BZNLph1eQq>lr+!a7#se^|SEy+eUZZ*_J?uZHjd_m8Ikh zO6%0s+#lfoUk1=$AxPplij8$PE@gpb%&Z=uM-zOpddbfx;WzX+4dm9j@aLaVuDVmZ z(L%Tmw-Fy4QEW3pIJE zwtC+QFRQBk+}IUm+g(mO0xc`0-~4Hj=Xn1U3W-UgIB_O6*7{hSAmB_%dgZ}BlCQu1 zo+K@1AFakG?Mp9`{`J%8Ncyw{&!o$11OD-{FIL=^s~EIfW!voiY1!Ibch@nKq>nr- zm@4?RVE+rAQ2FJ5ozuHoTAl%B)>)IZsJKN{%1ZU1zWvK)N!WJk8ZD)VbEl7`(pCS` zi2$!@bjs5sOg!P7MgRSd_iN`?TRwp$eV{wQNx<}%Bxy^eP1#4FXVU6j#OM6-{^g*i zwxs?b{2Iu#!5xwSr;D;?GhgtJ2eB$52=!Ia)>VgCD>u#GN(^W^LO`oJ>lckgLmHqq_VF^g_iO7Yx96__;+21$~ZGh92? z__b@b1kg6{6M>ebyEkU5|1o6{yn0B}?zIgLqvj5Rnx&(?c@AQ0Y+R!I#Q^~GMleNi zpjJqmO#B~{&ifMZE0ZBE45FNN=fb&o#PU z2QgHW)4iH7NnA4t^n9w7VQoth^Sra&V@j2kV5wQW1|L3Pm~A2^Y98FFy;e%IN4{|; zz#K(cQ15=~j~Ku#X*$M7l<#R$ma5u@QvncMyC%c=g~FirF4 zX4>*?jYGmu#dX^IY{7kA5jJ6>YSJiy-~GE>;?papX*Ugnk81Pkejn|%l^;_?(&$?m zBmMY}i_h3<@xsZI7V86_8q{C9X~hb(jg3Z>rcFzUxN~z6Nm|}IMAHaNlD4|k5jQ>9 z=n;{$aSBochoWZ88xC8k!Uo1T*<5*RF?dntI>DwSiK3d*8>U66gbP|hWSuLa zGa<;~57wBj>TM3vBtZAGOw&`VGRRjU7B)Ammie8hFQ&g4&2EfcZI{q^q*H77_T_%*(M&F+f(DP0={chW& zFO0Kt@Q#wSdtjZl)Lync`~Ys#DB{EU1Va8 z5FO*HolX6#7gU%kU9w{Ycyglzo>=>1A2k{~Ve0H<>qbNwu2+J&8cjz&V2OrQDSSXF z4VV*aBlu^XGOcZ-ZcNmeChNgwbynTB8PRFm>`IVSfJwhEh4rSZy38e_RH^jHNh^o* zi&LSH)aF)L>zrfYh0mvk622wUnT0Zu-Bzmv?mJ`00;aM zD$x5UPg>Ns^W>6x-9(VxHR)0chez)@MjtH>6b?)8?lFbn2N+^=+a#l7Bm4@iCF@6>j1l1-SbVKwk5 z-K!B_J&b6(lOg2JEN^e4pGy8pzjD&sJQWX22$LnF#Pr)C*k}KxZMbQuvw( z<1T~6z7^|QHIZd(jd(O!BlG>dseSLr5502#2cnpB&cu;#*D*m3uQNcWrjUAKY2Vj? zC`ycp;16QJTXA4>qexxMEG@>~I3#IUN82wVUzaBuj=cqIZ2~$CydCJ)rs$XyolKiZ z$5flWzM)3Jvm(QE{iT{nhnC^zMMypHANjV*<{D^ic*j(YAjuEA_7ayR)0XelzIbb$ zODF&Xdt?6>CiFVX!00YGJe81)nKP8$j;N~A_6Lpp?X%fkkr~bzT6&6Jj9Qj-+78oe zG*p4{zVu?>BWvOU5jU&a*pdQ}S)e*pn|Y2}?T(9lT9V0{j{5Yxqz{PoI==g&m}8mM z&4*2xqTZ&lRl%^migAC1o3`wQ7+5rwPkkzt__m!Dfbg?1PfP-|0%JX^H1qx`H(VN> zk*unL+4y(fI&)lWAJKVT z19qR2_4pXjj%Xsfhdn0~S{JkBbHD_x&?&hd(}tCyv94vCpvKmJxG|#z`g>@;i@pZ< zUR{+*o2t*JdZ2ZOy0Y~7QOy&*>X&yoNpm?P>MxUMGxyipsOKMp>-vPX5)XirKK$|T z4}i;mihk63%1qw&wp%*edhl~-w@M5y% zt-k|nN~Q?{vaKS_rdnXi&3AWs)cWcDIc_9{QrZP-E9DO+!!5TV9YbQ~w9FoC>q2zyUMf)u_?+}V z4FfJYqt;z#owE@y9SYN=?YGy^unlq?I%P>UC=5dvw~bR%-5^_(;8aw^fzpZ4RlHS1Cy_y%(A=c1B8UVpU#?NO&fw!!@Rb3yj~msUvhQZkN?Xv zZ1PQVfoVpN+RaIixIy!B1JAM~aDjSKW@GJc7^bDP%z@ioTQ2flujf;Zd=oSN&6GPF zXY%w@YM)5(_SlyRuS|rYt2K-|{#W`oXN2F*Yqcs3)+rt-m zj+xDO57qC&gegk$r?)9$3u}VCrc|dqSPOOHK~u6)cvKIQ`AV-d1%{O|Z5su%hIB(k zEB+;_NM>dn=BuYx45~fUirp|Vym6_mb1vjN(&@daY*x(cGce9_#l4vv)nJXOTH`jW z%tn~jkf#M(_Jr-iw+K%CZ5JsNdi?i-q&m-2j^SLWgOKp|xO~6+Z+v&gdOU_WLp4Pg%1OtMpsS)|ZWwBCI%k zau8MEA*o5Xp?N`Kju8yjF+{oG#Z;KDE{IItiknirsAPCxH(P%bKFj{^chsmFFUdwFn5#Oyta7PT z0CYeWu4WT3Xg^%pc8ttVwoZz`GQ~J&7_MQ&0bM#)qo9}s{CWp}GHhE?J?-d+d051K z*2n!(>nFf1ig)rqE`V;={%IoibN|`kpZIMz^jSfnu#7+ky{koR99U>^Uxa~rr zKq)mfrPB5D0REo!XWLYkYQ9RX1S`+?%5G5+TmcdoS;nF_pr zA%Sx?;OnOm2JoU@gcW0`aLcg`%-W^{Q5QK_+cGkXfnD?oGTL90Z5}q5s|1B4ge!y| z2RK|^={A)#7drMB9A~!XZP>Fr741G$dh68{z;^oXTIsp`Aib(R=&p?`3cZ|0$UtpF zRh#?34@NMhArJiHV>g|@Vy3=Pzua#~x@OZV-J)vYg1|ZhKa+9;7F_cfbpGlC3ou|UhptuY$lMfql%g0wmCpXhOo5(qrFm7z@oQn%ENzxds zq&I(Z_qEsDbldIs-22VDZ~w(Vt4sarlaJnU?WM;Zw&$YxJAX!!7Wlb|S>zGZ-9zLH zBHA45tRZ&J#mrPljYdR&Q?z7+`_yke{`6%gMI~^swprIW_lI&_te;fV`F$k zl9o}9;V>!P-<3Gk(Y;aHubsqL_sH4vcR1pxOTYW#3;)%-(yM>{rX=b8y13cUEkP0H zY{yv-5=St8+Yaku)(PVBsAGZ7_ohNR)H^YSPzO>EX*JmanwQ-R4ou!^x83$wnw6J_ zYOxm>h+C!>37=ZcfBpnB^)Wza!vf8O9R&PYUzGAAaJ_r!l+v~kzm4E(I7VNJx@Pe8<2T@6fnt2b5hw$>%_jbkbsKniHs*IvzGlbQkhtViX(SEbdL z!?=YlDN!aU@@~~Gd|nm&R1Ljs_mJZJ?Re&L06`qU;*)n8MF50BiH@xYNBQTLer%yW zv^6YyV^%HRjY}{_x(_JFt^oqGJ|m2yIF6Gzj-n{6lz|1l3!22)fNFv}PTY8wZ$T_V zz^=Nyv#%pb0>1GF2ntNoCBTfQ7IqAZlWGv>HjraB;=Li1E|LDY-EdnV3TM47jRn}` zN0L6yut^<_6CSDnv`LbvXMk7To$S5ZA4SUD(NF7C#8ALQO;Y~2riNy zGr+tOJ5M4md&Zk}sa^Q0G^$a5u~nfnHDo4Y@=0j}lcj4?h77?|gV%oz)C+`h7>?~4 zqd#;6Nq|0+s{QJVz__zNv(*6W+F^yZRk^E_MS2*QOZRVaNxGlUs6Zu+ z_!~OqY>6a^DR0-wmv&CK@iO)L&ziWQ)d{|_ZHrk+51uKlNOdIA7I0smE5bTy`>ayi zoJpHFicF(lF+dPm=d9rFQG%~Y`fRar{A~lW)$(#H=tID+IuzC&QmoMlOa$C1jjS5oRzMVM zuQ@PoTHh!a!Mvd>A+XgEz0A@Z%XBeOlvXAZwh%*pDCu+qgz<(7=5-|oTZcKsAa&KY zgLMY@v&N>{hhY@QQQ+q=)`#T=y2wG2@*LI&h2(l^aP__8{HTK@gs{KaMeR9k z74#S|Qo24!HmKj%Zwj}ADtHP)*0eb8YzPv*;ID%~@;MY8|FeXmu zm2?xK&7WVO5(O~oGbf>Kup3irY{DF@0eu%L71&zi@U>=iRywd)2WC@xt&8AxEy!)( z2>4vu_+UK*08tV^I(^N=VV-;wr}^3^n@RVY9LMm;Cg9P)r1xKiw>p5*Z~{S zHImZfQaP-1!RMS1YZ3GIqq5ClK-vwS9eBTvC9+8=?j4cpj-=NYcCAivxO;B|O-;{& zZLNo3+u*&<#mv)msK7`m!8qrN*{nf8f3Bsqro>=9LyZ!XzyK}va*_eOuPu}SbViL*ZA^h}e^uLWraB+XAn4{Sq`#lLG*UmM!(^i@)Hycl(K>{DuZ zbpTR=wWbJBohb_vO$Elhb?B9w&?ig(>RRn~uM1hP0)=8KauEA#e>qR1iEI)*Rh#c*!t)U1P={uwQYx--qiIX_=(TX(Mv)$DPfvHyWE9&{NzZ6?v z^RmvyL8*|*yIDUzHfH@Dm#o`d(oy$}!*}%T$T8P^_L%EWpjEj$;`X)c-(E_lH-8N*JyzQ-UrEg<@RhRnfjp@{uFhWWvAXOq5(o1L(*iR><4KUWagzsuwpnKnL z2z3W&8E}rk51M*bJE(nMM6-~NZORbF{Inb9OM6#K4c_$5RfTjr^vi!UgNvE1{@AYE ztwlP8*hX-j1b6?YOwuy3jhQX2X8B=Dc|^a@&kNWX0!ZzSOFS$H7^%s(yaz?=Viu_f z^dD^kANB3mmrF~COgcHZO3G%Uq{o@9mGEat(q>s_+aG|vw6`B3(LUeF0R_!6;x+^* zy{11FpknfMw+96Sby6M0znMtZ!RDgmJPkiihd3v`H8jf!O&jw+!fRTtgc%{N`5bL; ztM>Z^^fp96FcV$1>zji@8*-okMRy(mn`jk#}jWBmX)RWlCK4z)T@>u9V-I&a(}rUL9IEvODh&*CP|-3nNz@x<+K(>lYA zT7~iBPX+)4MUzJH$7)&oxxdyhSo-H+pJ5j_o}%06+KTAk5Ss$%j9oP_G$lSOKPPh# zOwlr6Ue5|yNMcy7#W_L$r0B)2;>h*^=<`s~!Jx~4d$q-D(ue9Js0L+^{@BG4jFqm% z$GWvWQ}ulB_G5XRb2cn3{?czKd0FYX6l$$cFiIyj=vCH{*N9(Ou79Vy+ty!w%ZxrR ze3v&4|B%=CLnlzII8)+T58wU;7@1DUkbp3PS=u)*mt{@*cK$iP_d^(=MHF=a@IL|D zsium&5zeiC?9kWbM;cY4D$U8-5FQv$oCH+#SNbvOrVMBpL5Br>hT6P37lIyYPtf(F zX&GEf`t@YlYTH&EGw)eB-v{WXG=3eySpj7VPXSf#Np{-}>M9k6*KkCKjITmy>+#)SsG>lIu#y6{J z1#5>xqT4Anov8Gxf}YMYy=N8pv<8DqM>XnMOnd%9^(QeDqda*lzD9jOu>e@06vwf1 zQR!GIb>)UaM=Nh`dX@qlBXuzO0vM}+i5gXd_RWYMu2%bz>#n5$Nn`(HXxkvxHG!)H z^h|z`w*_4bzxS#PY5Di7OCHjKvDymybbd|=vO>N6N)qqx$DbNPEa}F1GybEg8?$>u z>gpHHI#+>06jgjl^IHHNv0-oBQQL>EMXKUld6cI7;2KUiIxfX_ZUA4|8uUO4qFZN6 z+m2(AdWhS@A#E5SHS=u-4mWKwWAc34k0`G4W?hv|1Hd>P4Dm>>;*}hkz+vGh7OMEp9OSD*N*XVQ(iGLhIh65&60rw|J6|nhmUFj z5c)qcQ6+KC1OdlLIvgt2*(4^B_TV5vWL=U3lvy*1ftp(f)%OF4W#-i+l_7(w&1-8l zAZ)0h=h6yWMW`jRQSZ*V3YRO+C2c_x=SEU}A%h65a}nQ=RBY$GV}R}vH5PCE7Hd?_ zl7AE=&PG`vW}S;ztTISDfWAw`1P%FXEn+sDb0T3lq`N?*IX#;0PmKv~la_V6AorW1Wf0<;WNl z_yx~eOqr;4Ma|8GFKiJalWV#1lfR2`d!kkKtAH&vjlF$m@U?-rjCTjDtr7OnhnFaD}5!0JL+1BufAG*D&TN&^amf(y)gh zHn~ye)tD{w46OM&z;gYdhLM(5Y~9&yKb(A2cZo4}}a@=ucZ8THnA zigeQ{Zt}RG{{VjA1#@%xZUucF`0*=}*G+8S%1$JWg$YUzTlKky0l-vEhoe6EwJ%8j z91ZBh=`-ALsmEX9eTvZK>15`FZPZxHsL@D#O$_;oS&syJ1M5@WAR$OKk%C__StnREUG7g4{1D!b2bc;4W^UUxro_* zV6n6oknUAq3T+q$ORL@y9IfN)9$IF@tEHEC=!CvU2f`7@8_mceKv~PwKrJ&DlT1n{ ziT_%aaN|%sYn_F`(qOLl6Gba=z;?d`J|n5rxRvldP|LJNr$Z$y!Y;}*aR9W(Ir<58 zQ>|ok+dC#nZZf+qy5mu{u(XPJj~gZQY6*uuM0NzkoD=(TKX1q_qN z9dah4_A2qDc0yz~uX99R!i}U*@o4YLXIiIM-$I2W)|BY;3sCzN2fzjwsdPG!16fP*x( zp>xGK$10h07nnGRBOAj{#bpQPgKcZGlK8-y)uz$XzulHW*L8*@U9?mEECtN_zW!NpG)w#IvB{EbL1P@N;dMBXL`Yv|yZmM}a~C zUeP{?oj(G+DUOvFx{&7N{d40UF;U5%vB5h_t8^o-rGRA2XNY#SkkTE)jrvj=#L5*sE_jVZ{^EJaac*}SNB+5 zn2j)(K3U~ev^0NR+Ji<2#a39PS-_OX@6;89&beaYbbZ#9S|B|EgU5uqc>;}dE9+EL zCwyjTwVAlWLhXu`W`Bz}#CUB5n_UG@>5E`Dl{U@yXyTj;$B*=|?hZA)(8NIyM6nlJ zV4b9I&F+q2;Bx6vK>D84LETi+*ceygF0I)0YtmZ)x)81uFhz@Zm!?-8lF9Xt_%`@e z(r32RrUWHO219;qcZ=|?VR~j3Z+~0BGt2m4+5uipb;FxYk|_qQh+$0~k2YqqG@Tp} zBj86`b^bu@?7!OLCb%FSUs`1o`8FMItxX(&K1(Z;ZX#gtnbomk;{db?=$z)_WK@|k z89=LnS(*<&`8TkIx<(%R4?U2IARAaHeHv3`u)HNLI#HU8@fdj}X*sB%hAw9gF^M6H z2MzL(F`5Tjin6vLV@xZ|w51aZ8s97olOzH?kc(3or#*mG+WwZu1+3Agtb7=D*1lM{ zQ#|O#cR8>M4LCq0_k)fv>R}UMuDF7qXU4In&(eW ziSzZC)Rn1qh8;R<(7$v;hA^1cq8rWf!~m0fV82mrEJ@}3nD`q1Q8fQ#u zf~*-dGEe_<&IB&is2h?CDvKkp@G~-Ye&DB%rrUMSL$EB}efy;Rgl2K?++J(~iA|K* z<2X(N_@1OMK@}v+PX#e?g_)xW*hJl++iL3e`Z~TBW}3EU;JhkXF@{K50^tS;J+;(2 zDnyJu8gvo7F&ZB=PgO4*umcRSt@`=$a}ZLN7b&z%uSTWuQ5-=Ml{o)C7zSDjL{Z7+ znh{{$KmETu?#Z+#fL}|u9k-@7j;apQX~W{I&kHl$AWmCUuJgVs^=|dV=g`_X8V0ep z0;DCt>{OmJ;+LX2rrjh_5qdv8sEXFv{`mA&Gc>FZexhBGRy-n)lf^j5&NTe%OklA-(5vuQzc;3InRL))N~f-VI{dfwW65)(AZ-qft?RID z$m9*Bit>d-n??9rHQ%usZP;p}% zX%mQIq9iWE4jza%)>&6c2NOaN0*fA9mM%%FoWr)}6&Q3M3&a{P5p1$}q+1hmL!NE_ zH6F$vHCsTy((y1waN;#Z4wAGxbnG*EhzDZK+mf#8E;34z^dD{DV|>(HDR$0vguw<# z?disb@1KuX`A^a`=#D>}gMBal8^Q{74uO&> zjrhjd3wzT|x->h0gE|g*XRsYUYSN5pGp5g&K4r$j&K8Aumn3ZdaT3$YKGa>4wPlXc zd0Xx+jVFyb18qrp+d+9$+Qg)-cmz=t7AX4!tWXHxSV_{EaLIu`R`b-2{=l_Nu6Li; z*+o#vB4F#^@2(r`km=@g>GE?ndHfA`#9ck0j~i}~Kz(q(q+0O)Qw#M&*h z4+#VTJvt0vbR9>(GI9)QH{V-=xzg)wuhDEk?xt~5CrlAcs*!hH2Yu2?u6VP}{Ak;# zSCk^I(k&s}Ds3@dpMht$1od)(rVvLA>ddoRO$Cs?0t+EnpGdn-PAzy&chl~* zeB=mtVl`_&Qms-Cxwbn$YQzM_Sj#YtjBM7mC1B+oNK z^MZn3qqw4ba?(*=d_nNX&=4>p>s9~n5xbi zWtz1b6-Qecz(9j14|x+vMyk6L6n50QWzB(rujq(JIj;CVBzIO zGCGyr0ByGFC%S-#-l*x*+KBO|cER`yZaRy8=YT}al|BYss}U;>J z$hi8ck<}#kBRZJbnop7OGJO5o&kGo13`O*!6P`?5ae? z67cWkM2XMMO3BlIyZ)~}Oh0?qGE`sOQeTJi-+eBbSnF)Wi1&Q` zwUG3qc*R8@111fpLf^YFFz!RZI28y=$tW^nw{2ob#%y=;6^nQbuD@EqaUH;Ir@-Jn zkKAfdXgJ{&^oo|wV^mL+m|Wqvdf@&jfT#d>3C;FFgRkjWV2QMgPmBZS$CZ~7=d4ST ze!I$(X#Ipn=*TciJKc4NCfAXSwv_` z1aTBbreBg_=5vA~U4I#vz4z!^5K)ZcBpvMJY;Fv+VWdQuN&4~Q5kIQ!U{)U)L)bWHW4`($n65Fi9Mm)jV|e{rR@C$b6j9`W{GCFcyE5x=IB5B1HnhF#FFfX$n}76+-#`BN&-ITi{W~zKBF7O^N5F`2@UqVP~Ce*by#8f-(>77gry z#qSw7XU(}+vjzJP{oE`P7Xw@9+Q%QgW}nShPoLn;&w#G(VK6Ay-IWwzaTgG2FF;Q~ zF@;H{$oh(hrsnZF+sw&o@RtQ&J3Ldmm2#f+oRk=4K}T}QDg0n&Y8e_a$dGTz=`yHr z=$pNRuG*(!oJ(NG6DmyWqq9(ml76Lg>!(xO%0spF`^)Eb=jJPy&Y3!~n+cjWY|g?( zixw_gykzmhMT_Q5o!FVwA!gP&7Y9jP-lZ2{`iDdG;K2VoWgziwyjH zFG=M6-PfVctc{jvqZ64$>9Ub?&c$)(Ni!h;e z?NiWl+BAmAK!u?f&CJXBG|vU=&jQz`YUDoN*)IFc{4!^h3qfw|a+@Z@Byi5fqlU)W z%l@OMdlV3bCHTSpz?couj#h{@?0Xs{L^CoEvPUV^i44eLb z&!7EHfjs)%)!#-3K?Lt_2K#A{ z&IC;)4!KX;=!06=X}xy(h9e})&Km1JC0!Ja-C+Vo649SK(xvi+b2v}?um1c8+XO9U z0yt|U;sKEN{_R+joc#f_C|~wPW=a~)Jx6lfN6Jw2Sad#UNeHXQkZ`E@v64Su_7m$@VLaY&U{6?Q^GNwGbUc5MebN{wb{jv?*Z((&rlR z5n7V08Zjz*-}azPVx3DWLxB}zF}niW)^LVpSimH~QnQ`Pe)Y%7X<(n1cg z()c$f8W%y|5fn-c`(F)nczq>QN-3t3q}Y+Ot>;$w$c&tzYy=~su$d%dBH$B}Dj8p= zMGRv5yRppPRW5$gpADM^IF(d**hTb7Pd1FfYdx^RHn?QxT*M4z1ng|wN3n@66Bh#P zS04Y&g~uPf-}>FxZ?ox^o6ep(aiEDBoV>}!wg`~3O&jZY?QiX8HVaA5W|Q+*KI zkx>zv=5m<`7QOd(eO4_X*}6QTADfo~N@FBQtSS33g;6a4jTJyn->4*aQ4h|#cjK}eyzj>YK)W7I-XKg<~V(u zde!+P4 z-V z&((cd+oAPdaMwTAui?G#N_tQFx^((c+b*6lYG}{E!6t~Jc-R2nvrj8E`Uv1>e@Z9A zzW2%l-;i`}eLc*^aD~nW9o;09-QM~(L?p)JN^x9_=X#+v->C)&fqq z&eo<4<~BwGGhqq9>dpOc-}vz%^`krz7^}BB;55}-U~5UTCXKq<>UIyNR1OHizG|4E z1kSz?qzWyjm-U-jRfDodW>0;fW=fQF8W5Q%d|8sN2Zk#~w?P1lrG2E2LxX~YbuKaa z1)Nx`0P*O-=_gCJA{(ySXnS+og8OPSzr30QL%|FiG@f!kK!Ni-M?{!V zi~(xp%C;4q4At!Qx{a58Zwy{&EnV^DXbGVS2y_}SPun-n$H}O-(RI>nV9{TIj%9!U zZUnd7MG#e(Bxz8cpbfPhk^LJC)6!1q7VT%GL%C2-Y4?2Vs)^zAIuwBY)m0y~HDrJN zE|1|V@sbYaC2gio3ZQL(Etb+k7^k&^WR122Mox@dL-U!lt_=Hq>W(_$?R4+}(ECvj z$7!1}8cb+HVjWGZ&aRv+T}g^O4FG8mJp~`TpD3nFmkicy^3Xml;?x8f2j|=$t=kHA zUmy+5t!@lsr9LRYFt66X=%Eq)c2KvWHW{`OSL~u~B`qL~Lq7Iy%6{l?b@T57(xyz& zcd#w3QpP$ckCFcNI5N!kbzkZ2LVr&#y z6BVcqd9g7pmqtOH#3kPmIOms=*5_q)`a>J*m`pfTKKphx#c#`n&`)qBrxtz+6!W1lMt&d0GRpg(7d(GO-F0_ zawcPj#qj#P-je|{7$WB)PV8Tgtl5|QKy`!7DO-Lgt zM*$G~8C^+YolD$=ZN4mNRKcdR$-JO@2=t8vN?{lTL1Ih{H$MSk$l=nH2QMF#Z|JSP zwTa^Z7&!od{l3x|0~ZU>Gm%1+7~^a!K+?8dqXdFu^y9Adu1&zL0tV|vX6gfJQkc)H z8+%Co^Rd-A#2DvF6SiiK0A9FmfL7?*6Eo`eL$=A$#>E;5Fpp zr?Q(h~*B4=f_Vpfth|h zGS2nWIaAF%O%YDlzb8W4K^-$*lL6`9jMbd_P|Dgip=TTwBgRPQVQj)U^`Ke6gS#+P z5StP|x`)WwGDqqH-IAl3mkF!1Zkr>dzb}A5UjyFJ3lxlv81;?wD#V8Ach1V%yA1!w zk5U-Lagrp7F-ejb6S928lnGP3=_}|z*mLhtwqZqv4N5sKR=DQ5Bg4+s(~bB zI9k!&PXW7bL9YrB#jFvriCLvCwpNM&JLiJZVfq+h5|xVulhq}hv*xOyP=EnL;WkMS z227E37(vK1Nlzs>=Ulw=mu`Gn`pJo#&mPmb)R9SyjicDwI4%?`QS0>{qW{~+q;hTd z+J0QTiD0u=v=_ul6_Vx#0Yf#DpGqH2S>i2+6;}H{dnI^t3cxv|h++m`tzVbb3qg^Q zzl32nV1&w*7<2*$_z5UpNx1X1@6FUKipk*NJz25PTiLR)&YGxP=K9?(^JjFP&{Gfw zut4g?IcLoy|F^}t>yro0A7jGAc61FKHGbBvcT8f&gdszEy2nhJv1H5b)-E1&>RVws z3~drc75HCFt(eDZ3$r2 zGl{#;({#@Ljdz6!yGpNVIhXh)nf(P$P#2&vgdkmY^;C#HcEZ+Ehg%o++?t?c=(tJJ zC@Mrr5{FS@Otk`MLO4S(XgPpR1IiU3jx+jh8u#`s-s|`a@A~Q;*L?W2Q%^hf)Kfot z+6hPQv)$Tlx7~K@t#{sTr_B~E-|Wn1n%8?p<8Ge!aPEt{<~Hs2*t+)P@M?|RjQy4_ zH+4!E20U5J7UHPXYH&mA63bGV6DgIxrZ}-gY z_uOpB+?kWc3?CGMNlX&wsLc!hocrCcZAl@Fqe`Jr3X{ZEd(P>%DrN#YAJ$oML#-#| zLsdp|>+#37o*v-G57DPi&bo)`-H_M{5KV@$ItsWzUvh+Tz^z9RM{u=1z3CN`m~hPg z+xC==slX48_9(}TfaVik|CV}yf=lHGT*8c>!zk^N61o3GY^4>IGEJp^TZ8&47p19S;oDdoy5wx2Ar6@f6V zlP7T$$5EV^oZJlP)vI*`z*4`wYc~hD@kESG7`4rWtZWx-TMNwm?VGc!-8WTt z7jl>S5fpAb1MEH($0NV#B`Ox-VKF=%UgE5?G3>4FN$b)H&tDIfD2h`H4FuK%Y$@od zFj4v$XG@?3{Cw-K`=9wVF#nZ3@GpgLCTGSzYeqo3wgTIh_v)I3L+gHr;aa|#N84T& z;L_U0H?JTz5f@1sMbKJsAdhsL3c;4|YP*~eQ}ss-(H!D7T>WO=7@yRCbqf@&OX32v z#8Qo{&529kAnlz}3zOjZUOx-SrqW`GbuJFRFU@zatbsTGI;m^>m4X+4{HrtBYNr|d zvBRa)J|Ti6W@H!e=6$tFS&Otb7keh)+CnE=*&@ZUA17JB%mz-#hcvBtVgZWz0*!k!6{wEWNk<#gxoE@_Lr zH%tmF(qqPhLIpTdE>FvL&RMhOgzFxirGr2_0Xu&SzU-l{-KWM{#QqmU0plmv4TeIg z5*gbD4b8q&uGg~O7(-&1rc|(ptu@}qDsKzE^BiFe+8p$9?&fH*<&qdCc`>c#x?o&n zyv8*Pm(+h5ckfzAJ31ry=zdjRg<--y-73JfQPxsuMORPYUp#e^uopZ5yvx8KTD^an(U{aW1H9 znkQ{TSf+DH#hfw~j=E9Q0Uh@aCmNPi$~?If+5fMYd5l4Ai|6@a=yS$Dn!x+c{ohqkd=5i@i!r7)nfx=2mv*E#31uDZG^K$*@V-aF~HpUa}Y z`onAn7-J*rY&dl|i}jtimb3T@U>8|>bQB-a3Vy|kC)n~utpdUl{X_{7d#D1_v~xXs zt)W|`(KV4grfHOtgiSR7n5J(J0S^2)##Z>Vq(S+Zs-d^S0Eg=L)qcYu2&14Jl+&E& zGrD9fdXTbdJ=rvi#Nq(<(iq4rkC612hu@Q=fBjeb`}5!b#y6hV z3$IGje?QQl9yweZkyT#uEWOkz21Q`_ZuI;b&_YnmuG-z}4BCFnL@DmLTCV5#3TXgS zNnE?>LYcZ6^evik{GL!!Z~S}Eri{3PiJG+K13~Myi;S6iLOLEMaxP-*S2m-cZO~>c zTSIxaDVDA;WtPX@Gk@^(Su>{3o;zdZuKVt>_o0WK^^sG~J#6=dlSlV<+W@wZfkI?k znJeSY8_E3pnI$&=HE{R8L7hn2oyH1L8%}tE6I96}mcaYOtfpk@$oamj)kI004*w3^ zWM(|iNKN2Vz~}Vz5D1L1tx@Q3@Pi}qV%ENhD*bCnL&eZ;uo}AoS7`Ir-`JW6TAPn4 z+P!(?Y4-NfKuzcOx*d6<#Yj1xk{*BoEo`-IH8Ch{<20UZ7rd&DOt}qGig{~7Ylol7 z_v`}~&EawFvnNMB@KId}L2hl#0YA;9RkpRB1J7bR&imwaAy>FdHX4Xg@X#_9r^_FzOEJ^|V^IX_>c8#rTH+01oew&TH zH1GxKK@Zf&aN6rbD;u~iL)=}0&A)orLEN^QQJM$mZ$TRxU=jg3#^W9L3Z${Ad9eM} zxvlM=#LmOrD1aTFzjgu) z)0wSjNLpuMzbdF$lpge)g|cmp_t@4w8LnOHxvlXWYzTT?^Xn)O&W0Q+{pu4hOZhQ- zB@WW&KX|#?-f4;e#+rx$>ZZp6Q~HSF3b#JY|7FINO+XK%{-wlPJ*HKDsw8@gZ0coF zY8)8fN-ruR3V_9$)na+AH|Gm=I0NRcKJkiATbwj@f^_)8L2>I;uThGsb^WYiK0BG2 zzeoJ^IqHsIOvizKaQZfRlV9XWNxvJGlBN^7cR1(Fm;m7Fhf_-2zaa{ktzu3~sy`Q- z8KW*8lD;k+C9Q+d*?^TA3yE{4R4l=?zdSvtjx3dxE9#JnFbLsH4akf`V;~(-EA@=@ zdw8~_&8f3K8|ls3e2`MLu9p5#&kD2#-Vtnn`>>ts_F#o${{XvaGfc*#mIPfBAk+v- zMUZ+ag_JeE0i0=biB%+dnilv+8N&CxHjho5;QTiBNpVmAoQB-zc1U>usi!fas@Ts4toqkVJ2rGQ!8zi>v99NrXmHW3`sVN@# z1-#lF#Sruc#3lya!vOt&SX%(+Xiz#pH*wS8iFCYj9*WafC>iHWtJSDg+&#o(;s9Ei zk`|OgyK$R3UEZC)3yc@!t=ARm(AytKudmOe9yS_r-H!V|`PHS05;SdQ3wfABfi)Q_RQTRxd?1**8S{X%FJ+# zJ$EQyxXe`=f>Zy|Gp1)LJaw7>YG+AnVN(Imf53%LP>PCZCrq02#7H^~=QA4cLw zq-+FV-ZoB}$~vqQlf>n&PMZgn!a}*K-&%JeaTJy-MJDSXTEn1JoB1!>^S@nyS5JgV zU36(Aam-cUB5Bh5s4IKg`orv3DCm_Wowl+s@N$@=2~ETn@}n+!I%C@|uf+9SmS>DMcaUHVTM9;9cIVek@_uTv1O0@R3>Xs%hcb#Q4NgOAp&U9L@=58wR zJL!vX(?ws7e}yUa!AYN20<2+$fRCe9W) zTrpu%;O0MoxNU@`)b zj?kX{^154Q-L9$WwLk5v^bdx=I)PFY!caf>6>bw}RpTF9;>B}`tcxP&oE^0FAk+R? z)%Bve1ir4wvxf{GGBD2BfJ0OvND4eCwijL+TxMn%O(LvI z3hbvT{)G(N=^G7w0vl2VP2fd=cBu`Kux*pjrk~KdhTg^xSU<&aJP`j<0*V1_tu6Go zYT{w&`RS%LoHJ_fJ8eDc*(62KJ2e^f6`DloH8J**qml${Cv(=FNV8z60$_;t;)$22 zz+#oL>H}tI5fzA~$;38Jjdbj#S^utawGLfN147ngTKTobL70WOf&fRtNBu=ch@UNtgso)lyG0H4zNa>sjt(6UN`) z74%OZPrdE$lpmY0u{OdwZ2$e_Spg&nfDiS-?!N|o7Y@ChwR#auS`5y|ElJ1Vj*gAs z@8nXI!S~JuzAlsT4j5e(RJWkJAc_lcv9v9uu>;U2ZRuO~mGP2%MDbCr(Nu!C#La@j zo+G>YIoo2R0Z^EJqzX4(RY0AD}A}tE6=aBEe|H`5aGHlzTneP06hn% z{sMY6in#)5bDVXiQf?S!U>iE#TlN9x&x*(E&>P-JI_vnD7Nt<84Oypg6q68^d4?tF zlrHX+hWb45oA8O+@`gHMjw)Ud>nG4D0R!g2i8;WtRdZnd-5dD1D9BGhd|Q$RH|ZDm zLmS66(w|x^HQ)R%ll2><%@=D9@U17{-G^?!ozAE&e$d%s zZ`2ggsnc1ni2&c$QZCYBHt;uXZEqt@FvZmjuYQ%!-uMG)7kPHzNOdw;>VsC4>;D_9 zWUX_q!miSGdV-obc9aWY6Zp(_QIf!|g3!6x*P)NnG>{JVn%4Lx@-4IwbUxaILJ~3G z>!3+Irg^Zb%0x*Bz3G;G+wV|K1h1(8M{)1tRO z;p<=G?%jCc0I-n6@YudUsa0ia142)2);!KS@WR%=VaibTGl_GFzuD2f0GkX39RRT= z5cn{6h_=v=AWlLK^;Tpjd4|C$f=Us-rnI>&iV|a!N_ug*$rGu0{-3Ax!@UYvr!~xz zdJCzgj*AU&K|^Vp7UF1Cifi?R?D{wE{C2JA7P0kTX)0UW{$y8L0N!=KQXxKbU!Q*4 zmaou}`nVL6E_3>gL{%X1F+VyD;-uia0`)xztPS~G*7WYX{XBVu_w=9jXJ&RA7&^e; z>gZ`>dWH>wOrds$Rzqw|=%1_|#9`8>9`kd4p2E$wjm6=rb*DribP7R;$uAfPbf>;&hsJ@Vo{vItbWG>hw>gL;H{h3dzK^JD#@( zf%R#KpNMP&Kt}=mLp2!RFj9wSRo)8BOe2worq|};Xu{84kUj<}Nn@HiD90hi7$RdT z{A&+7G6{*e0Azg(wyyAG+h;Y^Hr-O4@@qeMfHjQM#0L7APYufv9HE%Rk953F*%B1e z;acZvJlE=eHdhFK8hS@6>aa{-*PT8Z2-$xtfR3(oy52xtNH$+m3jj23H;qV7ZVln{ z(EJtJJ8v;l<$qh>_3g(j^h&ezA)vIkUV)!J0VSOD+knJG+_@heS!j5Rw70Dn?QX#k zsl7)>-UCF@xRt$mkB|_=rnMC@Y^ok?D^nhUeoir~hh}667jUm)Kvx1UiI+YA(7Axt zZkBEATgVnEt-T$GC$em=2~6BhDS_n+iqxuWPF=y^V6$77g!>iJr!?Ep9sK#J$(k7G>Lm_c43O=#J zseY!AbFL6Y71x*c`?SD>Ia-#M5Np6JrJdlh7v;%jpN*5&5%^Bb0Y>wH$yxxrXbQ!s1oujp=)Kwu#a4k? zy<>xNseJN!W}Z15_7cFu+n~|J30ECVb>HlDTL-hA)3BgT_S*nL7CQ8<2?^#*qLeU5 zUQCSGgdM9A7_L9grn}gXp!iRN5vv2+1|`)i>458q;o7WP0*IOT)vZVplSE|I(FuBI zU%d`}S^;b(=}WV=8El<(HtpUn<<5TM!?ing;+&aWsI&wqB?K@tRlWJUE|5P3uPngi zrwz6!z>U)l>3GEwAC)u~_}9yRu#TpXB=H5y%T*@NWa(KL-xarE4K*@Xj(O~7nnZkz zGy?d}Z(dTLmsg54fq_WUYuRwO#`w6@`d}oLn-rxjOd(rn7*Y1_F%&vdp4wdX5kzpV z^jV-w2S7=`;xp0(E_GK)9LJ`54DJCxEg+pKbFk1!z=tJ65duG!@)H`$ancbmR@*_P z6qp9gAzSe{G}!B!0RzIsL{WW4ogdSe4|vMcG%`#0LM~TB ze4n)>+;lpTv1!Y8f#R{Fe07fr6KmZvIl-~<+TJ4!Rix-Rq08Z8lAurk{Rb%MB#^Wl ztk$Hef}gcbNpUoF6eZwZEhS9p*r9PYW{E6xTrfIqQ_n8BbD%#fv$2hsPHX%jhPhh7 zIPITxt}$DOT&X7r&ei|?H^xScI~ph#@}e2GeV)=afK(I11-zqrO}p%~j-e@EIE2V} z{nqi1NBJoafB%1tA(zMw8>B=$?9_ZVdpl&GED)ijxMDQy%T*+y9)^j*86j zf^v(*UXsRgqX*H7`nccO66kyId#}Hh4rZm{M8x1x8_;p&XYCny=}+CnCcm2uaH6Ei zjVZE;auU4tw;6Go7D5rzX8^Orb`R_^R$cQI9pSTWp1{!L;TkmW$FT zLhF)LlLvf^7@~ zlhW093<=uOX*PlbZ3rY_q)zk4z<6*!N?X@_kMwB(CkSBZk^7W@mlW~7c6(eqWY5Lp zBXKq@5NFE{O1DKi|e_W7bNCLNT`1nYb9{5?;gK z6xH^6OeFxi#;iN$(r@2#*7h@cY7>>+ZVT_+b&W0>k^pfbiX+f%9~;M_W3JIj42EGh zKSm4V9`wf&YcuLJw|`4qs9j-KjrMalEvM@SD%OJThGG=Ll2MdARv%?-sy#G~y(Mk$ zaeC`{4h-t91VFLG7+p1+;nHl~%><Iw9B=-sN!c+`2#{wYa|33@Ko5u}n0 z7R>%Q40-}ny_>=TBZ++4Sr|Hb-G@JS%KFnzUAub8_>r9ffW2MPdrThBo&SL0yGlI( z`@grtP@TbeiH=54)wC^`HY0p3H+h8x*+KXAvD~}WAdGV{r)mtwSsPJ`LdIz_k#p80 ziHR974VbnBn3qx)afT7v8JIB`m?Yr)qifIgz3(S?y8R*4c0uGSYf_0A3 z&mnC!12)?lrs{z)XnsoA^#DKmNXvb-m57v_4y&d)V1LTN;%#fTrUm4IqL}4t-4Jb zfwdvbl#U;j7_3|?q2+as#4TFV)7ApKX%!YNj?6G zhdl$pAdSbEIE-R~Bp5Qh6nXG22d(`-&dxKyuBu-9zteVGYfsH&(q>X7$xM1rNJs%g z38Vm_NJo$+(ve<7r3q0$L{yrnD4-x11O!pRfFPm>UhV}!uz-SGR4k~-eclgi?{oI4 z6W{p)gvlvuuk~O5@|0@8SK~UzwyN9nfiIocxX@7G;00mqcAd=SsQ33=-4)Q zn1A+@q-`FxHDwWGqeUJ@Oi2d16ZKuj>pG%D^J`ma%P81KyE5l->7NVS3s)5c^lQu4 z+c2?>14?;jozv$RBNIhYSjpq*mXqFVhz`d6*Qm#Mf2c&Nhg% z4f~}AjI;wqTPKL0nbmXModhkxW>|WaXTC@>JJVkb13!#R6*H=ZSa}qrJ-6Pe@Q3%fFEX#FH_WU&2f0fvh-NsDg9)F!;OW;7~{~1cFgn-UVGc=>lcpl zsTq?*?K9{7aS~fK;%muMtIpNj`(j!XRl0+~HhYN#{7<(!Ss=JXnnx+`)fZZ}F*l|T z2@9+A0)&2-bi?@a>XsoG(;kxkX9&nw5(%&C(On+e00d0@=j_FNcEa)_DEY?5Bg(+r z$OjlX?}#sc@!|t!^>?{JgnP*0h@+$*wwIg0URx9fq(bfEP=;ysIpkWFugme)~>L|FPN;0-}j)j)Sq&1{YA}3TTtA zb^q$4Pde=VyN-=R!1tMAX&W1N_r!TRkJ_v$%)a`~7l7_T?1;d4VWRc5HESF9twTh0)sB z1nl<6qzRF|1DN&JmG6$vf{1)S3_NC@=o&C1=f3#6(~mxIs2d>PHZ~qw z-*x5k(n6`97dhBDpw84FjOxkAk2j>u+6FFNwiU9kfeLBkze^m4%+mjigz@7{dOa4{ zT>_6&wsdW^OjYgG%T=lb-eQ=!2`L^XX)RC)B4bS$;Pu%k45H3Bj$^N=qj%(Xv2kU^ z9wZJ%S%9mLaWB}($bs?8Pq^-m>kpgWYaoa_?XvMOwF|DgMavoNK-vYO&#Zt$?;A=Z zO%*_^4b1SP?XB46O#%>c90!cQ?HBjn^!b$;QI{`EkmICByKU3fxQ!d8k?tP_(9ijT zRsqM}Fg0^eI9~XS-$>sY2Y6v*0zdLA-#u#E8Q5DRwwYd;%}1PgY2Pf6?kNE?G#zqK z>>RuJy}Rwb%g~693fbyT|hfzG*E1LjGVE|s?BVi@^ft9L)ua2rFxc-M9v||d3F*{N z@hc;PDCIb(dpnm={%}6FVDwEsHD)gcy2nh|`<(N? zv}w1#u}*^_ ztqBxTilHqMRP|ni9S=z9qK(w2LqPAO1wm(8BpVYF#MY-INt)HbF5BiA_uxP0;e~mu zLuq&(ZPJBrYZg)M-E6}Wu;8Ei=WOtTTEPcX?4f_bq(5KG=m&a76=0`ru*Qa_%|x~h zTZe{-fE>Zd!5Kpb9{o$*yiISWcHHCoeiCWCoc>C;z5}NUawR$gN{+e}1mH(e3aF~a zqMo3cr|HMwq|0FA4E)&IA_quQ2#k%qQfQ3jFipTT!#Nn>dgt^0Hk>5EmUZqUt{7GF zK^nm#Jzs`t`{fuNutCpClPSS*(nu#o!6r$kmAx;DS^TjHfc^)il|Wc~%LK&&`KX-{ zhj$Z2CTc5R9X@<qh}oP++VIcci(wq3RRN2v4v-pD7-!D>dGw+ z?f@`$9C&$p%UXpQeB1UA>I|5s9tVtfvK7Z_@Oue8F$cMz$ZyhCdA)vbl!HyuesH&b z!s$9wYd@P>z-T+*Qv#0BS!ED?&v-*ed*nzEJAqCi2Y=Ok@NLA0q-E^TOUdn>pnr6g zu9=NWV6K#QPy0Q#8ub=MQAb~U_6D%A?K=7!T52*8&kqe_?RgvB4bVe{9{ zKX}FXjW&JHLnK#2*k!|=FX@2i%9i;BQ8(z?nPs}T*YL95xg*ejhns_YbGbCcTPjO(&4g*I}H ze7|?X4rgC~>jPi>!0g^6guGX9vuJZebI*Y%cMx#HWeE~;qadHtkA2S58tjrw#2hCf4E#X3psD%}eIr5Q-lOVR{NCEly650-8K z=lyDP-sGuECXhDLAN&OE-tt zBWWfuVga!4YG6b^T%hGY(D$HZBG^m1B29}!Ylv^!VQ|S%(HPKg>2Zc8VHB08nk*fH zX|n+1d$UJ?mXw7t%OSvr+_lmJLjYcAZRPd0}j=kKJJrtEBtB9A{dA#;5;_x{a$80MjHLQmKkEyEO8Efg2@# zBnP={t&!<|W{70ny>_t2u3j8PkS-#EnUdV4_9=kADQvhDnPr(|_ZD zd`*}^w%*Fw*3{vycPrhkPhy;XZ;;@-oG^rbVzLUqQIXY(@kRi=A#di43bv_gnN5%b zmPz`&?-Gd$M4CcaE1Bi$@{zr^EiTcaTVD*9En|^xf^guuHrU)p4Vb|BI2|oV*VX%Q z&TW?oxa3mMF@XL6BOVx8h>D|cJYb-sJ&0qQXRUSw!pP%*cc53Nf)>I=jRAhY1|o&P zIL!zCGznK$SlhI%W^G-|#%8z>FK0vMyw$<DSY?4D4=5fiX(_3SLVoOz zw2>Lkqc1WIj+c!9d)-|9b-sYB|1rc&-Eqo))w29-97l0)XyZ8K(;^v=c6vp(ypps5 z_|jUEZbms`C(s)M+KXZ@F#Q9tS}}#*J9@|$#+)MQ!vL$Fb>tUnnw24`7=41*D)*7< z-TX?$Qdz{RVV62P@Jt94ITrj?+QcSDR}bSj&gJX6n~`5gWUroT51g0%v--CrL(d@P zX=vU2(c|P%LvU082d;%ST`=WEc4#lvk$EnM+MrS1IeL3337J?v%!YC{f3{7yS?1%edE5xhJB|r3ZXZc!p^WI!&qQEQV za|JIjjXTfHbaFDMAZcHk%z!f=bazKlbi)Vza#Oofn?)s{?~%WB`3Wu^4*Z!Wq5orO z1SEFAag8N$G%E4Ti8|YhIfDPzg85QMv0<~@21u8aPDNR`GD(vPUUc}LUNy)w@rN(@ zUIExREt^~wJ&zy^y+WF6&AFkiSWUbtvk-NTs{pL=;N!JkInh=V)|%)q+Q5AUJqsnN z!^`XYjGtbpzhj-ya-4nA|0`+SDN^Dt9GJRZcUVp=qSyp5j%)OUA2dN}F#0$9R-8M+ zqO~RrBNN;907gn~#T9xLa;3eFk4@wUJfYq+##uiI%Ft(1*6;TU9>A4Pk4LwjDe0-X^`5YG zA<6(tQP z;9IvjBfodjp;}ppZERf$8`OPOzM?yw65*o)#(i4S%_FEtH8;ZL#c^yRpe>Wf4L>Ps zIK*UENiT1H_@OOZe(>PKzx!Qd8?wLr?e#bGm*4)cq?^*JEwf0VEBYnr+A-WEy>i_i z`%3Hivf#gTDM&T2@8(5o3wTS!QIggZ*9LeN)k=ih>3HVd#69C06l6Lhf1zrni$1qd%tn0?K>6{k^K@fyd6orBB z`Cg&qg<(|2NY+p()4a*a8$=0CJi76%J>i3TdQ#Sbq6uq#tAH>jit3(E$Kw7{j=n$Z zH7!c<4N;T=%>pMg;+ip~>!(SxfPLXWN$<`F3Srzd{#W&jtJoN}(eoc(ST;y{U8Nul zN+pvFRKpV0CQrmQ95G{THGjrkHmOLnsZM9D9p=on;B43YQP893z#)xiC3DiSEP`(% z&`xw{+j8El8N8|vpz8ohvw?iQP@ZiLYs&t#H2`x|z^M&hgtoh+7ZM<7R~Q)+g~kM( zVRbK%xJJOtnEDSE1x3#*m8y;O8s!GVqg-tB?`~&Jgxz0#eCKlL%8h#R*}2L32Fwxs zL+m`;eWd{@Q4j)lO|(WllYyiSo0pf5dZ`Ll5H})^)%+ogr9Gt&0Z|zOn&W8As=_|j z41;{ihVYg5v`x^2wgHOL4hQqJP48;!mB0-wPJJ&yY-5M_n}dnt*ymC)LDP_QQaixd z$Cf#>g22%wrM;nEZ#D4Rnp)qLv)`G}lH5{@bhhv-!H&8sna;3azdoQ{nn*soyxFdp zk7r#o%SPDOx51b!+^42&2+rTG*1p2VrsRbQ@Y>iKrPg>joMMD`v~&sD$=PI|^HpZ) ze4;px^St&|*LE8tNgJ~i2B(j^MAAiF#hN(aO&*|BYIz$JI9tdS^O>HY)K64N@SozOCg2rLc_#Za^mW3^4(eeI`p4$dK_9 zZoiE}YfWV1*xItjPXx^5bS2gS`$`A6O5A{U^Rx|sc5A;o#aJf$%7l5Kd$ZJEtloiK zAs8Fk=C@Y_(z%quu5pbRU&HeTlhp-!99;$Qj?gavChA9-q=;(1ku>UQeGvkWP~QOx zZyb>9(6CCY+&b&Mbv2rQ5rfhK@Vz_}b-%k?={dzzka&~;W1@2I7+JsTYqOI`WQxfk zU^$^F(eWecqeKpuRd`YWv(*92{E0L-^F>^Xzx%+EQ58NkW}>+GdE(jx!e%z_;tETp zro3<9N$373$6D>Pr~bs+R8sM8e{^5xqlq?SovBR>ZwhAWB*58dGgGg-?-1bay9WfZ zjdIEU%#cFM1a5w=8+DEQn;L-WpN^nctCL?d@P6q;$ie9^z~nQAz{?|zPrqJ>z5BvN z`aY49*ShMA$i%V7Dh1jD;QX@okknqR%JxciL{M8mr)me9U%LkG7n%o+LvLdZL+7k~ zINabq&5zx16o_?p<)Wk-i1Mg9oJRzqHUO+};$rRu>0R)A7&96?V@k}@f@-fx(1mQL z{UOq|ZVkper6ad^h4A}YccZ2Q3nj)&dejliE4tiK0ot_&6UTArx%$JvwXa^EXtVq> zS>8`hxxLf3t;LQF?5Ag(`KoQ=VTRt1&Y`xHv2|BkrseH3qzm1;;*3d)56RJtrHbH7 z)+^J%9|h~Rp|VF#lvYDz3S1-Rx!Cubq%HyzfWB8&B21A&AA^s}XOnQ(&^q9PlwAk< z6X@y$h_byH&?6KI^y>)Hr7|#fX(8FnrY(s~e@m!wB`pUZW@-|Y8sUv=2!Lyq+0(XO zpNBq;L0UzzWqwgJ)+W%8DC?W>n1DC55~r40v%Kj$NfS@kMc_2Ffu9}r?4KcDBGk=^ zB;BCCGAMzG^4ym}y17lJ3)~Rf;fucT><@kfOjRPM=8ncwSHSk#9fq`k%U{OxoFsaA zN)q{0!_7R9UdAaZgm__MRBozyOUBkVB#WT4$u;Md1}t~ot{>Kw=~cKZTbDZMw=Q4V z9**H*mo~iaPFFFjfLcBUaF65=&wYsky5=l#k7uQf(>*<$wPwZiQBk*mnuLl6EunI zA4(DS4RhIu37Q7%p@}pN4AwT-z`o~#&*{3?%>{K`1gum~C0nIRq?qm12D!i~Ofh=* zyL9&T(l-}4e;c-U%ew@9ELju{r8MQJ-P*(iY#uyx9e_^2ZR6+9a2FR`EolLSIxxBY zw@oC%_f>P@*3jAH0DMa038NCzH4V?0aAcuess-JeLzc9|RE?mgBdUoE)z7am=EH6y zeU65mi3~ZlQ8zv*%Y)RtwNRxAoORi@c~)qaJM~XJ39OZ*d!$XBxTHCica}8Tq1H7W z#=axzk57EQKL|l5M#**^FGj~4_!rnA-%Y%BG0 zO%O)Th0B4Tvj*=~5I&E&THs_ZpMJ~baJzw37oewsZQb%dzSq9e;{csn1|zTf$hmti zoiMsP48i4NXf3Rl_IuwJ9S@wb6M^T)23L^*+8sbU!#r0_{+|mD4ee!eT&bzR>9;w? zYyf)00hX8V^(l!$9LJWM4$mqe+K5XZ$uPHS=MT2JU1qkHXw_aQwf5A9x(0xsay_Oqa;Vag2Fw64goB&yTEc@znG{ zwu1H_Hysw#sYb+c^`H=2)pO|5u6Q;!45+)zww|FCPSu2uyXAcb*iK&uIyFdvG1AK~ z=?7Socgcmz&wim7wokoz5XJ8x6g#z5Y zLvqvqIoZwrxpGML$(lq^vWMSz?G5|I`Pc?*uX*I*uYZ8G^IZ`FZR*G0ZQm%$vqpKlSpRHQ+tx5yg{oee zX+Lyi)Z7uwRIn4Z5>s&l{p?0W?pmF1s*VciK0+JE5#y!r=@keQqO_g|^e%9c^oA~* zlo)>Ih?2omDYkJ$q_-i@>B4{)_+0cNoGknZFOCDI>Uex>Lq7ckOqQOxq!ZYjsjM2^ zEKP>1?3Lt4o1Ul@W@ zpV510u52%j~lAmqXGBbm*u|MfIr_>=Pg;5Otca6T=wTz!#B2e9^NE4R5cW1 z-$ zNw0)7)?aI++uTa|#M%b%>Fm@kQ}+A8V|!<5wrK@?3%;#oE=Ni8CS9?@>VI^VrK;mN z?+tvgZH4g=>XyVP07MMmcn z#IX%??yB7g9)oYTkrC21>{RWk;_=3*S?}uFe}5()Dlo~kH+7QNcg#Q7Ak@{h} zZ8#UJdqvang_pyoiH@xfISpRJl(L|SMoEyZaV1O}djaj*IUymNk}H(*0XseCTrbL= z6A#>6Wsb*4_1AepWcHK+Z3fPfHfIs8*#|U7x{X$&{hB4DW`8stme%jB&czY`-}(~P zKo?aq^R}tGP%XyJ8};m1Do^QZ^$-Mn;Kx;YS%6kmNk(zVYZW|XqxVSjeE$K5!o{;S z#>O-BmG56fTzd-o zIe1aT$3IcUrDbgL^5w0kT`PdqMx$zYHmTU#UY9e-39|S&&=9X0;*ou_n#h)Yl<;h=wXP5a z{H!f?Sgg`VEOD_a;CaVTD@2*hV{g?9Dc5({;#z5X+w>x|ag(oKhpe#mdv}4P5lub~ zh;>Tt;pUbBtsqU+0fRtuv$4SNmFu$^R>(ESF$MZNgEXcW+Iq9I0PC|MU0(g3RdV83 zB~x}-|E@AZA=Yk15M-DQ(n9`rn7zh0tw!fSE^36)S|FqkgZ&RO^?JRg3Y&=B%M%m1 zi`eOfzP2nQm2K%33k8~lZ>+V(lzRW552qpo*2Xquj+=;#b1`@q*LO|sIBWR01|T|a zLb%m8P9wRDMv#j}vQn8pi%k9IefVZbT>8SAYdUUYvh>_}T0#(+$VRO`tZmW1%5;Rc zc{{a!ahtdI?GBi0%ldIQ-2>Y0?AH=s^g@pA$-5});t|p(3&GubBH6?@NuPC!&2bzX zteeWsEVe)cR_|$AK$7ZjohBPNqDaY@YN?`vma(0#=j<7D)e4cs#^aFh!nj0QsH0;z z*s5*Wy|QtU%~}S8Azo}_<1y=38M8)1peeAk#QYy#zn-&>0|;N)EvsQ4lG6C6 zE(Yj$+QIZFh1U2KKcRQeEoaxZQFqc-B|>aPF4aVJ&Q>O2C7nf;jIND|bnrI%fw)`J z%It*_8xw_o2FN{28dKcLg1(#r+ge!1of_=bvmIl19c?{waPlYlnf{0uTN~Sm^M4JX zeYoQOyDlwG)j2{`qS{Sf&p`|LiNDpOCk)SB4Pj_2iKstoJ|= z@z-q`NNtHHN6 z4ojwFR($y>-G9jpmq&Ry#%nxG(BTxr$oD-ycYCJ-0u!0ol+e}g@`c9*t0nzS=aX@S zWr?#?0WWG`sc5$%F|)0Ady4}L7wWUHn2|zyO=_o9nb?{zvE7KRjR5a`^O!w=`RaiC z@_uLN;q&KJm_TAL6=P_Tt^P?-e0e*Qmu>9840mJm*U*8)hy@@t$ zfH1Zu&*ua>lR(l~5*(IOJzA0Iljnoht5u!yP_36}ThW*5K(A%o-gerRaRUA2#LsFE z{i4kKcAw8gQDht%Z{k=uQ#z6o=$nI+o{xQFtpoH+)I-q;qz0#(c zxs?JhGL^SHMg;P`)W}nm_}L({Yl1-UM%HBb825kZ56QOiHzF z;E9{vc{Xm;PH$8g+a|%c9QW2scVDBwYvRVVs2ur^A46zN6qEp>iF@AiZ|S)UwjC9Q zUU?i4bo2#bQ>o>qy}AaaO)%z7-g`^A;UBTkjYi#*-9_tW=`oYaMr@|d*!mC~<2 zzhX=w(;{(*vk$4045p>F-LUnWIOsW%X|MQci5+sqSCWGf0I%vY{ATHq&wdiKG>cM! zIc2UHMTWeB5sj{mj5MJmg8C_Y5&Ep;u$*o&(c3X zF*Q~Atb26>+K#(cWOkN~oAdu0G=)>MsE{*$1;;*?bPz0Kl=R!9A|I4L8yZJ<*XGUt zP||n;4`1(hpn}F-8>g8ONg4?`(=55Ew4P`g0?K7?nDZJl1QRotwUR!*8|HJ;iO@TS zm7kJy!C(RKjcJ@TTX=2VQA(&Dt=e%d*l`I>cj8n))7&PF*va9d;;6um8i^*+{H8X* z+V3u;X#CV>K9l)W6Ht9uZ|?76pJ#@1$zW^pH+T9y6F1<`C4&G-+7+OUp4spH=o62A zWJyP&yJ8xR@e;J}*Cq6AN{xrrO)APN9NE~fe`p|r{$5~xf~fYn^A-Y^pdF~0O!!xC zuEEZ?RU_!4bvW01o_*v;C$}Z}SKTenLD~%T$?5GkkAr!?d2YK>LcDBt3r6EO%PnHD-+UP4hkJbFP-~R9_=u20O8-K7t;Z4Zo5I#C zbzq=6mcEbfff<@WSpzruEWxak78)DJHg~G@hszfvV$a30gisj%d4R|^OPLK_FGyNU z$(Sg#73zJ?Y<-0hc|fc+XT0>UM^>-U1ppUZ4bXnCZUu5^BWYrDgRb zInXJc3G3wRx?Q>hs5;d(t4ZVAEPEd5Q5$?t3(&}+C)?AY&-6b@w~o!nacs@JB?*kL zI-?2E5viI}qgOXzIw7C>^$ooB*rwfP4fFhH7Om3lIYR8*Y6`(wSX6(Mk8x zJM}<61cB$@HHmm@CSx(2n-)e!np<(zDeG%$=lc>MtoCG3(xo<$lCVwk-r9=4j$$-Q z+eWuace@J=CX9tq}Y1aO?BpAS%d5oX$|w5<4(G1m3c_u2aaj?@p(=|Gn?#$$%02Thc!_l+2v zW-6J^`Mt-WUzDX-4DBOp9JP#%W8?FE=?c&|z>Hk;*f_toaM}IxT+{>&5w@Rs%L)nd zu1R0`vHq&pHv}$m3E+bLYJ-DqI8%&6LLCo`+9`y&daHu*auk2I*F0D&!STs9Un%L` z8QE5)%_IjjEQqSty2KQ>HM+i@)()e68*tQ5m-MDMk&r+dMX^xzHv=x(bfz4aGas1< zUj9{r-m1AW^dvC13^NF-NW8{TWb=)x`#6rnt|xTvjRIqxz~^lhL$`#+qwwnjK<9#E&b#Qa9R^vadO%Z? z9#%4@*!GEjV0-Oc4HSr&`kQe$HDi4Qa-KUbT`x#q%v}3nS&xWHnB4ov-83G5N9p=5 z+ARI!&@g=+Q{kF`mY%(uwd%~wCv3nJy@8hQ``J~lP~O&w5V$hM#&MK~&;+ntItg9u z*1pz)g(0oj^A~Pp6w$z-Jb?2)nFN54mCr#g@Buqw_TE=NBrTm30D-Z?ReXGP zE96q|Nn@hy{8g*7vRb1P1&_cHzWT3y3+(GTD52q){Fy7Feed~RQz z$p>F|voHE@pI8Smk1hLcM;fNSb{4*IBk8aJ+^CPe^y+;F_Zipwh{A#wRSQIw!;r^n z9Z8K(Vy=-+Sz`8A{@GJ{HJ5ll^Fv9RiY+%JBi_5^kmvAhl&|z8j0xJ~I5u>zyI<0l z`FSAkNA)lW3;Mu!U@>UvuDW=g{+hhg;g5eKN2iYFGe;&Lc!Q)bNXzFqDQdOBu*CiaSinC_NAAe{L20lI?5Iy z4IwHXlcn-7}L`h>8eTZS-pOT9XIT(NSBasA(Gq7;SF*G)@QNKP{t^#vM{9}G_j2%rpS_+ z8F-|pecV1@d*+cZ95yii@oU>?=%r}GR4-G~ukVrcje9@6@z`5m_~rAzen+i;zI&~t zZQb(TFM0&I^3@jb%*yvZ1gzGGT;Qh<@GTL>-tvz*Pd~poSP9l>I@0pxi?ou@ttLn! zXcz`z7*O&{z}4#HW{LUYd~E=<2;Byw2al9^=segY4b7fK9LKR4HF4@BH;VHi(j*89 zeE99vk5Z=2q}-3R=Ny@UkG+VW0b9ErXN@(0?OS!x4PTe^$@YdmiYCwUuf5)U4S(_N zYtK00{d=z2V~6Q;7R?_RGjc-D$OVg+tvT+)*S#hkdVEhYj$_zW+e<)1`DXjU9w!_L z`J%hWrjF;se_^Ckxk|6{I~j4{BJ4?P6Vu~9hX&)Jwt!ZVmoUV=}*NJ-e-}I$#ysKXT2k9jkl(d1d`k#b3V>~`8Ns1xV zeh`FV7)DVPrDNH)Aj`VQ z+(5=wu&+6dbn@ltJ11&ElQ%6F=-%&M!9cP=>2UBunRL9~V0ItWt?o%mnIdVoe=q{_ zNe=xN;dbrBG5OdU_@O=z3~6GjEoHX3^YKTw@om{vA!!B7Mw-k|K0RLQ1|Qlj@IG|{ zeu*1@L{(pdn`Tj4BjS+2j8%_QmC13Eej}ZaZ84Fu9#+z^oPfAHaUBR9Nesbzwn*U>KJ*Ps>F~{OW`ZeE>^J2D*aC^z`^(6KTX}{Nkq>Zb! zoHH~!88sx0?UbacJ(2E(lu4NlzY#{q&cevnaSv57FAVZ?({2Yzmvv`kOJCe4OLNg?RJCg|TQESNZ=UlXWiR$E((vn!(^ zSfUrZh+~f}0_xRtYE0UXl2Zi;TeGO(&Cm1!QJR>ANUTmgE%1XdGS-?f^h<>xUEXJ< z^F}3-E44$8fcqqg4(Y0Mv{c`}TsP?tU>fvJ4Cvn+RT%+U=eS@Bp>5274tQFpe7m2p zaL7}cK(R#ZIgN+4z}*^-YQ9EQ(qEMwkiCyxm@JLD{4Y9@AT}kZr;w5d8cY=3Q05?= z^eKG{XsyC*@@Z|GTy3WFePdy80(hQptuZDH!%{}G*TQvro7rNIr!LX=sF^Sq`m{)r zhQ2Xjv{o|sUk?SeS9SZdv)zq?&5xxaEIm>MlL5w7ow22(D|Ba29mvMs|qy0S(+{v6T5<7KAH)jc3LC4?sfwtJ@08|q>uLWxYC;)8HpCp~_1OgcRjV@J^_?GFYozb z)P$8`eU?aRc4~(~qub=F|ET6?q~ok9!ZTXn-VlP+AYj0yWm|>lvZ0B>Fp;6r-~uz6Z8BqvJLRMO+Tk?g^;u2vZkjTRZP=l0pv`cH`mi0NZ>wH<4xu>6SuX-M=c*+7bJ7hbWP;07b)oABq_pqh}J6t-8sCsd% z-3rj39WDsi=10)}XRIX}IIY&l@8)uqw#EI{@(#2OPe;{Xw^{m%ZP;Np)!AQ@5MYN% z7#qf=CjV)hluWhTx15+YxxH+wxMa7kA{u7DG!qxG*0wN(t6-x{ Date: Fri, 31 Mar 2017 07:07:04 +1300 Subject: [PATCH 0117/1961] testing --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7a84726..15ff83e 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,22 @@ this is still a draft -### ![](https://assets-cdn.github.com/images/icons/emoji/unicode/1f538.png) Foreword +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Foreword What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [gHacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. Thorin-Oakenpants, 31-Mar-2017 PS: With Martin Brinckmann's blessing, we are keeping the ghacks name. -### :small_orange_diamond: What does this aim to do? +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this aim to do? -### :small_orange_diamond: What else? +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What else? -### :small_orange_diamond: What's in the pipeline? +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What's in the pipeline? -### :small_orange_diamond: How do I use this? +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) How do I use this? Everyone, experts included, need to read at least the Wiki page on [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation), as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) can be helpful as well. -### :small_orange_diamond: Acknowledgments +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Acknowledgments It's impossible to acknowledge everyone - literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [gHacks](https://www.ghacks.net/) From 0043256b7765445ebd7351ef08e2e405ecd77b8d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 07:29:48 +1300 Subject: [PATCH 0118/1961] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 15ff83e..e1a94ee 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ What started as a personal, private project back in early 2015, was released as Thorin-Oakenpants, 31-Mar-2017 -PS: With Martin Brinckmann's blessing, we are keeping the ghacks name. +PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this aim to do? From 0fef6f9e15fa3a6f159963bd6b3e34d7233863ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 11:27:57 +1300 Subject: [PATCH 0119/1961] Update README.md --- README.md | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e1a94ee..4b659d2 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,57 @@ this is still a draft ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Foreword -What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [gHacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. +What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. Thorin-Oakenpants, 31-Mar-2017 PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this aim to do? +This `user.js` is a template, which, as given, aims (with add-ons) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and site or UI breakage (but it will happen). -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What else? +Here are some simple equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I *may* have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. + + * ![](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/readme01.png) + +We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use profiles with custom versions. This `user.js` is a template, and we won't set you wrong. + +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Anything else I should know? +Something, something, something... oh yeah... INFORMATION IS POWER. + +We want to empower you, so you can make informed decisions to better protect yourself online. To that end, we aim to be: + +* Accessible (provide information and simpler, less-technical descriptions if possible) +* Accountable (provide reputable references/sources, tests, dispel bad advice) +* Change trackable (yay! we're on github now and we also do changelogs) +* Comprehensive (including enforcing defaults and future-proofing) +* Compatible (deprecated section, releases) +* Current and up-to-date with stable +* Detailed (preference versioning, hidden preference information, explanations, and more) +* Easy to use and discuss (sections, sub-sections, numbering) +* Helpful (including a great comprehensive wiki, and giving good advice) +* Innovative (best format ever!, special tags, and more) +* Other stuff... bound to have forgotten something ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What's in the pipeline? +Nothing is ever set in concrete, but we have a few ideas. These include: +* Branches + * preset versions such as "relaxed" and "hardened", for use in different profiles + * an ESR version +* JS + * providing the JS in smaller "modular" files +* Ramping up the wiki + * Expanding heavily on the Scripts section + * e10s and Web Extensions + * Articles / Tutorials ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) How do I use this? -Everyone, experts included, need to read at least the Wiki page on [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation), as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) can be helpful as well. +Everyone, experts included, should at least read the [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is super helpful as well. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Acknowledgments It's impossible to acknowledge everyone - literally thousands of sources, references and suggestions. That said... -* Martin Brinkmann at [gHacks](https://www.ghacks.net/) +* Martin Brinkmann at [ghacks](https://www.ghacks.net/) * 100% genuine super-nice all-round good guy. Thanks buddy! * The ghacks community and commentators * Special mentions to earthling, Tom Hawack, Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis From cbd5fa7e2f1178430c0d6290c4e3c769ee43d37b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 11:37:37 +1300 Subject: [PATCH 0120/1961] Mahna Mahna Do doo be-do-do Mahna Mahna Do do-do do --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4b659d2..7a13e49 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -this is still a draft - ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Foreword What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. @@ -10,7 +8,7 @@ PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this aim to do? This `user.js` is a template, which, as given, aims (with add-ons) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and site or UI breakage (but it will happen). -Here are some simple equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I *may* have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. +Here are some simple equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I may have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. * ![](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/readme01.png) @@ -53,9 +51,9 @@ It's impossible to acknowledge everyone - literally thousands of sources, refere * Martin Brinkmann at [ghacks](https://www.ghacks.net/) * 100% genuine super-nice all-round good guy. Thanks buddy! -* The ghacks community and commentators +* The ghacks community and commentators. Thanks guys and gals! * Special mentions to earthling, Tom Hawack, Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github. Thanks atomGit! * [pyllyukko's user.js](https://github.com/pyllyukko/user.js) - * A similar project started in Dec 2014 + * A similar project started in Dec 2014. Thanks pyllyukko! From dc6246ca8ff2ea389c9e8791c445560fcdc6b2ed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 31 Mar 2017 22:18:50 +1300 Subject: [PATCH 0121/1961] Mahna Mahna Do doo be-do-do Mahna Mahna Do do-do do ~~grandma~~ grammar police --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7a13e49..0b2be4c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Foreword -What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. +What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six-monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. Thorin-Oakenpants, 31-Mar-2017 @@ -40,7 +40,7 @@ Nothing is ever set in concrete, but we have a few ideas. These include: * providing the JS in smaller "modular" files * Ramping up the wiki * Expanding heavily on the Scripts section - * e10s and Web Extensions + * e10s and WebExtensions * Articles / Tutorials ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) How do I use this? From be8ff2268d63fe142f86043775dbdf967d2d4cca Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Apr 2017 02:53:42 +1300 Subject: [PATCH 0122/1961] Up Up Down Down Left Right Left Right B A Start --- README.md | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 0b2be4c..ec2d6fa 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,13 @@ -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Foreword -What started as a personal, private project back in early 2015, was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. I never expected much to happen beyond the first article, but it did. The response from the ghacks community was great. I continued to keep it up-to-date and expand it. And along with suggestions from ghacks commentators, it has evolved and grown. But six-monthly updates are problematic. So two years since I started, here we are at github, with all the obvious benefits that brings. I am excited about finally being here (it was talked about for a year), and looking forward to taking this to the next level with you all. +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this do? +For a technical breakdown and explanation, check out the [Overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) in our awesome Wiki. -Thorin-Oakenpants, 31-Mar-2017 +As for this particular [`user.js`](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js), it's a template, which, as provided, aims (with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons)) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and site or UI breakage (but it will happen). -PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. - -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this aim to do? -This `user.js` is a template, which, as given, aims (with add-ons) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and site or UI breakage (but it will happen). - -Here are some simple equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I may have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. +Here are some equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I may have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. * ![](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/readme01.png) -We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use profiles with custom versions. This `user.js` is a template, and we won't set you wrong. +We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.1-Multiple-Profiles) with custom versions. We won't set you wrong. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Anything else I should know? Something, something, something... oh yeah... INFORMATION IS POWER. @@ -20,32 +15,39 @@ Something, something, something... oh yeah... INFORMATION IS POWER. We want to empower you, so you can make informed decisions to better protect yourself online. To that end, we aim to be: * Accessible (provide information and simpler, less-technical descriptions if possible) -* Accountable (provide reputable references/sources, tests, dispel bad advice) -* Change trackable (yay! we're on github now and we also do changelogs) +* Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice) +* Change trackable (yay! we're on github now, with commits) +* Compatible (deprecated section, [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) * Comprehensive (including enforcing defaults and future-proofing) -* Compatible (deprecated section, releases) -* Current and up-to-date with stable +* Current and up-to-date with stable (and we also do [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) * Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a great comprehensive wiki, and giving good advice) +* Helpful (including a great comprehensive [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), and giving good advice) * Innovative (best format ever!, special tags, and more) * Other stuff... bound to have forgotten something ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What's in the pipeline? -Nothing is ever set in concrete, but we have a few ideas. These include: +We have a few ideas... * Branches * preset versions such as "relaxed" and "hardened", for use in different profiles * an ESR version * JS * providing the JS in smaller "modular" files -* Ramping up the wiki - * Expanding heavily on the Scripts section - * e10s and WebExtensions - * Articles / Tutorials +* Ramping up the Wiki + * Expanding the [Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-scripts) section + * e10s and WebExtensions in [Add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) + * Adding articles and tutorials ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) How do I use this? Everyone, experts included, should at least read the [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is super helpful as well. +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Any last words? +Any last words? What is this? An execution by firing squad? Man, you guys are a tough crowd! Just some background, for the record. This started as a personal, private project back in early 2015, and was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. The response from the ghacks community was great, so along with some suggestions, I continued to keep it up-to-date and expand it (with three major updates). But six-monthly updates are problematic. So two years after I started, here we finally are at github, with all the obvious benefits that brings. I am excited about being here and looking forward to taking this to the next level with you all. + +Thorin-Oakenpants, 31-Mar-2017 + +PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. + ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Acknowledgments It's impossible to acknowledge everyone - literally thousands of sources, references and suggestions. That said... From 9274c2ba1860bc6d7e18a6525348a3e17df64c2d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Apr 2017 02:10:13 +1200 Subject: [PATCH 0123/1961] Up Up Down Down Left Right Left Right B A Start --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ec2d6fa..2c8d5d5 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Here are some equations I wrote down to illustrate the simplicity between privac * ![](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/readme01.png) -We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.1-Multiple-Profiles) with custom versions. We won't set you wrong. +We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Anything else I should know? Something, something, something... oh yeah... INFORMATION IS POWER. @@ -34,7 +34,7 @@ We have a few ideas... * JS * providing the JS in smaller "modular" files * Ramping up the Wiki - * Expanding the [Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-scripts) section + * Expanding the Scripts section, including [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) * e10s and WebExtensions in [Add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) * Adding articles and tutorials From 047fe1acd1d765a9ced8521daa9146952c33225b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Apr 2017 18:14:01 +1200 Subject: [PATCH 0124/1961] Update README.md --- README.md | 62 +++++++++++++++++-------------------------------------- 1 file changed, 19 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 2c8d5d5..a22b321 100644 --- a/README.md +++ b/README.md @@ -1,61 +1,37 @@ -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What does this do? -For a technical breakdown and explanation, check out the [Overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) in our awesome Wiki. +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) user.js +A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [Overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. -As for this particular [`user.js`](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js), it's a template, which, as provided, aims (with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons)) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and site or UI breakage (but it will happen). - -Here are some equations I wrote down to illustrate the simplicity between privacy, security, tracking, fingerprinting, website functionality, UI convenience, reality, and your own expectations. I may have had one Pan Galactic Gargle Blaster too many when I wrote that, but it made perfect sense at the time. - - * ![](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/readme01.png) +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js +The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons)) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Anything else I should know? -Something, something, something... oh yeah... INFORMATION IS POWER. - -We want to empower you, so you can make informed decisions to better protect yourself online. To that end, we aim to be: +INFORMATION IS POWER. So you can make informed decisions to better protect yourself online, we aim to be: * Accessible (provide information and simpler, less-technical descriptions if possible) * Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice) * Change trackable (yay! we're on github now, with commits) * Compatible (deprecated section, [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) * Comprehensive (including enforcing defaults and future-proofing) -* Current and up-to-date with stable (and we also do [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) +* Current and up-to-date with stable (we also do [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) * Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a great comprehensive [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), and giving good advice) -* Innovative (best format ever!, special tags, and more) -* Other stuff... bound to have forgotten something +* Helpful (including a [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [Add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) and more) +* Innovative (formatting, special tags, and future plans such as branches) -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) What's in the pipeline? -We have a few ideas... -* Branches - * preset versions such as "relaxed" and "hardened", for use in different profiles - * an ESR version -* JS - * providing the JS in smaller "modular" files -* Ramping up the Wiki - * Expanding the Scripts section, including [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) - * e10s and WebExtensions in [Add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) - * Adding articles and tutorials +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage +Everyone, experts included, should at least read the [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) How do I use this? -Everyone, experts included, should at least read the [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information relating to a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is super helpful as well. +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments +Literally thousands of sources, references and suggestions. That said... -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Any last words? -Any last words? What is this? An execution by firing squad? Man, you guys are a tough crowd! Just some background, for the record. This started as a personal, private project back in early 2015, and was released as an article by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. The response from the ghacks community was great, so along with some suggestions, I continued to keep it up-to-date and expand it (with three major updates). But six-monthly updates are problematic. So two years after I started, here we finally are at github, with all the obvious benefits that brings. I am excited about being here and looking forward to taking this to the next level with you all. - -Thorin-Oakenpants, 31-Mar-2017 - -PS: With Martin Brinkmann's blessing, we are keeping the ghacks name. - -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) Acknowledgments -It's impossible to acknowledge everyone - literally thousands of sources, references and suggestions. That said... - -* Martin Brinkmann at [ghacks](https://www.ghacks.net/) - * 100% genuine super-nice all-round good guy. Thanks buddy! -* The ghacks community and commentators. Thanks guys and gals! +* [1] Martin Brinkmann at [ghacks](https://www.ghacks.net/) + * 100% genuine super-nice all-round good guy +* The ghacks community and commentators * Special mentions to earthling, Tom Hawack, Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github. Thanks atomGit! + * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github * [pyllyukko's user.js](https://github.com/pyllyukko/user.js) - * A similar project started in Dec 2014. Thanks pyllyukko! + * A similar project started in Dec 2014 + +[1] The ghacks user.js was an personal, independent project started in early 2015 and was first published by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. It was kept up-to-date and expanded with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From d62e92067bd67ef6de8a87be28788dad1c49d098 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Apr 2017 18:56:06 +1200 Subject: [PATCH 0125/1961] Update README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a22b321..d62df27 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) user.js -A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [Overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. +A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons)) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). @@ -11,27 +11,27 @@ INFORMATION IS POWER. So you can make informed decisions to better protect yours * Accessible (provide information and simpler, less-technical descriptions if possible) * Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice) * Change trackable (yay! we're on github now, with commits) -* Compatible (deprecated section, [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) +* Compatible (including a deprecated section, [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) * Comprehensive (including enforcing defaults and future-proofing) -* Current and up-to-date with stable (we also do [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) +* Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) * Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [Add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) and more) +* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) and more) * Innovative (formatting, special tags, and future plans such as branches) ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage -Everyone, experts included, should at least read the [Implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. +Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... -* [1] Martin Brinkmann at [ghacks](https://www.ghacks.net/) +* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * 100% genuine super-nice all-round good guy * The ghacks community and commentators - * Special mentions to earthling, Tom Hawack, Just me, Conker, Rockin' Jerry, Ainatar, Parker Lewis + * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github * [pyllyukko's user.js](https://github.com/pyllyukko/user.js) * A similar project started in Dec 2014 -[1] The ghacks user.js was an personal, independent project started in early 2015 and was first published by Martin Brinkmann at [ghacks](https://www.ghacks.net/) in August 2015. It was kept up-to-date and expanded with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. +1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was first published at [ghacks](https://www.ghacks.net/) in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From d97f8645d4770e911765979f8dd2f45214f99f0d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Apr 2017 19:20:41 +1200 Subject: [PATCH 0126/1961] Delete readme01.png --- wikipiki/readme01.png | Bin 46973 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/readme01.png diff --git a/wikipiki/readme01.png b/wikipiki/readme01.png deleted file mode 100644 index c0c7930e99f18b72de56847157cbb70028db164e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 46973 zcmV)ZK&!urP)U8P*7-ZbZ>KLZ*U+lnSp_Ufq@}0xwybFAi#%#fq@|}KQEO56)-X|e7nZL z$iTqBa9P*U#mSX{G{Bl%P*lRez;J+pfx##xwK$o9f#C}S14DXwNkIt%17i#W1A|CX zc0maP17iUL1A|C*NRTrF17iyV0~1e4YDEbH0|SF|enDkXW_m`6f}y3QrGjHhep0GJ zaAk2xYHqQDXI^rCQ9*uDVo7QW0|Nup4h9AW240u^5(W3f%sd4n162kpgNVo|1qcff zJ_s=cNG>fZg9jx8g8+j9g8_pBLjXe}Lp{R+hNBE`7{wV~7)u#fFy3PlV+vxLz;uCG zm^qSpA@ds+OO_6nTdaDlt*rOhEZL^9ePa)2-_4=K(Z%tFGm-NGmm}8}ZcXk5JW@PU zd4+f<@d@)yL(o<5icqT158+-B6_LH7;i6x}CW#w~Uy-Pgl#@Irl`kzV zeL|*8R$ca%T%Wv){2zs_iiJvgN^h0dsuZZ2sQy$tsNSU!s;Q*;LF<6_B%M@UD?LHI zSNcZ`78uqV#TeU~$eS{ozBIdFzSClfs*^S+dw;4dus<{M;#|MXC)T}S9v!D zcV!QCPhBq)ZyO(X-(bH4|NMaZz==UigLj2o41F2S6d@OB6%`R(5i>J(Puzn9wnW{e zu;hl6HK{k#IWjCVGqdJqU(99Cv(K+6*i`tgSi2;vbXD1#3jNBGs$DgVwO(~o>mN4i zHPtkqZIx>)Y(Ls5-Br|mx>vQYvH$Kwn@O`L|D75??eGkZnfg$5<;Xeg_o%+-I&+-3%01W^SH2RkDT>t<8AY({UO#lFTB>(_`g8%^e z{{R4h=>PzAFaQARU;qF*m;eA5Z<1fdMgRb_-$_J4RCwB)op+pFRrU72x1F~4p3Eef zOp-}5>Am+(AOuM09YXI-dJ#~H3Zj5WQ$$31k)nWrf`VW{6hTnIh5`yG3Mfrf)aU(U zpL6fIZIa(Rd_H9Az31$+_bShN*0ZoK{m4GCw&5GO58LYd{rrCG7s&l)tIsy@YPRV` zvM=ktV{Pr*)^7Nk+TOTr`gyCj%l|n0%sPu}akc3k*rwO8{olQH8};4V8`}OJTkcmI zZY+Pvw(CwC+x`~qhQ8VI=IL+W__wo7kIeS}Zs{Mj-__PRYi($(HN|rO z2gEk7tF^Y__pEL6C|bO?DM1+9jW})_a~e0Whb$X&W6f*Rc;6d1$_+nG3Wuua>Q`ik%pLMRnM|1-b$%3%yQf=Ei@c*#;bf$f0 zfZdQG%$+G3&2qyow$@pb#8DW8QEVDt#oGVt`LWK0^l3gIfz?r%>JDpTe{IwLt+TVX z{;U3-0~7QsNgVJkZ1YoWe>)~N5r23U-Giy$VFuTkviW@w*u0hQX%0D|VwueQ3~T>2Y;U+cq!Ekd!j*Guz@)eb}vDD3#Qsvqk+ z07^-}FWL|^G;C}O3nc*{X&hMRV%zSov%j+aJ5Aee{TsJI>`!4IBvpgYh|ZaV^1HIp zRIs2^_X2!aLx?uG0kS~GI)`n%mg+A@z=TI6t(`S>{M=b9cKNm>tpq40wq1N_H;{59 z@IM{qUuLuf6=UKc>Mw3+6Xv%`Ct5hUoN14kK4S2&gmm*-=UmM8(ue1lD(wQz4mMk; z6>K+~)qfWWrBmg(PZMN7k);Z@4n;xnjbUjDjK%u?4 zvdzIiZQN!IER(bwK=+yhPrCTxlXqPRY$NI3n9L)&jklaO-9D1|s{j^g8O5l?6AFlG zkHDIaW+zLreWuXp9sQ?epb#bXVP?WieUU+3h1xyC-jcox?H*{vCO3)+dY_MOPTbBy zw{)#!Sx`Ptw=M#{FYN?;O8JjR$I~Neb0BQ*pZjr3hTgH_Kmq(rAwlFrGzf~>69cR@ zWs>R(Butt|WLn&bbx}BKK+yD54Q9$ffUxc=46Kubu=WZJ|E{Fd(&e?yDMiTYC&ecu zHXq6V&7EUg8O{jiNZUd5h;-(%nFCVeF!3ZwE14<122@PDbJ5=-!w?l2T?zw!DN1nw zx``stQ%;<7j>(@ta2^$U*Mvb50D*}??*Iiz(l?9&>tbU=cGWSIYtd){oHKBfr04Jb zMPI4T_7&iDnd&CAHUZ8)ZHK|RhuLuL6;{9T3a^}^VOs{pCa9qGC$?sLZC$Kxor_?; z1j&7RawPR1Vpq=8h;e5+ul(F#|;88A&<5IY+U?yMvxAX3+8eUB_kOr!M;$;RGA7_%=_7FFt`L2#`@`v_8E2ybzxey3Wy)#n2h=@z16}%D z7HpSC{Rm)s&4vUd)-+spiL><#Y^U=mvj@|(ZjsfF9?0q;j)Yrit%Gzr3s^~5mXS9kF0A#-(~ zz6cN&y}h2O-`(KNO zj|C{^6LlAGf}V$yccf-OY`bix-ptZ?jBQe&D_vdZ-^e*v8K3#KK|nzo1(LQVw^04Z z^|rQuHWehQTFuy4g*WVd)=X)KJ({Q0N>K0o&^YH0Zz!Z`O%)f4GYh zItZAk|HkmP(BhHW_sU%WIO-Ar4%HO+wvLhDgI%!BxrA>D zde%dn3>;Dg2H+OKmzUMThGz7}wg`uP)>i*03fOdYfiQgx$*{FEy69AzZw-)Q*joB! z-e_$cWE!)o1~gb#-hESmBA|Vceh3|d<7lgqJgWZ^m?(%7#^_+Z`~Dvf0bRsv67c0I zL@|fXg-vztDy{vfcKz!_W=sa2{0RVeXstA#*o3K-aLy&n&>fvi=MJbi>zpgXwR!`< z!&NcI3Z&D4@2E42+TmQmH|E!TP0df)+^5a=O=EsjNf-8I0dZXl$7)U2*L_kc0fm1^ z)9csQHsbG1tDUe}b$Ok0E-J)v0PvvTE-5T0k#mU&rtId*Hcbx(GGqu5ob%rudHod~ zNf=n`T;ifK!`JKMlYjo99*Md75AIT_E6usDg+g5J-e%SS7~bcMkGdsIA+pX{*i8}? zXA(H)Y=vdwSN}OlK<|_|yXF#y3%)cF^M9(<*mU>itYZXH05_>CGYtL?3xJNBCaA;( z_^j3d>?2M0_Q6?a;wX+2WBT8{5j)l`Z}#%X=puj_)?}$DVfF9B3PAAOCiXI*+-=e{ z!8(^fH$aDu;hviWla_Z;1fG{30U{>*CA~TbUBa|Q<2sW8e#0iL)0RjK)gTfJFi-CZ zG_h*6ed4jd;KGjT?zR267+b%*br@;_2WuAWtI1$;^_K)VQ|K@-&SbU&R!hUYC9~NX zq!hP*sMbXss0>iaLoL@lc6I=e)WWE`Cm(~3W6Q64c&j7#Xaaz}Z+T=aA5E_+Dw0T) zwKGIfp=;oPkuygHM9voB6aePzL=f}R*I=e5qG?o0H$MU0(qhogu;9FG4(q8?~r*(|CeF#@ljW3vQC27Ics65HiZ&!lP(8iE1aDL7hlNMw`Ce0a)??W z78SGGNJ5j_l`K9zs>@o+!NI4G^9QtHmxSnc&Yew~=~y#ZUjT^o5V0vm*GST}QRFQA z)tGz^pXQFz(dvLw%>#mQ5gegSA%LsIEdp@z zsB>$4C*&Z3Y07lG2~7q?DJl#EU4%&(o3@oATT2C(=qjRo;AyQhK{6dYBhskGq&W6#HbkGME`WC4 zmu>yuovScIb$MNZL~jDHx%ja6EMxUz6@O|GIUHEsy>$>GtKTW|({l;pIE3Z5EGK%T z;tf!|p+LyQK-63%iK9Fu;B3L@ZGVlW69#xl$}m!z;h~J&MgBoMrJ+N>lPl03r~f#! z#cty`2zf}yQvl9ZpI^6_4 z_{#YSR%jPA1AwCR!(|rrz}M$7$;EZG`g-`px^hyV_O~GbSZ6_6mPI(_I58%PiXJI4 zc?2ph4jPQNH3|HFE?@Y;trumfbh-evLEoD(2kV@50mF0>?5BxP48x#YDuqdAFV|{2 z&8{INwdJ+2w~v9*=7ZAJxkX7sY*1U}fPDo~-Q#o4Ia}nb`pyTiuNHtVW9@69u7Ou{ zpDO8P#z9ah$Blb8UOS?{%rR#vV_+PuKY}odlO#!uN#dyD*FTKHIKaI(k(JVRRYc#p zh+(4&d3(~vw~;S``KaLw`8O@ZeqT${>TuAc-l5rc*7M!~R2ZW7{qpXMc2Dyqzx1t+ zbBW!Rop+N&B`5~5G0qe~nnaIo7z9hiANJZc#WoiB%2?b89j5lJPh)9&RO=yt>PLA{ z=coxwS8Td+*_=t^h9&g((etNHO43q_)xtfqrT;~x{wm}+7g~ffxI=3zj@=H z699rZhU=>JinUnh0*nr(WHUQ496-0Drva|hPE?xeiPciXwgM;wL8*2Nr7!^A6wLnV zbDA>z7Hy?OPwNH-N`C<3ObGT2Ng5Q?<^6p8ftIC{<{OSCtNq8{9=z(Kd+f36j@$3D z?S5yTck`2vKmN?~&;LidCFq)00BN+hz1BHLtRKo#9&Eo9Eo}YfHCg~9H)d~Iz5l-1 z)920{H*)5ZfyP-^WNVF0O+W0Tj{xXhekmCBFWuV48+k9eeeG2__*MP)*{heQU+GJ* z`JbQOK9*K?u4e&fFX5!47OD@ElqkO7uW48v?XSWsv*_xJHtf`Gc!)0AWahL+gSi|J6VI;m0rh@sTf{dCG^cdgSddb(9Oh z1EN-|FO?rwy1ea59Jb1HNKN8wErurrd_md;m~xq<$2Vy>DzRT9RsBO05WDM`9@9&m@GH~uV1Hvml6i0n;j?^gs0aa;mvXG^X|lHNhz58;+gvwdQV z{UF^D{~sTbwK1$wN7W%a3oQIBnD%r`n+9e!^QmtM(0Y(|&R%-+pGo@GWPhJQ6ep%? zdcU6q2MOFHfEUDGl8yl=wR`7;#nJ&E|BLjyy`|%Qq%rRiX&rnj+twARL{S{aVVso9 zQ7MUPC_AS_!mJWx z3hb-lzz^hI;7VGez*Rtdu>jWPO%LW-2?o)`v+{3I0V#w^+*orjC%<+>^tZ+MQbHkl zbB;;k(6%8h*oLo7x%S*V0NX&KFxHtcg4NR2{;sTb1GhZ&oWqtMxkttJ&upu@whC)B z#yd7$3q4Xd0KXATl>{Z5D{}KqrL-(-UBD(<0vw_QeK1JU>?|~BL2xgyTmVLIN^1d1 zhK2m>D=+R8FlFw8rN*lt+j0SFzZfa{@F)_7?&iIq(e%q?c5l8sjo!5Ep@O0 zn7N?b1broO9Ch?m;3MCEQqwY!vSZP4H@qo*0=t1yLTa6Dk>>>HCk)ppA1DB@lez%u z{v7+q1vq^Uh%)0lO9uc;wE_wDlcbrnp)3Wg7J!~3l70(R5)&6;fUiDFr(>FkQ!8~~ zx_9bVEaACTtorY=A&-AWVL6G)Gj@1xD5KTY*fP+jXCP!3MVj)8mV-XjRCx>lM*g@1 z9=#4}3WSMswgPncBWi7b>zgh@HR!#TZ3G;kr}Q~rmRRZo*%8&W(Hi))Dpl)aBb@F9 zR%D3bPvUfS&|pL(w*BBV#;6OPzXJZC(FW8O^pkk_d@eZ0<^|p)W(>5|&AlSs) z1rC-{7ZJk%NwN(d!@3Bb)8HIMG`AD^^hJaKGX<2R6CPV15`Uws8bgIa%*g4a8E#|Z zYWRlWdV#Lgb~)4{#oe~jw=~#2<=~%(00&7^{0-i$m!CPJBWfFw)!W{fxmpa7w%}R; zTgXY;9ng=ed01>Sg48Pl&X;rm5QXXT+EImKlo;zFRMW<{#Y|E92Ss3&|5Lxd6D4Rs zPHX~eeU+p|V}KphnIs|1m)1`L==$i}Bc|_9mN^Gw#(?z5hll5Pf6XIA2l+gcz4hHZ zYG(a0{iuLJ-!-7^0QjlinghV}^=GcPar>f79i$Vnqk3V2X7iAMbwcCs(Mj+HZ-bxH z+;scIaEyv7O%Z4&1O=EcXhXsodH} zQ~;>NwZ=fU(7jM9u~MIbA?Fef^Us>ms-VR{=dQnhX6LX)qGg?lY6(-F>kDA9<}+qn zC};waH8C*l_e$yY#AX9zJ~Bw`BMM;;!LJ2O71|V@)Xp>f@-Ei7DN%q~+7_ezE)}p? z+R+zSXJ@w2x*R|f#&Mj~buO49y#HHG^m#y10{)~GP)tlx%3NNR3+a*~Y@w}zD2af7 zX*h6zFGp6A>La^tU&6Q?jlN|G?75uIC%(S6Cw7+Ar?dGx5YGoDfA@tow!V2G-CRfL zk|{$5B+ez}C`z)+O&BJ5*G`9eNvfd#zLFlD1`x;n7U#)WgCIqBs>(b7AezB>x zZp=z^KR!tF0N&8IJG1&uc3u)|J@GKSY#8Rs+m9F)*qH4mqPdJuUt;0~-#K(}lk0Th z;wN5w;o_NzbKTPiWsMfL0`8iVNBd-FggSl9Ydlyv^ed9CTNV0#9@DPjAzj`gm#6}} zX*gSG3XIYS-JdRBij{xTm)2(MK|oLO@ZSNRk=_OdXkN{8#7ACn)KNEh_~lm@ZZWZ| z)PB7HSfay#N~IhDFDlJZL+ej%?za=&0G*xmNYYPFU);bTO9o88`3sD{7?SmmKDSwt zgz*j>_6+kp4LkrwUii}w4THqmJm3sOU7gN_t0cYp*rn?RI@dKgebZ^Gz^v4oIb-4| zC;&`6=oiwj_Z^xdoKYOdaUK7!W_trZEDK#al0>Uugf@LXYcHAUS6~ekV4U6q(Em8+ zJ-?l#8Bk7lZ$`WD#&_iMPyZloe0lz^FMs0X$R(wZ7ChT`)$9>K)JuaDM`Qm zcMThSG5z-g{qbMFl=SeQKaiwXuaN$9|ND6qaa}#BB8G_5cO;2n)bPa6H64wmIQ1tZ zr%jHi01W!vpKhH2I_g(knNgv|@AZI)ME=Mr{i~ zkR)*$_D?-e(&IfnRdZ? z4(tG!BJFnQMC#EHo0K{q8;!LcCX8Idh~C@o0~Uy@bx##p*zMuR4jP`O`F;y0aTLaJ z5{FfkEHNXuJAD0~+pb+RSNpI2p`>RvvvJp&RTD-H8j#swfMM&ddQZ|@|9asE58ZzG zd3$d=r^hrxIuUzlppO{%xdNCA5G5f@=m2`Ws~jwOJnK?%!8>eu8UwYhwt$72+E7V! z))|vTEg?W{+W4I>rddX_?f5`#e(q)cH{Z%5)>)bl6l z-h=w$a-r4Vgtmq`SnFb(k6?c-*t)t)iq&mX^#2T_WSmRjPtvoXV^iPvL1S^vHgp*c zndjpuYeM+r=kw%C=OP#_jVI-P@Ec`MWIH|SqxU#{#-3J4pELkU0VI0=3_aq3?No}O zRuMyjLD#>3!$bh~e{Bc7{F!ObUz2u z0LKfcL{TLrSDSG3{?~qb<&dBlUm)Fk#F7z=nm1#lbKR4sPF*!-_`o`rjsd+3Fj)&> zjdcIC+M}2+4fCtpo94O!ktEnl2S{@OeYGCns3YI8`T(Sd)1zqM*`InZY-=S9rbs)~ z0))H#C&%h{oSf|#1wm|LUs{>d)HIdCm?M20H~hFizq%4&+-7<}FTcCM z1Lu&8+~c~B4yFu*-J_W@FDNnYoVyQQ zyK*eE?v-W1f4Q*#jjP!ypE7>I7 zyjAz<`MEK4C{3!H%fu0%6%+%{J@K1eoj3`YwIi^(m?K3%D#)a?*reulH!{gee7q_qZ3nW^b~!MN{6P< zPy#%rg^dWHDKJ8p1kxDl`VDNxGt*jvtfhbPPyTpt1T1+;W4K(`_6E*5XG+Y!b9gz9 zqc9ADN|Pata3^W!kDMp{JloVizTwo9Pdt46Zd*^Ax$jn+i7#Wq0 zFg7;v{!Nl}(fZ9KNskwNer!VEBl>bvZ7YiQ)U`1BpdnE!iY?a);<&&WnhY@IhIg-? zk;RuYs$@YbNfO0T7z9xi#fdS-*d+DGZ|nf0j|a{;78o#c`X;-be$Bm4|M{)gCH?RZ z(v4qzNz&im)!+X6$`Ai|_h&x7`c!F)jHy{I24#49sR(PNJ0?_p;2!^!{(bC-CZ?AO zfn&7=jM2v$i>5h1b+yk+!a}j?>AoPU%uJ^LssM=zz-mX!K;Vh#_vpDs)~2)3 zquPqb&dVCmQ+#G8VpHKORaf1)?;oB#dVoDl)N83wRZW7q`RTg*f!iTzMD!In-+)0 zIqO_!WSonb{g-{2G0g`WjJZb79u`22a^qYu_t!tXWanwUX|xad{(mJaGX&WCFZ48v57_}7oBQFZO(et*ayUM6X~tV^j* z2C9f{qif)yWlvg8#2oGIj{?xS-FIL9@;aM3TIZaL$9z3KF+VtFMh_4MbbLa8iFej= zC{qB<%C{lscUrDRp~J>-nsg{c{;bzTA_9W$aeV@~Yw9sOHbsJks z%wCsJs#FTVkeLr_%Ur*20MI>Q_9@r>LDIF8tEVUi;%U&QF(fvx@zt6U>EdAA_{=LN zHpekD&?6r;l!BlX6pIupQIZ(fvLVhnR|B-dmc4=rER|vgYDk`97js0-I7IMOtp(|? zz|J4cgklgzz7=cR*CqY(xam-zhBT@s)W?Di5n5%a#&XuvW0(Bqd7IKB zvSmOO#mniT`NBJDlw8^B=2?2>H=+p3|s>5CZjt#?FJcRfiF27W=(Asql= zWEv^XNfcBGSyNAtWO+?=FTP?v!8NgsncvT$^Q{7D4<4X&WvV zGbM#@YqwnCe8b(e)$Ti%FQA_CUM=?o44AcCKe_Cw9f&os(bP2hj3~ufdLMjh6r)7m zoNWyICxOWl#5C|Giol#_C2gCfca~R|y7jHSRFZW0R47#4T8A|O!!t-~8@T)j z^CaNSrPOu3Zjsx)`dB#_{3G?5Qa!gVw=oPb|Jpr1@gLC1 zUl>c9m9n)ynrFmO>V)3w;fS}PsiVTSeb5Ob^|Ypv(1^c81t8e#pVF_EH6wH#Gd}dE z)SExF%r~NDR@Dsq)-c#!n!yZCyljmg07=^bPmCaUEeTr*vR?4>MiF_EI&87aiIO-` zo>maG-M!Yf(y=L`SL(?o`8!KO;4ys(Bh50=2Kpjw2>(^_8}APX3#YvT8<0=Te-cf2 zd4Kj0mRgi!>+o4~nI!2SKe_djCm+7k;yIfg@ugSOg?;P7#Up)kUdUAWtg~+50!OG_ zM}y`ft=4?HzoKp!DI3*AN_*v)$Aw}?cK-$7_`3kDMYC7j))Ch;iZ<|JKtITV8TE^2 z;{YgiGD0_MWQ(>&>s;Oe8_zvT9qg^|)#;qI5bw>)G}^8+W&GHm*15Lh)RLZMeUr}Co@%B~ z)LH~>3zZ04*Qb}}^%vId-dvDY&3ow`hfbx{#em6I+Aq zuIm^;97p8jksH}(aSo&F>=`m3k0lktI14LGDX`W?P^9CP$-q-OpF=c^y-9`v(={B^ zZStln=0ml#qQQtIWjOE-_>NR+z=Yc#$ZR7fpo8+cRej-NfbqnOGDJ~6hRq&c(4`sV zdk5io4T1d*fiHclAtmpp)xhR-7iibh;+#pMu#)dCsRTh38-`cec zr^}%8_v&D;d6az1V|maJ(}2W8e)rbSQ^Q5Z(FjAlV`GzqYpsS<81~*MQlrzSSvA1D z?k|H)e|Ox9GgLK7EtBV=n&j)TrNKiJPbj)aaPSx5-RByKg>Bck&PiZh`~BN|8MO^n zBq~FsL$oDbJ4m+_;golHQ9n1SCR2K3n-pjxPR}7`tsZ=_7__3>wXzR}nMzec66R>M zk7%2tB|I)oUaia;V@*m@BZNLph1eQq>lr+!a7#se^|SEy+eUZZ*_J?uZHjd_m8Ikh zO6%0s+#lfoUk1=$AxPplij8$PE@gpb%&Z=uM-zOpddbfx;WzX+4dm9j@aLaVuDVmZ z(L%Tmw-Fy4QEW3pIJE zwtC+QFRQBk+}IUm+g(mO0xc`0-~4Hj=Xn1U3W-UgIB_O6*7{hSAmB_%dgZ}BlCQu1 zo+K@1AFakG?Mp9`{`J%8Ncyw{&!o$11OD-{FIL=^s~EIfW!voiY1!Ibch@nKq>nr- zm@4?RVE+rAQ2FJ5ozuHoTAl%B)>)IZsJKN{%1ZU1zWvK)N!WJk8ZD)VbEl7`(pCS` zi2$!@bjs5sOg!P7MgRSd_iN`?TRwp$eV{wQNx<}%Bxy^eP1#4FXVU6j#OM6-{^g*i zwxs?b{2Iu#!5xwSr;D;?GhgtJ2eB$52=!Ia)>VgCD>u#GN(^W^LO`oJ>lckgLmHqq_VF^g_iO7Yx96__;+21$~ZGh92? z__b@b1kg6{6M>ebyEkU5|1o6{yn0B}?zIgLqvj5Rnx&(?c@AQ0Y+R!I#Q^~GMleNi zpjJqmO#B~{&ifMZE0ZBE45FNN=fb&o#PU z2QgHW)4iH7NnA4t^n9w7VQoth^Sra&V@j2kV5wQW1|L3Pm~A2^Y98FFy;e%IN4{|; zz#K(cQ15=~j~Ku#X*$M7l<#R$ma5u@QvncMyC%c=g~FirF4 zX4>*?jYGmu#dX^IY{7kA5jJ6>YSJiy-~GE>;?papX*Ugnk81Pkejn|%l^;_?(&$?m zBmMY}i_h3<@xsZI7V86_8q{C9X~hb(jg3Z>rcFzUxN~z6Nm|}IMAHaNlD4|k5jQ>9 z=n;{$aSBochoWZ88xC8k!Uo1T*<5*RF?dntI>DwSiK3d*8>U66gbP|hWSuLa zGa<;~57wBj>TM3vBtZAGOw&`VGRRjU7B)Ammie8hFQ&g4&2EfcZI{q^q*H77_T_%*(M&F+f(DP0={chW& zFO0Kt@Q#wSdtjZl)Lync`~Ys#DB{EU1Va8 z5FO*HolX6#7gU%kU9w{Ycyglzo>=>1A2k{~Ve0H<>qbNwu2+J&8cjz&V2OrQDSSXF z4VV*aBlu^XGOcZ-ZcNmeChNgwbynTB8PRFm>`IVSfJwhEh4rSZy38e_RH^jHNh^o* zi&LSH)aF)L>zrfYh0mvk622wUnT0Zu-Bzmv?mJ`00;aM zD$x5UPg>Ns^W>6x-9(VxHR)0chez)@MjtH>6b?)8?lFbn2N+^=+a#l7Bm4@iCF@6>j1l1-SbVKwk5 z-K!B_J&b6(lOg2JEN^e4pGy8pzjD&sJQWX22$LnF#Pr)C*k}KxZMbQuvw( z<1T~6z7^|QHIZd(jd(O!BlG>dseSLr5502#2cnpB&cu;#*D*m3uQNcWrjUAKY2Vj? zC`ycp;16QJTXA4>qexxMEG@>~I3#IUN82wVUzaBuj=cqIZ2~$CydCJ)rs$XyolKiZ z$5flWzM)3Jvm(QE{iT{nhnC^zMMypHANjV*<{D^ic*j(YAjuEA_7ayR)0XelzIbb$ zODF&Xdt?6>CiFVX!00YGJe81)nKP8$j;N~A_6Lpp?X%fkkr~bzT6&6Jj9Qj-+78oe zG*p4{zVu?>BWvOU5jU&a*pdQ}S)e*pn|Y2}?T(9lT9V0{j{5Yxqz{PoI==g&m}8mM z&4*2xqTZ&lRl%^migAC1o3`wQ7+5rwPkkzt__m!Dfbg?1PfP-|0%JX^H1qx`H(VN> zk*unL+4y(fI&)lWAJKVT z19qR2_4pXjj%Xsfhdn0~S{JkBbHD_x&?&hd(}tCyv94vCpvKmJxG|#z`g>@;i@pZ< zUR{+*o2t*JdZ2ZOy0Y~7QOy&*>X&yoNpm?P>MxUMGxyipsOKMp>-vPX5)XirKK$|T z4}i;mihk63%1qw&wp%*edhl~-w@M5y% zt-k|nN~Q?{vaKS_rdnXi&3AWs)cWcDIc_9{QrZP-E9DO+!!5TV9YbQ~w9FoC>q2zyUMf)u_?+}V z4FfJYqt;z#owE@y9SYN=?YGy^unlq?I%P>UC=5dvw~bR%-5^_(;8aw^fzpZ4RlHS1Cy_y%(A=c1B8UVpU#?NO&fw!!@Rb3yj~msUvhQZkN?Xv zZ1PQVfoVpN+RaIixIy!B1JAM~aDjSKW@GJc7^bDP%z@ioTQ2flujf;Zd=oSN&6GPF zXY%w@YM)5(_SlyRuS|rYt2K-|{#W`oXN2F*Yqcs3)+rt-m zj+xDO57qC&gegk$r?)9$3u}VCrc|dqSPOOHK~u6)cvKIQ`AV-d1%{O|Z5su%hIB(k zEB+;_NM>dn=BuYx45~fUirp|Vym6_mb1vjN(&@daY*x(cGce9_#l4vv)nJXOTH`jW z%tn~jkf#M(_Jr-iw+K%CZ5JsNdi?i-q&m-2j^SLWgOKp|xO~6+Z+v&gdOU_WLp4Pg%1OtMpsS)|ZWwBCI%k zau8MEA*o5Xp?N`Kju8yjF+{oG#Z;KDE{IItiknirsAPCxH(P%bKFj{^chsmFFUdwFn5#Oyta7PT z0CYeWu4WT3Xg^%pc8ttVwoZz`GQ~J&7_MQ&0bM#)qo9}s{CWp}GHhE?J?-d+d051K z*2n!(>nFf1ig)rqE`V;={%IoibN|`kpZIMz^jSfnu#7+ky{koR99U>^Uxa~rr zKq)mfrPB5D0REo!XWLYkYQ9RX1S`+?%5G5+TmcdoS;nF_pr zA%Sx?;OnOm2JoU@gcW0`aLcg`%-W^{Q5QK_+cGkXfnD?oGTL90Z5}q5s|1B4ge!y| z2RK|^={A)#7drMB9A~!XZP>Fr741G$dh68{z;^oXTIsp`Aib(R=&p?`3cZ|0$UtpF zRh#?34@NMhArJiHV>g|@Vy3=Pzua#~x@OZV-J)vYg1|ZhKa+9;7F_cfbpGlC3ou|UhptuY$lMfql%g0wmCpXhOo5(qrFm7z@oQn%ENzxds zq&I(Z_qEsDbldIs-22VDZ~w(Vt4sarlaJnU?WM;Zw&$YxJAX!!7Wlb|S>zGZ-9zLH zBHA45tRZ&J#mrPljYdR&Q?z7+`_yke{`6%gMI~^swprIW_lI&_te;fV`F$k zl9o}9;V>!P-<3Gk(Y;aHubsqL_sH4vcR1pxOTYW#3;)%-(yM>{rX=b8y13cUEkP0H zY{yv-5=St8+Yaku)(PVBsAGZ7_ohNR)H^YSPzO>EX*JmanwQ-R4ou!^x83$wnw6J_ zYOxm>h+C!>37=ZcfBpnB^)Wza!vf8O9R&PYUzGAAaJ_r!l+v~kzm4E(I7VNJx@Pe8<2T@6fnt2b5hw$>%_jbkbsKniHs*IvzGlbQkhtViX(SEbdL z!?=YlDN!aU@@~~Gd|nm&R1Ljs_mJZJ?Re&L06`qU;*)n8MF50BiH@xYNBQTLer%yW zv^6YyV^%HRjY}{_x(_JFt^oqGJ|m2yIF6Gzj-n{6lz|1l3!22)fNFv}PTY8wZ$T_V zz^=Nyv#%pb0>1GF2ntNoCBTfQ7IqAZlWGv>HjraB;=Li1E|LDY-EdnV3TM47jRn}` zN0L6yut^<_6CSDnv`LbvXMk7To$S5ZA4SUD(NF7C#8ALQO;Y~2riNy zGr+tOJ5M4md&Zk}sa^Q0G^$a5u~nfnHDo4Y@=0j}lcj4?h77?|gV%oz)C+`h7>?~4 zqd#;6Nq|0+s{QJVz__zNv(*6W+F^yZRk^E_MS2*QOZRVaNxGlUs6Zu+ z_!~OqY>6a^DR0-wmv&CK@iO)L&ziWQ)d{|_ZHrk+51uKlNOdIA7I0smE5bTy`>ayi zoJpHFicF(lF+dPm=d9rFQG%~Y`fRar{A~lW)$(#H=tID+IuzC&QmoMlOa$C1jjS5oRzMVM zuQ@PoTHh!a!Mvd>A+XgEz0A@Z%XBeOlvXAZwh%*pDCu+qgz<(7=5-|oTZcKsAa&KY zgLMY@v&N>{hhY@QQQ+q=)`#T=y2wG2@*LI&h2(l^aP__8{HTK@gs{KaMeR9k z74#S|Qo24!HmKj%Zwj}ADtHP)*0eb8YzPv*;ID%~@;MY8|FeXmu zm2?xK&7WVO5(O~oGbf>Kup3irY{DF@0eu%L71&zi@U>=iRywd)2WC@xt&8AxEy!)( z2>4vu_+UK*08tV^I(^N=VV-;wr}^3^n@RVY9LMm;Cg9P)r1xKiw>p5*Z~{S zHImZfQaP-1!RMS1YZ3GIqq5ClK-vwS9eBTvC9+8=?j4cpj-=NYcCAivxO;B|O-;{& zZLNo3+u*&<#mv)msK7`m!8qrN*{nf8f3Bsqro>=9LyZ!XzyK}va*_eOuPu}SbViL*ZA^h}e^uLWraB+XAn4{Sq`#lLG*UmM!(^i@)Hycl(K>{DuZ zbpTR=wWbJBohb_vO$Elhb?B9w&?ig(>RRn~uM1hP0)=8KauEA#e>qR1iEI)*Rh#c*!t)U1P={uwQYx--qiIX_=(TX(Mv)$DPfvHyWE9&{NzZ6?v z^RmvyL8*|*yIDUzHfH@Dm#o`d(oy$}!*}%T$T8P^_L%EWpjEj$;`X)c-(E_lH-8N*JyzQ-UrEg<@RhRnfjp@{uFhWWvAXOq5(o1L(*iR><4KUWagzsuwpnKnL z2z3W&8E}rk51M*bJE(nMM6-~NZORbF{Inb9OM6#K4c_$5RfTjr^vi!UgNvE1{@AYE ztwlP8*hX-j1b6?YOwuy3jhQX2X8B=Dc|^a@&kNWX0!ZzSOFS$H7^%s(yaz?=Viu_f z^dD^kANB3mmrF~COgcHZO3G%Uq{o@9mGEat(q>s_+aG|vw6`B3(LUeF0R_!6;x+^* zy{11FpknfMw+96Sby6M0znMtZ!RDgmJPkiihd3v`H8jf!O&jw+!fRTtgc%{N`5bL; ztM>Z^^fp96FcV$1>zji@8*-okMRy(mn`jk#}jWBmX)RWlCK4z)T@>u9V-I&a(}rUL9IEvODh&*CP|-3nNz@x<+K(>lYA zT7~iBPX+)4MUzJH$7)&oxxdyhSo-H+pJ5j_o}%06+KTAk5Ss$%j9oP_G$lSOKPPh# zOwlr6Ue5|yNMcy7#W_L$r0B)2;>h*^=<`s~!Jx~4d$q-D(ue9Js0L+^{@BG4jFqm% z$GWvWQ}ulB_G5XRb2cn3{?czKd0FYX6l$$cFiIyj=vCH{*N9(Ou79Vy+ty!w%ZxrR ze3v&4|B%=CLnlzII8)+T58wU;7@1DUkbp3PS=u)*mt{@*cK$iP_d^(=MHF=a@IL|D zsium&5zeiC?9kWbM;cY4D$U8-5FQv$oCH+#SNbvOrVMBpL5Br>hT6P37lIyYPtf(F zX&GEf`t@YlYTH&EGw)eB-v{WXG=3eySpj7VPXSf#Np{-}>M9k6*KkCKjITmy>+#)SsG>lIu#y6{J z1#5>xqT4Anov8Gxf}YMYy=N8pv<8DqM>XnMOnd%9^(QeDqda*lzD9jOu>e@06vwf1 zQR!GIb>)UaM=Nh`dX@qlBXuzO0vM}+i5gXd_RWYMu2%bz>#n5$Nn`(HXxkvxHG!)H z^h|z`w*_4bzxS#PY5Di7OCHjKvDymybbd|=vO>N6N)qqx$DbNPEa}F1GybEg8?$>u z>gpHHI#+>06jgjl^IHHNv0-oBQQL>EMXKUld6cI7;2KUiIxfX_ZUA4|8uUO4qFZN6 z+m2(AdWhS@A#E5SHS=u-4mWKwWAc34k0`G4W?hv|1Hd>P4Dm>>;*}hkz+vGh7OMEp9OSD*N*XVQ(iGLhIh65&60rw|J6|nhmUFj z5c)qcQ6+KC1OdlLIvgt2*(4^B_TV5vWL=U3lvy*1ftp(f)%OF4W#-i+l_7(w&1-8l zAZ)0h=h6yWMW`jRQSZ*V3YRO+C2c_x=SEU}A%h65a}nQ=RBY$GV}R}vH5PCE7Hd?_ zl7AE=&PG`vW}S;ztTISDfWAw`1P%FXEn+sDb0T3lq`N?*IX#;0PmKv~la_V6AorW1Wf0<;WNl z_yx~eOqr;4Ma|8GFKiJalWV#1lfR2`d!kkKtAH&vjlF$m@U?-rjCTjDtr7OnhnFaD}5!0JL+1BufAG*D&TN&^amf(y)gh zHn~ye)tD{w46OM&z;gYdhLM(5Y~9&yKb(A2cZo4}}a@=ucZ8THnA zigeQ{Zt}RG{{VjA1#@%xZUucF`0*=}*G+8S%1$JWg$YUzTlKky0l-vEhoe6EwJ%8j z91ZBh=`-ALsmEX9eTvZK>15`FZPZxHsL@D#O$_;oS&syJ1M5@WAR$OKk%C__StnREUG7g4{1D!b2bc;4W^UUxro_* zV6n6oknUAq3T+q$ORL@y9IfN)9$IF@tEHEC=!CvU2f`7@8_mceKv~PwKrJ&DlT1n{ ziT_%aaN|%sYn_F`(qOLl6Gba=z;?d`J|n5rxRvldP|LJNr$Z$y!Y;}*aR9W(Ir<58 zQ>|ok+dC#nZZf+qy5mu{u(XPJj~gZQY6*uuM0NzkoD=(TKX1q_qN z9dah4_A2qDc0yz~uX99R!i}U*@o4YLXIiIM-$I2W)|BY;3sCzN2fzjwsdPG!16fP*x( zp>xGK$10h07nnGRBOAj{#bpQPgKcZGlK8-y)uz$XzulHW*L8*@U9?mEECtN_zW!NpG)w#IvB{EbL1P@N;dMBXL`Yv|yZmM}a~C zUeP{?oj(G+DUOvFx{&7N{d40UF;U5%vB5h_t8^o-rGRA2XNY#SkkTE)jrvj=#L5*sE_jVZ{^EJaac*}SNB+5 zn2j)(K3U~ev^0NR+Ji<2#a39PS-_OX@6;89&beaYbbZ#9S|B|EgU5uqc>;}dE9+EL zCwyjTwVAlWLhXu`W`Bz}#CUB5n_UG@>5E`Dl{U@yXyTj;$B*=|?hZA)(8NIyM6nlJ zV4b9I&F+q2;Bx6vK>D84LETi+*ceygF0I)0YtmZ)x)81uFhz@Zm!?-8lF9Xt_%`@e z(r32RrUWHO219;qcZ=|?VR~j3Z+~0BGt2m4+5uipb;FxYk|_qQh+$0~k2YqqG@Tp} zBj86`b^bu@?7!OLCb%FSUs`1o`8FMItxX(&K1(Z;ZX#gtnbomk;{db?=$z)_WK@|k z89=LnS(*<&`8TkIx<(%R4?U2IARAaHeHv3`u)HNLI#HU8@fdj}X*sB%hAw9gF^M6H z2MzL(F`5Tjin6vLV@xZ|w51aZ8s97olOzH?kc(3or#*mG+WwZu1+3Agtb7=D*1lM{ zQ#|O#cR8>M4LCq0_k)fv>R}UMuDF7qXU4In&(eW ziSzZC)Rn1qh8;R<(7$v;hA^1cq8rWf!~m0fV82mrEJ@}3nD`q1Q8fQ#u zf~*-dGEe_<&IB&is2h?CDvKkp@G~-Ye&DB%rrUMSL$EB}efy;Rgl2K?++J(~iA|K* z<2X(N_@1OMK@}v+PX#e?g_)xW*hJl++iL3e`Z~TBW}3EU;JhkXF@{K50^tS;J+;(2 zDnyJu8gvo7F&ZB=PgO4*umcRSt@`=$a}ZLN7b&z%uSTWuQ5-=Ml{o)C7zSDjL{Z7+ znh{{$KmETu?#Z+#fL}|u9k-@7j;apQX~W{I&kHl$AWmCUuJgVs^=|dV=g`_X8V0ep z0;DCt>{OmJ;+LX2rrjh_5qdv8sEXFv{`mA&Gc>FZexhBGRy-n)lf^j5&NTe%OklA-(5vuQzc;3InRL))N~f-VI{dfwW65)(AZ-qft?RID z$m9*Bit>d-n??9rHQ%usZP;p}% zX%mQIq9iWE4jza%)>&6c2NOaN0*fA9mM%%FoWr)}6&Q3M3&a{P5p1$}q+1hmL!NE_ zH6F$vHCsTy((y1waN;#Z4wAGxbnG*EhzDZK+mf#8E;34z^dD{DV|>(HDR$0vguw<# z?disb@1KuX`A^a`=#D>}gMBal8^Q{74uO&> zjrhjd3wzT|x->h0gE|g*XRsYUYSN5pGp5g&K4r$j&K8Aumn3ZdaT3$YKGa>4wPlXc zd0Xx+jVFyb18qrp+d+9$+Qg)-cmz=t7AX4!tWXHxSV_{EaLIu`R`b-2{=l_Nu6Li; z*+o#vB4F#^@2(r`km=@g>GE?ndHfA`#9ck0j~i}~Kz(q(q+0O)Qw#M&*h z4+#VTJvt0vbR9>(GI9)QH{V-=xzg)wuhDEk?xt~5CrlAcs*!hH2Yu2?u6VP}{Ak;# zSCk^I(k&s}Ds3@dpMht$1od)(rVvLA>ddoRO$Cs?0t+EnpGdn-PAzy&chl~* zeB=mtVl`_&Qms-Cxwbn$YQzM_Sj#YtjBM7mC1B+oNK z^MZn3qqw4ba?(*=d_nNX&=4>p>s9~n5xbi zWtz1b6-Qecz(9j14|x+vMyk6L6n50QWzB(rujq(JIj;CVBzIO zGCGyr0ByGFC%S-#-l*x*+KBO|cER`yZaRy8=YT}al|BYss}U;>J z$hi8ck<}#kBRZJbnop7OGJO5o&kGo13`O*!6P`?5ae? z67cWkM2XMMO3BlIyZ)~}Oh0?qGE`sOQeTJi-+eBbSnF)Wi1&Q` zwUG3qc*R8@111fpLf^YFFz!RZI28y=$tW^nw{2ob#%y=;6^nQbuD@EqaUH;Ir@-Jn zkKAfdXgJ{&^oo|wV^mL+m|Wqvdf@&jfT#d>3C;FFgRkjWV2QMgPmBZS$CZ~7=d4ST ze!I$(X#Ipn=*TciJKc4NCfAXSwv_` z1aTBbreBg_=5vA~U4I#vz4z!^5K)ZcBpvMJY;Fv+VWdQuN&4~Q5kIQ!U{)U)L)bWHW4`($n65Fi9Mm)jV|e{rR@C$b6j9`W{GCFcyE5x=IB5B1HnhF#FFfX$n}76+-#`BN&-ITi{W~zKBF7O^N5F`2@UqVP~Ce*by#8f-(>77gry z#qSw7XU(}+vjzJP{oE`P7Xw@9+Q%QgW}nShPoLn;&w#G(VK6Ay-IWwzaTgG2FF;Q~ zF@;H{$oh(hrsnZF+sw&o@RtQ&J3Ldmm2#f+oRk=4K}T}QDg0n&Y8e_a$dGTz=`yHr z=$pNRuG*(!oJ(NG6DmyWqq9(ml76Lg>!(xO%0spF`^)Eb=jJPy&Y3!~n+cjWY|g?( zixw_gykzmhMT_Q5o!FVwA!gP&7Y9jP-lZ2{`iDdG;K2VoWgziwyjH zFG=M6-PfVctc{jvqZ64$>9Ub?&c$)(Ni!h;e z?NiWl+BAmAK!u?f&CJXBG|vU=&jQz`YUDoN*)IFc{4!^h3qfw|a+@Z@Byi5fqlU)W z%l@OMdlV3bCHTSpz?couj#h{@?0Xs{L^CoEvPUV^i44eLb z&!7EHfjs)%)!#-3K?Lt_2K#A{ z&IC;)4!KX;=!06=X}xy(h9e})&Km1JC0!Ja-C+Vo649SK(xvi+b2v}?um1c8+XO9U z0yt|U;sKEN{_R+joc#f_C|~wPW=a~)Jx6lfN6Jw2Sad#UNeHXQkZ`E@v64Su_7m$@VLaY&U{6?Q^GNwGbUc5MebN{wb{jv?*Z((&rlR z5n7V08Zjz*-}azPVx3DWLxB}zF}niW)^LVpSimH~QnQ`Pe)Y%7X<(n1cg z()c$f8W%y|5fn-c`(F)nczq>QN-3t3q}Y+Ot>;$w$c&tzYy=~su$d%dBH$B}Dj8p= zMGRv5yRppPRW5$gpADM^IF(d**hTb7Pd1FfYdx^RHn?QxT*M4z1ng|wN3n@66Bh#P zS04Y&g~uPf-}>FxZ?ox^o6ep(aiEDBoV>}!wg`~3O&jZY?QiX8HVaA5W|Q+*KI zkx>zv=5m<`7QOd(eO4_X*}6QTADfo~N@FBQtSS33g;6a4jTJyn->4*aQ4h|#cjK}eyzj>YK)W7I-XKg<~V(u zde!+P4 z-V z&((cd+oAPdaMwTAui?G#N_tQFx^((c+b*6lYG}{E!6t~Jc-R2nvrj8E`Uv1>e@Z9A zzW2%l-;i`}eLc*^aD~nW9o;09-QM~(L?p)JN^x9_=X#+v->C)&fqq z&eo<4<~BwGGhqq9>dpOc-}vz%^`krz7^}BB;55}-U~5UTCXKq<>UIyNR1OHizG|4E z1kSz?qzWyjm-U-jRfDodW>0;fW=fQF8W5Q%d|8sN2Zk#~w?P1lrG2E2LxX~YbuKaa z1)Nx`0P*O-=_gCJA{(ySXnS+og8OPSzr30QL%|FiG@f!kK!Ni-M?{!V zi~(xp%C;4q4At!Qx{a58Zwy{&EnV^DXbGVS2y_}SPun-n$H}O-(RI>nV9{TIj%9!U zZUnd7MG#e(Bxz8cpbfPhk^LJC)6!1q7VT%GL%C2-Y4?2Vs)^zAIuwBY)m0y~HDrJN zE|1|V@sbYaC2gio3ZQL(Etb+k7^k&^WR122Mox@dL-U!lt_=Hq>W(_$?R4+}(ECvj z$7!1}8cb+HVjWGZ&aRv+T}g^O4FG8mJp~`TpD3nFmkicy^3Xml;?x8f2j|=$t=kHA zUmy+5t!@lsr9LRYFt66X=%Eq)c2KvWHW{`OSL~u~B`qL~Lq7Iy%6{l?b@T57(xyz& zcd#w3QpP$ckCFcNI5N!kbzkZ2LVr&#y z6BVcqd9g7pmqtOH#3kPmIOms=*5_q)`a>J*m`pfTKKphx#c#`n&`)qBrxtz+6!W1lMt&d0GRpg(7d(GO-F0_ zawcPj#qj#P-je|{7$WB)PV8Tgtl5|QKy`!7DO-Lgt zM*$G~8C^+YolD$=ZN4mNRKcdR$-JO@2=t8vN?{lTL1Ih{H$MSk$l=nH2QMF#Z|JSP zwTa^Z7&!od{l3x|0~ZU>Gm%1+7~^a!K+?8dqXdFu^y9Adu1&zL0tV|vX6gfJQkc)H z8+%Co^Rd-A#2DvF6SiiK0A9FmfL7?*6Eo`eL$=A$#>E;5Fpp zr?Q(h~*B4=f_Vpfth|h zGS2nWIaAF%O%YDlzb8W4K^-$*lL6`9jMbd_P|Dgip=TTwBgRPQVQj)U^`Ke6gS#+P z5StP|x`)WwGDqqH-IAl3mkF!1Zkr>dzb}A5UjyFJ3lxlv81;?wD#V8Ach1V%yA1!w zk5U-Lagrp7F-ejb6S928lnGP3=_}|z*mLhtwqZqv4N5sKR=DQ5Bg4+s(~bB zI9k!&PXW7bL9YrB#jFvriCLvCwpNM&JLiJZVfq+h5|xVulhq}hv*xOyP=EnL;WkMS z227E37(vK1Nlzs>=Ulw=mu`Gn`pJo#&mPmb)R9SyjicDwI4%?`QS0>{qW{~+q;hTd z+J0QTiD0u=v=_ul6_Vx#0Yf#DpGqH2S>i2+6;}H{dnI^t3cxv|h++m`tzVbb3qg^Q zzl32nV1&w*7<2*$_z5UpNx1X1@6FUKipk*NJz25PTiLR)&YGxP=K9?(^JjFP&{Gfw zut4g?IcLoy|F^}t>yro0A7jGAc61FKHGbBvcT8f&gdszEy2nhJv1H5b)-E1&>RVws z3~drc75HCFt(eDZ3$r2 zGl{#;({#@Ljdz6!yGpNVIhXh)nf(P$P#2&vgdkmY^;C#HcEZ+Ehg%o++?t?c=(tJJ zC@Mrr5{FS@Otk`MLO4S(XgPpR1IiU3jx+jh8u#`s-s|`a@A~Q;*L?W2Q%^hf)Kfot z+6hPQv)$Tlx7~K@t#{sTr_B~E-|Wn1n%8?p<8Ge!aPEt{<~Hs2*t+)P@M?|RjQy4_ zH+4!E20U5J7UHPXYH&mA63bGV6DgIxrZ}-gY z_uOpB+?kWc3?CGMNlX&wsLc!hocrCcZAl@Fqe`Jr3X{ZEd(P>%DrN#YAJ$oML#-#| zLsdp|>+#37o*v-G57DPi&bo)`-H_M{5KV@$ItsWzUvh+Tz^z9RM{u=1z3CN`m~hPg z+xC==slX48_9(}TfaVik|CV}yf=lHGT*8c>!zk^N61o3GY^4>IGEJp^TZ8&47p19S;oDdoy5wx2Ar6@f6V zlP7T$$5EV^oZJlP)vI*`z*4`wYc~hD@kESG7`4rWtZWx-TMNwm?VGc!-8WTt z7jl>S5fpAb1MEH($0NV#B`Ox-VKF=%UgE5?G3>4FN$b)H&tDIfD2h`H4FuK%Y$@od zFj4v$XG@?3{Cw-K`=9wVF#nZ3@GpgLCTGSzYeqo3wgTIh_v)I3L+gHr;aa|#N84T& z;L_U0H?JTz5f@1sMbKJsAdhsL3c;4|YP*~eQ}ss-(H!D7T>WO=7@yRCbqf@&OX32v z#8Qo{&529kAnlz}3zOjZUOx-SrqW`GbuJFRFU@zatbsTGI;m^>m4X+4{HrtBYNr|d zvBRa)J|Ti6W@H!e=6$tFS&Otb7keh)+CnE=*&@ZUA17JB%mz-#hcvBtVgZWz0*!k!6{wEWNk<#gxoE@_Lr zH%tmF(qqPhLIpTdE>FvL&RMhOgzFxirGr2_0Xu&SzU-l{-KWM{#QqmU0plmv4TeIg z5*gbD4b8q&uGg~O7(-&1rc|(ptu@}qDsKzE^BiFe+8p$9?&fH*<&qdCc`>c#x?o&n zyv8*Pm(+h5ckfzAJ31ry=zdjRg<--y-73JfQPxsuMORPYUp#e^uopZ5yvx8KTD^an(U{aW1H9 znkQ{TSf+DH#hfw~j=E9Q0Uh@aCmNPi$~?If+5fMYd5l4Ai|6@a=yS$Dn!x+c{ohqkd=5i@i!r7)nfx=2mv*E#31uDZG^K$*@V-aF~HpUa}Y z`onAn7-J*rY&dl|i}jtimb3T@U>8|>bQB-a3Vy|kC)n~utpdUl{X_{7d#D1_v~xXs zt)W|`(KV4grfHOtgiSR7n5J(J0S^2)##Z>Vq(S+Zs-d^S0Eg=L)qcYu2&14Jl+&E& zGrD9fdXTbdJ=rvi#Nq(<(iq4rkC612hu@Q=fBjeb`}5!b#y6hV z3$IGje?QQl9yweZkyT#uEWOkz21Q`_ZuI;b&_YnmuG-z}4BCFnL@DmLTCV5#3TXgS zNnE?>LYcZ6^evik{GL!!Z~S}Eri{3PiJG+K13~Myi;S6iLOLEMaxP-*S2m-cZO~>c zTSIxaDVDA;WtPX@Gk@^(Su>{3o;zdZuKVt>_o0WK^^sG~J#6=dlSlV<+W@wZfkI?k znJeSY8_E3pnI$&=HE{R8L7hn2oyH1L8%}tE6I96}mcaYOtfpk@$oamj)kI004*w3^ zWM(|iNKN2Vz~}Vz5D1L1tx@Q3@Pi}qV%ENhD*bCnL&eZ;uo}AoS7`Ir-`JW6TAPn4 z+P!(?Y4-NfKuzcOx*d6<#Yj1xk{*BoEo`-IH8Ch{<20UZ7rd&DOt}qGig{~7Ylol7 z_v`}~&EawFvnNMB@KId}L2hl#0YA;9RkpRB1J7bR&imwaAy>FdHX4Xg@X#_9r^_FzOEJ^|V^IX_>c8#rTH+01oew&TH zH1GxKK@Zf&aN6rbD;u~iL)=}0&A)orLEN^QQJM$mZ$TRxU=jg3#^W9L3Z${Ad9eM} zxvlM=#LmOrD1aTFzjgu) z)0wSjNLpuMzbdF$lpge)g|cmp_t@4w8LnOHxvlXWYzTT?^Xn)O&W0Q+{pu4hOZhQ- zB@WW&KX|#?-f4;e#+rx$>ZZp6Q~HSF3b#JY|7FINO+XK%{-wlPJ*HKDsw8@gZ0coF zY8)8fN-ruR3V_9$)na+AH|Gm=I0NRcKJkiATbwj@f^_)8L2>I;uThGsb^WYiK0BG2 zzeoJ^IqHsIOvizKaQZfRlV9XWNxvJGlBN^7cR1(Fm;m7Fhf_-2zaa{ktzu3~sy`Q- z8KW*8lD;k+C9Q+d*?^TA3yE{4R4l=?zdSvtjx3dxE9#JnFbLsH4akf`V;~(-EA@=@ zdw8~_&8f3K8|ls3e2`MLu9p5#&kD2#-Vtnn`>>ts_F#o${{XvaGfc*#mIPfBAk+v- zMUZ+ag_JeE0i0=biB%+dnilv+8N&CxHjho5;QTiBNpVmAoQB-zc1U>usi!fas@Ts4toqkVJ2rGQ!8zi>v99NrXmHW3`sVN@# z1-#lF#Sruc#3lya!vOt&SX%(+Xiz#pH*wS8iFCYj9*WafC>iHWtJSDg+&#o(;s9Ei zk`|OgyK$R3UEZC)3yc@!t=ARm(AytKudmOe9yS_r-H!V|`PHS05;SdQ3wfABfi)Q_RQTRxd?1**8S{X%FJ+# zJ$EQyxXe`=f>Zy|Gp1)LJaw7>YG+AnVN(Imf53%LP>PCZCrq02#7H^~=QA4cLw zq-+FV-ZoB}$~vqQlf>n&PMZgn!a}*K-&%JeaTJy-MJDSXTEn1JoB1!>^S@nyS5JgV zU36(Aam-cUB5Bh5s4IKg`orv3DCm_Wowl+s@N$@=2~ETn@}n+!I%C@|uf+9SmS>DMcaUHVTM9;9cIVek@_uTv1O0@R3>Xs%hcb#Q4NgOAp&U9L@=58wR zJL!vX(?ws7e}yUa!AYN20<2+$fRCe9W) zTrpu%;O0MoxNU@`)b zj?kX{^154Q-L9$WwLk5v^bdx=I)PFY!caf>6>bw}RpTF9;>B}`tcxP&oE^0FAk+R? z)%Bve1ir4wvxf{GGBD2BfJ0OvND4eCwijL+TxMn%O(LvI z3hbvT{)G(N=^G7w0vl2VP2fd=cBu`Kux*pjrk~KdhTg^xSU<&aJP`j<0*V1_tu6Go zYT{w&`RS%LoHJ_fJ8eDc*(62KJ2e^f6`DloH8J**qml${Cv(=FNV8z60$_;t;)$22 zz+#oL>H}tI5fzA~$;38Jjdbj#S^utawGLfN147ngTKTobL70WOf&fRtNBu=ch@UNtgso)lyG0H4zNa>sjt(6UN`) z74%OZPrdE$lpmY0u{OdwZ2$e_Spg&nfDiS-?!N|o7Y@ChwR#auS`5y|ElJ1Vj*gAs z@8nXI!S~JuzAlsT4j5e(RJWkJAc_lcv9v9uu>;U2ZRuO~mGP2%MDbCr(Nu!C#La@j zo+G>YIoo2R0Z^EJqzX4(RY0AD}A}tE6=aBEe|H`5aGHlzTneP06hn% z{sMY6in#)5bDVXiQf?S!U>iE#TlN9x&x*(E&>P-JI_vnD7Nt<84Oypg6q68^d4?tF zlrHX+hWb45oA8O+@`gHMjw)Ud>nG4D0R!g2i8;WtRdZnd-5dD1D9BGhd|Q$RH|ZDm zLmS66(w|x^HQ)R%ll2><%@=D9@U17{-G^?!ozAE&e$d%s zZ`2ggsnc1ni2&c$QZCYBHt;uXZEqt@FvZmjuYQ%!-uMG)7kPHzNOdw;>VsC4>;D_9 zWUX_q!miSGdV-obc9aWY6Zp(_QIf!|g3!6x*P)NnG>{JVn%4Lx@-4IwbUxaILJ~3G z>!3+Irg^Zb%0x*Bz3G;G+wV|K1h1(8M{)1tRO z;p<=G?%jCc0I-n6@YudUsa0ia142)2);!KS@WR%=VaibTGl_GFzuD2f0GkX39RRT= z5cn{6h_=v=AWlLK^;Tpjd4|C$f=Us-rnI>&iV|a!N_ug*$rGu0{-3Ax!@UYvr!~xz zdJCzgj*AU&K|^Vp7UF1Cifi?R?D{wE{C2JA7P0kTX)0UW{$y8L0N!=KQXxKbU!Q*4 zmaou}`nVL6E_3>gL{%X1F+VyD;-uia0`)xztPS~G*7WYX{XBVu_w=9jXJ&RA7&^e; z>gZ`>dWH>wOrds$Rzqw|=%1_|#9`8>9`kd4p2E$wjm6=rb*DribP7R;$uAfPbf>;&hsJ@Vo{vItbWG>hw>gL;H{h3dzK^JD#@( zf%R#KpNMP&Kt}=mLp2!RFj9wSRo)8BOe2worq|};Xu{84kUj<}Nn@HiD90hi7$RdT z{A&+7G6{*e0Azg(wyyAG+h;Y^Hr-O4@@qeMfHjQM#0L7APYufv9HE%Rk953F*%B1e z;acZvJlE=eHdhFK8hS@6>aa{-*PT8Z2-$xtfR3(oy52xtNH$+m3jj23H;qV7ZVln{ z(EJtJJ8v;l<$qh>_3g(j^h&ezA)vIkUV)!J0VSOD+knJG+_@heS!j5Rw70Dn?QX#k zsl7)>-UCF@xRt$mkB|_=rnMC@Y^ok?D^nhUeoir~hh}667jUm)Kvx1UiI+YA(7Axt zZkBEATgVnEt-T$GC$em=2~6BhDS_n+iqxuWPF=y^V6$77g!>iJr!?Ep9sK#J$(k7G>Lm_c43O=#J zseY!AbFL6Y71x*c`?SD>Ia-#M5Np6JrJdlh7v;%jpN*5&5%^Bb0Y>wH$yxxrXbQ!s1oujp=)Kwu#a4k? zy<>xNseJN!W}Z15_7cFu+n~|J30ECVb>HlDTL-hA)3BgT_S*nL7CQ8<2?^#*qLeU5 zUQCSGgdM9A7_L9grn}gXp!iRN5vv2+1|`)i>458q;o7WP0*IOT)vZVplSE|I(FuBI zU%d`}S^;b(=}WV=8El<(HtpUn<<5TM!?ing;+&aWsI&wqB?K@tRlWJUE|5P3uPngi zrwz6!z>U)l>3GEwAC)u~_}9yRu#TpXB=H5y%T*@NWa(KL-xarE4K*@Xj(O~7nnZkz zGy?d}Z(dTLmsg54fq_WUYuRwO#`w6@`d}oLn-rxjOd(rn7*Y1_F%&vdp4wdX5kzpV z^jV-w2S7=`;xp0(E_GK)9LJ`54DJCxEg+pKbFk1!z=tJ65duG!@)H`$ancbmR@*_P z6qp9gAzSe{G}!B!0RzIsL{WW4ogdSe4|vMcG%`#0LM~TB ze4n)>+;lpTv1!Y8f#R{Fe07fr6KmZvIl-~<+TJ4!Rix-Rq08Z8lAurk{Rb%MB#^Wl ztk$Hef}gcbNpUoF6eZwZEhS9p*r9PYW{E6xTrfIqQ_n8BbD%#fv$2hsPHX%jhPhh7 zIPITxt}$DOT&X7r&ei|?H^xScI~ph#@}e2GeV)=afK(I11-zqrO}p%~j-e@EIE2V} z{nqi1NBJoafB%1tA(zMw8>B=$?9_ZVdpl&GED)ijxMDQy%T*+y9)^j*86j zf^v(*UXsRgqX*H7`nccO66kyId#}Hh4rZm{M8x1x8_;p&XYCny=}+CnCcm2uaH6Ei zjVZE;auU4tw;6Go7D5rzX8^Orb`R_^R$cQI9pSTWp1{!L;TkmW$FT zLhF)LlLvf^7@~ zlhW093<=uOX*PlbZ3rY_q)zk4z<6*!N?X@_kMwB(CkSBZk^7W@mlW~7c6(eqWY5Lp zBXKq@5NFE{O1DKi|e_W7bNCLNT`1nYb9{5?;gK z6xH^6OeFxi#;iN$(r@2#*7h@cY7>>+ZVT_+b&W0>k^pfbiX+f%9~;M_W3JIj42EGh zKSm4V9`wf&YcuLJw|`4qs9j-KjrMalEvM@SD%OJThGG=Ll2MdARv%?-sy#G~y(Mk$ zaeC`{4h-t91VFLG7+p1+;nHl~%><Iw9B=-sN!c+`2#{wYa|33@Ko5u}n0 z7R>%Q40-}ny_>=TBZ++4Sr|Hb-G@JS%KFnzUAub8_>r9ffW2MPdrThBo&SL0yGlI( z`@grtP@TbeiH=54)wC^`HY0p3H+h8x*+KXAvD~}WAdGV{r)mtwSsPJ`LdIz_k#p80 ziHR974VbnBn3qx)afT7v8JIB`m?Yr)qifIgz3(S?y8R*4c0uGSYf_0A3 z&mnC!12)?lrs{z)XnsoA^#DKmNXvb-m57v_4y&d)V1LTN;%#fTrUm4IqL}4t-4Jb zfwdvbl#U;j7_3|?q2+as#4TFV)7ApKX%!YNj?6G zhdl$pAdSbEIE-R~Bp5Qh6nXG22d(`-&dxKyuBu-9zteVGYfsH&(q>X7$xM1rNJs%g z38Vm_NJo$+(ve<7r3q0$L{yrnD4-x11O!pRfFPm>UhV}!uz-SGR4k~-eclgi?{oI4 z6W{p)gvlvuuk~O5@|0@8SK~UzwyN9nfiIocxX@7G;00mqcAd=SsQ33=-4)Q zn1A+@q-`FxHDwWGqeUJ@Oi2d16ZKuj>pG%D^J`ma%P81KyE5l->7NVS3s)5c^lQu4 z+c2?>14?;jozv$RBNIhYSjpq*mXqFVhz`d6*Qm#Mf2c&Nhg% z4f~}AjI;wqTPKL0nbmXModhkxW>|WaXTC@>JJVkb13!#R6*H=ZSa}qrJ-6Pe@Q3%fFEX#FH_WU&2f0fvh-NsDg9)F!;OW;7~{~1cFgn-UVGc=>lcpl zsTq?*?K9{7aS~fK;%muMtIpNj`(j!XRl0+~HhYN#{7<(!Ss=JXnnx+`)fZZ}F*l|T z2@9+A0)&2-bi?@a>XsoG(;kxkX9&nw5(%&C(On+e00d0@=j_FNcEa)_DEY?5Bg(+r z$OjlX?}#sc@!|t!^>?{JgnP*0h@+$*wwIg0URx9fq(bfEP=;ysIpkWFugme)~>L|FPN;0-}j)j)Sq&1{YA}3TTtA zb^q$4Pde=VyN-=R!1tMAX&W1N_r!TRkJ_v$%)a`~7l7_T?1;d4VWRc5HESF9twTh0)sB z1nl<6qzRF|1DN&JmG6$vf{1)S3_NC@=o&C1=f3#6(~mxIs2d>PHZ~qw z-*x5k(n6`97dhBDpw84FjOxkAk2j>u+6FFNwiU9kfeLBkze^m4%+mjigz@7{dOa4{ zT>_6&wsdW^OjYgG%T=lb-eQ=!2`L^XX)RC)B4bS$;Pu%k45H3Bj$^N=qj%(Xv2kU^ z9wZJ%S%9mLaWB}($bs?8Pq^-m>kpgWYaoa_?XvMOwF|DgMavoNK-vYO&#Zt$?;A=Z zO%*_^4b1SP?XB46O#%>c90!cQ?HBjn^!b$;QI{`EkmICByKU3fxQ!d8k?tP_(9ijT zRsqM}Fg0^eI9~XS-$>sY2Y6v*0zdLA-#u#E8Q5DRwwYd;%}1PgY2Pf6?kNE?G#zqK z>>RuJy}Rwb%g~693fbyT|hfzG*E1LjGVE|s?BVi@^ft9L)ua2rFxc-M9v||d3F*{N z@hc;PDCIb(dpnm={%}6FVDwEsHD)gcy2nh|`<(N? zv}w1#u}*^_ ztqBxTilHqMRP|ni9S=z9qK(w2LqPAO1wm(8BpVYF#MY-INt)HbF5BiA_uxP0;e~mu zLuq&(ZPJBrYZg)M-E6}Wu;8Ei=WOtTTEPcX?4f_bq(5KG=m&a76=0`ru*Qa_%|x~h zTZe{-fE>Zd!5Kpb9{o$*yiISWcHHCoeiCWCoc>C;z5}NUawR$gN{+e}1mH(e3aF~a zqMo3cr|HMwq|0FA4E)&IA_quQ2#k%qQfQ3jFipTT!#Nn>dgt^0Hk>5EmUZqUt{7GF zK^nm#Jzs`t`{fuNutCpClPSS*(nu#o!6r$kmAx;DS^TjHfc^)il|Wc~%LK&&`KX-{ zhj$Z2CTc5R9X@<qh}oP++VIcci(wq3RRN2v4v-pD7-!D>dGw+ z?f@`$9C&$p%UXpQeB1UA>I|5s9tVtfvK7Z_@Oue8F$cMz$ZyhCdA)vbl!HyuesH&b z!s$9wYd@P>z-T+*Qv#0BS!ED?&v-*ed*nzEJAqCi2Y=Ok@NLA0q-E^TOUdn>pnr6g zu9=NWV6K#QPy0Q#8ub=MQAb~U_6D%A?K=7!T52*8&kqe_?RgvB4bVe{9{ zKX}FXjW&JHLnK#2*k!|=FX@2i%9i;BQ8(z?nPs}T*YL95xg*ejhns_YbGbCcTPjO(&4g*I}H ze7|?X4rgC~>jPi>!0g^6guGX9vuJZebI*Y%cMx#HWeE~;qadHtkA2S58tjrw#2hCf4E#X3psD%}eIr5Q-lOVR{NCEly650-8K z=lyDP-sGuECXhDLAN&OE-tt zBWWfuVga!4YG6b^T%hGY(D$HZBG^m1B29}!Ylv^!VQ|S%(HPKg>2Zc8VHB08nk*fH zX|n+1d$UJ?mXw7t%OSvr+_lmJLjYcAZRPd0}j=kKJJrtEBtB9A{dA#;5;_x{a$80MjHLQmKkEyEO8Efg2@# zBnP={t&!<|W{70ny>_t2u3j8PkS-#EnUdV4_9=kADQvhDnPr(|_ZD zd`*}^w%*Fw*3{vycPrhkPhy;XZ;;@-oG^rbVzLUqQIXY(@kRi=A#di43bv_gnN5%b zmPz`&?-Gd$M4CcaE1Bi$@{zr^EiTcaTVD*9En|^xf^guuHrU)p4Vb|BI2|oV*VX%Q z&TW?oxa3mMF@XL6BOVx8h>D|cJYb-sJ&0qQXRUSw!pP%*cc53Nf)>I=jRAhY1|o&P zIL!zCGznK$SlhI%W^G-|#%8z>FK0vMyw$<DSY?4D4=5fiX(_3SLVoOz zw2>Lkqc1WIj+c!9d)-|9b-sYB|1rc&-Eqo))w29-97l0)XyZ8K(;^v=c6vp(ypps5 z_|jUEZbms`C(s)M+KXZ@F#Q9tS}}#*J9@|$#+)MQ!vL$Fb>tUnnw24`7=41*D)*7< z-TX?$Qdz{RVV62P@Jt94ITrj?+QcSDR}bSj&gJX6n~`5gWUroT51g0%v--CrL(d@P zX=vU2(c|P%LvU082d;%ST`=WEc4#lvk$EnM+MrS1IeL3337J?v%!YC{f3{7yS?1%edE5xhJB|r3ZXZc!p^WI!&qQEQV za|JIjjXTfHbaFDMAZcHk%z!f=bazKlbi)Vza#Oofn?)s{?~%WB`3Wu^4*Z!Wq5orO z1SEFAag8N$G%E4Ti8|YhIfDPzg85QMv0<~@21u8aPDNR`GD(vPUUc}LUNy)w@rN(@ zUIExREt^~wJ&zy^y+WF6&AFkiSWUbtvk-NTs{pL=;N!JkInh=V)|%)q+Q5AUJqsnN z!^`XYjGtbpzhj-ya-4nA|0`+SDN^Dt9GJRZcUVp=qSyp5j%)OUA2dN}F#0$9R-8M+ zqO~RrBNN;907gn~#T9xLa;3eFk4@wUJfYq+##uiI%Ft(1*6;TU9>A4Pk4LwjDe0-X^`5YG zA<6(tQP z;9IvjBfodjp;}ppZERf$8`OPOzM?yw65*o)#(i4S%_FEtH8;ZL#c^yRpe>Wf4L>Ps zIK*UENiT1H_@OOZe(>PKzx!Qd8?wLr?e#bGm*4)cq?^*JEwf0VEBYnr+A-WEy>i_i z`%3Hivf#gTDM&T2@8(5o3wTS!QIggZ*9LeN)k=ih>3HVd#69C06l6Lhf1zrni$1qd%tn0?K>6{k^K@fyd6orBB z`Cg&qg<(|2NY+p()4a*a8$=0CJi76%J>i3TdQ#Sbq6uq#tAH>jit3(E$Kw7{j=n$Z zH7!c<4N;T=%>pMg;+ip~>!(SxfPLXWN$<`F3Srzd{#W&jtJoN}(eoc(ST;y{U8Nul zN+pvFRKpV0CQrmQ95G{THGjrkHmOLnsZM9D9p=on;B43YQP893z#)xiC3DiSEP`(% z&`xw{+j8El8N8|vpz8ohvw?iQP@ZiLYs&t#H2`x|z^M&hgtoh+7ZM<7R~Q)+g~kM( zVRbK%xJJOtnEDSE1x3#*m8y;O8s!GVqg-tB?`~&Jgxz0#eCKlL%8h#R*}2L32Fwxs zL+m`;eWd{@Q4j)lO|(WllYyiSo0pf5dZ`Ll5H})^)%+ogr9Gt&0Z|zOn&W8As=_|j z41;{ihVYg5v`x^2wgHOL4hQqJP48;!mB0-wPJJ&yY-5M_n}dnt*ymC)LDP_QQaixd z$Cf#>g22%wrM;nEZ#D4Rnp)qLv)`G}lH5{@bhhv-!H&8sna;3azdoQ{nn*soyxFdp zk7r#o%SPDOx51b!+^42&2+rTG*1p2VrsRbQ@Y>iKrPg>joMMD`v~&sD$=PI|^HpZ) ze4;px^St&|*LE8tNgJ~i2B(j^MAAiF#hN(aO&*|BYIz$JI9tdS^O>HY)K64N@SozOCg2rLc_#Za^mW3^4(eeI`p4$dK_9 zZoiE}YfWV1*xItjPXx^5bS2gS`$`A6O5A{U^Rx|sc5A;o#aJf$%7l5Kd$ZJEtloiK zAs8Fk=C@Y_(z%quu5pbRU&HeTlhp-!99;$Qj?gavChA9-q=;(1ku>UQeGvkWP~QOx zZyb>9(6CCY+&b&Mbv2rQ5rfhK@Vz_}b-%k?={dzzka&~;W1@2I7+JsTYqOI`WQxfk zU^$^F(eWecqeKpuRd`YWv(*92{E0L-^F>^Xzx%+EQ58NkW}>+GdE(jx!e%z_;tETp zro3<9N$373$6D>Pr~bs+R8sM8e{^5xqlq?SovBR>ZwhAWB*58dGgGg-?-1bay9WfZ zjdIEU%#cFM1a5w=8+DEQn;L-WpN^nctCL?d@P6q;$ie9^z~nQAz{?|zPrqJ>z5BvN z`aY49*ShMA$i%V7Dh1jD;QX@okknqR%JxciL{M8mr)me9U%LkG7n%o+LvLdZL+7k~ zINabq&5zx16o_?p<)Wk-i1Mg9oJRzqHUO+};$rRu>0R)A7&96?V@k}@f@-fx(1mQL z{UOq|ZVkper6ad^h4A}YccZ2Q3nj)&dejliE4tiK0ot_&6UTArx%$JvwXa^EXtVq> zS>8`hxxLf3t;LQF?5Ag(`KoQ=VTRt1&Y`xHv2|BkrseH3qzm1;;*3d)56RJtrHbH7 z)+^J%9|h~Rp|VF#lvYDz3S1-Rx!Cubq%HyzfWB8&B21A&AA^s}XOnQ(&^q9PlwAk< z6X@y$h_byH&?6KI^y>)Hr7|#fX(8FnrY(s~e@m!wB`pUZW@-|Y8sUv=2!Lyq+0(XO zpNBq;L0UzzWqwgJ)+W%8DC?W>n1DC55~r40v%Kj$NfS@kMc_2Ffu9}r?4KcDBGk=^ zB;BCCGAMzG^4ym}y17lJ3)~Rf;fucT><@kfOjRPM=8ncwSHSk#9fq`k%U{OxoFsaA zN)q{0!_7R9UdAaZgm__MRBozyOUBkVB#WT4$u;Md1}t~ot{>Kw=~cKZTbDZMw=Q4V z9**H*mo~iaPFFFjfLcBUaF65=&wYsky5=l#k7uQf(>*<$wPwZiQBk*mnuLl6EunI zA4(DS4RhIu37Q7%p@}pN4AwT-z`o~#&*{3?%>{K`1gum~C0nIRq?qm12D!i~Ofh=* zyL9&T(l-}4e;c-U%ew@9ELju{r8MQJ-P*(iY#uyx9e_^2ZR6+9a2FR`EolLSIxxBY zw@oC%_f>P@*3jAH0DMa038NCzH4V?0aAcuess-JeLzc9|RE?mgBdUoE)z7am=EH6y zeU65mi3~ZlQ8zv*%Y)RtwNRxAoORi@c~)qaJM~XJ39OZ*d!$XBxTHCica}8Tq1H7W z#=axzk57EQKL|l5M#**^FGj~4_!rnA-%Y%BG0 zO%O)Th0B4Tvj*=~5I&E&THs_ZpMJ~baJzw37oewsZQb%dzSq9e;{csn1|zTf$hmti zoiMsP48i4NXf3Rl_IuwJ9S@wb6M^T)23L^*+8sbU!#r0_{+|mD4ee!eT&bzR>9;w? zYyf)00hX8V^(l!$9LJWM4$mqe+K5XZ$uPHS=MT2JU1qkHXw_aQwf5A9x(0xsay_Oqa;Vag2Fw64goB&yTEc@znG{ zwu1H_Hysw#sYb+c^`H=2)pO|5u6Q;!45+)zww|FCPSu2uyXAcb*iK&uIyFdvG1AK~ z=?7Socgcmz&wim7wokoz5XJ8x6g#z5Y zLvqvqIoZwrxpGML$(lq^vWMSz?G5|I`Pc?*uX*I*uYZ8G^IZ`FZR*G0ZQm%$vqpKlSpRHQ+tx5yg{oee zX+Lyi)Z7uwRIn4Z5>s&l{p?0W?pmF1s*VciK0+JE5#y!r=@keQqO_g|^e%9c^oA~* zlo)>Ih?2omDYkJ$q_-i@>B4{)_+0cNoGknZFOCDI>Uex>Lq7ckOqQOxq!ZYjsjM2^ zEKP>1?3Lt4o1Ul@W@ zpV510u52%j~lAmqXGBbm*u|MfIr_>=Pg;5Otca6T=wTz!#B2e9^NE4R5cW1 z-$ zNw0)7)?aI++uTa|#M%b%>Fm@kQ}+A8V|!<5wrK@?3%;#oE=Ni8CS9?@>VI^VrK;mN z?+tvgZH4g=>XyVP07MMmcn z#IX%??yB7g9)oYTkrC21>{RWk;_=3*S?}uFe}5()Dlo~kH+7QNcg#Q7Ak@{h} zZ8#UJdqvang_pyoiH@xfISpRJl(L|SMoEyZaV1O}djaj*IUymNk}H(*0XseCTrbL= z6A#>6Wsb*4_1AepWcHK+Z3fPfHfIs8*#|U7x{X$&{hB4DW`8stme%jB&czY`-}(~P zKo?aq^R}tGP%XyJ8};m1Do^QZ^$-Mn;Kx;YS%6kmNk(zVYZW|XqxVSjeE$K5!o{;S z#>O-BmG56fTzd-o zIe1aT$3IcUrDbgL^5w0kT`PdqMx$zYHmTU#UY9e-39|S&&=9X0;*ou_n#h)Yl<;h=wXP5a z{H!f?Sgg`VEOD_a;CaVTD@2*hV{g?9Dc5({;#z5X+w>x|ag(oKhpe#mdv}4P5lub~ zh;>Tt;pUbBtsqU+0fRtuv$4SNmFu$^R>(ESF$MZNgEXcW+Iq9I0PC|MU0(g3RdV83 zB~x}-|E@AZA=Yk15M-DQ(n9`rn7zh0tw!fSE^36)S|FqkgZ&RO^?JRg3Y&=B%M%m1 zi`eOfzP2nQm2K%33k8~lZ>+V(lzRW552qpo*2Xquj+=;#b1`@q*LO|sIBWR01|T|a zLb%m8P9wRDMv#j}vQn8pi%k9IefVZbT>8SAYdUUYvh>_}T0#(+$VRO`tZmW1%5;Rc zc{{a!ahtdI?GBi0%ldIQ-2>Y0?AH=s^g@pA$-5});t|p(3&GubBH6?@NuPC!&2bzX zteeWsEVe)cR_|$AK$7ZjohBPNqDaY@YN?`vma(0#=j<7D)e4cs#^aFh!nj0QsH0;z z*s5*Wy|QtU%~}S8Azo}_<1y=38M8)1peeAk#QYy#zn-&>0|;N)EvsQ4lG6C6 zE(Yj$+QIZFh1U2KKcRQeEoaxZQFqc-B|>aPF4aVJ&Q>O2C7nf;jIND|bnrI%fw)`J z%It*_8xw_o2FN{28dKcLg1(#r+ge!1of_=bvmIl19c?{waPlYlnf{0uTN~Sm^M4JX zeYoQOyDlwG)j2{`qS{Sf&p`|LiNDpOCk)SB4Pj_2iKstoJ|= z@z-q`NNtHHN6 z4ojwFR($y>-G9jpmq&Ry#%nxG(BTxr$oD-ycYCJ-0u!0ol+e}g@`c9*t0nzS=aX@S zWr?#?0WWG`sc5$%F|)0Ady4}L7wWUHn2|zyO=_o9nb?{zvE7KRjR5a`^O!w=`RaiC z@_uLN;q&KJm_TAL6=P_Tt^P?-e0e*Qmu>9840mJm*U*8)hy@@t$ zfH1Zu&*ua>lR(l~5*(IOJzA0Iljnoht5u!yP_36}ThW*5K(A%o-gerRaRUA2#LsFE z{i4kKcAw8gQDht%Z{k=uQ#z6o=$nI+o{xQFtpoH+)I-q;qz0#(c zxs?JhGL^SHMg;P`)W}nm_}L({Yl1-UM%HBb825kZ56QOiHzF z;E9{vc{Xm;PH$8g+a|%c9QW2scVDBwYvRVVs2ur^A46zN6qEp>iF@AiZ|S)UwjC9Q zUU?i4bo2#bQ>o>qy}AaaO)%z7-g`^A;UBTkjYi#*-9_tW=`oYaMr@|d*!mC~<2 zzhX=w(;{(*vk$4045p>F-LUnWIOsW%X|MQci5+sqSCWGf0I%vY{ATHq&wdiKG>cM! zIc2UHMTWeB5sj{mj5MJmg8C_Y5&Ep;u$*o&(c3X zF*Q~Atb26>+K#(cWOkN~oAdu0G=)>MsE{*$1;;*?bPz0Kl=R!9A|I4L8yZJ<*XGUt zP||n;4`1(hpn}F-8>g8ONg4?`(=55Ew4P`g0?K7?nDZJl1QRotwUR!*8|HJ;iO@TS zm7kJy!C(RKjcJ@TTX=2VQA(&Dt=e%d*l`I>cj8n))7&PF*va9d;;6um8i^*+{H8X* z+V3u;X#CV>K9l)W6Ht9uZ|?76pJ#@1$zW^pH+T9y6F1<`C4&G-+7+OUp4spH=o62A zWJyP&yJ8xR@e;J}*Cq6AN{xrrO)APN9NE~fe`p|r{$5~xf~fYn^A-Y^pdF~0O!!xC zuEEZ?RU_!4bvW01o_*v;C$}Z}SKTenLD~%T$?5GkkAr!?d2YK>LcDBt3r6EO%PnHD-+UP4hkJbFP-~R9_=u20O8-K7t;Z4Zo5I#C zbzq=6mcEbfff<@WSpzruEWxak78)DJHg~G@hszfvV$a30gisj%d4R|^OPLK_FGyNU z$(Sg#73zJ?Y<-0hc|fc+XT0>UM^>-U1ppUZ4bXnCZUu5^BWYrDgRb zInXJc3G3wRx?Q>hs5;d(t4ZVAEPEd5Q5$?t3(&}+C)?AY&-6b@w~o!nacs@JB?*kL zI-?2E5viI}qgOXzIw7C>^$ooB*rwfP4fFhH7Om3lIYR8*Y6`(wSX6(Mk8x zJM}<61cB$@HHmm@CSx(2n-)e!np<(zDeG%$=lc>MtoCG3(xo<$lCVwk-r9=4j$$-Q z+eWuace@J=CX9tq}Y1aO?BpAS%d5oX$|w5<4(G1m3c_u2aaj?@p(=|Gn?#$$%02Thc!_l+2v zW-6J^`Mt-WUzDX-4DBOp9JP#%W8?FE=?c&|z>Hk;*f_toaM}IxT+{>&5w@Rs%L)nd zu1R0`vHq&pHv}$m3E+bLYJ-DqI8%&6LLCo`+9`y&daHu*auk2I*F0D&!STs9Un%L` z8QE5)%_IjjEQqSty2KQ>HM+i@)()e68*tQ5m-MDMk&r+dMX^xzHv=x(bfz4aGas1< zUj9{r-m1AW^dvC13^NF-NW8{TWb=)x`#6rnt|xTvjRIqxz~^lhL$`#+qwwnjK<9#E&b#Qa9R^vadO%Z? z9#%4@*!GEjV0-Oc4HSr&`kQe$HDi4Qa-KUbT`x#q%v}3nS&xWHnB4ov-83G5N9p=5 z+ARI!&@g=+Q{kF`mY%(uwd%~wCv3nJy@8hQ``J~lP~O&w5V$hM#&MK~&;+ntItg9u z*1pz)g(0oj^A~Pp6w$z-Jb?2)nFN54mCr#g@Buqw_TE=NBrTm30D-Z?ReXGP zE96q|Nn@hy{8g*7vRb1P1&_cHzWT3y3+(GTD52q){Fy7Feed~RQz z$p>F|voHE@pI8Smk1hLcM;fNSb{4*IBk8aJ+^CPe^y+;F_Zipwh{A#wRSQIw!;r^n z9Z8K(Vy=-+Sz`8A{@GJ{HJ5ll^Fv9RiY+%JBi_5^kmvAhl&|z8j0xJ~I5u>zyI<0l z`FSAkNA)lW3;Mu!U@>UvuDW=g{+hhg;g5eKN2iYFGe;&Lc!Q)bNXzFqDQdOBu*CiaSinC_NAAe{L20lI?5Iy z4IwHXlcn-7}L`h>8eTZS-pOT9XIT(NSBasA(Gq7;SF*G)@QNKP{t^#vM{9}G_j2%rpS_+ z8F-|pecV1@d*+cZ95yii@oU>?=%r}GR4-G~ukVrcje9@6@z`5m_~rAzen+i;zI&~t zZQb(TFM0&I^3@jb%*yvZ1gzGGT;Qh<@GTL>-tvz*Pd~poSP9l>I@0pxi?ou@ttLn! zXcz`z7*O&{z}4#HW{LUYd~E=<2;Byw2al9^=segY4b7fK9LKR4HF4@BH;VHi(j*89 zeE99vk5Z=2q}-3R=Ny@UkG+VW0b9ErXN@(0?OS!x4PTe^$@YdmiYCwUuf5)U4S(_N zYtK00{d=z2V~6Q;7R?_RGjc-D$OVg+tvT+)*S#hkdVEhYj$_zW+e<)1`DXjU9w!_L z`J%hWrjF;se_^Ckxk|6{I~j4{BJ4?P6Vu~9hX&)Jwt!ZVmoUV=}*NJ-e-}I$#ysKXT2k9jkl(d1d`k#b3V>~`8Ns1xV zeh`FV7)DVPrDNH)Aj`VQ z+(5=wu&+6dbn@ltJ11&ElQ%6F=-%&M!9cP=>2UBunRL9~V0ItWt?o%mnIdVoe=q{_ zNe=xN;dbrBG5OdU_@O=z3~6GjEoHX3^YKTw@om{vA!!B7Mw-k|K0RLQ1|Qlj@IG|{ zeu*1@L{(pdn`Tj4BjS+2j8%_QmC13Eej}ZaZ84Fu9#+z^oPfAHaUBR9Nesbzwn*U>KJ*Ps>F~{OW`ZeE>^J2D*aC^z`^(6KTX}{Nkq>Zb! zoHH~!88sx0?UbacJ(2E(lu4NlzY#{q&cevnaSv57FAVZ?({2Yzmvv`kOJCe4OLNg?RJCg|TQESNZ=UlXWiR$E((vn!(^ zSfUrZh+~f}0_xRtYE0UXl2Zi;TeGO(&Cm1!QJR>ANUTmgE%1XdGS-?f^h<>xUEXJ< z^F}3-E44$8fcqqg4(Y0Mv{c`}TsP?tU>fvJ4Cvn+RT%+U=eS@Bp>5274tQFpe7m2p zaL7}cK(R#ZIgN+4z}*^-YQ9EQ(qEMwkiCyxm@JLD{4Y9@AT}kZr;w5d8cY=3Q05?= z^eKG{XsyC*@@Z|GTy3WFePdy80(hQptuZDH!%{}G*TQvro7rNIr!LX=sF^Sq`m{)r zhQ2Xjv{o|sUk?SeS9SZdv)zq?&5xxaEIm>MlL5w7ow22(D|Ba29mvMs|qy0S(+{v6T5<7KAH)jc3LC4?sfwtJ@08|q>uLWxYC;)8HpCp~_1OgcRjV@J^_?GFYozb z)P$8`eU?aRc4~(~qub=F|ET6?q~ok9!ZTXn-VlP+AYj0yWm|>lvZ0B>Fp;6r-~uz6Z8BqvJLRMO+Tk?g^;u2vZkjTRZP=l0pv`cH`mi0NZ>wH<4xu>6SuX-M=c*+7bJ7hbWP;07b)oABq_pqh}J6t-8sCsd% z-3rj39WDsi=10)}XRIX}IIY&l@8)uqw#EI{@(#2OPe;{Xw^{m%ZP;Np)!AQ@5MYN% z7#qf=CjV)hluWhTx15+YxxH+wxMa7kA{u7DG!qxG*0wN(t6-x{ Date: Wed, 5 Apr 2017 03:40:10 +1200 Subject: [PATCH 0127/1961] Update README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index d62df27..422d22c 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,5 @@ Literally thousands of sources, references and suggestions. That said... * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -* [pyllyukko's user.js](https://github.com/pyllyukko/user.js) - * A similar project started in Dec 2014 -1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was first published at [ghacks](https://www.ghacks.net/) in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. +1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From a8cfe7f06fc88ea04daae3301dcf1768e0cd0a4a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Apr 2017 20:33:08 +1200 Subject: [PATCH 0128/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 422d22c..814d7c9 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ INFORMATION IS POWER. So you can make informed decisions to better protect yours * Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) * Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts) and more) +* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more) * Innovative (formatting, special tags, and future plans such as branches) ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage From 551427fccc8450598d80186447fcf10240843a70 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Apr 2017 12:27:41 +1200 Subject: [PATCH 0129/1961] 2671 svg.disabled-> inactive for FF53+ --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f9bf2e6..8928652 100644 --- a/user.js +++ b/user.js @@ -1220,8 +1220,9 @@ user_pref("network.proxy.autoconfig_url.include_path", false); user_pref("security.block_script_with_wrong_mime", true); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage + * including youtube player controls. Best left for "hardened" or specific profiles. * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ -user_pref("svg.disabled", true); + // user_pref("svg.disabled", true); /* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk * Firefox has *some* protections to mitigate the risk, but it is better to be safe * than sorry. The downside: it will also display legitimate IDN's punycoded, which From bc70023b54c6bbf9831a41b4c335856e0963dc00 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Apr 2017 18:41:14 +1200 Subject: [PATCH 0130/1961] 0351: crashReports enforce extra pref at default enforces default false (future proofing, because sh*t happens), plus added the FF version numbers. --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 8928652..00e17bc 100644 --- a/user.js +++ b/user.js @@ -172,7 +172,8 @@ user_pref("network.allow-experiments", false); user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+) /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); From e1a5f80063d0feed6a3de98379f3999d47c0081e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Apr 2017 11:45:28 +1200 Subject: [PATCH 0131/1961] start v53 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 00e17bc..288cb4f 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 11 March 2017 -* version 52: Daypants Believer -* "Cheer up, Sleepy JEANS. Oh, what can it mean." +* date: 15 April 2017 +* version 53-beta: Achy Breaky Pants +* "But don't tell my pants, my achy breaky pants, I just don't think they'd understand" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From ec5fdfcdaa9f8f5e9853596ed5455f2f6032ef54 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Apr 2017 11:50:08 +1200 Subject: [PATCH 0132/1961] 0381: disable WebExtension sync --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 288cb4f..cfa3f36 100644 --- a/user.js +++ b/user.js @@ -209,6 +209,10 @@ user_pref("reader.parse-on-load.enabled", false); user_pref("dom.flyweb.enabled", false); /* 0380: disable sync [SETUP] ***/ user_pref("services.sync.enabled", false); // (hidden pref) +/* 0381: disable WebExtension sync + * [1] https://wiki.mozilla.org/WebExtensions/chrome.storage.sync ***/ +user_pref("webextensions.storage.sync.enabled", false); +user_pref("webextensions.storage.sync.serverURL", ""); /*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP] This section has security & tracking protection implications vs privacy concerns vs effectiveness. From 9bbe074960918bf44ca313b6c75541283a229702 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 17 Apr 2017 23:34:44 +1200 Subject: [PATCH 0133/1961] minor readme section edits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index cfa3f36..2294d5d 100644 --- a/user.js +++ b/user.js @@ -6,8 +6,7 @@ * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js -* releases: These are end-of-stable-life-cycle legacy archives. They are not "releases" - in the sense that they are done to coincide with when Firefox versions land. +* releases: These are end-of-stable-life-cycle legacy archives. *Always* use the master branch user.js for a current up-to-date version. url: https://github.com/ghacksuserjs/ghacks-user.js/releases @@ -18,6 +17,7 @@ 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates You need to read, understand, and decide about these. Don't leave yourself less secure + * Some user data is erased (section 2800), namely history (browsing, form, download) * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting and these need to be balanced against Functionality & Convenience & Breakage From 2d0e27cb43c5a41f9c92ab4984eb44dc811f0dc5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 18 Apr 2017 10:56:29 +1200 Subject: [PATCH 0134/1961] "reader view" -> personal section -> inactive #84 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2294d5d..d0343a7 100644 --- a/user.js +++ b/user.js @@ -201,8 +201,6 @@ user_pref("social.remote-install.enabled", false); user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // (hidden pref) -/* 0375: disable "Reader View" [SETUP] ***/ -user_pref("reader.parse-on-load.enabled", false); /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers * [1] https://wiki.mozilla.org/FlyWeb * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ @@ -1488,6 +1486,8 @@ user_pref("browser.migrate.automigrate.enabled", false); // user_pref("media.wave.enabled", false); // user_pref("media.webm.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries +/* 3026: disable "Reader View" ***/ + // user_pref("reader.parse-on-load.enabled", false); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From 49e2025bc5f82d2d0844abe213a2ab08d65626d4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 18 Apr 2017 11:12:55 +1200 Subject: [PATCH 0135/1961] add e10s section 1100 #82 noted added roadmap link to section header, reworded FF53+ multiprocessCompatibility flag as `might disable` (from `will disable`) --- user.js | 52 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/user.js b/user.js index d0343a7..73e4e41 100644 --- a/user.js +++ b/user.js @@ -536,6 +536,40 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ // user_pref("alerts.showFavicons", false); +/*** 1100: MULTI-PROCESS (e10s) + We recommend you let Firefox handle this. Until e10s is enforced, if + - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s + - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s + - any add-ons are missing the 'multiprocessCompatible' flag *might* be disabled (FF53+) + [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ +***/ +/* 1101: start the browser in e10s mode (FF48+) + * about:support>Application Basics>Multiprocess Windows ***/ + // user_pref("browser.tabs.remote.autostart", true); + // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref) + // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) + // user_pref("extensions.e10sBlocksEnabling", false); +/* 1102: control number of e10s processes + * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ + // user_pref("dom.ipc.processCount", 4); +/* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) + * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */ + // user_pref("extensions.webextensions.remote", true); +/* 1104: enforce separate content process for file://URLs (FF53+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 + * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ + // user_pref("browser.tabs.remote.separateFileUriProcess", true); +/* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ +user_pref("dom.ipc.shims.enabledWarnings", true); +/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play + * with them. The values are integers, but the code below deliberately contains a data mismatch + * [1] https://wiki.mozilla.org/Sandbox + * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 */ + // user_pref("security.sandbox.content.level", "donotuse") + // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); + // user_pref("dom.ipc.plugins.sandbox-level.flash, "donotuse"); + /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack vector, see [1] (It's quite technical but the first part is easy to understand @@ -1167,24 +1201,6 @@ user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ user_pref("network.jar.block-remote-files", true); -/* 2650: start the browser in e10s mode (FF48+) - * After restarting the browser, you can check whether it's enabled by visiting - * about:support and checking that "Multiprocess Windows" = 1 - * use force-enable and extensions.e10sblocksenabling if you have add-ons ***/ - // user_pref("browser.tabs.remote.autostart", true); - // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) - // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) - // user_pref("extensions.e10sBlocksEnabling", false); -/* 2651: control e10s number of container processes - * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ - // user_pref("dom.ipc.processCount", 4); -/* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/ -user_pref("dom.ipc.shims.enabledWarnings", true); -/* 2660: enforce separate content process for file://URLs (FF53+?) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ -user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. From c194e21d5c475b0c72419c7a770692d23ea334e3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 19 Apr 2017 14:22:31 +0200 Subject: [PATCH 0136/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 73e4e41..500a80b 100644 --- a/user.js +++ b/user.js @@ -1486,7 +1486,7 @@ user_pref("browser.tabs.loadDivertedInBackground", false); /* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); /* 3023: disable automigrate (FF49+) - * default is false in FF49+ and true in FF53+ + * default is false in FF49+ * need more info, but lock down for now ***/ user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" From d87bcfde58feb316b6f7d947b35243951cd82c36 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 20 Apr 2017 12:47:28 +1200 Subject: [PATCH 0137/1961] FF53 deprecated --- user.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 500a80b..645963b 100644 --- a/user.js +++ b/user.js @@ -688,8 +688,6 @@ user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); * [NOTE] commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); -/* 1265: block rc4 fallback (will be deprecated in 53) ***/ -user_pref("security.tls.unrestricted_rc4_fallback", false); /** UI (User Interface) ***/ /* 1270: display warning (red padlock) for "broken security" * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ @@ -818,11 +816,6 @@ user_pref("security.xpconnect.plugin.unrestricted", false); * includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc * [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/ user_pref("plugin.scan.plid.all", false); -/* 1806: Acrobat, Quicktime, WMP are handled separately from 1805 above. - * The string refers to min version number allowed ***/ -user_pref("plugin.scan.Acrobat", "99999"); -user_pref("plugin.scan.Quicktime", "99999"); -user_pref("plugin.scan.WindowsMediaPlayer", "99999"); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); @@ -882,7 +875,6 @@ user_pref("media.webspeech.synth.enabled", false); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.screensharing.allowed_domains", ""); -user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); /* 2023: disable camera stuff ***/ @@ -1078,7 +1070,6 @@ user_pref("media.video_stats.enabled", false); * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/ user_pref("dom.keyboardevent.code.enabled", false); -user_pref("dom.beforeAfterKeyboardEvent.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>Advanced>General>Use hardware acceleration when available @@ -1668,3 +1659,14 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. * [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ // user_pref("dom.battery.enabled", false); +/* 1265: (53+) block rc4 fallback ***/ + // user_pref("security.tls.unrestricted_rc4_fallback", false); +/* 1806: (53+) disable Acrobat, Quicktime, WMP + * The string refers to min version number allowed ***/ + // user_pref("plugin.scan.Acrobat", "99999"); + // user_pref("plugin.scan.Quicktime", "99999"); + // user_pref("plugin.scan.WindowsMediaPlayer", "99999"); +/* 2022: (53+) disable screensharing ***/ + // user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); +/* 2507: (53+) disable keyboard fingerprinting + // user_pref("dom.beforeAfterKeyboardEvent.enabled", false); From 4d1689b7a531dc9f68a48fd1930b65dcc5a11f5b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Apr 2017 01:04:28 +1200 Subject: [PATCH 0138/1961] forgot a closing ***/ in deprecated section no syntax issues, calm down --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 645963b..13723f6 100644 --- a/user.js +++ b/user.js @@ -1668,5 +1668,5 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("plugin.scan.WindowsMediaPlayer", "99999"); /* 2022: (53+) disable screensharing ***/ // user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); -/* 2507: (53+) disable keyboard fingerprinting +/* 2507: (53+) disable keyboard fingerprinting ***/ // user_pref("dom.beforeAfterKeyboardEvent.enabled", false); From 37b8ad66b8b853acf4d3cfc131971d6613d712be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Apr 2017 12:48:57 +1200 Subject: [PATCH 0139/1961] 2512 device.sensors.enabled references The blog entry [2] and subsequent ticket [3] are new. Francois mentioned the older ticket [4]. FYI: `device.sensors.enabled` was introduced in FF15 (don't think I need to add that in) --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 13723f6..1155ac4 100644 --- a/user.js +++ b/user.js @@ -1091,7 +1091,10 @@ user_pref("dom.webaudio.enabled", false); * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); /* 2512: disable device sensor API - * [1] https://trac.torproject.org/projects/tor/ticket/15758 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/15758 + * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 + * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ user_pref("device.sensors.enabled", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ From 5cf2de570a28eefae10f483b60a7ea1d4405a6ee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Apr 2017 17:37:48 +1200 Subject: [PATCH 0140/1961] 2706 browser.storageManager.enabled added its added as default false, but looks like we'll need to check out what options the two prefs (dom from 51 and browser from 53) when true show in the options UI --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 1155ac4..b1cce97 100644 --- a/user.js +++ b/user.js @@ -1346,13 +1346,15 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * [WARNING] this will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2706: disable Storage API (FF51+) +/* 2706: disable Storage API * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/ -user_pref("dom.storageManager.enabled", false); + * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API + * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ +user_pref("dom.storageManager.enabled", false); // (FF51+) +user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when a WebExtension is uninstalled * [NOTE] both preferences must be the same * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local From 8ca3176ab13e011b0b3243b58644c208b33955d2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Apr 2017 18:02:33 +1200 Subject: [PATCH 0141/1961] 2426 dom.IntersectionObserver.enabled added default is false anyway. We can readdress this if it ever gets turned on, or used for purposes other than ad networks - I suspect there's nothing really out there using it right now, and the fact 53 is false, I bet there's no big hurry to turn it on due to stability and real world usage. --- user.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user.js b/user.js index b1cce97..776391c 100644 --- a/user.js +++ b/user.js @@ -1024,6 +1024,14 @@ user_pref("javascript.options.wasm", false); /* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly * in the browser, through DOM file objects. Default is false. ***/ user_pref("dom.archivereader.enabled", false); +/* 2426: disable Intersection Observer API (FF53+) + * Almost a year to complete, three versions late to stable (as default false), + * number #1 cause of crashes in nightly numerous times, and is (primarily) an + * ad network API for "ad viewability checks" down to a pixel level + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API + * [2] https://wicg.github.io/IntersectionObserver/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ +user_pref("dom.IntersectionObserver.enabled", false); /* 2450a: force Firefox to tell you if a website asks to store data for offline use * [1] https://support.mozilla.org/en-US/questions/1098540 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ From 7496b873b78f9cfb82755f4999f97cddce1c75c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Apr 2017 18:17:22 +1200 Subject: [PATCH 0142/1961] 3027 browser.urlbar.decodeURLsOnCopy added --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 776391c..ffb5351 100644 --- a/user.js +++ b/user.js @@ -1508,6 +1508,9 @@ user_pref("browser.migrate.automigrate.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries /* 3026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); +/* 3027: decode URLs on copy from the URL bar (FF53+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ +user_pref("browser.urlbar.decodeURLsOnCopy", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From b26175494bf2a8443e479bab7a81f0dc2009261b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Apr 2017 18:18:52 +1200 Subject: [PATCH 0143/1961] typo earthlng!!!! we use urlbar not URL bar .. bad earthlng :) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ffb5351..b324a9a 100644 --- a/user.js +++ b/user.js @@ -1508,7 +1508,7 @@ user_pref("browser.migrate.automigrate.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries /* 3026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); -/* 3027: decode URLs on copy from the URL bar (FF53+) +/* 3027: decode URLs on copy from the urlbar (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ user_pref("browser.urlbar.decodeURLsOnCopy", true); From 30bb523b11cc70854251f7c1ae0be27cc35aead7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Apr 2017 04:18:55 +1200 Subject: [PATCH 0144/1961] upgrade 53-beta to 53 ready for alpha release and changelog --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b324a9a..446b900 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 15 April 2017 -* version 53-beta: Achy Breaky Pants +* date: 27 April 2017 +* version 53: Achy Breaky Pants * "But don't tell my pants, my achy breaky pants, I just don't think they'd understand" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From da73ca1759a0445526c656571b80a71b75660f56 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Apr 2017 04:33:51 +1200 Subject: [PATCH 0145/1961] privacy.firstparty.isolate.restrict_opener_access FF54 - inactive as is FPI --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 446b900..f6ed28f 100644 --- a/user.js +++ b/user.js @@ -1313,6 +1313,7 @@ user_pref("security.csp.experimentalEnabled", true); /* 2698j: isolate DNS cache (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ // user_pref("privacy.firstparty.isolate", true); + // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+) /*** 2699: TOR UPLIFT: privacy.resistFingerprinting This preference will be used as a generic switch for a wide range of items. From ffd89807bf9a247de48cdd226da78a92da0ee778 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Apr 2017 04:44:23 +1200 Subject: [PATCH 0146/1961] 1607: network.http.referer.hideOnionSource --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index f6ed28f..05316c9 100644 --- a/user.js +++ b/user.js @@ -789,6 +789,9 @@ user_pref("network.http.referer.spoofSource", false); * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ // user_pref("network.http.referer.userControlPolicy", 3); +/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ +user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * [SETTING] Options>Privacy>Tracking>Request that sites not track you * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ From f3a0e8d88c109dc6b0ab44e5a1e440b306408b56 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Apr 2017 05:43:45 +1200 Subject: [PATCH 0147/1961] add 0209: geo.security.allowinsecure mozilla intend to flip the switch in 55, but the pref is available in FF54 (but no idea if its fully working) - see https://webcache.googleusercontent.com/search?q=cache:yfO0BMezyGcJ:https://groups.google.com/d/msg/mozilla.dev.platform/8BsF76gNhDE/XhsZXcueBAAJ+&cd=2&hl=en&ct=clnk&gl=nz --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 05316c9..8086134 100644 --- a/user.js +++ b/user.js @@ -89,6 +89,10 @@ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) +/* 0209: disable geolocation on non-secure origins (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 + * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ +user_pref("geo.security.allowinsecure", false"); /*** 0300: QUIET FOX [PART 1] No auto-phoning home for anything. You can still do manual updates. It is still important From b3af6c1f5fe37c345648b19bef94098d19558c30 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Apr 2017 10:17:29 +1200 Subject: [PATCH 0148/1961] syntax/typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8086134..93dc35b 100644 --- a/user.js +++ b/user.js @@ -92,7 +92,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: disable geolocation on non-secure origins (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ -user_pref("geo.security.allowinsecure", false"); +user_pref("geo.security.allowinsecure", false); /*** 0300: QUIET FOX [PART 1] No auto-phoning home for anything. You can still do manual updates. It is still important From 9b65d9788d1bb94e72af7180d1821753ee35395c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Apr 2017 11:20:38 +1200 Subject: [PATCH 0149/1961] typos --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 93dc35b..e6aa4be 100644 --- a/user.js +++ b/user.js @@ -544,7 +544,7 @@ user_pref("browser.shell.shortcutFavicons", false); We recommend you let Firefox handle this. Until e10s is enforced, if - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s - - any add-ons are missing the 'multiprocessCompatible' flag *might* be disabled (FF53+) + - any add-ons are missing the 'multiprocessCompatible' flag, then they *might* be disabled (FF53+) [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ ***/ /* 1101: start the browser in e10s mode (FF48+) @@ -569,7 +569,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox - * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 */ + * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ // user_pref("security.sandbox.content.level", "donotuse") // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.flash, "donotuse"); From 0bdca802ebed097947a1cf2fad5c9ddc37bd14e2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Apr 2017 11:22:17 +1200 Subject: [PATCH 0150/1961] typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e6aa4be..3e8aea8 100644 --- a/user.js +++ b/user.js @@ -558,7 +558,7 @@ user_pref("browser.shell.shortcutFavicons", false); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) - * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */ + * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/ // user_pref("extensions.webextensions.remote", true); /* 1104: enforce separate content process for file://URLs (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 From 6fdbcd7fae5ccd379e025e1b3728e0037bfb283d Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 29 Apr 2017 14:30:45 +0200 Subject: [PATCH 0151/1961] fix syntax errors in 1110 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3e8aea8..9aab42e 100644 --- a/user.js +++ b/user.js @@ -570,9 +570,9 @@ user_pref("dom.ipc.shims.enabledWarnings", true); * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ - // user_pref("security.sandbox.content.level", "donotuse") + // user_pref("security.sandbox.content.level", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); - // user_pref("dom.ipc.plugins.sandbox-level.flash, "donotuse"); + // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack From 9d3c7949fd10c330debbae63feb27bb14c1d5693 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 30 Apr 2017 16:09:14 +1200 Subject: [PATCH 0152/1961] add 1700s containers #91 --- user.js | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/user.js b/user.js index 9aab42e..d112b05 100644 --- a/user.js +++ b/user.js @@ -801,6 +801,27 @@ user_pref("network.http.referer.hideOnionSource", true); * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); +/*** 1700: CONTAINERS [SETUP] + [1] https://support.mozilla.org/kb/containers-experiment + [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers + [3] https://github.com/mozilla/testpilot-containers +***/ +user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot rests in peace!"); +/* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ + // user_pref("privacy.userContext.ui.enabled", true); +/* 1702: enable Container Tabs (FF50+) + * [SETTING] Options>Privacy>Container Tabs>Enable Container Tabs ***/ + // user_pref("privacy.userContext.enabled", true); +/* 1703: use a private container for thumbnail loads (FF51+) ***/ + // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); +/* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) + * 0=disables long press, 1=when clicked, the menu is shown + * 2=the menu is shown after X milliseconds + * [NOTE]: the menu does not contain a non-container tab option + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1328756 ***/ + // user_pref("privacy.userContext.longPressBehavior", 2); + /*** 1800: PLUGINS ***/ user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); /* 1801: set default plugin state (i.e new plugins on discovery) to never activate From f5670636f6cfd09f934f84a4a76895479a2c29fe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 01:16:22 +1200 Subject: [PATCH 0153/1961] add 2513 dom.presentation.* #92 --- user.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user.js b/user.js index d112b05..84f3360 100644 --- a/user.js +++ b/user.js @@ -1132,6 +1132,15 @@ user_pref("media.ondevicechange.enabled", false); * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ user_pref("device.sensors.enabled", false); +/* 2513: disable Presentation API + * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI + * [2] https://www.w3.org/TR/presentation-api/ ***/ +user_pref("dom.presentation.enabled", false); +user_pref("dom.presentation.controller.enabled", false); +user_pref("dom.presentation.discoverable", false); +user_pref("dom.presentation.discovery.enabled", false); +user_pref("dom.presentation.receiver.enabled", false); +user_pref("dom.presentation.session_transport.data_channel.enable", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From 49d229b90f75295d09a759be0e34776c35ba48cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 01:26:59 +1200 Subject: [PATCH 0154/1961] remove sync #98 --- user.js | 6 ------ 1 file changed, 6 deletions(-) diff --git a/user.js b/user.js index 84f3360..349dc14 100644 --- a/user.js +++ b/user.js @@ -209,12 +209,6 @@ user_pref("social.enabled", false); // (hidden pref) * [1] https://wiki.mozilla.org/FlyWeb * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -/* 0380: disable sync [SETUP] ***/ -user_pref("services.sync.enabled", false); // (hidden pref) -/* 0381: disable WebExtension sync - * [1] https://wiki.mozilla.org/WebExtensions/chrome.storage.sync ***/ -user_pref("webextensions.storage.sync.enabled", false); -user_pref("webextensions.storage.sync.serverURL", ""); /*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP] This section has security & tracking protection implications vs privacy concerns vs effectiveness. From 3a39425ab2b43d516d4fba839e322957986e9428 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 03:14:06 +1200 Subject: [PATCH 0155/1961] kinto: do not block any of it in the template there are no privacy/security issues here - by default we should not block any of these, but if end-users wish to, then it's up to them --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 349dc14..87c15bf 100644 --- a/user.js +++ b/user.js @@ -242,8 +242,8 @@ user_pref("services.blocklist.update_enabled", true); user_pref("services.blocklist.signing.enforced", true); user_pref("services.blocklist.onecrl.collection", "certificates"); // revoked certificates user_pref("services.blocklist.addons.collection", "addons"); -user_pref("services.blocklist.plugins.collection", ""); // if you have no plugins -user_pref("services.blocklist.gfx.collection", ""); // if gfx hw acceleration is disabled +user_pref("services.blocklist.plugins.collection", "plugins"); // if you have no plugins +user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration is disabled /* 0410: disable Safe Browsing (SB) * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" * data being sent to Google from all other settings such as using local blocklists/whitelists From 8f0569f3fd69db91926357858bb1e8b147fa6252 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 05:06:44 +1200 Subject: [PATCH 0156/1961] 2403 add FF versioning --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 87c15bf..b594e5f 100644 --- a/user.js +++ b/user.js @@ -993,7 +993,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b * the website for it to look at the clipboard * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content +/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) From fc0a0450699e33dbf7099b9f5cef7ca1bc7a7706 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 13:52:50 +1200 Subject: [PATCH 0157/1961] tiniest typo ever - != = --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b594e5f..b234c1c 100644 --- a/user.js +++ b/user.js @@ -590,7 +590,7 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ // user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max - * 1=min version of TLS 1.0, 2-min version of TLS 1.1, 3=min version of TLS 1.2 etc + * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc * [WARNING] FF/chrome currently allow TLS 1.0 by default, so this is your call. * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ From e1a3d681c892471b81edc4fbdb3334c9c93e4abe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 15:14:50 +1200 Subject: [PATCH 0158/1961] Update README.md --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 814d7c9..d88a5a8 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js -The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons)) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (:exclamation: with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) 1 :exclamation:) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. @@ -25,11 +25,13 @@ Everyone, experts included, should at least read the [implementation](https://gi ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... -* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 +* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 2 * 100% genuine super-nice all-round good guy * The ghacks community and commentators * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. +1 :exclamation: Important: Section 0400 turns off Tracking Protection and Safe Browsing and REQUIRES that you instead use uBlock Origin. Section 0400 is NOT compulsory. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. + +2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From acb22ac368ff705cea891f17f5f8f8bbce84f9ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 May 2017 15:20:46 +1200 Subject: [PATCH 0159/1961] uBo is now REQUIRED Have also modified the readme.md and will do so to the wiki implementation page --- user.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index b234c1c..e1b2b86 100644 --- a/user.js +++ b/user.js @@ -12,8 +12,14 @@ * README: - 1. READ the full README at github - 2. READ the full README at github + 1. READ the full README + * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md + 2. READ this + * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation + * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED + * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED + * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED + 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates You need to read, understand, and decide about these. Don't leave yourself less secure @@ -213,7 +219,7 @@ user_pref("dom.flyweb.enabled", false); /*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP] This section has security & tracking protection implications vs privacy concerns vs effectiveness. These settings, WITH EXTENSIONS, are geared up to make Firefox "quiet", private and effective. - We DO NOT advocate no protection, so use something with more scope, such as uBlock Origin. + We DO NOT advocate no protection, SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. This entire section is rather contentious. Safebrowsing (SB) is designed to protect users from malicious sites. Tracking protection (TP) is designed to lessen the impact of third From 02283833a1f495c7c97f67a1c535cb8b6821fc21 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 3 May 2017 00:54:22 +1200 Subject: [PATCH 0160/1961] remove 2032 browser.migrate.automigrate.enabled This is a pref to hide a UI doorhanger which allows an end user to KEEP or UNDO auto-migrated "stuff" from another browser (eg from IE etc). This is part of funnelweb, which is an upcoming makeover of the "onboarding experience" (to retain users in a new FF) - this includes auto-importing their bookmarks etc from another browser in the background and THEN asking if they want to keep them or undo. We cannot block the UI to this for obvious reasons. Funnelweb also includes this like a new Tour UI, activity streams etc https://bugzilla.mozilla.org/show_bug.cgi?id=1297479 https://bugzilla.mozilla.org/show_bug.cgi?id=1322718#c1 Tour thingy: https://www.ghacks.net/2017/03/31/firefox-photon-new-design-mockups-show-interface-and-more/ Activity Streams: https://www.ghacks.net/2017/04/09/firefox-57-photon-mockups-activity-stream-library-compact-mode-more/ --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index e1b2b86..223a6b7 100644 --- a/user.js +++ b/user.js @@ -1527,10 +1527,6 @@ user_pref("browser.tabs.loadInBackground", true); user_pref("browser.tabs.loadDivertedInBackground", false); /* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); -/* 3023: disable automigrate (FF49+) - * default is false in FF49+ - * need more info, but lock down for now ***/ -user_pref("browser.migrate.automigrate.enabled", false); /* 3024: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); From 9ffc3b0d9adfb8cff27c8a36bbd3a1ffe3525142 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 May 2017 14:50:37 +1200 Subject: [PATCH 0161/1961] add 3028 general.autoScroll=>inactive #108 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 223a6b7..574487b 100644 --- a/user.js +++ b/user.js @@ -1545,6 +1545,8 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); /* 3027: decode URLs on copy from the urlbar (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ user_pref("browser.urlbar.decodeURLsOnCopy", true); +/* 3028: disable middle-click enabling auto-scrolling on Windows/Mac ***/ + // user_pref("general.autoScroll", false); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From 553d1aedde2818f0fa529fa33ad8c2bde29ffedf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 May 2017 19:11:44 +1200 Subject: [PATCH 0162/1961] geo.wifi.uri - use mozilla_api_key not google's Instead of `geo.wifi.uri` using 127.0.0.1, for those who do use geo (`geo.enabled` is the master switch), enforce Mozilla's service over Google's. - Default in stable, beta: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_API_KEY% - Nightly defaults to mozilla (not usre of the exact string) - I do not know if this is a telemetry thing for mozilla for non-stable or if this will roll down from nightly --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 574487b..c93e7c7 100644 --- a/user.js +++ b/user.js @@ -72,7 +72,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable location-aware browsing ***/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", "https://127.0.0.1"); +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); user_pref("geo.wifi.xhr.timeout", 1); From 66e807623b3cf5b6531e20e2a3736b819517a3d0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 6 May 2017 00:30:22 +1200 Subject: [PATCH 0163/1961] add 2698k isolate blob: URI FF55 looks like it might be almost ready for FPI --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index c93e7c7..b14b90f 100644 --- a/user.js +++ b/user.js @@ -1349,6 +1349,8 @@ user_pref("security.csp.experimentalEnabled", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ /* 2698j: isolate DNS cache (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ +/* 2698k: isolate blob: URI (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/ // user_pref("privacy.firstparty.isolate", true); // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+) From ad56e583300d94c2e15d8361be769c312f5fdab2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 6 May 2017 01:36:53 +1200 Subject: [PATCH 0164/1961] undo last change --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b14b90f..8c4c9e2 100644 --- a/user.js +++ b/user.js @@ -72,7 +72,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable location-aware browsing ***/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +user_pref("geo.wifi.uri", "https://127.0.0.1"); user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); user_pref("geo.wifi.xhr.timeout", 1); From fa74bcaa4add588d1e22c27233659770a0f32ee9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 10 May 2017 00:54:36 +1200 Subject: [PATCH 0165/1961] add FF55 resistFingerprinting new items --- user.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user.js b/user.js index 8c4c9e2..86c3a72 100644 --- a/user.js +++ b/user.js @@ -1371,6 +1371,14 @@ user_pref("security.csp.experimentalEnabled", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ /* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ +/* 2699d: new window sizes to round to hundreds (FF55+) + * [NOTE] If override values are too big, the code determines it for you + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 + * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ + // user_pref("privacy.window.maxInnerWidth", 1366); + // user_pref("privacy.window.maxInnerHeight", 768); +/* 2699e: use UTC timezone (spoof as UTC 0) (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ From b365a88a52f9413ac9be9a110137737b38da0069 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 10 May 2017 01:04:46 +1200 Subject: [PATCH 0166/1961] #94 emphasis on TBB for dark web --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 86c3a72..ab825ae 100644 --- a/user.js +++ b/user.js @@ -794,6 +794,8 @@ user_pref("network.http.referer.spoofSource", false); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ // user_pref("network.http.referer.userControlPolicy", 3); /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) + * [NOTE] Firefox cannot access .onion sites by default. We recommend you use + * TBB (Tor Browser Bundle) which is specifically designed for the dark web * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) From 7600d06651634ee7e5411b8813a488e35cd849a9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 10 May 2017 01:26:22 +1200 Subject: [PATCH 0167/1961] 0908: reinforcing that 0802=required making it crystal clear that "When attempting to fix an entered URL" means pref 0802 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index ab825ae..2a534e9 100644 --- a/user.js +++ b/user.js @@ -465,9 +465,9 @@ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: force warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); -/* 0908: When attempting to fix an entered URL, do not fix an entered password along with it - * i.e do not turn ~http://user:password@foo into ~http://user:password@(prefix)foo(suffix) - * but instead ~http://user@(prefix)foo(suffix) ***/ +/* 0908: When attempting to fix an entered URL (see 0802: browser.fixup.alternate.enabled), + * do not fix an entered password along with it: i.e do not turn ~http://user:password@foo into + * ~http://user:password@(prefix)foo(suffix) but instead ~http://user@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); From 1b73cb828ebb5ad38b0aea5b41b7b6a780994413 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 10 May 2017 01:39:02 +1200 Subject: [PATCH 0168/1961] 0201: geo.wifi.uri --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 2a534e9..4be1e10 100644 --- a/user.js +++ b/user.js @@ -70,12 +70,12 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: disable location-aware browsing ***/ +/* 0201: disable location-aware browsing, but enforce Mozilla's service over Google's ***/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", "https://127.0.0.1"); +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); -user_pref("geo.wifi.xhr.timeout", 1); user_pref("browser.search.geoip.timeout", 1); /* 0202: disable GeoIP-based search results * [NOTE] may not be hidden if Firefox has changed your settings due to your locale From f024e9bd43d62f269db10fdfda570df1ca8dcd85 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 9 May 2017 16:56:03 +0200 Subject: [PATCH 0169/1961] 0805: fix link reference it was "see latest comments in the bug link" before the change - [2] is the bug link, [1] + [3] don't have comments --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4be1e10..2d5b547 100644 --- a/user.js +++ b/user.js @@ -381,7 +381,7 @@ user_pref("browser.urlbar.trimURLs", false); user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable CSS querying page history - CSS history leak - PRIVACY * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's - * only in 'certain circumstances', also see latest comments in [3] + * only in 'certain circumstances', also see latest comments in [2] * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * [1] https://dbaron.org/mozilla/visited-privacy * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 From 78bf49adb468c07335c4d58f2d5e502abe9a696d Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 9 May 2017 17:31:27 +0200 Subject: [PATCH 0170/1961] 1222: typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2d5b547..f2369d5 100644 --- a/user.js +++ b/user.js @@ -640,7 +640,7 @@ user_pref("security.family_safety.mode", 0); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) /* 1222: enforce strict pinning - ** PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [WARNING] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ From eaaecd128c4d646e54027712eb325e3a7d488504 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 17:13:23 +1200 Subject: [PATCH 0171/1961] SB prefs=>inactive i.e js will NOT disable SB #103 Exceptions: real time binary checks not in local lists are still blocked. Reporting URLs still blocked. --- user.js | 57 +++++++++++++++++++++++++-------------------------------- 1 file changed, 25 insertions(+), 32 deletions(-) diff --git a/user.js b/user.js index f2369d5..4fac129 100644 --- a/user.js +++ b/user.js @@ -21,8 +21,6 @@ * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates - You need to read, understand, and decide about these. Don't leave yourself less secure * Some user data is erased (section 2800), namely history (browsing, form, download) * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting @@ -216,21 +214,15 @@ user_pref("social.enabled", false); // (hidden pref) * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -/*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP] - This section has security & tracking protection implications vs privacy concerns vs effectiveness. - These settings, WITH EXTENSIONS, are geared up to make Firefox "quiet", private and effective. - We DO NOT advocate no protection, SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. +/*** 0400: QUIET FOX [PART 2] [WARNING] + This section has security & tracking protection implications vs privacy concerns vs effectiveness + vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) + and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. - This entire section is rather contentious. Safebrowsing (SB) is designed to protect - users from malicious sites. Tracking protection (TP) is designed to lessen the impact of third - parties on websites to reduce tracking and to speed up your browsing experience. These are - both very good features provided by Mozilla. They do rely on third parties: Google for - safebrowsing and Disconnect for tracking protection (someone has to provide the information). - Additionally, SSL Error Reporting helps makes the internet more secure for everyone. - - If you do not understand the ramifications of disabling SB and TP, then it is advised that - you enable them by commenting out the preferences and saving the changes, and then in - about:config find each entry and right-click and reset the preference's value. + Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed to + lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. They + do rely on 3rd parties: Google for safe browsing and Disconnect for tracking protection. but many steps, + continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /* 0401: DON'T disable extension blocklist, but sanitize blocklist url @@ -252,9 +244,10 @@ user_pref("services.blocklist.plugins.collection", "plugins"); // if you have no user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration is disabled /* 0410: disable Safe Browsing (SB) * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" - * data being sent to Google from all other settings such as using local blocklists/whitelists - * and updating those lists. There SHOULD be NO privacy issues here. Even *IF* an URL was sent - * to Google, they swear it is anonymized and only used to flag malicious sites/activity. Firefox + * data being sent to Google from all other settings such as using local blocklists/whitelists and + * updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent + * to Google, only PART-hash of the prefix, and this is hidden in the noise of other real PART-hashes. + * Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox * also takes measures such as striping out identifying parameters and storing safe browsing * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f @@ -263,26 +256,26 @@ user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration /* 0410a: disable "Block dangerous and deceptive content" (under Options>Security) * Until FF48 this was titled "Block reported web forgeries" * It covers deceptive sites such as phishing and social engineering ***/ -user_pref("browser.safebrowsing.malware.enabled", false); -user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) + // user_pref("browser.safebrowsing.malware.enabled", false); + // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) /* 0410b: disable "Block dangerous downloads" (under Options>Security) * Until FF48 this was titled "Block reported attack sites" * It covers malware and PUPs (potentially unwanted programs) ***/ -user_pref("browser.safebrowsing.downloads.enabled", false); + // user_pref("browser.safebrowsing.downloads.enabled", false); /* 0410b: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ -user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) -user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) + // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); + // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) /* 0410c: disable Google safebrowsing downloads, updates ***/ -user_pref("browser.safebrowsing.provider.google.updateURL", ""); // update google lists -user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // list hash check -user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) -user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) + // user_pref("browser.safebrowsing.provider.google.updateURL", ""); // update google lists + // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // list hash check + // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) + // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) /* 0410d: disable Mozilla safebrowsing downloads, updates * [NOTE] These two prefs are also used for Tracking Protection (see 0420) ***/ -user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts -user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists + // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts + // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists /* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); From 2b52bf895cd225ee52b5202b71a7fdece67a91b0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 17:20:28 +1200 Subject: [PATCH 0172/1961] tidy up --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 4fac129..39ea13e 100644 --- a/user.js +++ b/user.js @@ -21,6 +21,7 @@ * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum + * Auto-updates for Firefox and extensions/addon-ons are disabled (section 0300) * Some user data is erased (section 2800), namely history (browsing, form, download) * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting @@ -246,7 +247,7 @@ user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" * data being sent to Google from all other settings such as using local blocklists/whitelists and * updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent - * to Google, only PART-hash of the prefix, and this is hidden in the noise of other real PART-hashes. + * to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. * Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox * also takes measures such as striping out identifying parameters and storing safe browsing * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) From 2a609fc85d60a73d289bf8e95383fbcf43160e8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 18:34:10 +1200 Subject: [PATCH 0173/1961] TP prefs=>inactive i.e js will NOT disable TP #103 Exception: I am enforcing TP in ALL windows (default is PB Mode only). I have also added the info for which block list to use in TP. Also clarified that 0440 (flash blocklist) uses prefs in 0410d. Also made flash tracking blocklist pref (0440) inactive. Now all TP and SB is allowed, only real time google binary checks and reporting is disabled. --- user.js | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 39ea13e..141dee0 100644 --- a/user.js +++ b/user.js @@ -274,7 +274,7 @@ user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) /* 0410d: disable Mozilla safebrowsing downloads, updates - * [NOTE] These two prefs are also used for Tracking Protection (see 0420) ***/ + * [NOTE] These two prefs are also used for Tracking Protection and Flash (see 0420 and 0440) ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists /* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ @@ -291,16 +291,25 @@ user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", true); -/* 0420: disable Tracking Protection (TP) - * There SHOULD be NO privacy concerns here, but we strongly recommend to use uBlock Origin instead, +/* 0420: disable/enable Tracking Protection (TP) + * There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, * which offers more comprehensive as well as specialized lists. It also allows per domain control. + * By default TP is only used in Private Browsing windows. + * ^ If both are false then TP is disabled + * ^ If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows + * ^ If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ -user_pref("privacy.trackingprotection.enabled", false); // all windows pref (not just private) -user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref -/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection ***/ +user_pref("privacy.trackingprotection.enabled", true); // enforces ALL windows if true (not just private) + // user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref +/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection + * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); +/* 0422: use "basic" or "strict" tracking protecting list - ONLY USE ONE! + * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // simple/basic + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0430: disable SSL Error Reporting * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); @@ -308,10 +317,10 @@ user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); /* 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * If you don't have Flash, then you don't need this enabled - * [NOTE] if enabled, you will need to check what prefs (safebrowsing URLs etc) this uses to update + * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ -user_pref("browser.safebrowsing.blockedURIs.enabled", false); + // user_pref("browser.safebrowsing.blockedURIs.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From b67f98141ba2a9467cf7039c85e0c4bf7490bd8c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 18:54:49 +1200 Subject: [PATCH 0174/1961] tidy up single warning line, not taking responsibility for people who don't read now that the js by default no longer disables these --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 141dee0..05a6ae6 100644 --- a/user.js +++ b/user.js @@ -16,9 +16,7 @@ * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation - * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED - * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED - * IF YOU USE SECTION 0400, YOU MUST HAVE uBLOCK ORIGIN INSTALLED +     * IF YOU MODIFY SECTION 0400 AND DISABLE TP+SB, YOU MUST HAVE uBLOCK ORIGIN INSTALLED 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-updates for Firefox and extensions/addon-ons are disabled (section 0300) From 870f9503c2910d0e80867c79eab06e89ae67e615 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 18:58:05 +1200 Subject: [PATCH 0175/1961] Add files via upload --- wikipiki/exclamation.png | Bin 0 -> 3210 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/exclamation.png diff --git a/wikipiki/exclamation.png b/wikipiki/exclamation.png new file mode 100644 index 0000000000000000000000000000000000000000..e8e4ff5fd1ec1b49fe12fe38f8eadfc775ffbfac GIT binary patch literal 3210 zcmV;540ZE~P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z0005CNklR0gKSMcQL z5IlMBSwXJ~p1f$O5H)FCm|h%mcr9pZ9s05!PBRbE$d4YazTb zEL0!>TY-qBv=5Tx@abSsUKqFp<}Pe6K(hiYpp5CJ&E`Yk;KD!+ldBNjf}6z&Q0rkF zhKFZa_T~wjHRI0oa4KJauM$|JRZ4yM=ND4B_v87@&io9UFsF zg$+Q$&S`&EsXx>4*sa1zU1g^{xm5@Xt#?bM+<*!wp*w>j0A-c3alha3`+YZHSZ|#I z20%kdIm#Codov(*0SbDA7ytkO07*qoM6N<$f+=wLcmMzZ literal 0 HcmV?d00001 From 382adf1042580210f5bbec80c8fc3f6e32c8fec7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 19:06:08 +1200 Subject: [PATCH 0176/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d88a5a8..dd523c5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js -The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (:exclamation: with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) 1 :exclamation:) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) 1 ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. @@ -32,6 +32,6 @@ Literally thousands of sources, references and suggestions. That said... * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -1 :exclamation: Important: Section 0400 turns off Tracking Protection and Safe Browsing and REQUIRES that you instead use uBlock Origin. Section 0400 is NOT compulsory. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. +1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) Important: We HIGHLY recommend using uBlock Origin, uMatrix and a cookie extension. Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. 2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From b6c17138bfa13be052df0bef52b8a9f0964bca82 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 19:11:55 +1200 Subject: [PATCH 0177/1961] HTTP2 cleanup #107 --- user.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 05a6ae6..16a1f3a 100644 --- a/user.js +++ b/user.js @@ -1175,11 +1175,15 @@ user_pref("devtools.webide.enabled", false); * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("browser.casting.enabled", false); user_pref("gfx.layerscope.enabled", false); -/* 2614: disable SPDY as it can contain identifiers - * [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 10) ***/ +/* 2614: disable HTTP2 (which was based on SPDY which is now deprecated) + * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance + * privacy, and in fact opens up a number of server-side fingerprinting opportunities + * [1] https://http2.github.io/faq/ + * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html + * [3] https://queue.acm.org/detail.cfm?id=2716278 + * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); -/* 2615: disable http2 for now as well ***/ user_pref("network.http.spdy.enabled.http2", false); /* 2617: enable pdf.js as an option to preview PDFs within Firefox - EXPLOIT risk * Enabling this (set to true) will change your option most likely to "Ask" or "Open with From 9a76ccbfda3ea6540aa54013b7761a214d5435cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 May 2017 19:22:32 +1200 Subject: [PATCH 0178/1961] weird spacing --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 16a1f3a..e995b12 100644 --- a/user.js +++ b/user.js @@ -16,7 +16,7 @@ * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation -     * IF YOU MODIFY SECTION 0400 AND DISABLE TP+SB, YOU MUST HAVE uBLOCK ORIGIN INSTALLED + * IF YOU MODIFY SECTION 0400 AND DISABLE TP+SB, YOU MUST HAVE uBLOCK ORIGIN INSTALLED 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-updates for Firefox and extensions/addon-ons are disabled (section 0300) From d3e1fe3a1c5d91e73dda224810806adcceed0d8a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 May 2017 01:18:51 +1200 Subject: [PATCH 0179/1961] 0410f: FF54 report mistake urls --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index e995b12..6af651f 100644 --- a/user.js +++ b/user.js @@ -284,6 +284,10 @@ user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) +user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) /* 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which * when clicked bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 From 6cda4ebc14e77f4511d50b96de0de4c86b60b311 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 May 2017 01:44:04 +1200 Subject: [PATCH 0180/1961] 2699f: spoof navigator.hardwareConcurrency --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 6af651f..0bb682a 100644 --- a/user.js +++ b/user.js @@ -1390,6 +1390,8 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("privacy.window.maxInnerHeight", 768); /* 2699e: use UTC timezone (spoof as UTC 0) (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ +/* 2699f: spoof navigator.hardwareConcurrency as 2 (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ From dc15fe7db853ed32087d4c83f11e5bceb126c4e2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 May 2017 09:11:45 +1200 Subject: [PATCH 0181/1961] fixup TP/Flash blocklist URL prefs See comment https://github.com/ghacksuserjs/ghacks-user.js/issues/103#issuecomment-300911966 - `*safebrowsing.provider.mozilla.*` is for Flash & TP ONLY (original article by francois had a *slight!!* error since fixed) This means that 0410d was not shared by TP and SB and to clear it all up .. 0410d is moved to 0420's. 0420's also gets the flash pref 0440 moved into the 0420's. Now it's all tidy: 0410's = google and SB, 0420's = mozilla & TP+Flash --- user.js | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index 0bb682a..946feea 100644 --- a/user.js +++ b/user.js @@ -271,10 +271,6 @@ user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // list hash check // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) -/* 0410d: disable Mozilla safebrowsing downloads, updates - * [NOTE] These two prefs are also used for Tracking Protection and Flash (see 0420 and 0440) ***/ - // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts - // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists /* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); @@ -300,7 +296,6 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * ^ If both are false then TP is disabled * ^ If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows * ^ If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only - * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ user_pref("privacy.trackingprotection.enabled", true); // enforces ALL windows if true (not just private) @@ -312,17 +307,15 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // simple/basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict -/* 0430: disable SSL Error Reporting - * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); -/* 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) +/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * If you don't have Flash, then you don't need this enabled - * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); +/* 0424: disable Mozilla tracking protection and flash blocklist downloads, updates + * [NOTE] These two prefs are also used for Tracking Protection and Flash (see 0420 and 0440) ***/ + // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts + // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 84ea69411b544c266f9b597f66bb49723d48e1c3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 May 2017 09:18:52 +1200 Subject: [PATCH 0182/1961] remove redundant line --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 946feea..f1e6d83 100644 --- a/user.js +++ b/user.js @@ -312,8 +312,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); -/* 0424: disable Mozilla tracking protection and flash blocklist downloads, updates - * [NOTE] These two prefs are also used for Tracking Protection and Flash (see 0420 and 0440) ***/ +/* 0424: disable Mozilla's tracking protection and Flash blocklist downloads, updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists From 9a42dfe73dec268aa8c0ec59eca8338c8307d0af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 May 2017 17:38:17 +1200 Subject: [PATCH 0183/1961] whoops .. put back 0430 inadvertently removed 0430 when doing some rearranging --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index f1e6d83..f67e672 100644 --- a/user.js +++ b/user.js @@ -315,6 +315,11 @@ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0424: disable Mozilla's tracking protection and Flash blocklist downloads, updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists +/* 0430: disable SSL Error Reporting + * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ +user_pref("security.ssl.errorReporting.automatic", false); +user_pref("security.ssl.errorReporting.enabled", false); +user_pref("security.ssl.errorReporting.url", ""); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 9249fc6ed0ac69a60eaeecfae53e7ff093cd6ab6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 09:38:17 +1200 Subject: [PATCH 0184/1961] 0402 kinto #113 + 0400 title --- user.js | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index f67e672..b8dda11 100644 --- a/user.js +++ b/user.js @@ -213,7 +213,7 @@ user_pref("social.enabled", false); // (hidden pref) * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -/*** 0400: QUIET FOX [PART 2] [WARNING] +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION / SSL ERROR REPORTING [WARNING] This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. @@ -230,17 +230,16 @@ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!") * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: disable/enable various Kinto blocklist updates (FF50+) +/* 0402: disable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - * As Firefox transitions to Kinto, the blocklists have been broken down (more could be added). These contain - * block entries for certs to be revoked, add-ons and plugins to be disabled, and gfx environments that - * cause problems or crashes. Here you can remove the collection name to disable each specific list updating ***/ -user_pref("services.blocklist.update_enabled", true); -user_pref("services.blocklist.signing.enforced", true); -user_pref("services.blocklist.onecrl.collection", "certificates"); // revoked certificates -user_pref("services.blocklist.addons.collection", "addons"); -user_pref("services.blocklist.plugins.collection", "plugins"); // if you have no plugins -user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration is disabled + * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be + * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes. Use + * .update_enabled as a master switch or remove the .collection name to disable each individually ***/ + // user_pref("services.blocklist.update_enabled", true); + // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates + // user_pref("services.blocklist.addons.collection", ""); + // user_pref("services.blocklist.plugins.collection", ""); + // user_pref("services.blocklist.gfx.collection", ""); /* 0410: disable Safe Browsing (SB) * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" * data being sent to Google from all other settings such as using local blocklists/whitelists and From 2a240b4a106b6540084b4b227e52d661534abb09 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 10:01:27 +1200 Subject: [PATCH 0185/1961] 0401 extension.blocklist #113 No effective changes made, i.e extensions.blocklist.enabled is not disabled, just not enforced. --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index b8dda11..8789c67 100644 --- a/user.js +++ b/user.js @@ -224,11 +224,11 @@ user_pref("dom.flyweb.enabled", false); continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/* 0401: DON'T disable extension blocklist, but sanitize blocklist url - * It now includes updates for "revoked certificates" +/* 0401: disable extension blocklist, but sanitize blocklist url + * [WARNING] Not recommended as it includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ -user_pref("extensions.blocklist.enabled", true); + // user_pref("extensions.blocklist.enabled", false); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: disable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications From dce198c4058a96045eca29ede7cb970467c9e08e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 11:25:54 +1200 Subject: [PATCH 0186/1961] move 0440->1204 SSL Error Reporting #113 --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 8789c67..939d482 100644 --- a/user.js +++ b/user.js @@ -213,7 +213,7 @@ user_pref("social.enabled", false); // (hidden pref) * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION / SSL ERROR REPORTING [WARNING] +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION [WARNING] This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. @@ -314,11 +314,6 @@ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0424: disable Mozilla's tracking protection and Flash blocklist downloads, updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists -/* 0430: disable SSL Error Reporting - * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); @@ -611,6 +606,11 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [1] https://tools.ietf.org/html/rfc5077 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) +/* 1204: disable SSL Error Reporting + * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ +user_pref("security.ssl.errorReporting.automatic", false); +user_pref("security.ssl.errorReporting.enabled", false); +user_pref("security.ssl.errorReporting.url", ""); /** OCSP (Online Certificate Status Protocol) ***/ /* 1210: enable OCSP Stapling * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ From 6516eadc602436acc24dd06f3ded4e3601541cb8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 11:50:50 +1200 Subject: [PATCH 0187/1961] 0400s: tidy up sub-section Blocklists --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 939d482..69c8403 100644 --- a/user.js +++ b/user.js @@ -224,18 +224,20 @@ user_pref("dom.flyweb.enabled", false); continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/* 0401: disable extension blocklist, but sanitize blocklist url - * [WARNING] Not recommended as it includes updates for "revoked certificates" +/** BLOCKLISTS ***/ +/* 0401: enforce extension blocklist, but sanitize blocklist url + * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ - // user_pref("extensions.blocklist.enabled", false); +user_pref("extensions.blocklist.enabled", false); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: disable Kinto blocklist updates (FF50+) +/* 0402: enforce Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes. Use * .update_enabled as a master switch or remove the .collection name to disable each individually ***/ - // user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.signing.enforced", true); // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); From cd13d479eececb205d7183d97b691f8d61c37a12 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 11:52:37 +1200 Subject: [PATCH 0188/1961] whoops --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 69c8403..0e5b105 100644 --- a/user.js +++ b/user.js @@ -229,7 +229,7 @@ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!") * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ -user_pref("extensions.blocklist.enabled", false); +user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: enforce Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications From 436db6c02da4c453b1259b9efcf288266e8ea3ff Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 12:04:45 +1200 Subject: [PATCH 0189/1961] splinter part of 0402 kinto into 0403 #113 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0e5b105..5157c3f 100644 --- a/user.js +++ b/user.js @@ -234,10 +234,10 @@ user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/bloc /* 0402: enforce Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes. Use - * .update_enabled as a master switch or remove the .collection name to disable each individually ***/ + * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes ***/ user_pref("services.blocklist.update_enabled", true); user_pref("services.blocklist.signing.enforced", true); +/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); From 195ec514c380516730fa83348ab2ac0f3933ec05 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 12:32:58 +1200 Subject: [PATCH 0190/1961] bye bye scary warnings Now TP+SB is not disabled by the js, goodbye big scary warnings - we still have our advisory remarks in the section and wiki and readme.md --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index 5157c3f..41d52bc 100644 --- a/user.js +++ b/user.js @@ -16,8 +16,6 @@ * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation - * IF YOU MODIFY SECTION 0400 AND DISABLE TP+SB, YOU MUST HAVE uBLOCK ORIGIN INSTALLED - 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-updates for Firefox and extensions/addon-ons are disabled (section 0300) * Some user data is erased (section 2800), namely history (browsing, form, download) @@ -28,7 +26,6 @@ - Search this file for the "[SETUP]" tag to find SOME common items you could check before using to avoid unexpected surprises - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues - 4. BACKUP BACKUP BACKUP your profile folder before implementing (and/or test in a new profile) 5. Did you do a BACKUP? @@ -213,7 +210,7 @@ user_pref("social.enabled", false); // (hidden pref) * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION [WARNING] +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. From ad51e00c8ff23eeb08f2826114d043b492c3598f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 12:44:29 +1200 Subject: [PATCH 0191/1961] 0400s: tidy up sub-section TP --- user.js | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 41d52bc..adc5606 100644 --- a/user.js +++ b/user.js @@ -287,26 +287,24 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", true); -/* 0420: disable/enable Tracking Protection (TP) - * There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, - * which offers more comprehensive as well as specialized lists. It also allows per domain control. - * By default TP is only used in Private Browsing windows. - * ^ If both are false then TP is disabled - * ^ If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows - * ^ If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only +/** TRACKING PROTECTION (TP) + There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, + as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ +/* 0420: enforce Tracking Protection (to disable set both prefs as false) + * If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows + * If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ + // user_pref("privacy.trackingprotection.pbmode.enabled", true); // private browsing pref user_pref("privacy.trackingprotection.enabled", true); // enforces ALL windows if true (not just private) - // user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: use "basic" or "strict" tracking protecting list - ONLY USE ONE! * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // simple/basic + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) - * If you don't have Flash, then you don't need this enabled * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); From 0d09e9c9b56a888358a30d72dc0eccd619251b7e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 13:00:14 +1200 Subject: [PATCH 0192/1961] minor comment edits --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index adc5606..7201157 100644 --- a/user.js +++ b/user.js @@ -265,8 +265,8 @@ user_pref("services.blocklist.signing.enforced", true); // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) /* 0410c: disable Google safebrowsing downloads, updates ***/ - // user_pref("browser.safebrowsing.provider.google.updateURL", ""); // update google lists - // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // list hash check + // user_pref("browser.safebrowsing.provider.google.updateURL", ""); + // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) /* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ @@ -308,9 +308,9 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); -/* 0424: disable Mozilla's tracking protection and Flash blocklist downloads, updates ***/ - // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts - // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists +/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ + // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); + // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 64351a0c193727696981c1af777f8218e03ec59d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 13:53:24 +1200 Subject: [PATCH 0193/1961] minor edits --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 7201157..c60aa3e 100644 --- a/user.js +++ b/user.js @@ -222,13 +222,13 @@ user_pref("dom.flyweb.enabled", false); ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /** BLOCKLISTS ***/ -/* 0401: enforce extension blocklist, but sanitize blocklist url +/* 0401: enable extension blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: enforce Kinto blocklist updates (FF50+) +/* 0402: enable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes ***/ @@ -295,12 +295,12 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // private browsing pref -user_pref("privacy.trackingprotection.enabled", true); // enforces ALL windows if true (not just private) +user_pref("privacy.trackingprotection.pbmode.enabled", true); +user_pref("privacy.trackingprotection.enabled", true); /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); -/* 0422: use "basic" or "strict" tracking protecting list - ONLY USE ONE! +/* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict From 903ba2d2b4bdaab267f562a8de07b16f2effe08c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 14:04:14 +1200 Subject: [PATCH 0194/1961] 0400s: tidy up sub-section SB --- user.js | 45 +++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index c60aa3e..996f8c5 100644 --- a/user.js +++ b/user.js @@ -94,7 +94,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ user_pref("geo.security.allowinsecure", false); -/*** 0300: QUIET FOX [PART 1] +/*** 0300: QUIET FOX No auto-phoning home for anything. You can still do manual updates. It is still important to do updates for security reasons. [WARNING] [SETUP] If you don't auto update, make sure you do manually. There are many legitimate reasons to turn off AUTO updates, including hijacked @@ -239,40 +239,37 @@ user_pref("services.blocklist.signing.enforced", true); // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); // user_pref("services.blocklist.gfx.collection", ""); -/* 0410: disable Safe Browsing (SB) - * This sub-section has been redesigned to differentiate between "real-time"/"user initiated" - * data being sent to Google from all other settings such as using local blocklists/whitelists and - * updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent - * to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. - * Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox - * also takes measures such as striping out identifying parameters and storing safe browsing - * cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) - * To use safebrowsing but not "leak" binary download info to Google, only use 0410e and 0410f - * #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - * [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410a: disable "Block dangerous and deceptive content" (under Options>Security) - * Until FF48 this was titled "Block reported web forgeries" - * It covers deceptive sites such as phishing and social engineering ***/ +/* SAFE BROWSING (SN) + This sub-section has been redesigned to differentiate between "real-time"/"user initiated" + data being sent to Google from all other settings such as using local blocklists/whitelists and + updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent + to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. + Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox + also takes measures such as striping out identifying parameters and storing safe browsing + cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ +/* 0410: disable "Block dangerous and deceptive content" (under Options>Security) + * This covers deceptive sites such as phishing and social engineering ***/ // user_pref("browser.safebrowsing.malware.enabled", false); // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -/* 0410b: disable "Block dangerous downloads" (under Options>Security) - * Until FF48 this was titled "Block reported attack sites" - * It covers malware and PUPs (potentially unwanted programs) ***/ +/* 0411: disable "Block dangerous downloads" (under Options>Security) + * This covers malware and PUPs (potentially unwanted programs) ***/ // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0410b: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ +/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) -/* 0410c: disable Google safebrowsing downloads, updates ***/ +/* 0413: disable Google safebrowsing updates ***/ // user_pref("browser.safebrowsing.provider.google.updateURL", ""); // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) -/* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ +/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); -/* 0410f: disable reporting URLs ***/ +/* 0415: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); @@ -282,8 +279,8 @@ user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); / user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // (FF54+) user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // (FF54+) user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) -/* 0410g: show=true or hide=false the 'ignore this warning' on Safe Browsing warnings which - * when clicked bypasses the block for that session. This is a means for admins to enforce SB +/* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked + * bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", true); From ce90d07e0ef176a54adaedf1561004968f037055 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 14:07:42 +1200 Subject: [PATCH 0195/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 996f8c5..f59d433 100644 --- a/user.js +++ b/user.js @@ -283,7 +283,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ - // user_pref("browser.safebrowsing.allowOverride", true); + // user_pref("browser.safebrowsing.allowOverride", false); /** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ From d5c92cd548495acabc32eb68954b2dccc7a72e00 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 14:11:45 +1200 Subject: [PATCH 0196/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f59d433..3649dbb 100644 --- a/user.js +++ b/user.js @@ -239,7 +239,7 @@ user_pref("services.blocklist.signing.enforced", true); // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); // user_pref("services.blocklist.gfx.collection", ""); -/* SAFE BROWSING (SN) +/* SAFE BROWSING (SB) This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data being sent to Google from all other settings such as using local blocklists/whitelists and updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent From 21f5333723f329e57601bd8ad6a847ba7f709014 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 14:13:42 +1200 Subject: [PATCH 0197/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3649dbb..2f1bed6 100644 --- a/user.js +++ b/user.js @@ -287,7 +287,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // /** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ -/* 0420: enforce Tracking Protection (to disable set both prefs as false) +/* 0420: enable Tracking Protection (to disable set both prefs as false) * If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows * If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only * [1] https://wiki.mozilla.org/Security/Tracking_protection From 83cf1571782a562a018ce6e2c2e83102f91455a0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 14:33:46 +1200 Subject: [PATCH 0198/1961] Update user.js --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 2f1bed6..caffa68 100644 --- a/user.js +++ b/user.js @@ -287,9 +287,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // /** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ -/* 0420: enable Tracking Protection (to disable set both prefs as false) - * If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows - * If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only +/* 0420: enable Tracking Protection in all windows * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ user_pref("privacy.trackingprotection.pbmode.enabled", true); From 9d6da7199dee7ca8aab5c0eeb350d1d1f8bd1884 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 14 May 2017 23:17:16 +1200 Subject: [PATCH 0199/1961] 0401 better wording for extension.blocklist --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index caffa68..5f1c076 100644 --- a/user.js +++ b/user.js @@ -222,7 +222,7 @@ user_pref("dom.flyweb.enabled", false); ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /** BLOCKLISTS ***/ -/* 0401: enable extension blocklist, but sanitize blocklist url +/* 0401: enable Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ From 8f5305f38352260b15458c1461a42ac984c79276 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 May 2017 05:42:58 +1200 Subject: [PATCH 0200/1961] 0001: add PB mode info #80 --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index 5f1c076..d3fa69a 100644 --- a/user.js +++ b/user.js @@ -40,6 +40,11 @@ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong w /* 0001: Start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed + * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, + * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or + * removes the ability to control these, and you need to quit Firefox to clear them. PB is best + * used as a one off window (File>New Private Window) to provide a temporary self-contained + * new instance. Closing all Private Windows clears all traces. Repeat when required. * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); From 7fcb3ce8361f90bf1efe1a8f407dad46910fe6e4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 May 2017 06:15:40 +1200 Subject: [PATCH 0201/1961] Standardize Part1 #115 --- user.js | 196 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 97 insertions(+), 99 deletions(-) diff --git a/user.js b/user.js index d3fa69a..790896d 100644 --- a/user.js +++ b/user.js @@ -37,14 +37,14 @@ * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); -/* 0001: Start Firefox in PB (Private Browsing) mode +/* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or * removes the ability to control these, and you need to quit Firefox to clear them. PB is best * used as a one off window (File>New Private Window) to provide a temporary self-contained - * new instance. Closing all Private Windows clears all traces. Repeat when required. + * new instance. Closing all Private Windows clears all traces. Repeat as required. * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); @@ -77,7 +77,7 @@ user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); user_pref("browser.search.geoip.timeout", 1); /* 0202: disable GeoIP-based search results - * [NOTE] may not be hidden if Firefox has changed your settings due to your locale + * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 ***/ user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) @@ -244,16 +244,16 @@ user_pref("services.blocklist.signing.enforced", true); // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); // user_pref("services.blocklist.gfx.collection", ""); -/* SAFE BROWSING (SB) - This sub-section has been redesigned to differentiate between "real-time"/"user initiated" - data being sent to Google from all other settings such as using local blocklists/whitelists and - updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent - to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. - Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox - also takes measures such as striping out identifying parameters and storing safe browsing - cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ +/** SAFE BROWSING (SB) + This sub-section has been redesigned to differentiate between "real-time"/"user initiated" + data being sent to Google from all other settings such as using local blocklists/whitelists and + updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent + to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. + Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox + also takes measures such as striping out identifying parameters and storing safe browsing + cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ /* 0410: disable "Block dangerous and deceptive content" (under Options>Security) * This covers deceptive sites such as phishing and social engineering ***/ // user_pref("browser.safebrowsing.malware.enabled", false); @@ -301,7 +301,7 @@ user_pref("privacy.trackingprotection.enabled", true); * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! - * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ + * [SETTING] Options>Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) @@ -339,7 +339,7 @@ user_pref("network.http.speculative-parallel-limit", 0); * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); -/* 0607: stop links launching Windows Store on Windows 8/8.1/10 +/* 0607: disable links launching Windows Store on Windows 8/8.1/10 * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ @@ -373,7 +373,7 @@ user_pref("browser.urlbar.trimURLs", false); * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable CSS querying page history - CSS history leak - PRIVACY - * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's + * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * only in 'certain circumstances', also see latest comments in [2] * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * [1] https://dbaron.org/mozilla/visited-privacy @@ -434,7 +434,7 @@ user_pref("browser.taskbar.previews.enable", false); user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords * [SETTING] Options>Security>Logins>Remember logins for sites - * [NOTE] this does not clear any passwords already saved ***/ + * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. @@ -442,12 +442,12 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0903: set how often Mozilla should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ user_pref("security.ask_for_password", 2); -/* 0904: how often in minutes Mozilla should ask for the master password (see pref above) +/* 0904: set how often in minutes Mozilla should ask for the master password (see pref above) * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields - SECURITY * can leak in cross-site forms AND be spoofed - * [NOTE] password will still be auto-filled after a user name is manually entered + * [NOTE] Password will still be auto-filled after a user name is manually entered * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ user_pref("signon.autofillForms", false); /* 0906: ignore websites' autocomplete="off" (FF30+) @@ -464,7 +464,7 @@ user_pref("security.insecure_password.ui.enabled", true); user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); -/* 0910: enforce disable autofilling saved password on HTTP pages and show warning (FF52+) +/* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); @@ -584,13 +584,13 @@ user_pref("dom.ipc.shims.enabledWarnings", true); ***/ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ -/* 1201: reject communication with servers using old SSL/TLS - vulnerable to a MiTM attack - * [WARNING] tested Feb 2017 - still breaks too many sites +/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack + * [WARNING] Tested Feb 2017 - still breaks too many sites * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ // user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc - * [WARNING] FF/chrome currently allow TLS 1.0 by default, so this is your call. + * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call. * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ // user_pref("security.tls.version.min", 2); @@ -625,9 +625,9 @@ user_pref("security.OCSP.enabled", 1); // user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable Microsoft Family Safety cert (Windows 8.1) (FF50+) - * 0 = disable detecting Family Safety mode and importing the root - * 1 = only attempt to detect Family Safety mode (don't import the root) - * 2 = detect Family Safety mode and import the root ***/ + * 0=disable detecting Family Safety mode and importing the root + * 1=only attempt to detect Family Safety mode (don't import the root) + * 2=detect Family Safety mode and import the root ***/ user_pref("security.family_safety.mode", 0); /* 1221: disable intermediate certificate caching (fingerprinting attack vector) * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) @@ -652,25 +652,25 @@ user_pref("network.stricttransportsecurity.preloadlist", true); /* 1240: disable insecure active content on https pages - mixed content ***/ user_pref("security.mixed_content.block_active_content", true); /* 1241: disable insecure passive content (such as images) on https pages - mixed context - * [WARNING] when set to true, this will visually break many sites (March 2017) ***/ + * [WARNING] When set to true, this will visually break many sites (March 2017) ***/ // user_pref("security.mixed_content.block_display_content", true); -/* 1242: allow Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) +/* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because * those may cause noticeable delays eg requests time out or are not handled well by servers - * [NOTE] if you want to use the priming requests make sure 'use_hsts' is also true + * [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ user_pref("security.mixed_content.use_hsts", true); user_pref("security.mixed_content.send_hsts_priming", false); /** CIPHERS [see the section 1200 intro] ***/ /* 1260: disable or limit SHA-1 - * 0 = all SHA1 certs are allowed - * 1 = all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) - * 2 = deprecated option that now maps to 1 - * 3 = only allowed for locally-added roots (e.g. anti-virus) - * 4 = only allowed for locally-added roots or for certs in 2015 and earlier - * [WARNING] when disabled, some man-in-the-middle devices (eg security scanners and - * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. + * 0=all SHA1 certs are allowed + * 1=all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) + * 2=deprecated option that now maps to 1 + * 3=only allowed for locally-added roots (e.g. anti-virus) + * 4=only allowed for locally-added roots or for certs in 2015 and earlier + * [WARNING] When disabled, some man-in-the-middle devices (eg security scanners and + * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); /* 1261: disable 3DES (effective key size < 128) @@ -682,12 +682,12 @@ user_pref("security.ssl3.rsa_des_ede3_sha", false); user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) - * [WARNING] may break obscure sites, but not major sites, which should support ECDH over DHE + * [WARNING] May break obscure sites, but not major sites, which should support ECDH over DHE * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); /* 1264: disable the remaining non-modern cipher suites as of FF52 - * [NOTE] commented out because it still breaks too many sites ***/ + * [NOTE] Commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); /** UI (User Interface) ***/ @@ -698,7 +698,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); -/* 1272: display advanced information on Insecure Connection warning pages +/* 1272: enable advanced display information on Insecure Connection warning pages * only works when it's possible to add an exception * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ @@ -712,15 +712,15 @@ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of li * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); -/* 1402: allow icon fonts (glyphs) (FF41+) ***/ +/* 1402: enable icon fonts (glyphs) (FF41+) ***/ user_pref("gfx.downloadable_fonts.enabled", true); /* 1403: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1404: use more legible default fonts +/* 1404: set more legible default fonts * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [SETUP] These are optional, comment out if you do not require them - * [NOTE] Been using this for well over a year, it really grows on you ***/ + * [NOTE] Been using this for 18 months, it really grows on you ***/ user_pref("font.name.serif.x-unicode", "Georgia"); user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman user_pref("font.name.sans-serif.x-unicode", "Arial"); @@ -732,14 +732,14 @@ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); -/* 1407: remove special underline handling for a few fonts which you will probably never use. +/* 1407: disable special underline handling for a few fonts which you will probably never use. * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues - need citation ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: only expose whitelisted system fonts (FF52+) +/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, @@ -774,9 +774,9 @@ user_pref("network.http.sendRefererHeader", 2); * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests * is rather pointless. Recommended left at default for zero same origin breakage ***/ user_pref("network.http.referer.trimmingPolicy", 0); -/* 1603: CROSS ORIGIN: fine-tune when to send a referer [SETUP] +/* 1603: CROSS ORIGIN: control when to send a referer [SETUP] * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [NOTE] 1 = less breakage, possible leakage 2 = less leakage, more breakage ***/ + * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ @@ -798,7 +798,7 @@ user_pref("network.http.referer.spoofSource", false); user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) * [SETTING] Options>Privacy>Tracking>Request that sites not track you - * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ + * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); /*** 1700: CONTAINERS [SETUP] @@ -813,12 +813,12 @@ user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot rests in peace /* 1702: enable Container Tabs (FF50+) * [SETTING] Options>Privacy>Container Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); -/* 1703: use a private container for thumbnail loads (FF51+) ***/ +/* 1703: enable a private container for thumbnail loads (FF51+) ***/ // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); /* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) * 0=disables long press, 1=when clicked, the menu is shown * 2=the menu is shown after X milliseconds - * [NOTE]: the menu does not contain a non-container tab option + * [NOTE] The menu does not contain a non-container tab option * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1328756 ***/ // user_pref("privacy.userContext.longPressBehavior", 2); @@ -833,16 +833,15 @@ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: make sure a plugin is in a certain state: 0=deactivated 1=ask 2=enabled (Flash example) * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config - * [NOTE] you can still over-ride individual sites eg youtube via site permissions + * [NOTE] You can still over-ride individual sites eg youtube via site permissions * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ user_pref("security.xpconnect.plugin.unrestricted", false); -/* 1805: disable scanning for plugins +/* 1805: disable scanning for plugins [WINDOWS] * [1] http://kb.mozillazine.org/Plugin_scanning - * plid.all = whether to scan the directories specified in the Windows registry for PLIDs - * includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc - * [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/ + * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. + * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ user_pref("plugin.scan.plid.all", false); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ @@ -935,13 +934,13 @@ user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); /* 2201: disable website control over browser right-click context menu * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ // user_pref("dom.event.contextmenu.enabled", false); -/* 2202: UI SPOOFING: disable scripts hiding or disabling the following on new windows ***/ +/* 2202: disable [new window] scripts hiding or disabling the following ***/ user_pref("dom.disable_window_open_feature.location", true); user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.resizable", true); user_pref("dom.disable_window_open_feature.status", true); user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2203: POPUP windows - prevent or allow javascript UI meddling ***/ +/* 2203: disable [popup window] scripts hiding or disabling the following ***/ user_pref("dom.disable_window_flip", true); // window z-order user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_window_open_feature.close", true); @@ -967,7 +966,7 @@ user_pref("dom.disable_beforeunload", true); user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2301: disable workers API and service workers API * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) - * [WARNING] WILL break sites especially workers eg Google Street View + * [WARNING] Will break sites especially workers eg Google Street View * [1] https://developer.mozilla.org/en-US/docs/Web/API/Worker * [2] https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API * [3] http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/ @@ -978,15 +977,15 @@ user_pref("dom.caches.enabled", false); /* 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * [WARNING] may affect social media sites like Twitter + * [WARNING] May affect social media sites like Twitter * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); /* 2304: disable web/push notifications - * [NOTE] you can still override individual domains under site permissions (FF44+) - * [WARNING] may affect social media sites like Twitter + * [NOTE] You can still override individual domains under site permissions (FF44+) + * [WARNING] May affect social media sites like Twitter * [1] https://developer.mozilla.org/en-US/docs/Web/API/notification ***/ user_pref("dom.webnotifications.enabled", false); user_pref("dom.webnotifications.serviceworker.enabled", false); @@ -1022,7 +1021,7 @@ user_pref("dom.enable_resource_timing", false); user_pref("dom.enable_performance", false); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); -/* 2415: max popups from a single non-click event - default is 20! ***/ +/* 2415: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); /* 2415b: limit events that can cause a popup * default is "change click dblclick mouseup notificationclick reset submit touchend" @@ -1042,7 +1041,7 @@ user_pref("full-screen-api.enabled", false); * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ user_pref("javascript.options.asmjs", false); /* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 - * [WARNING] causes the odd site issue and there is also a performance loss + * [WARNING] Causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); @@ -1067,7 +1066,7 @@ user_pref("offline-apps.allow_by_default", false); /* 2450b: display a notification when websites offer data for offline use * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); -/* 2450c: change size of warning quota for offline cache (default 51200) +/* 2450c: set size of warning quota for offline cache (default 51200) * Offline cache is only used in rare cases to store data locally. FF will store small amounts * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ // user_pref("offline-apps.quota.warn", 51200); @@ -1109,7 +1108,7 @@ user_pref("dom.keyboardevent.code.enabled", false); user_pref("dom.keyboardevent.dispatch_during_composition", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>Advanced>General>Use hardware acceleration when available - * [NOTE] changing this option changes BOTH these preferences + * [NOTE] Changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ user_pref("gfx.direct2d.disabled", true); @@ -1147,13 +1146,14 @@ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the /* 2601: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ user_pref("beacon.enabled", false); -/* 2602: CIS 2.3.2 disable downloading on desktop ***/ +/* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) + * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ user_pref("browser.download.folderList", 2); -/* 2603: always ask the user where to download - enforce user interaction for security ***/ +/* 2603: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); /* 2604: https://bugzilla.mozilla.org/show_bug.cgi?id=238789#c19 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: don't integrate activity into windows recent documents ***/ +/* 2605: disable integration of activity into windows recent documents ***/ user_pref("browser.download.manager.addToRecentDocs", false); /* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); @@ -1199,7 +1199,7 @@ user_pref("pdfjs.disabled", false); * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [WARNING] a low setting of 5 or under will probably break some sites (eg gmail logins) + * [WARNING] A low setting of 5 or under will probably break some sites (eg gmail logins) * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2620: disable middle mouse click opening links from clipboard @@ -1217,17 +1217,15 @@ user_pref("middlemouse.contentLoadURL", false); * [1] http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); -/* 2622: ensure you have a security delay when installing add-ons (milliseconds) +/* 2622: enforce a security delay when installing add-ons (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); -/* 2623: ensure Strict File Origin Policy on local files - * The default is true. Included for completeness +/* 2623: enable Strict File Origin Policy on local files * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ user_pref("security.fileuri.strict_origin_policy", true); -/* 2624: enforce Subresource Integrity (SRI) (FF43+) - * The default is true. Included for completeness +/* 2624: enable Subresource Integrity (SRI) (FF43+) * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); @@ -1235,7 +1233,7 @@ user_pref("security.sri.enable", true); * upon the use of .onion and SHOULD NOT perform a DNS lookup. * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); -/* 2626: strip optional user agent token, default is false, included for completeness +/* 2626: disable optional user agent token, default is false, included for completeness * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ user_pref("general.useragent.compatMode.firefox", false); /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ @@ -1268,7 +1266,7 @@ user_pref("network.http.altsvc.oe", false); * [1] http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories - * [WARNING] this will break add-ons that do not use the default XPI directories + * [WARNING] This will break add-ons that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [2] archived: http://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) @@ -1285,7 +1283,7 @@ user_pref("security.block_script_with_wrong_mime", true); * including youtube player controls. Best left for "hardened" or specific profiles. * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ // user_pref("svg.disabled", true); -/* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk +/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing security risk * Firefox has *some* protections to mitigate the risk, but it is better to be safe * than sorry. The downside: it will also display legitimate IDN's punycoded, which * might be undesirable for users from countries with non-latin alphabets @@ -1294,7 +1292,7 @@ user_pref("security.block_script_with_wrong_mime", true); * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2673: enforce CSP (Content Security Policy) (default is true) +/* 2673: enable CSP (Content Security Policy) (default is true) * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) @@ -1315,7 +1313,7 @@ user_pref("security.csp.experimentalEnabled", true); * Values below are for example only based on the current ESR/TBB at the time of writing ***/ /* 2697a: navigator.userAgent leaks in JS - * [NOTE] setting this will break any UA spoofing add-on whitelisting ***/ + * [NOTE] Setting this will break any UA spoofing add-on whitelisting ***/ // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) /* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time * down to the second which defeats user agent spoofing and can compromise OS etc @@ -1329,11 +1327,11 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.platform.override", "Win32"); // (hidden pref) /* 2697f: navigator.oscpu leaks in JS ***/ // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 2697g: also see 0204 for general.useragent.locale ***/ +/* 2697g: general.useragent.locale (related, see 0204) ***/ /*** 2698: FIRST PARTY ISOLATION (FPI) ***/ /* 2698a: enable first party isolation pref and OriginAttribute (FF51+) - * [WARNING] breaks lots of cross-domain logins and site functionality until perfected + * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ /* 2698b: isolate favicons (FF52+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ @@ -1363,8 +1361,8 @@ user_pref("security.csp.experimentalEnabled", true); This section will attempt to list all the ramifications and Mozilla tickets ***/ /* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - * [NOTE] does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - * [NOTE] this will probably make your values pretty unique until you resize or snap the + * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + * [NOTE] This will probably make your values pretty unique until you resize or snap the * inner window width + height into standard/common resolutions (mine is at 1366x768) * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test @@ -1375,13 +1373,13 @@ user_pref("security.csp.experimentalEnabled", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ /* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ -/* 2699d: new window sizes to round to hundreds (FF55+) +/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP] * [NOTE] If override values are too big, the code determines it for you * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ // user_pref("privacy.window.maxInnerWidth", 1366); // user_pref("privacy.window.maxInnerHeight", 768); -/* 2699e: use UTC timezone (spoof as UTC 0) (FF55+) +/* 2699e: spoof timezone as UTC 0 (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ /* 2699f: spoof navigator.hardwareConcurrency as 2 (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ @@ -1394,7 +1392,7 @@ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the b * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ user_pref("network.cookie.cookieBehavior", 2); -/* 2702: ensure that third-party cookies (if enabled, see above pref) are session-only +/* 2702: set third-party cookies (if enabled, see above pref) to session-only * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); @@ -1405,7 +1403,7 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); /* 2705: disable dom storage - * [WARNING] this will break a LOT of sites' functionality. + * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); /* 2706: disable Storage API @@ -1418,12 +1416,12 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("dom.storageManager.enabled", false); // (FF51+) user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when a WebExtension is uninstalled - * [NOTE] both preferences must be the same + * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2708: prevent HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) +/* 2708: disable HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); @@ -1453,7 +1451,7 @@ user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences /* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) * This dialog can also be accessed from the menu History>Clear Recent History - * [NOTE] regardless of what you set privacy.cpd.downloads to, as soon as the dialog + * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ user_pref("privacy.cpd.cache", true); user_pref("privacy.cpd.cookies", false); @@ -1491,7 +1489,7 @@ user_pref("browser.tabs.warnOnOpen", false); // user_pref("full-screen-api.warning.timeout", 0); /* 3002: disable closing browser with last tab ***/ user_pref("browser.tabs.closeWindowWithLastTab", false); -/* 3004: disable backspace (0 = previous page, 1 = scroll up, 2 = do nothing) ***/ +/* 3004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ user_pref("browser.backspace_action", 2); /* 3005: disable autocopy default (linux) ***/ // user_pref("clipboard.autocopy", false); @@ -1499,7 +1497,7 @@ user_pref("browser.backspace_action", 2); * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); -/* 3009: turn on APZ (Async Pan/Zoom) - requires e10s +/* 3009: enable APZ (Async Pan/Zoom) - requires e10s * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ // user_pref("layers.async-pan-zoom.enabled", true); /* 3010: enable ctrl-tab previews ***/ @@ -1518,10 +1516,10 @@ user_pref("browser.tabs.animate", false); /* 3016: disable fullscreeen animation. Test using F11. * Animation is smother but is annoyingly slow, while no animation can be startling ***/ user_pref("browser.fullscreen.animate", false); -/* 3017: submenu in milliseconds. 0=instant while a small number allows +/* 3017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 150); // (hidden pref) -/* 3018: maximum number of daily bookmark backups to keep (default is 15) ***/ +/* 3018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); /* 3020: FYI: urlbar click behaviour (with defaults) ***/ user_pref("browser.urlbar.clickSelectsAll", true); @@ -1531,7 +1529,7 @@ user_pref("browser.urlbar.doubleClickSelectsAll", false); user_pref("browser.tabs.insertRelatedAfterCurrent", true); /* 3021b: switch to the parent tab (if it has one) on close, rather than * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. - * [NOTE] requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ + * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); /* 3021c: stay on the parent tab when opening links in a new tab * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ @@ -1568,8 +1566,8 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); /*** 9997: DEPRECATED / REMOVED - Personally confirmed by resetting as well as via documentation and DXR searches. - [NOTE] numbers may get re-used ***/ + Confirmed by resetting as well as via documentation, bugzilla tickets, and DXR searches. + [NOTE] Numbers may get re-used ***/ /* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when * this pref was replaced with browser.pagethumbnails.capturing_disabled ***/ // user_pref("pageThumbs.enabled", false); @@ -1613,7 +1611,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("pfs.datasource.url", ""); /* 2403: (43+) disable scripts changing images * [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - * [WARNING] will break some sites such as Google Maps and a lot of web apps ***/ + * [WARNING] Will break some sites such as Google Maps and a lot of web apps ***/ // user_pref("dom.disable_image_src_set", true); /* 2615: (43+) disable http2 for now as well ***/ // user_pref("network.http.spdy.enabled.http2draft", false); @@ -1646,7 +1644,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); /* 0807: (47+) disable history manipulation * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history - * [WARNING] if set to false it breaks some sites (youtube) ability to correctly show the + * [WARNING] If set to false it breaks some sites (youtube) ability to correctly show the * url in location bar and for the forward/back tab history to work ***/ // user_pref("browser.history.allowPopState", false); // user_pref("browser.history.allowPushState", false); @@ -1661,7 +1659,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem * [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ // user_pref("browser.urlbar.unifiedcomplete", false); /* 3006: (48+) disable enforced add-on signing - * [NOTE] the preference is still in FF48+, but it's legacy code and does not work in stable ***/ + * [NOTE] The preference is still in FF48+, but it's legacy code and does not work in stable ***/ // user_pref("xpinstall.signatures.required", false); /* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) * [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ From ec9f9fcea80b2636cbc7ebc7c8dd552f963dce26 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 May 2017 06:31:04 +1200 Subject: [PATCH 0202/1961] remove left over line --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 790896d..99df6d6 100644 --- a/user.js +++ b/user.js @@ -1003,7 +1003,6 @@ user_pref("dom.event.clipboardevents.enabled", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently - * If you block indexedDB but would like a toggle button, try the following add-on * This setting WAS under about:permissions>All Sites>Maintain Offline Storage * [NOTE] about:permissions is no longer available since FF46 but you can still override * individual domains: use info icon in urlbar etc or right click on a web page>view page info From 1c5988c7707b7aefbc55f62ee733165c195b2377 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 May 2017 07:33:04 +1200 Subject: [PATCH 0203/1961] Standardize Part2 #115 --- user.js | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index 99df6d6..2de8c4e 100644 --- a/user.js +++ b/user.js @@ -422,12 +422,12 @@ user_pref("browser.urlbar.oneOffSearches", false); * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); -/* 0870: disable Windows jumplist ***/ +/* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); user_pref("browser.taskbar.lists.recent.enabled", false); user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 0871: disable Windows taskbar preview ***/ +/* 0871: disable Windows taskbar preview [WINDOWS] ***/ user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ @@ -439,10 +439,10 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ -/* 0903: set how often Mozilla should ask for the master password +/* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Mozilla should ask for the master password (see pref above) +/* 0904: set how often in minutes Firefox should ask for the master password (see pref above) * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields - SECURITY @@ -450,12 +450,12 @@ user_pref("security.password_lifetime", 5); * [NOTE] Password will still be auto-filled after a user name is manually entered * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ user_pref("signon.autofillForms", false); -/* 0906: ignore websites' autocomplete="off" (FF30+) +/* 0906: disable websites' autocomplete="off" (FF30+) * Don't let sites dictate use of saved logins and passwords. Increase security through * stronger password use. The trade-off is the convenience. Some sites should never be * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ user_pref("signon.storeWhenAutocompleteOff", true); -/* 0907: force warnings for logins on non-secure (non HTTPS) pages +/* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); /* 0908: When attempting to fix an entered URL (see 0802: browser.fixup.alternate.enabled), @@ -612,7 +612,7 @@ user_pref("security.ssl.errorReporting.url", ""); /* 1210: enable OCSP Stapling * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); -/* 1211: query OCSP responder servers to confirm current validity of certificates +/* 1211: control use of OCSP responder servers to confirm current validity of certificates * 0=disable, 1=validate only certificates that specify an OCSP service URL (default) * 2=enable and use values in security.OCSP.URL and security.OCSP.signing. * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) @@ -624,7 +624,7 @@ user_pref("security.OCSP.enabled", 1); * site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ // user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ -/* 1220: disable Microsoft Family Safety cert (Windows 8.1) (FF50+) +/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) * 0=disable detecting Family Safety mode and importing the root * 1=only attempt to detect Family Safety mode (don't import the root) * 2=detect Family Safety mode and import the root ***/ @@ -698,7 +698,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); -/* 1272: enable advanced display information on Insecure Connection warning pages +/* 1272: display advanced information on Insecure Connection warning pages * only works when it's possible to add an exception * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ @@ -831,7 +831,7 @@ user_pref("plugin.defaultXpi.state", 0); /* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: make sure a plugin is in a certain state: 0=deactivated 1=ask 2=enabled (Flash example) +/* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config * [NOTE] You can still over-ride individual sites eg youtube via site permissions * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ @@ -886,7 +886,7 @@ user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); -/* 2011: don't make WebGL debug info available to websites +/* 2011: disable WebGL debug info being available to websites * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); @@ -1058,11 +1058,11 @@ user_pref("dom.archivereader.enabled", false); * [2] https://wicg.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); -/* 2450a: force Firefox to tell you if a website asks to store data for offline use +/* 2450a: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/en-US/questions/1098540 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2450b: display a notification when websites offer data for offline use +/* 2450b: display a notification when websites ask to to store data for offline use * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); /* 2450c: set size of warning quota for offline cache (default 51200) @@ -1150,7 +1150,8 @@ user_pref("beacon.enabled", false); user_pref("browser.download.folderList", 2); /* 2603: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); -/* 2604: https://bugzilla.mozilla.org/show_bug.cgi?id=238789#c19 ***/ +/* 2604: remove temp files opened with an external application [MAC] + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2605: disable integration of activity into windows recent documents ***/ user_pref("browser.download.manager.addToRecentDocs", false); @@ -1191,7 +1192,7 @@ user_pref("network.http.spdy.enabled.http2", false); * [SETTING] Options>Applications>Portable Document Format (PDF) * [SETUP] By all means, use an external app you consider MORE secure ***/ user_pref("pdfjs.disabled", false); -/* 2618: when using SOCKS have the proxy server do the DNS lookup - DNS leak issue +/* 2618: enforce the proxy server to do any DNS lookups when using SOCKS * eg in TOR, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns @@ -1228,8 +1229,7 @@ user_pref("security.fileuri.strict_origin_policy", true); * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); -/* 2625: Applications [non Tor protocol] SHOULD generate an error - * upon the use of .onion and SHOULD NOT perform a DNS lookup. +/* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); /* 2626: disable optional user agent token, default is false, included for completeness @@ -1254,7 +1254,7 @@ user_pref("mathml.disabled", true); /* 2664: disable DeviceStorage API * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ user_pref("device.storage.enabled", false); -/* 2665: sanitize webchannel whitelist ***/ +/* 2665: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2666: disable HTTP Alternative Services * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ @@ -1270,7 +1270,7 @@ user_pref("devtools.chrome.enabled", false); * [2] archived: http://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -/* 2669: strip paths when sending URLs to PAC scripts (FF51+) +/* 2669: remove paths when sending URLs to PAC scripts (FF51+) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); @@ -1420,7 +1420,7 @@ user_pref("browser.storageManager.enabled", false); // (FF53+) * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2708: disable HTTP sites from setting cookies with the "secure" directive (default: true) (FF52+) +/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); @@ -1504,7 +1504,7 @@ user_pref("browser.ctrlTab.previews", true); /* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner * and easier to use and move around (eg developers/multi-screen). ***/ user_pref("view_source.tab", false); -/* 3012: spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ +/* 3012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 @@ -1520,10 +1520,10 @@ user_pref("browser.fullscreen.animate", false); user_pref("ui.submenuDelay", 150); // (hidden pref) /* 3018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); -/* 3020: FYI: urlbar click behaviour (with defaults) ***/ +/* 3020: control urlbar click behaviour (with defaults) ***/ user_pref("browser.urlbar.clickSelectsAll", true); user_pref("browser.urlbar.doubleClickSelectsAll", false); -/* 3021a: FYI: tab behaviours (with defaults) +/* 3021a: control tab behaviours (with defaults) * open links in a new tab immediately to the right of parent tab, not far right ***/ user_pref("browser.tabs.insertRelatedAfterCurrent", true); /* 3021b: switch to the parent tab (if it has one) on close, rather than @@ -1558,7 +1558,7 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); /* 3027: decode URLs on copy from the urlbar (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ user_pref("browser.urlbar.decodeURLsOnCopy", true); -/* 3028: disable middle-click enabling auto-scrolling on Windows/Mac ***/ +/* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ // user_pref("general.autoScroll", false); /* END: internal custom pref to test for syntax errors ***/ From 1c82abf074d88c79f75b8409857d603a9180744d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 May 2017 07:36:39 +1200 Subject: [PATCH 0204/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2de8c4e..4f08594 100644 --- a/user.js +++ b/user.js @@ -1153,7 +1153,7 @@ user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application [MAC] * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable integration of activity into windows recent documents ***/ +/* 2605: disable integration of activity into windows recent documents [WINDOWS] ***/ user_pref("browser.download.manager.addToRecentDocs", false); /* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); From 31d3aec89388010498e531e38a87ff19e69ef4ca Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 May 2017 08:33:25 +1200 Subject: [PATCH 0205/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4f08594..b7328ca 100644 --- a/user.js +++ b/user.js @@ -1564,7 +1564,7 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9997: DEPRECATED / REMOVED +/*** 9999: DEPRECATED / REMOVED Confirmed by resetting as well as via documentation, bugzilla tickets, and DXR searches. [NOTE] Numbers may get re-used ***/ /* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when From b5c072dc187663654c38bb2e2ad023910d24f38b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 May 2017 07:17:49 +1200 Subject: [PATCH 0206/1961] 2604 remove [MAC] tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b7328ca..c3050ab 100644 --- a/user.js +++ b/user.js @@ -1150,7 +1150,7 @@ user_pref("beacon.enabled", false); user_pref("browser.download.folderList", 2); /* 2603: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); -/* 2604: remove temp files opened with an external application [MAC] +/* 2604: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2605: disable integration of activity into windows recent documents [WINDOWS] ***/ From a0aca310e90a6fa25c98043a51311f79b80eeec1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 May 2017 02:02:51 +1200 Subject: [PATCH 0207/1961] 2605 confirmed windows only (and gtk) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c3050ab..2421864 100644 --- a/user.js +++ b/user.js @@ -1153,7 +1153,7 @@ user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable integration of activity into windows recent documents [WINDOWS] ***/ +/* 2605: disable integration of activity into windows recent documents [WINDOWS] [GTK] ***/ user_pref("browser.download.manager.addToRecentDocs", false); /* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); From 05bbd88f9507d813126960b380f0455ac944e2ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 May 2017 02:41:06 +1200 Subject: [PATCH 0208/1961] 2605 windows->system since GTK could be anything --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2421864..8ecab08 100644 --- a/user.js +++ b/user.js @@ -1153,7 +1153,7 @@ user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable integration of activity into windows recent documents [WINDOWS] [GTK] ***/ +/* 2605: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); /* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); From 147e02379a9665bfcca4e1d801900b40686a0aee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 May 2017 04:50:44 +1200 Subject: [PATCH 0209/1961] dom.maxHardwareConcurrency #115 --- user.js | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8ecab08..4ecc609 100644 --- a/user.js +++ b/user.js @@ -1062,7 +1062,7 @@ user_pref("dom.IntersectionObserver.enabled", false); * [1] https://support.mozilla.org/en-US/questions/1098540 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2450b: display a notification when websites ask to to store data for offline use +/* 2450b: display a notification when websites ask to store data for offline use * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); /* 2450c: set size of warning quota for offline cache (default 51200) @@ -1139,6 +1139,14 @@ user_pref("dom.presentation.discoverable", false); user_pref("dom.presentation.discovery.enabled", false); user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.session_transport.data_channel.enable", false); +/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) + * [WARNING] *may* affect core chrome/Firefox performance, will affect content. + * Highly recommended to leave this (dom) and use 2699f (navigator) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 + * [2] https://trac.torproject.org/projects/tor/ticket/21675 + * [3] https://trac.torproject.org/projects/tor/ticket/22127 + * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/ + // user_pref("dom.maxHardwareConcurrency", 2); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1380,7 +1388,8 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("privacy.window.maxInnerHeight", 768); /* 2699e: spoof timezone as UTC 0 (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ -/* 2699f: spoof navigator.hardwareConcurrency as 2 (FF55+) +/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + * This spoof *shouldn't* affect core chrome/Firefox performance * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) From c7b34d3b2659eba00912380e830f817423ac0038 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 May 2017 05:44:49 +1200 Subject: [PATCH 0210/1961] 0850a+b+c urlbar+maxRichResults #125 clarifies usage of maxRichResults and cases of aberrant number of items displayed --- user.js | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 4ecc609..8728109 100644 --- a/user.js +++ b/user.js @@ -390,18 +390,24 @@ user_pref("browser.search.suggest.enabled", false); * [SETTING] Options>Search>Show search suggestions in location bar results ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) -/* 0850a: disable location bar autocomplete ***/ -user_pref("browser.urlbar.autocomplete.enabled", false); -/* 0850b: disable location bar dropdown - * This value used to control the maximum number of entries that could appear in the location - * bar dropdown. This is no longer the case, and thus, it does *NOT* hide any suggestions ***/ - // user_pref("browser.urlbar.maxRichResults", 0); -/* 0850c: disable location bar suggestion types +/* 0850a: disable location bar autocomplete [controlled by 0850b] + // user_pref("browser.urlbar.autocomplete.enabled", false); +/* 0850b: disable location bar suggestion types [controls 0850a] * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest - * [NOTE] If you wish to enable these suggestions, make sure 0850a is at default ***/ + * [NOTE] If any of these are true, 0850a will be FORCED to true + * and if all three are false, 0850a will be FORCED to false + * [WARNING] If all three are false, search engine keywords are disabled ***/ user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); +/* 0850c: disable location bar dropdown + * This value controls the total number of entries to appear in the location bar dropdown + * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always + * be displayed (no we do not know how these are calculated or what the threshold is), + * and this does not affect the search by search engine suggestion (see 0808) + * [USAGE] This setting is only useful if you want to enable search engine keywords + * (i.e at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ + // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ user_pref("browser.urlbar.autoFill", false); From e6628e56df629daad605bb3326e7fcba1fdde740 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 May 2017 06:35:50 +1200 Subject: [PATCH 0211/1961] ui.use_standins_for_native_colors #129 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 8728109..b8630a7 100644 --- a/user.js +++ b/user.js @@ -1176,6 +1176,10 @@ user_pref("browser.download.hide_plugins_without_extensions", false); user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) /* 2608: disable JAR from opening Unsafe File Types ***/ user_pref("network.jar.open-unsafe-types", false); +/* 2609: disable exposure of system colors to CSS or canvas (FF44+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ +user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) /* 2611: disable WebIDE to prevent remote debugging and add-on downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); From 7c87abbe78577de6607701b5a53b45491d035ef3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 May 2017 07:40:40 +1200 Subject: [PATCH 0212/1961] Standardize Part3 #115 --- user.js | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/user.js b/user.js index b8630a7..8859893 100644 --- a/user.js +++ b/user.js @@ -444,6 +444,7 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. + * [SETTING] Options>Security>Logins>Use a master password * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ @@ -464,9 +465,8 @@ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); -/* 0908: When attempting to fix an entered URL (see 0802: browser.fixup.alternate.enabled), - * do not fix an entered password along with it: i.e do not turn ~http://user:password@foo into - * ~http://user:password@(prefix)foo(suffix) but instead ~http://user@(prefix)foo(suffix) ***/ +/* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true) + * e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); @@ -518,8 +518,8 @@ user_pref("browser.sessionstore.max_windows_undo", 0); user_pref("browser.sessionstore.privacy_level", 2); /* 1022: disable resuming session from crash [SETUP] ***/ user_pref("browser.sessionstore.resume_from_crash", false); -/* 1023: If you use session restore, increasing the minimal interval between two session save - * operations can help on older machines and some websites, as well as reducing writes, see [1] +/* 1023: set the minimum interval between session save operations - increasing it + * can help on older machines and some websites, as well as reducing writes, see [1] * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: * i.e the longer the interval the more chance a quick tab open/close won't be captured. @@ -625,9 +625,11 @@ user_pref("security.ssl.enable_ocsp_stapling", true); * It's a trade-off between security (checking) and privacy (leaking info to the CA) * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); -/* 1212: require certificate revocation check through OCSP protocol +/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently + * continues the connection. With OCSP revocation, Firefox terminates the connection instead. * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some - * site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ + * site breakage. Some users have previously mentioned issues with youtube, microsoft etc + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ // user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) @@ -718,7 +720,8 @@ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of li * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); -/* 1402: enable icon fonts (glyphs) (FF41+) ***/ +/* 1402: enable icon fonts (glyphs) (FF41+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ user_pref("gfx.downloadable_fonts.enabled", true); /* 1403: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ @@ -868,7 +871,7 @@ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -/*** 2000: MEDIA / CAMERA / MIKE ***/ +/*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [1] https://www.privacytools.io/#webrtc ***/ @@ -879,10 +882,11 @@ user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.identity.timeout", 1); user_pref("media.peerconnection.turn.disable", true); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC -/* 2002: pref which improves the WebRTC IP Leak issue, as opposed to completely - * disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+) - * [1] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ -user_pref("media.peerconnection.ice.default_address_only", true); // (FF41-FF50) +/* 2002: limit WebRTC IP leaks if using WebRTC + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416 + * [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ +user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) user_pref("media.peerconnection.ice.no_host", true); // (FF51+) /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ @@ -896,8 +900,8 @@ user_pref("webgl.disable-fail-if-major-performance-caveat", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); -/* 2012: two more webgl preferences (FF51+) ***/ -user_pref("webgl.dxgl.enabled", false); +/* 2012: disable two more webgl preferences (FF51+) ***/ +user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); /* 2021: disable speech recognition * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition @@ -1045,7 +1049,7 @@ user_pref("full-screen-api.enabled", false); * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ user_pref("javascript.options.asmjs", false); -/* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 +/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 * [WARNING] Causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); @@ -1116,7 +1120,7 @@ user_pref("dom.keyboardevent.dispatch_during_composition", false); * [NOTE] Changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ -user_pref("gfx.direct2d.disabled", true); +user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); /* 2509: disable touch events [SETUP] * fingerprinting attack vector - leaks screen res & actual screen coordinates @@ -1292,7 +1296,7 @@ user_pref("extensions.autoDisableScopes", 15); * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); -/* 2670: close bypassing of CSP via image mime types (FF51+) +/* 2670: disable "image/" mime types bypassing CSP (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) From caa1d2c22e148557b813d70c50c7faab64511bed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 May 2017 15:18:20 +1200 Subject: [PATCH 0213/1961] don't disable update checks #112 i.e change the prefs to inactive - FF nerds can then easily flip the two prefs to achieve the section purpose = "quiet" --- user.js | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/user.js b/user.js index 8859893..adcd242 100644 --- a/user.js +++ b/user.js @@ -17,7 +17,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Auto-updates for Firefox and extensions/addon-ons are disabled (section 0300) + * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) * Some user data is erased (section 2800), namely history (browsing, form, download) * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting @@ -100,35 +100,40 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) user_pref("geo.security.allowinsecure", false); /*** 0300: QUIET FOX - No auto-phoning home for anything. You can still do manual updates. It is still important - to do updates for security reasons. [WARNING] [SETUP] If you don't auto update, make sure you - do manually. There are many legitimate reasons to turn off AUTO updates, including hijacked - monetized extensions, time constraints, legacy issues, and fear of breakage/bugs ***/ + We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). + There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or + monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. + It is still important to do updates for security reasons, please do so manually. ***/ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301a: disable browser auto update check +/* 0301a: disable auto-update checks for Firefox + * [NOTE} Firefox currently checks every 12 hrs and allows 8 day notification dismissal * [SETTING] Options>Advanced>Update>Never check for updates ***/ -user_pref("app.update.enabled", false); -/* 0301b: disable background update service + // user_pref("app.update.enabled", false); +/* 0301b: disable auto-update checks for add-ons ***/ + // user_pref("extensions.update.enabled", false); +/* 0302a: disable auto update installing for Firefox (after the check in 0301a) + * [SETTING] Options>Advanced>Update>Check for updates but let you choose whether to install them + * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ +user_pref("app.update.auto", false); +/* 0302b: disable auto update installing for add-ons (after the check in 0301b) + * [SETTING] about:addons>Extensions>Settings[gear-icon]>Update Addons Automatically (toggle) ***/ +user_pref("extensions.update.autoUpdateDefault", false); +/* 0303: disable background update service [WINDOWS] * [SETTING] Options>Advanced>Update>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); -/* 0301c: ensure update information is not suppressed ***/ -user_pref("app.update.silent", false); -/* 0301d: disable background update staging ***/ +/* 0304: disable background update staging ***/ user_pref("app.update.staging.enabled", false); -/* 0302: disable browser auto update installing (after the check in 0301a) ***/ -user_pref("app.update.auto", false); -/* 0303: disable search update - * [SETTING] Options>Advanced>Update>Automatically update: search engines ***/ -user_pref("browser.search.update", false); -/* 0304: disable add-ons auto update check ***/ -user_pref("extensions.update.enabled", false); -/* 0305: disable add-ons auto update installing (after the check in 0304) ***/ -user_pref("extensions.update.autoUpdateDefault", false); +/* 0305: enforce update information is displayed + * This is the update available, downloaded, error and success information ***/ +user_pref("app.update.silent", false); /* 0306: disable add-on metadata updating * sends daily pings to Mozilla about extensions and recent startups ***/ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); +/* 0308: disable search update + * [SETTING] Options>Advanced>Update>Automatically update: Search Engines ***/ +user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); /* 0310: disable sending the URL of the website where a plugin crashed ***/ From f84e051b50a3411ea0746de2de49e6b24ca84af8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 27 May 2017 16:14:05 +0200 Subject: [PATCH 0214/1961] extensions.blocklist.url https://blocklist.addons.mozilla.org/blocklist/3/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/53.0.3/ ... already redirects to ... https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/53.0.3/ ... in FF53.0.3 so we can already commit this FF54 change that uses the direct URL --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index adcd242..6174dfb 100644 --- a/user.js +++ b/user.js @@ -237,7 +237,7 @@ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!") * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); -user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); +user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: enable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be From 8abe26083c2fcd0dc29d91d696e54695478184aa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 May 2017 12:49:27 +1200 Subject: [PATCH 0215/1961] punycode test and the PoC/article by Xudong Zheng that re-sparked the conversation early this year --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 6174dfb..baacba9 100644 --- a/user.js +++ b/user.js @@ -1313,10 +1313,12 @@ user_pref("security.block_script_with_wrong_mime", true); * Firefox has *some* protections to mitigate the risk, but it is better to be safe * than sorry. The downside: it will also display legitimate IDN's punycoded, which * might be undesirable for users from countries with non-latin alphabets + * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) * [1] http://kb.mozillazine.org/Network.IDN_show_punycode * [2] https://wiki.mozilla.org/IDN_Display_Algorithm * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ ***/ + * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ + * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); /* 2673: enable CSP (Content Security Policy) (default is true) * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ From a4a0ec5cee4d3ceb371feec1067abe4bbf338742 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 May 2017 13:11:34 +1200 Subject: [PATCH 0216/1961] #129 black-on-black system colors --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index baacba9..01b16fc 100644 --- a/user.js +++ b/user.js @@ -1186,6 +1186,7 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) /* 2608: disable JAR from opening Unsafe File Types ***/ user_pref("network.jar.open-unsafe-types", false); /* 2609: disable exposure of system colors to CSS or canvas (FF44+) + * [NOTE] see [2] bug may cause black on black for elements with undefined colors * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) From 2336d0a20b74e5eb911ca888ad526bfe0731297e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 May 2017 02:01:08 +1200 Subject: [PATCH 0217/1961] 0910 add bugzilla tickets --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 01b16fc..4c119cf 100644 --- a/user.js +++ b/user.js @@ -476,7 +476,9 @@ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); /* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) - * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ ***/ + * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); From 956c94f812e76c56b491d9246996f64e0aaa4e07 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 May 2017 04:05:10 +1200 Subject: [PATCH 0218/1961] 2617 pdfjs.disabled better info #114 --- user.js | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 4c119cf..d8f4de6 100644 --- a/user.js +++ b/user.js @@ -1212,15 +1212,19 @@ user_pref("gfx.layerscope.enabled", false); user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); -/* 2617: enable pdf.js as an option to preview PDFs within Firefox - EXPLOIT risk - * Enabling this (set to true) will change your option most likely to "Ask" or "Open with - * some external pdf reader". This does NOT necessarily prevent pdf.js being used via - * other means, it only removes the option. We recommend this is left at default (false). - * 1. It won't stop JS bypassing it. 2. Depending on external pdf viewers there is just as - * much risk or more (acrobat). 3. Mozilla are very quick to patch these sorts of exploits, - * they treat them as severe/critical and 4. for convenience +/* 2617: enable Firefox's built-in PDF reader [SETUP] * [SETTING] Options>Applications>Portable Document Format (PDF) - * [SETUP] By all means, use an external app you consider MORE secure ***/ + * This setting controls if the option "Display in Firefox" in the above setting is available + * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") + * [WHY USE false=default=view PDFs in Firefox] + * pfdjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more + * vetted than most. Exploits are rare (1 serious case in 3 years), treated seriously and patched quickly. + * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It + * maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. + * [WHY USE true=open with or save to disk] + * If you're a PDF security expert who thinks a particular external app is more secure... + * [NOTE] + * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling it's own code (rare) ***/ user_pref("pdfjs.disabled", false); /* 2618: enforce the proxy server to do any DNS lookups when using SOCKS * eg in TOR, this stops your local DNS server from knowing your Tor destination From 8b2b0898c02a168e0f4298dc1b439fcd776ce01c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 31 May 2017 14:04:13 +1200 Subject: [PATCH 0219/1961] typo --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d8f4de6..34a96df 100644 --- a/user.js +++ b/user.js @@ -1217,12 +1217,12 @@ user_pref("network.http.spdy.enabled.http2", false); * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * [WHY USE false=default=view PDFs in Firefox] - * pfdjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more + * pdfjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more * vetted than most. Exploits are rare (1 serious case in 3 years), treated seriously and patched quickly. * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It * maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. * [WHY USE true=open with or save to disk] - * If you're a PDF security expert who thinks a particular external app is more secure... + * If you think a particular external app is more secure... * [NOTE] * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling it's own code (rare) ***/ user_pref("pdfjs.disabled", false); From 4a0ff9ea3349614aade04c086c1c51b3cadb23b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Jun 2017 01:46:09 +1200 Subject: [PATCH 0220/1961] 3006: add-on signing move back from deprecated --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 34a96df..7469612 100644 --- a/user.js +++ b/user.js @@ -1529,6 +1529,10 @@ user_pref("browser.tabs.closeWindowWithLastTab", false); user_pref("browser.backspace_action", 2); /* 3005: disable autocopy default (linux) ***/ // user_pref("clipboard.autocopy", false); +/* 3006: disable enforced add-on signing (FF43+) + * [NOTE] Only applicable to Nightly and ESR (FF48+) + * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Timeline ***/ + // user_pref("xpinstall.signatures.required", false); /* 3007: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ @@ -1694,9 +1698,6 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem * this feature has been added back in Classic Theme Restorer * [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ // user_pref("browser.urlbar.unifiedcomplete", false); -/* 3006: (48+) disable enforced add-on signing - * [NOTE] The preference is still in FF48+, but it's legacy code and does not work in stable ***/ - // user_pref("xpinstall.signatures.required", false); /* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) * [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ * [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello From 76293cab6a3dab0fd2429f843a53c84c1f1e3209 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Jun 2017 01:56:23 +1200 Subject: [PATCH 0221/1961] 3006: add-on signing url fix --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7469612..a277571 100644 --- a/user.js +++ b/user.js @@ -1531,7 +1531,7 @@ user_pref("browser.backspace_action", 2); // user_pref("clipboard.autocopy", false); /* 3006: disable enforced add-on signing (FF43+) * [NOTE] Only applicable to Nightly and ESR (FF48+) - * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Timeline ***/ + * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ // user_pref("xpinstall.signatures.required", false); /* 3007: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window From 9eee26bc350e11b9770879c014d2be0966165e6e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Jun 2017 00:57:36 +1200 Subject: [PATCH 0222/1961] 0330b: unifiedIsOptIn->deprecated --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a277571..3cf86d8 100644 --- a/user.js +++ b/user.js @@ -141,7 +141,7 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); /* 0320: disable extension discovery * featured extensions for displaying in Get Add-ons panel ***/ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); -/* 0330a: disable telemetry +/* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) * IF unified=false then .enabled controls the telemetry module * IF unified=true then .enabled ONLY controls whether to record extended data @@ -149,9 +149,6 @@ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); -/* 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - * is enabled ONLY for people that opted into it, even if unified Telemetry is enabled ***/ -user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) /* 0331: remove url of server telemetry pings are sent to ***/ user_pref("toolkit.telemetry.server", ""); /* 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false ***/ @@ -1682,6 +1679,10 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check /* 0333b: (47+) disable about:healthreport page UNIFIED ***/ // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); +/* 0330b: (47+) set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry + * is enabled ONLY for people that opted into it, even if unified Telemetry is enabled + * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 + // user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) /* 0807: (47+) disable history manipulation * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history * [WARNING] If set to false it breaks some sites (youtube) ability to correctly show the From e4a8dcf0dc87af105b1c6c01a32bc90394e716d1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Jun 2017 01:21:01 +1200 Subject: [PATCH 0223/1961] 0333a: two health report prefs->deprecated --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 3cf86d8..479aecd 100644 --- a/user.js +++ b/user.js @@ -155,8 +155,6 @@ user_pref("toolkit.telemetry.server", ""); user_pref("toolkit.telemetry.archive.enabled", false); /* 0333a: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); -user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) -user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) /* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) * If you have disabled health reports, then this about page is useless - disable it * If you want to see what health data is present, then this must be set at default ***/ @@ -1668,6 +1666,10 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("dom.workers.sharedWorkers.enabled", false); /* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ // user_pref("browser.sessionstore.privacy_level_deferred", 2); +/* 0333a: (46+) disable health report + * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 ***/ + // user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) + // user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) /* 0334b: (46+) disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers ***/ // user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); /* 0373: (46+) disable "Pocket". FF46 replaced these with extensions.pocket.* ***/ @@ -1681,7 +1683,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); /* 0330b: (47+) set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry * is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 + * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 ***/ // user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) /* 0807: (47+) disable history manipulation * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history From f74b3274032e7c2b240e9813857de06772de3ba8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Jun 2017 16:33:00 +1200 Subject: [PATCH 0224/1961] 9999 revamp Nits, review syntax etc. Note: 2 items missing deprecation bugzilla tickets, we can get those in time. Note if each section number is made active, the prefs are also - except those which either match the current js (eg TP/SB not active but we do block reporting) or they make no sense or were inactive originally (eg personal 3000 settings etc) - might want to review those choices as well. Also, a few numbers etc changed to match current numbers (eg replaced by items etc, new sections) --- user.js | 395 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 223 insertions(+), 172 deletions(-) diff --git a/user.js b/user.js index 479aecd..fc47126 100644 --- a/user.js +++ b/user.js @@ -1600,179 +1600,230 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9999: DEPRECATED / REMOVED - Confirmed by resetting as well as via documentation, bugzilla tickets, and DXR searches. - [NOTE] Numbers may get re-used ***/ -/* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when - * this pref was replaced with browser.pagethumbnails.capturing_disabled ***/ - // user_pref("pageThumbs.enabled", false); -/* 2408: (31+) disable network API - fingerprinting vector ***/ - // user_pref("dom.network.enabled", false); -/* 2620: (35+) disable WebSockets - * [1] https://developer.mozilla.org/en-US/Firefox/Releases/35 ***/ - // user_pref("network.websocket.enabled", false); -/* 2023: (37+) disable camera autofocus callback (was in 36, not in 37) - * Not part of any specification, the API will be superceded by the WebRTC Capture - * and Stream API ( http://w3c.github.io/mediacapture-main/getusermedia.html ) - * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ ***/ - // user_pref("camera.control.autofocus_moving_callback.enabled", false); -/* 1804: (41+) disable plugin enumeration ***/ - // user_pref("plugins.enumerable_names", ""); -/* 0420: (42+) disable tracking protection - * this particular pref was never in stable - * labelled v42+ because that's when tracking protection landed ***/ - // user_pref("browser.polaris.enabled", false); -/* 2803: (42+) what to clear on shutdown - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 ***/ +/*** 9999: DEPRECATED / REMOVED / LEGACY + Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, + viewer-friendly version of the deprecated bugzilla tickets. To enable a section + change /* FFxx to // FFxx. The original state of each pref has been preserved, + or changed to match the current setup, but you are advised to review them. + [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ +/* FF42 and older +// 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 +user_pref("pageThumbs.enabled", false); +// 2503: (31+) disable network API - replaced by dom.netinfo.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +user_pref("dom.network.enabled", false); +// 2620: (35+) disable WebSockets + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1091016 +user_pref("network.websocket.enabled", false); +// 1610: (36+) set DNT "value" to "not be tracked" (FF21+) + // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101 + // user_pref("privacy.donottrackheader.value", 1); +// 2023: (37+) disable camera autofocus callback + // The API will be superceded by the WebRTC Capture and Stream API + // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 +user_pref("camera.control.autofocus_moving_callback.enabled", false); +// 0415: (FF41+) disable reporting URLs - removed or replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475 +user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL +user_pref("browser.safebrowsing.reportGenericURL", ""); // removed +user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL +user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed +user_pref("browser.safebrowsing.reportURL", ""); // removed +// 1804: (41+) disable plugin enumeration + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 +user_pref("plugins.enumerable_names", ""); +// 2803: (42+) clear passwords on shutdown + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 // user_pref("privacy.clearOnShutdown.passwords", false); -/* 0411: (43+) disable safebrowsing urls & download ***/ - // user_pref("browser.safebrowsing.gethashURL", ""); - // user_pref("browser.safebrowsing.malware.reportURL", ""); - // user_pref("browser.safebrowsing.provider.google.appRepURL", ""); - // user_pref("browser.safebrowsing.reportErrorURL", ""); - // user_pref("browser.safebrowsing.reportGenericURL", ""); - // user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); - // user_pref("browser.safebrowsing.reportMalwareURL", ""); - // user_pref("browser.safebrowsing.reportURL", ""); - // user_pref("browser.safebrowsing.updateURL", ""); -/* 0420: (43+) disable tracking protection. FF43+ URLs are now part of safebrowsing - * [1] https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs) - * [NOTE] getupdateURL = WRONG / never existed. updateURL = CORRECT and has been added FYI ***/ - // user_pref("browser.trackingprotection.gethashURL", ""); - // user_pref("browser.trackingprotection.getupdateURL", ""); - // user_pref("browser.trackingprotection.updateURL", ""); -/* 1803: (43+) remove plugin finder service - * [1] http://kb.mozillazine.org/Pfs.datasource.url ***/ - // user_pref("pfs.datasource.url", ""); -/* 2403: (43+) disable scripts changing images - * [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - * [WARNING] Will break some sites such as Google Maps and a lot of web apps ***/ - // user_pref("dom.disable_image_src_set", true); -/* 2615: (43+) disable http2 for now as well ***/ - // user_pref("network.http.spdy.enabled.http2draft", false); -/* 3001a: (43+) disable warning when a domain requests full screen - * replaced by setting full-screen-api.warning.timeout to zero ***/ +// 3001a: (42+) disable warning when a domain requests full screen + // replaced by setting full-screen-api.warning.timeout to zero + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017 // user_pref("full-screen-api.approval-required", false); -/* 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search] ***/ +// ***/ +/* FF43 +// 0410's: disable safebrowsing urls & updates - replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL + // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL +user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL +// 0420's: disable tracking protection - replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL + // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL +// 1803: remove plugin finder service + // [1] http://kb.mozillazine.org/Pfs.datasource.url + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 +user_pref("pfs.datasource.url", ""); +// 2614: disable HTTP2 + // [-] +user_pref("network.http.spdy.enabled.http2draft", false); +// 3003: disable new search panel UI + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 // user_pref("browser.search.showOneOffButtons", false); -/* 1201: (44+) block rc4 whitelist - * [1] https://developer.mozilla.org/en-US/Firefox/Releases/44#Security ***/ - // user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -/* 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that - * are open in different tabs, even if the sites do not belong to the same domain. - * [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) - * [2] https://bugs.torproject.org/15562 - * is used in FF 45 and 46 code once, to set it for a test ***/ - // user_pref("dom.workers.sharedWorkers.enabled", false); -/* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ - // user_pref("browser.sessionstore.privacy_level_deferred", 2); -/* 0333a: (46+) disable health report - * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 ***/ - // user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) - // user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) -/* 0334b: (46+) disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers ***/ - // user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -/* 0373: (46+) disable "Pocket". FF46 replaced these with extensions.pocket.* ***/ - // user_pref("browser.pocket.enabled", false); - // user_pref("browser.pocket.api", ""); - // user_pref("browser.pocket.site", ""); - // user_pref("browser.pocket.oAuthConsumerKey", ""); -/* 0410e: (46+) safebrowsing ***/ - // user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check -/* 0333b: (47+) disable about:healthreport page UNIFIED ***/ - // user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -/* 0330b: (47+) set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - * is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - * [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 ***/ - // user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) -/* 0807: (47+) disable history manipulation - * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history - * [WARNING] If set to false it breaks some sites (youtube) ability to correctly show the - * url in location bar and for the forward/back tab history to work ***/ - // user_pref("browser.history.allowPopState", false); - // user_pref("browser.history.allowPushState", false); - // user_pref("browser.history.allowReplaceState", false); -/* (48+) disable dom.mozTCPSocket.enabled (raw TCP socket support) - * [1] https://trac.torproject.org/projects/tor/ticket/18863 - * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ - * [3] https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ - // user_pref("dom.mozTCPSocket.enabled", false); -/* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' - * this feature has been added back in Classic Theme Restorer - * [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ +// ***/ +/* FF44 +// 0414: disable safebrowsing's real-time binary checking (google) (FF43+) + // [-] +user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL +// 1200's: block rc4 whitelist + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1201025 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 +user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); +// 2301: disable SharedWorkers + // [1] https://bugs.torproject.org/15562 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 +user_pref("dom.workers.sharedWorkers.enabled", false); +// 2403: disable scripts changing images + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 + // user_pref("dom.disable_image_src_set", true); +// ***/ +/* FF45 +// 1005: disable deferred level of storing extra session data 0=all 1=http-only 2=none + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379 +user_pref("browser.sessionstore.privacy_level_deferred", 2); +// ***/ +/* FF46 +// 0333a: disable health report + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 +user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) +user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) +// 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522 +user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); +// 0373: disable "Pocket" - replaced by extensions.pocket.* + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 +user_pref("browser.pocket.enabled", false); +user_pref("browser.pocket.api", ""); +user_pref("browser.pocket.site", ""); +user_pref("browser.pocket.oAuthConsumerKey", ""); +// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587 +user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check +// 0420: disable polaris (part of Tracking Protection, never used in stable) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565 + // user_pref("browser.polaris.enabled", false); +// ***/ +/* FF47 +// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry + // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 +user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) +// 0333b: disable about:healthreport page UNIFIED + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 +user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); +// 0807: disable history manipulation + // [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 +user_pref("browser.history.allowPopState", false); +user_pref("browser.history.allowPushState", false); +user_pref("browser.history.allowReplaceState", false); +// ***/ +/* FF48 +// 0806: disable 'unified complete': 'Search with [default search engine]' + // [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 // user_pref("browser.urlbar.unifiedcomplete", false); -/* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) - * [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ - * [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - * [3] https://support.mozilla.org/en-US/kb/hello-status ***/ - // user_pref("loop.enabled", false); - // user_pref("loop.server", ""); - // user_pref("loop.feedback.formURL", ""); - // user_pref("loop.feedback.manualFormURL", ""); - // user_pref("loop.facebook.appId", ""); - // user_pref("loop.facebook.enabled", false); - // user_pref("loop.facebook.fallbackUrl", ""); - // user_pref("loop.facebook.shareUrl", ""); - // user_pref("loop.logDomains", false); -/* 2202: (49+) ONE of the new window UI prefs ***/ - // user_pref("dom.disable_window_open_feature.scrollbars", true); -/* 2431: (49+) disable ONE of the push notification prefs ***/ - // user_pref("dom.push.udp.wakeupEnabled", false); -/* 0101: (50+) disable ONE of the "slow startup" options ***/ - // user_pref("browser.usedOnWindows10.introURL", ""); -/* 0308: (50+) disable update plugin notifications - * if using Flash/Java/Silverlight, it is best to turn on their own auto-update mechanisms. - * See 1804 below: Mozilla only checks a few plugins and will soon do away with NPAPI ***/ - // user_pref("plugins.update.notifyUser", false); -/* 0410a: (50+) "Block dangerous and deceptive content" pref name change ***/ - // user_pref("browser.safebrowsing.enabled", false); // FF49 and earlier -/* 1202: (50+) disable rc4 ciphers - * [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ - * [2] https://trac.torproject.org/projects/tor/ticket/17369 ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); - // user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); - // user_pref("security.ssl3.rsa_rc4_128_md5", false); - // user_pref("security.ssl3.rsa_rc4_128_sha", false); -/* 1809: (50+) remove Mozilla's plugin update URL ***/ - // user_pref("plugins.update.url", ""); -/* 1851: (51+) delay play of videos until they're visible - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 ***/ - // user_pref("media.block-play-until-visible", true); -/* 2504: (51+) disable virtual reality devices ***/ - // user_pref("dom.vr.oculus050.enabled", false); -/* 2614: (51+) disable SPDY ***/ - // user_pref("network.http.spdy.enabled.v3-1", false); -/* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago - * [1] http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ - // user_pref("privacy.donottrackheader.value", 1); // (hidden pref) -/* 1601: (52+) disable referer from an SSL Website - * removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ - // user_pref("network.http.sendSecureXSiteReferrer", false); -/* 1850: (52+) disable the Adobe EME "Primetime CDM" (Content Decryption Module) - * [1] https://trac.torproject.org/projects/tor/ticket/16285 ***/ - // user_pref("media.gmp-eme-adobe.enabled", false); - // user_pref("media.gmp-eme-adobe.visible", false); - // user_pref("media.gmp-eme-adobe.autoupdate", false); -/* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ - // user_pref("dom.telephony.enabled", false); -/* 2502: (52+) disable Battery Status API. Initially a Linux issue (high precision readout) that was fixed. - * However, it is still another metric for fingerprinting, used to raise entropy. - * eg: do you have a battery or not, current charging status, charge level, times remaining etc - * [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - * [3] https://www.w3.org/TR/battery-status/ - * [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online - * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - * [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ - // user_pref("dom.battery.enabled", false); -/* 1265: (53+) block rc4 fallback ***/ - // user_pref("security.tls.unrestricted_rc4_fallback", false); -/* 1806: (53+) disable Acrobat, Quicktime, WMP - * The string refers to min version number allowed ***/ - // user_pref("plugin.scan.Acrobat", "99999"); - // user_pref("plugin.scan.Quicktime", "99999"); - // user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -/* 2022: (53+) disable screensharing ***/ - // user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); -/* 2507: (53+) disable keyboard fingerprinting ***/ - // user_pref("dom.beforeAfterKeyboardEvent.enabled", false); +// ***/ +/* FF49 +// 0372: disable "Hello" + // [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ + // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 +user_pref("loop.enabled", false); +user_pref("loop.server", ""); +user_pref("loop.feedback.formURL", ""); +user_pref("loop.feedback.manualFormURL", ""); +user_pref("loop.facebook.appId", ""); +user_pref("loop.facebook.enabled", false); +user_pref("loop.facebook.fallbackUrl", ""); +user_pref("loop.facebook.shareUrl", ""); +user_pref("loop.logDomains", false); +// 2202: disable new window scrollbars being hidden + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1257887 +user_pref("dom.disable_window_open_feature.scrollbars", true); +// 2303: disable push notification (UDP wake-up) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1265914 +user_pref("dom.push.udp.wakeupEnabled", false); +// ***/ +/* FF50 +// 0101: disable Windows10 intro on startup [WINDOWS] + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633 +user_pref("browser.usedOnWindows10.introURL", ""); +// 0308: disable update plugin notifications + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 +user_pref("plugins.update.notifyUser", false); +// 0410: disable "Block dangerous and deceptive content"- replaced by browser.safebrowsing.phishing.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 + // user_pref("browser.safebrowsing.enabled", false); +// 1266: disable rc4 ciphers + // [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ + // [2] https://trac.torproject.org/projects/tor/ticket/17369 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 +user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); +user_pref("security.ssl3.rsa_rc4_128_md5", false); +user_pref("security.ssl3.rsa_rc4_128_sha", false); +// 1809: remove Mozilla's plugin update URL + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 +user_pref("plugins.update.url", ""); +// ***/ +/* FF51 +// 1851: delay play of videos until they're visible + // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053 +user_pref("media.block-play-until-visible", true); +// 2504: disable virtual reality devices + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244 +user_pref("dom.vr.oculus050.enabled", false); +// 2614: disable SPDY + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 +user_pref("network.http.spdy.enabled.v3-1", false); +// ***/ +/* FF52 +// 1601: disable referer from an SSL Website + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 +user_pref("network.http.sendSecureXSiteReferrer", false); +// 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) + // [1] https://trac.torproject.org/projects/tor/ticket/16285 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329538 // FF52 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1337121 // FF52 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329543 // FF53 +user_pref("media.gmp-eme-adobe.enabled", false); +user_pref("media.gmp-eme-adobe.visible", false); +user_pref("media.gmp-eme-adobe.autoupdate", false); +// 2405: disable WebTelephony API + // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719 +user_pref("dom.telephony.enabled", false); +// 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that + // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. + // eg: do you have a battery or not, current charging status, charge level, times remaining etc + // [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + // [3] https://www.w3.org/TR/battery-status/ + // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + // [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 +user_pref("dom.battery.enabled", false); +// ***/ +/* FF53 +// 1265: block rc4 fallback + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670 +user_pref("security.tls.unrestricted_rc4_fallback", false); +// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317109 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317110 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317108 +user_pref("plugin.scan.Acrobat", "99999"); +user_pref("plugin.scan.Quicktime", "99999"); +user_pref("plugin.scan.WindowsMediaPlayer", "99999"); +// 2022: disable screensharing + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329562 +user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); +// 2507: disable keyboard fingerprinting + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 +user_pref("dom.beforeAfterKeyboardEvent.enabled", false); +// ***/ From ed9bc336fa8d9643c30fe1c716e2b0b0163f452d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Jun 2017 07:08:16 +1200 Subject: [PATCH 0225/1961] 9999 revamp fixups --- user.js | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/user.js b/user.js index fc47126..c105ecc 100644 --- a/user.js +++ b/user.js @@ -1600,12 +1600,13 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); -/*** 9999: DEPRECATED / REMOVED / LEGACY +/*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, viewer-friendly version of the deprecated bugzilla tickets. To enable a section change /* FFxx to // FFxx. The original state of each pref has been preserved, or changed to match the current setup, but you are advised to review them. - [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ + [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 +***/ /* FF42 and older // 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 @@ -1625,7 +1626,7 @@ user_pref("network.websocket.enabled", false); // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); -// 0415: (FF41+) disable reporting URLs - removed or replaced by various +// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475 user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL user_pref("browser.safebrowsing.reportGenericURL", ""); // removed @@ -1635,6 +1636,9 @@ user_pref("browser.safebrowsing.reportURL", ""); // removed // 1804: (41+) disable plugin enumeration // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 user_pref("plugins.enumerable_names", ""); +// 2614: (41+) disable HTTP2 (draft) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 +user_pref("network.http.spdy.enabled.http2draft", false); // 2803: (42+) clear passwords on shutdown // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 // user_pref("privacy.clearOnShutdown.passwords", false); @@ -1657,19 +1661,15 @@ user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing // [1] http://kb.mozillazine.org/Pfs.datasource.url // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 user_pref("pfs.datasource.url", ""); -// 2614: disable HTTP2 - // [-] -user_pref("network.http.spdy.enabled.http2draft", false); // 3003: disable new search panel UI // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 // user_pref("browser.search.showOneOffButtons", false); // ***/ /* FF44 // 0414: disable safebrowsing's real-time binary checking (google) (FF43+) - // [-] + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL // 1200's: block rc4 whitelist - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1201025 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // 2301: disable SharedWorkers @@ -1677,11 +1677,14 @@ user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 user_pref("dom.workers.sharedWorkers.enabled", false); // 2403: disable scripts changing images + // [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 + // [WARNING] Will break some sites such as Google Maps and a lot of web apps // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 // user_pref("dom.disable_image_src_set", true); // ***/ /* FF45 -// 1005: disable deferred level of storing extra session data 0=all 1=http-only 2=none +// 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none + // extra session data contains contents of forms, scrollbar positions, cookies and POST data // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379 user_pref("browser.sessionstore.privacy_level_deferred", 2); // ***/ @@ -1725,7 +1728,7 @@ user_pref("browser.history.allowReplaceState", false); // 0806: disable 'unified complete': 'Search with [default search engine]' // [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 - // user_pref("browser.urlbar.unifiedcomplete", false); +user_pref("browser.urlbar.unifiedcomplete", false); // ***/ /* FF49 // 0372: disable "Hello" @@ -1752,15 +1755,14 @@ user_pref("dom.push.udp.wakeupEnabled", false); // 0101: disable Windows10 intro on startup [WINDOWS] // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633 user_pref("browser.usedOnWindows10.introURL", ""); -// 0308: disable update plugin notifications +// 0308: disable plugin update notifications // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 user_pref("plugins.update.notifyUser", false); // 0410: disable "Block dangerous and deceptive content"- replaced by browser.safebrowsing.phishing.enabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 // user_pref("browser.safebrowsing.enabled", false); // 1266: disable rc4 ciphers - // [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ - // [2] https://trac.torproject.org/projects/tor/ticket/17369 + // [1] https://trac.torproject.org/projects/tor/ticket/17369 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); From d1e02e407b801e77871b416147e9ade0632482ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Jun 2017 08:08:26 +1200 Subject: [PATCH 0226/1961] start 54 commits 10 days to go guys and gals --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index c105ecc..c64cc87 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 27 April 2017 -* version 53: Achy Breaky Pants -* "But don't tell my pants, my achy breaky pants, I just don't think they'd understand" +* date: 03 June 2017 +* version 54-beta: Pantsthumping +* "I get pulled down, but I get up again, you're never gonna keep me down" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From a4be5471f1d2d08b913b710160652f7a3f045dc4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Jun 2017 09:15:09 +1200 Subject: [PATCH 0227/1961] 0607 [WINDOWS] tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c64cc87..d594ef3 100644 --- a/user.js +++ b/user.js @@ -339,7 +339,7 @@ user_pref("network.http.speculative-parallel-limit", 0); * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); -/* 0607: disable links launching Windows Store on Windows 8/8.1/10 +/* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ From 9859cc8889bff5a3e8ae7af75542c7171f01e57a Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 4 Jun 2017 18:11:46 +0200 Subject: [PATCH 0228/1961] 9999 nits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d594ef3..ffdc637 100644 --- a/user.js +++ b/user.js @@ -1726,7 +1726,7 @@ user_pref("browser.history.allowReplaceState", false); // ***/ /* FF48 // 0806: disable 'unified complete': 'Search with [default search engine]' - // [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html + // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 user_pref("browser.urlbar.unifiedcomplete", false); // ***/ @@ -1758,7 +1758,7 @@ user_pref("browser.usedOnWindows10.introURL", ""); // 0308: disable plugin update notifications // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 user_pref("plugins.update.notifyUser", false); -// 0410: disable "Block dangerous and deceptive content"- replaced by browser.safebrowsing.phishing.enabled +// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 // user_pref("browser.safebrowsing.enabled", false); // 1266: disable rc4 ciphers From 08fbc37870f7980e07f27a874a75e34ae30a0cf3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 5 Jun 2017 16:12:55 +1200 Subject: [PATCH 0229/1961] 1266: add ref link --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index ffdc637..786cd56 100644 --- a/user.js +++ b/user.js @@ -1764,6 +1764,7 @@ user_pref("plugins.update.notifyUser", false); // 1266: disable rc4 ciphers // [1] https://trac.torproject.org/projects/tor/ticket/17369 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 + // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); user_pref("security.ssl3.rsa_rc4_128_md5", false); From 0006ee04b4bc3470894059a85727ef7f513548e0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jun 2017 04:08:24 +1200 Subject: [PATCH 0230/1961] 1202: TLS max+fallback=>active regardless of default, time to turn it on in 54 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 786cd56..aa9cfbc 100644 --- a/user.js +++ b/user.js @@ -602,8 +602,8 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ // user_pref("security.tls.version.min", 2); - // user_pref("security.tls.version.fallback-limit", 3); - // user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 +user_pref("security.tls.version.fallback-limit", 3); +user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1203: disable SSL session tracking (FF36+) * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, From 1621cd5e4805a9ad47536bce207945ab27fee643 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jun 2017 04:38:38 +1200 Subject: [PATCH 0231/1961] 0361: disable Activity Stream --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index aa9cfbc..413d041 100644 --- a/user.js +++ b/user.js @@ -190,6 +190,9 @@ user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); +/* 0361: disable Activity Stream (system addon) (FF54+) + * [1] https://wiki.mozilla.org/Firefox/Activity_Stream ***/ +user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ From ec03969d98f3f8f26ba232aa772a5bb0ca4c8e63 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jun 2017 05:07:48 +1200 Subject: [PATCH 0232/1961] 0863: disable Form Autofill --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 413d041..f34c9bd 100644 --- a/user.js +++ b/user.js @@ -431,6 +431,10 @@ user_pref("browser.urlbar.oneOffSearches", false); * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); +/* 0863: disable Form Autofill (FF54+) + * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ + * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ +user_pref("browser.formautofill.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From 1a04c1314e47ffa31fd7a3ef5fd5ee906784324a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jun 2017 05:11:59 +1200 Subject: [PATCH 0233/1961] 0809: disable preloaded top website suggestions --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index f34c9bd..51ad012 100644 --- a/user.js +++ b/user.js @@ -393,6 +393,9 @@ user_pref("browser.search.suggest.enabled", false); * [SETTING] Options>Search>Show search suggestions in location bar results ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) +/* 0809: disable location bar suggesting "preloaded" top websites (FF54+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ +user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0850a: disable location bar autocomplete [controlled by 0850b] // user_pref("browser.urlbar.autocomplete.enabled", false); /* 0850b: disable location bar suggestion types [controls 0850a] From dd01dd54c65de3c62ee1e91666ed3dedec44b95b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jun 2017 06:22:19 +1200 Subject: [PATCH 0234/1961] 1100s: add 2 process/sandbox prefs => inactive --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 51ad012..12597c6 100644 --- a/user.js +++ b/user.js @@ -564,7 +564,7 @@ user_pref("browser.shell.shortcutFavicons", false); // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref) // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) // user_pref("extensions.e10sBlocksEnabling", false); -/* 1102: control number of e10s processes +/* 1102: control number of content rendering processes * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); @@ -577,6 +577,8 @@ user_pref("browser.shell.shortcutFavicons", false); // user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); +/* 1106: control number of WebExtension processes ***/ + // user_pref("dom.ipc.processCount.extension", 1); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox @@ -584,6 +586,8 @@ user_pref("dom.ipc.shims.enabledWarnings", true); // user_pref("security.sandbox.content.level", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); +/* 1111: enable sandbox logging ***/ + // user_pref("security.sandbox.logging.enabled", true); /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack From 9340f8ba04faa2f32e2dd917fda97057e926acfd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 9 Jun 2017 01:05:56 +1200 Subject: [PATCH 0235/1961] 1240: add reference --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 12597c6..48fbb7a 100644 --- a/user.js +++ b/user.js @@ -673,7 +673,8 @@ user_pref("security.cert_pinning.enforcement_level", 2); * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ user_pref("network.stricttransportsecurity.preloadlist", true); /** MIXED CONTENT ***/ -/* 1240: disable insecure active content on https pages - mixed content ***/ +/* 1240: disable insecure active content on https pages - mixed content + * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ user_pref("security.mixed_content.block_active_content", true); /* 1241: disable insecure passive content (such as images) on https pages - mixed context * [WARNING] When set to true, this will visually break many sites (March 2017) ***/ From 9719fc319d652f5a06d0d8deea4822decb9edc8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 9 Jun 2017 01:08:19 +1200 Subject: [PATCH 0236/1961] 0603b: add reference --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 48fbb7a..e17d359 100644 --- a/user.js +++ b/user.js @@ -330,7 +330,8 @@ user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) user_pref("network.predictor.enabled", false); /* 0603b: disable more Necko/Captive Portal * [1] https://en.wikipedia.org/wiki/Captive_portal - * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ + * [2] https://wiki.mozilla.org/Necko/CaptivePortal + * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) /* 0605: disable link-mouseover opening connection to linked server From b53b4832d456c4e5eaa601a4f115472c11c0a3a0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 9 Jun 2017 01:11:55 +1200 Subject: [PATCH 0237/1961] 1220: add reference --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index e17d359..553750b 100644 --- a/user.js +++ b/user.js @@ -652,7 +652,8 @@ user_pref("security.OCSP.enabled", 1); /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) * 0=disable detecting Family Safety mode and importing the root * 1=only attempt to detect Family Safety mode (don't import the root) - * 2=detect Family Safety mode and import the root ***/ + * 2=detect Family Safety mode and import the root + * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); /* 1221: disable intermediate certificate caching (fingerprinting attack vector) * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) From 75f6bc8b5d1ae8b49a060b282e056033c82ce9c6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 10 Jun 2017 07:33:04 +1200 Subject: [PATCH 0238/1961] 2699g: reduce precision of time exposed by JS --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 553750b..7928f2b 100644 --- a/user.js +++ b/user.js @@ -1431,6 +1431,8 @@ user_pref("security.csp.experimentalEnabled", true); /* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) * This spoof *shouldn't* affect core chrome/Firefox performance * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ +/* 2699g: reduce precision of time exposed by javascript (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ From 82432a3d402f0349312caad3bf8776cdfac4d05a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 12 Jun 2017 23:55:17 +1200 Subject: [PATCH 0239/1961] FF54 deprecated --- user.js | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 7928f2b..496c90b 100644 --- a/user.js +++ b/user.js @@ -279,8 +279,6 @@ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); /* 0415: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); -user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); -user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+) @@ -882,7 +880,6 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required -user_pref("media.eme.apiVisible", false); // block websites detecting DRM is disabled /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * and disable pings to the external update/download server * This is the bundled codec used for video chat in WebRTC ***/ @@ -1076,9 +1073,6 @@ user_pref("javascript.options.asmjs", false); /* 2422: disable WebAssembly for now (FF52+) * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); -/* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly - * in the browser, through DOM file objects. Default is false. ***/ -user_pref("dom.archivereader.enabled", false); /* 2426: disable Intersection Observer API (FF53+) * Almost a year to complete, three versions late to stable (as default false), * number #1 cause of crashes in nightly numerous times, and is (primarily) an @@ -1849,3 +1843,16 @@ user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 user_pref("dom.beforeAfterKeyboardEvent.enabled", false); // ***/ +/* FF54 +// 0415: disable reporting URLs (safe browsing) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633 +user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); +user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); +// 1830: block websites detecting DRM is disabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321 +user_pref("media.eme.apiVisible", false); +// 2425: disable Archive Reader API + // i.e reading archive contents directly in the browser, through DOM file objects + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 +user_pref("dom.archivereader.enabled", false); +// ***/ From 3c7789defccf3664f8ce4f67b38677e0ea5b5430 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Jun 2017 00:11:26 +1200 Subject: [PATCH 0240/1961] 2300 revamp #71 --- user.js | 47 +++++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/user.js b/user.js index 496c90b..d243fee 100644 --- a/user.js +++ b/user.js @@ -988,33 +988,48 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [2] https://support.mozilla.org/en-US/questions/1043508 ***/ user_pref("dom.disable_beforeunload", true); -/*** 2300: SERVICE WORKERS ***/ +/*** 2300: WEB WORKERS [SETUP] + A worker is a JS "background task" running in a global context, i.e it is different from + the current window. Workers can spawn new workers (must be the same origin & scheme), + including service and shared workers. Shared workers can be utilized by multiple scripts + and communicate between browsing contexts (windows/tabs/iframes) and can even control your + cache. Push and web notifications require service workers, which in turn require workers. + + [WARNING] Disabling workers *will* break sites (eg Google Street View, Twitter). + It is recommended that you use a separate profile for these sorts of sites. + + [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API + [2] Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker + [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API + [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker + [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker + ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -/* 2301: disable workers API and service workers API - * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) - * [WARNING] Will break sites especially workers eg Google Street View - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Worker - * [2] https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API - * [3] http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/ +/* 2301: disable workers + * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/ user_pref("dom.workers.enabled", false); +/* 2302: disable service workers + * Service workers essentially act as proxy servers that sit between web apps, and the browser + * and network, are event driven, and can control the web page/site it is associated with, + * intercepting and modifying navigation and resource requests, and caching resources. + * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. + * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); -/* 2302: disable service workers cache and cache storage ***/ +/* 2303: disable service workers' cache and cache storage ***/ user_pref("dom.caches.enabled", false); -/* 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled] +/* 2304: disable web notifications + * [NOTE] You can still override individual domains under site permissions (FF44+) + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API ***/ +user_pref("dom.webnotifications.enabled", false); +user_pref("dom.webnotifications.serviceworker.enabled", false); +/* 2305: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * [WARNING] May affect social media sites like Twitter * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); -/* 2304: disable web/push notifications - * [NOTE] You can still override individual domains under site permissions (FF44+) - * [WARNING] May affect social media sites like Twitter - * [1] https://developer.mozilla.org/en-US/docs/Web/API/notification ***/ -user_pref("dom.webnotifications.enabled", false); -user_pref("dom.webnotifications.serviceworker.enabled", false); /*** 2400: DOM & JAVASCRIPT ***/ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); From ab7dfb7f43770583eebaa5b604e065d43fb4286a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Jun 2017 19:12:34 +1200 Subject: [PATCH 0241/1961] 2001: disable WebRTC over TCP --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index d243fee..3190c8c 100644 --- a/user.js +++ b/user.js @@ -897,6 +897,7 @@ user_pref("media.peerconnection.video.enabled", false); user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.identity.timeout", 1); user_pref("media.peerconnection.turn.disable", true); +user_pref("media.peerconnection.ice.tcp" false); // (FF54+) user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 From 44c4a628203d4939ae2be93cf667e34a5b42ce2d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Jun 2017 19:24:23 +1200 Subject: [PATCH 0242/1961] fix syntax from last commit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3190c8c..7395180 100644 --- a/user.js +++ b/user.js @@ -897,7 +897,7 @@ user_pref("media.peerconnection.video.enabled", false); user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.identity.timeout", 1); user_pref("media.peerconnection.turn.disable", true); -user_pref("media.peerconnection.ice.tcp" false); // (FF54+) +user_pref("media.peerconnection.ice.tcp", false); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 From 8a9a4fe4270f00a536d2d892934169be9706102b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 03:38:45 +1200 Subject: [PATCH 0243/1961] 2515: disable site specific zoom #135 --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index 7395180..db02018 100644 --- a/user.js +++ b/user.js @@ -1186,6 +1186,11 @@ user_pref("dom.presentation.session_transport.data_channel.enable", false); * [3] https://trac.torproject.org/projects/tor/ticket/22127 * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/ // user_pref("dom.maxHardwareConcurrency", 2); +/* 2515: disable site specific zoom + * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using + * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs + * and new windows are reset to default and only the current tab retains the current zoom ***/ +user_pref("browser.zoom.siteSpecific", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From b9e321c45aff9456dd53b65145b2aa07d854b55c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 04:09:31 +1200 Subject: [PATCH 0244/1961] 2805: privacy.*.openWindows --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index db02018..ce4181b 100644 --- a/user.js +++ b/user.js @@ -1527,10 +1527,11 @@ user_pref("privacy.cpd.offlineApps", true); // Offline Website Data user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences -/* 2805: privacy.*.openWindows (FF34+) - * We don't know what they do because we don't care what they do ***/ -user_pref("privacy.clearOnShutdown.openWindows", false); -user_pref("privacy.cpd.openWindows", false); +/* 2805: privacy.*.openWindows (clear session restore data) (FF34+) + * [WARNING] There is a years-old bug that these cause two windows when Firefox restarts. + * You do not need these anyway if session restore is disabled (see 1020) ***/ + // user_pref("privacy.clearOnShutdown.openWindows", true); + // user_pref("privacy.cpd.openWindows", true); /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) * Firefox remembers your last choice. This will reset the value when you start Firefox. * 0=everything, 1=last hour, 2=last two hours, 3=last four hours From f61c951ca0212a9f1b0b16a86ab5c222f0889a9b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 04:13:53 +1200 Subject: [PATCH 0245/1961] 3029: disable Firefox Screenshots --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index ce4181b..251ddec 100644 --- a/user.js +++ b/user.js @@ -1631,6 +1631,10 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); user_pref("browser.urlbar.decodeURLsOnCopy", true); /* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ // user_pref("general.autoScroll", false); +/* 3029: disable Firefox Screenshots (FF54+) + * [1] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ + * [2] https://github.com/mozilla-services/screenshots ***/ + // user_pref("extensions.screenshots.system-disabled", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From 1ad970741caac3f18c08e1a4c98e45208f3a6611 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 04:37:46 +1200 Subject: [PATCH 0246/1961] 1606: default Referrer Policy=>active --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 251ddec..281f0bd 100644 --- a/user.js +++ b/user.js @@ -816,7 +816,7 @@ user_pref("network.http.referer.spoofSource", false); * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ - // user_pref("network.http.referer.userControlPolicy", 3); +user_pref("network.http.referer.userControlPolicy", 3); /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * TBB (Tor Browser Bundle) which is specifically designed for the dark web From eeedf0db729c1bd5196709ab0044ca5881b6d9f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 04:56:00 +1200 Subject: [PATCH 0247/1961] 1032: favicons in web notifications=>active enforce default --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 281f0bd..2d0b1ed 100644 --- a/user.js +++ b/user.js @@ -548,7 +548,7 @@ user_pref("browser.shell.shortcutFavicons", false); // user_pref("browser.chrome.site_icons", false); // user_pref("browser.chrome.favicons", false); /* 1032: disable favicons in web notifications ***/ - // user_pref("alerts.showFavicons", false); +user_pref("alerts.showFavicons", false); /*** 1100: MULTI-PROCESS (e10s) We recommend you let Firefox handle this. Until e10s is enforced, if @@ -1528,7 +1528,7 @@ user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: privacy.*.openWindows (clear session restore data) (FF34+) - * [WARNING] There is a years-old bug that these cause two windows when Firefox restarts. + * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts. * You do not need these anyway if session restore is disabled (see 1020) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); From 46bfeca8c206f7c9715b6c59e2643b5fb647257f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 06:04:32 +1200 Subject: [PATCH 0248/1961] #138 These all seem kinda lame TBH --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 2d0b1ed..f7f23ba 100644 --- a/user.js +++ b/user.js @@ -497,7 +497,8 @@ user_pref("browser.cache.disk.smart_size.first_run", false); /* 1002: disable disk cache for SSL pages * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); -/* 1003: disable memory cache ***/ +/* 1003: disable memory cache + * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); /* 1004: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); @@ -505,9 +506,11 @@ user_pref("browser.cache.offline.enable", false); * To improve performance when pressing back/forward Firefox stores visited pages * so they don't have to be re-parsed. This is not the same as memory cache. * 0=none, -1=auto (that's minus 1), or for other values see [1] + * [NOTE] Not recommended unless you know what you're doing * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1006: disable permissions manager from writing to disk (requires restart) + * [NOTE] This means any permission exceptions are session only * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) /* 1007: disable randomized FF HTTP cache decay experiments From eba592c7e587ef914cab5ffd38996f619d8eff19 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Jun 2017 06:08:25 +1200 Subject: [PATCH 0249/1961] minor edit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f7f23ba..2027b87 100644 --- a/user.js +++ b/user.js @@ -510,7 +510,7 @@ user_pref("browser.cache.offline.enable", false); * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1006: disable permissions manager from writing to disk (requires restart) - * [NOTE] This means any permission exceptions are session only + * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) /* 1007: disable randomized FF HTTP cache decay experiments From 7a0fbb6a31d574e18e9e1ee45991312ef678430d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 15 Jun 2017 02:48:55 +1200 Subject: [PATCH 0250/1961] end of 54 commits ready for alpha release and changelog --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2027b87..21fa11b 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 03 June 2017 -* version 54-beta: Pantsthumping +* date: 14 June 2017 +* version 54: Pantsthumping * "I get pulled down, but I get up again, you're never gonna keep me down" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 7b2d67976ccff6666698407d578e2d40c26c22b2 Mon Sep 17 00:00:00 2001 From: Carmen Bianca Bakker Date: Sat, 17 Jun 2017 09:13:14 +0200 Subject: [PATCH 0251/1961] Convert line endings to LF Added .gitattributes file to prevent CRLF from being committed in the future. Fixes #145 --- .gitattributes | 8 + user.js | 3774 ++++++++++++++++++++++++------------------------ 2 files changed, 1895 insertions(+), 1887 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..c57b4ca --- /dev/null +++ b/.gitattributes @@ -0,0 +1,8 @@ +* text=auto + +*.js text +*.md text +*.yml text +*.txt text + +*.png binary diff --git a/user.js b/user.js index 21fa11b..0ffa575 100644 --- a/user.js +++ b/user.js @@ -1,1887 +1,1887 @@ -/****** -* name: ghacks user.js -* date: 14 June 2017 -* version 54: Pantsthumping -* "I get pulled down, but I get up again, you're never gonna keep me down" -* authors: v52+ github | v51- www.ghacks.net -* url: https://github.com/ghacksuserjs/ghacks-user.js - -* releases: These are end-of-stable-life-cycle legacy archives. - *Always* use the master branch user.js for a current up-to-date version. - url: https://github.com/ghacksuserjs/ghacks-user.js/releases - -* README: - - 1. READ the full README - * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md - 2. READ this - * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation - 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) - * Some user data is erased (section 2800), namely history (browsing, form, download) - * Site breakage WILL happen - - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting - and these need to be balanced against Functionality & Convenience & Breakage - * You will need to make a few changes to suit your own needs - - Search this file for the "[SETUP]" tag to find SOME common items you could check - before using to avoid unexpected surprises - - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues - 4. BACKUP BACKUP BACKUP your profile folder before implementing (and/or test in a new profile) - 5. Did you do a BACKUP? - - ******/ - -/* START: internal custom pref to test for syntax errors (thanks earthling) - * Yes, this next pref setting is redundant, but we like it! - * [1] https://en.wikipedia.org/wiki/Dead_parrot - * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ -user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); - -/* 0001: start Firefox in PB (Private Browsing) mode - * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode - * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed - * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, - * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or - * removes the ability to control these, and you need to quit Firefox to clear them. PB is best - * used as a one off window (File>New Private Window) to provide a temporary self-contained - * new instance. Closing all Private Windows clears all traces. Repeat as required. - * [1] https://wiki.mozilla.org/Private_Browsing ***/ - // user_pref("browser.privatebrowsing.autostart", true); - -/*** 0100: STARTUP ***/ -user_pref("ghacks_user.js.parrot", "0100 syntax error: the parrot's dead!"); -/* 0101: disable "slow startup" options - * warnings, disk history, welcomes, intros, EULA, default browser check ***/ -user_pref("browser.slowStartup.notificationDisabled", true); -user_pref("browser.slowStartup.maxSamples", 0); -user_pref("browser.slowStartup.samples", 0); -user_pref("browser.rights.3.shown", true); -user_pref("browser.startup.homepage_override.mstone", "ignore"); -user_pref("startup.homepage_welcome_url", ""); -user_pref("startup.homepage_welcome_url.additional", ""); -user_pref("startup.homepage_override_url", ""); // what's new page after updates -user_pref("browser.laterrun.enabled", false); -user_pref("browser.shell.checkDefaultBrowser", false); -/* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) - * home = browser.startup.homepage preference. - * [SETTING] Options>General>Startup>When Firefox starts ***/ - // user_pref("browser.startup.page", 0); - -/*** 0200: GEOLOCATION ***/ -user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: disable location-aware browsing, but enforce Mozilla's service over Google's ***/ -user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); -user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation -user_pref("geo.wifi.logging.enabled", false); // (hidden pref) -user_pref("browser.search.geoip.url", ""); -user_pref("browser.search.geoip.timeout", 1); -/* 0202: disable GeoIP-based search results - * [NOTE] May not be hidden if Firefox has changed your settings due to your locale - * [1] https://trac.torproject.org/projects/tor/ticket/16254 ***/ -user_pref("browser.search.countryCode", "US"); // (hidden pref) -user_pref("browser.search.region", "US"); // (hidden pref) -/* 0203: disable using OS locale, force APP locale ***/ -user_pref("intl.locale.matchOS", false); -/* 0204: set APP locale ***/ -user_pref("general.useragent.locale", "en-US"); -/* 0206: disable geographically specific results/search engines eg: "browser.search.*.US" - * i.e ignore all of Mozilla's various search engines in multiple locales ***/ -user_pref("browser.search.geoSpecificDefaults", false); -user_pref("browser.search.geoSpecificDefaults.url", ""); -/* 0207: set language to match ***/ -user_pref("intl.accept_languages", "en-US, en"); -/* 0208: enforce US English locale regardless of the system locale - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ -user_pref("javascript.use_us_english_locale", true); // (hidden pref) -/* 0209: disable geolocation on non-secure origins (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 - * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ -user_pref("geo.security.allowinsecure", false); - -/*** 0300: QUIET FOX - We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). - There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or - monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. - It is still important to do updates for security reasons, please do so manually. ***/ -user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301a: disable auto-update checks for Firefox - * [NOTE} Firefox currently checks every 12 hrs and allows 8 day notification dismissal - * [SETTING] Options>Advanced>Update>Never check for updates ***/ - // user_pref("app.update.enabled", false); -/* 0301b: disable auto-update checks for add-ons ***/ - // user_pref("extensions.update.enabled", false); -/* 0302a: disable auto update installing for Firefox (after the check in 0301a) - * [SETTING] Options>Advanced>Update>Check for updates but let you choose whether to install them - * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ -user_pref("app.update.auto", false); -/* 0302b: disable auto update installing for add-ons (after the check in 0301b) - * [SETTING] about:addons>Extensions>Settings[gear-icon]>Update Addons Automatically (toggle) ***/ -user_pref("extensions.update.autoUpdateDefault", false); -/* 0303: disable background update service [WINDOWS] - * [SETTING] Options>Advanced>Update>Use a background service to install updates ***/ -user_pref("app.update.service.enabled", false); -/* 0304: disable background update staging ***/ -user_pref("app.update.staging.enabled", false); -/* 0305: enforce update information is displayed - * This is the update available, downloaded, error and success information ***/ -user_pref("app.update.silent", false); -/* 0306: disable add-on metadata updating - * sends daily pings to Mozilla about extensions and recent startups ***/ -user_pref("extensions.getAddons.cache.enabled", false); -/* 0307: disable auto updating of personas (themes) ***/ -user_pref("lightweightThemes.update.enabled", false); -/* 0308: disable search update - * [SETTING] Options>Advanced>Update>Automatically update: Search Engines ***/ -user_pref("browser.search.update", false); -/* 0309: disable sending Flash crash reports ***/ -user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -/* 0310: disable sending the URL of the website where a plugin crashed ***/ -user_pref("dom.ipc.plugins.reportCrashURL", false); -/* 0320: disable extension discovery - * featured extensions for displaying in Get Add-ons panel ***/ -user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); -/* 0330: disable telemetry - * the pref (.unified) affects the behaviour of the pref (.enabled) - * IF unified=false then .enabled controls the telemetry module - * IF unified=true then .enabled ONLY controls whether to record extended data - * so make sure to have both set as false - * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ -user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.enabled", false); -/* 0331: remove url of server telemetry pings are sent to ***/ -user_pref("toolkit.telemetry.server", ""); -/* 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false ***/ -user_pref("toolkit.telemetry.archive.enabled", false); -/* 0333a: disable health report ***/ -user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) - * If you have disabled health reports, then this about page is useless - disable it - * If you want to see what health data is present, then this must be set at default ***/ -user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); -/* 0334: disable new data submission, master kill switch (FF41+) - * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ -user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0335: remove telemetry clientID ***/ -user_pref("toolkit.telemetry.cachedClientID", ""); -/* 0336: disable "Heartbeat" (Mozilla user rating telemetry) - * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ -user_pref("browser.selfsupport.enabled", false); // (hidden pref) -user_pref("browser.selfsupport.url", ""); -/* 0340: disable experiments - * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("experiments.supported", false); -user_pref("experiments.activeExperiment", false); -/* 0341: disable Mozilla permission to silently opt you into tests ***/ -user_pref("network.allow-experiments", false); -/* 0350: disable crash reports ***/ -user_pref("breakpad.reportURL", ""); -/* 0351: disable sending of crash reports (FF44+) ***/ -user_pref("browser.tabs.crashReporting.sendReport", false); -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+) -/* 0360: disable new tab tile ads & preload & marketing junk ***/ -user_pref("browser.newtab.preload", false); -user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); -user_pref("browser.newtabpage.directory.source", "data:text/plain,"); -user_pref("browser.newtabpage.enabled", false); -user_pref("browser.newtabpage.enhanced", false); -user_pref("browser.newtabpage.introShown", true); -/* 0361: disable Activity Stream (system addon) (FF54+) - * [1] https://wiki.mozilla.org/Firefox/Activity_Stream ***/ -user_pref("browser.newtabpage.activity-stream.enabled", false); -/* 0370: disable "Snippets" (Mozilla content shown on about:home screen) - * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks - * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ -user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); -/* 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure - * [NOTE] Important: Remove the pocket icon from your toolbar first - * [1] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ -user_pref("extensions.pocket.enabled", false); -user_pref("extensions.pocket.api", ""); -user_pref("extensions.pocket.site", ""); -user_pref("extensions.pocket.oAuthConsumerKey", ""); -/* 0374: disable "social" integration - * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ -user_pref("social.whitelist", ""); -user_pref("social.toast-notifications.enabled", false); -user_pref("social.shareDirectory", ""); -user_pref("social.remote-install.enabled", false); -user_pref("social.directories", ""); -user_pref("social.share.activationPanelEnabled", false); -user_pref("social.enabled", false); // (hidden pref) -/* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers - * [1] https://wiki.mozilla.org/FlyWeb - * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ -user_pref("dom.flyweb.enabled", false); - -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION - This section has security & tracking protection implications vs privacy concerns vs effectiveness - vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) - and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. - - Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed to - lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. They - do rely on 3rd parties: Google for safe browsing and Disconnect for tracking protection. but many steps, - continually being improved, have been taken to preserve privacy. Disable at your own risk. -***/ -user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/** BLOCKLISTS ***/ -/* 0401: enable Firefox blocklist, but sanitize blocklist url - * [NOTE] It includes updates for "revoked certificates" - * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl - * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ -user_pref("extensions.blocklist.enabled", true); -user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: enable Kinto blocklist updates (FF50+) - * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes ***/ -user_pref("services.blocklist.update_enabled", true); -user_pref("services.blocklist.signing.enforced", true); -/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ - // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates - // user_pref("services.blocklist.addons.collection", ""); - // user_pref("services.blocklist.plugins.collection", ""); - // user_pref("services.blocklist.gfx.collection", ""); -/** SAFE BROWSING (SB) - This sub-section has been redesigned to differentiate between "real-time"/"user initiated" - data being sent to Google from all other settings such as using local blocklists/whitelists and - updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent - to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. - Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox - also takes measures such as striping out identifying parameters and storing safe browsing - cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410: disable "Block dangerous and deceptive content" (under Options>Security) - * This covers deceptive sites such as phishing and social engineering ***/ - // user_pref("browser.safebrowsing.malware.enabled", false); - // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -/* 0411: disable "Block dangerous downloads" (under Options>Security) - * This covers malware and PUPs (potentially unwanted programs) ***/ - // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ - // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); - // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) -/* 0413: disable Google safebrowsing updates ***/ - // user_pref("browser.safebrowsing.provider.google.updateURL", ""); - // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) - // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) -/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ -user_pref("browser.safebrowsing.downloads.remote.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.url", ""); -/* 0415: disable reporting URLs ***/ -user_pref("browser.safebrowsing.provider.google.reportURL", ""); -user_pref("browser.safebrowsing.reportPhishURL", ""); -user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) -user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) -/* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked - * bypasses the block for that session. This is a means for admins to enforce SB - * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ - // user_pref("browser.safebrowsing.allowOverride", false); -/** TRACKING PROTECTION (TP) - There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, - as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ -/* 0420: enable Tracking Protection in all windows - * [1] https://wiki.mozilla.org/Security/Tracking_protection - * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ -user_pref("privacy.trackingprotection.pbmode.enabled", true); -user_pref("privacy.trackingprotection.enabled", true); -/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection - * Displays three choices: "Always", "Only in private windows", "Never" ***/ -user_pref("privacy.trackingprotection.ui.enabled", true); -/* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! - * [SETTING] Options>Privacy>Use Tracking Protection>Change Block List ***/ - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict -/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) - * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ - // user_pref("browser.safebrowsing.blockedURIs.enabled", false); -/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ - // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); - -/*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ -user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); -/* 0601: disable link prefetching - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ -user_pref("network.prefetch-next", false); -/* 0602: disable DNS prefetching - * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ -user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) -/* 0603a: disable Seer/Necko - * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ -user_pref("network.predictor.enabled", false); -/* 0603b: disable more Necko/Captive Portal - * [1] https://en.wikipedia.org/wiki/Captive_portal - * [2] https://wiki.mozilla.org/Necko/CaptivePortal - * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ -user_pref("captivedetect.canonicalURL", ""); -user_pref("network.captive-portal-service.enabled", false); // (FF52+) -/* 0605: disable link-mouseover opening connection to linked server - * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ -user_pref("network.http.speculative-parallel-limit", 0); -/* 0606: disable pings (but enforce same host in case) - * [1] http://kb.mozillazine.org/Browser.send_pings - * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ -user_pref("browser.send_pings", false); -user_pref("browser.send_pings.require_same_host", true); -/* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] - * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ -user_pref("network.protocol-handler.external.ms-windows-store", false); -/* 0608: disable predictor / prefetching (FF48+) ***/ -user_pref("network.predictor.enable-prefetch", false); - -/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] - If you are in a private environment (no unwanted eyeballs) and your device is private - (restricted access), and the device is secure when unattended (locked, encrypted, forensic - hardened), then items 0850 and above can be relaxed in return for more convenience and - functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. - [NOTE] The urlbar is also commonly referred to as the location bar and address bar - #Required reading [#] https://xkcd.com/538/ - ***/ -user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0801: disable location bar using search - PRIVACY - * don't leak typos to a search engine, give an error message instead ***/ -user_pref("keyword.enabled", false); -/* 0802: disable location bar domain guessing - PRIVACY/SECURITY - * domain guessing intercepts DNS "hostname not found errors" and resends a - * request (eg by adding www or .com). This is inconsistent use (eg FQDNs), does not work - * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com - * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - * intend to), can leak sensitive data (eg query strings: eg Princeton attack), - * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ -user_pref("browser.fixup.alternate.enabled", false); -/* 0803: display all parts of the url in the location bar - helps SECURITY ***/ -user_pref("browser.urlbar.trimURLs", false); -/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY - * This is a PER TAB session history. You still have a full history stored under all history - * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ -user_pref("browser.sessionhistory.max_entries", 10); -/* 0805: disable CSS querying page history - CSS history leak - PRIVACY - * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's - * only in 'certain circumstances', also see latest comments in [2] - * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) - * [1] https://dbaron.org/mozilla/visited-privacy - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 - * [3] https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ -user_pref("layout.css.visited_links_enabled", false); -/* 0806: disable displaying javascript in history URLs - SECURITY ***/ -user_pref("browser.urlbar.filter.javascript", true); -/* 0807: disable search bar LIVE search suggestions - PRIVACY - * [SETTING] Options>Search>Provide search suggestions ***/ -user_pref("browser.search.suggest.enabled", false); -/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY - * Also disable the location bar prompt to enable/disable or learn more about it. - * [SETTING] Options>Search>Show search suggestions in location bar results ***/ -user_pref("browser.urlbar.suggest.searches", false); -user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) -/* 0809: disable location bar suggesting "preloaded" top websites (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ -user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); -/* 0850a: disable location bar autocomplete [controlled by 0850b] - // user_pref("browser.urlbar.autocomplete.enabled", false); -/* 0850b: disable location bar suggestion types [controls 0850a] - * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest - * [NOTE] If any of these are true, 0850a will be FORCED to true - * and if all three are false, 0850a will be FORCED to false - * [WARNING] If all three are false, search engine keywords are disabled ***/ -user_pref("browser.urlbar.suggest.history", false); -user_pref("browser.urlbar.suggest.bookmark", false); -user_pref("browser.urlbar.suggest.openpage", false); -/* 0850c: disable location bar dropdown - * This value controls the total number of entries to appear in the location bar dropdown - * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always - * be displayed (no we do not know how these are calculated or what the threshold is), - * and this does not affect the search by search engine suggestion (see 0808) - * [USAGE] This setting is only useful if you want to enable search engine keywords - * (i.e at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ - // user_pref("browser.urlbar.maxRichResults", 0); -/* 0850d: disable location bar autofill - * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ -user_pref("browser.urlbar.autoFill", false); -user_pref("browser.urlbar.autoFill.typed", false); -/* 0850e: disable location bar one-off searches (FF51+) - * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ -user_pref("browser.urlbar.oneOffSearches", false); -/* 0860: disable search and form history - * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history - * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ - // user_pref("browser.formfill.enable", false); -/* 0861: disable saving form history on secure websites - * For convenience & functionality, this is best left at default true, - * especially as the web moves more and more to encrypted services - * You can clear form history on exiting Firefox (see 2803) ***/ - // user_pref("browser.formfill.saveHttpsForms", false); -/* 0862: disable browsing and download history - * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history - * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ - // user_pref("places.history.enabled", false); -/* 0863: disable Form Autofill (FF54+) - * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ - * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ -user_pref("browser.formautofill.enabled", false); -/* 0870: disable Windows jumplist [WINDOWS] ***/ -user_pref("browser.taskbar.lists.enabled", false); -user_pref("browser.taskbar.lists.frequent.enabled", false); -user_pref("browser.taskbar.lists.recent.enabled", false); -user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 0871: disable Windows taskbar preview [WINDOWS] ***/ -user_pref("browser.taskbar.previews.enable", false); - -/*** 0900: PASSWORDS ***/ -user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); -/* 0901: disable saving passwords - * [SETTING] Options>Security>Logins>Remember logins for sites - * [NOTE] This does not clear any passwords already saved ***/ - // user_pref("signon.rememberSignons", false); -/* 0902: use a master password (recommended if you save passwords) - * There are no preferences for this. It is all handled internally. - * [SETTING] Options>Security>Logins>Use a master password - * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ -/* 0903: set how often Firefox should ask for the master password - * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ -user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Firefox should ask for the master password (see pref above) - * in minutes, default is 30 ***/ -user_pref("security.password_lifetime", 5); -/* 0905: disable auto-filling username & password form fields - SECURITY - * can leak in cross-site forms AND be spoofed - * [NOTE] Password will still be auto-filled after a user name is manually entered - * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ -user_pref("signon.autofillForms", false); -/* 0906: disable websites' autocomplete="off" (FF30+) - * Don't let sites dictate use of saved logins and passwords. Increase security through - * stronger password use. The trade-off is the convenience. Some sites should never be - * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ -user_pref("signon.storeWhenAutocompleteOff", true); -/* 0907: display warnings for logins on non-secure (non HTTPS) pages - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ -user_pref("security.insecure_password.ui.enabled", true); -/* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true) - * e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ -user_pref("browser.fixup.hide_user_pass", true); -/* 0909: disable formless login capture for Password Manager (FF51+) ***/ -user_pref("signon.formlessCapture.enabled", false); -/* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) - * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 ***/ -user_pref("signon.autofillForms.http", false); -user_pref("security.insecure_field_warning.contextual.enabled", true); - -/*** 1000: CACHE [SETUP] ***/ -user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); -/** CACHE ***/ -/* 1001: disable disk cache ***/ -user_pref("browser.cache.disk.enable", false); -user_pref("browser.cache.disk.capacity", 0); -user_pref("browser.cache.disk.smart_size.enabled", false); -user_pref("browser.cache.disk.smart_size.first_run", false); -/* 1002: disable disk cache for SSL pages - * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ -user_pref("browser.cache.disk_cache_ssl", false); -/* 1003: disable memory cache - * [NOTE] Not recommended due to performance issues ***/ - // user_pref("browser.cache.memory.enable", false); -/* 1004: disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); -/* 1005: disable fastback cache - * To improve performance when pressing back/forward Firefox stores visited pages - * so they don't have to be re-parsed. This is not the same as memory cache. - * 0=none, -1=auto (that's minus 1), or for other values see [1] - * [NOTE] Not recommended unless you know what you're doing - * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ - // user_pref("browser.sessionhistory.max_total_viewers", 0); -/* 1006: disable permissions manager from writing to disk (requires restart) - * [NOTE] This means any permission changes are session only - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ - // user_pref("permissions.memory_only", true); // (hidden pref) -/* 1007: disable randomized FF HTTP cache decay experiments - * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ -user_pref("browser.cache.frecency_experiment", -1); -/* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ - // user_pref("network.dnsCacheEntries", 400); - // user_pref("network.dnsCacheExpiration", 60); -/** SESSIONS & SESSION RESTORE ***/ -/* 1020: disable the Session Restore service completely - * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature - * It does not affect "Recently Closed Windows" or any history. ***/ -user_pref("browser.sessionstore.max_tabs_undo", 0); -user_pref("browser.sessionstore.max_windows_undo", 0); -/* 1021: disable storing extra session data - * extra session data contains contents of forms, scrollbar positions, cookies and POST data - * define on which sites to save extra session data: - * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ -user_pref("browser.sessionstore.privacy_level", 2); -/* 1022: disable resuming session from crash [SETUP] ***/ -user_pref("browser.sessionstore.resume_from_crash", false); -/* 1023: set the minimum interval between session save operations - increasing it - * can help on older machines and some websites, as well as reducing writes, see [1] - * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc - * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: - * i.e the longer the interval the more chance a quick tab open/close won't be captured. - * This longer interval *may* affect history but we cannot replicate any history not recorded - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1304389 ***/ -user_pref("browser.sessionstore.interval", 30000); -/** FAVICONS ***/ -/* 1030: disable favicons in shortcuts - * URL shortcuts use a cached randomly named .ico file which is stored in your - * profile/shortcutCache directory. The .ico remains after the shortcut is deleted. - * If set to false then the shortcuts use a generic Firefox icon ***/ -user_pref("browser.shell.shortcutFavicons", false); -/* 1031: disable favicons in tabs and new bookmarks - * bookmark favicons are stored as data blobs in places.sqlite>moz_favicons ***/ - // user_pref("browser.chrome.site_icons", false); - // user_pref("browser.chrome.favicons", false); -/* 1032: disable favicons in web notifications ***/ -user_pref("alerts.showFavicons", false); - -/*** 1100: MULTI-PROCESS (e10s) - We recommend you let Firefox handle this. Until e10s is enforced, if - - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s - - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s - - any add-ons are missing the 'multiprocessCompatible' flag, then they *might* be disabled (FF53+) - [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ -***/ -/* 1101: start the browser in e10s mode (FF48+) - * about:support>Application Basics>Multiprocess Windows ***/ - // user_pref("browser.tabs.remote.autostart", true); - // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref) - // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) - // user_pref("extensions.e10sBlocksEnabling", false); -/* 1102: control number of content rendering processes - * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ - // user_pref("dom.ipc.processCount", 4); -/* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) - * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/ - // user_pref("extensions.webextensions.remote", true); -/* 1104: enforce separate content process for file://URLs (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ - // user_pref("browser.tabs.remote.separateFileUriProcess", true); -/* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ -user_pref("dom.ipc.shims.enabledWarnings", true); -/* 1106: control number of WebExtension processes ***/ - // user_pref("dom.ipc.processCount.extension", 1); -/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play - * with them. The values are integers, but the code below deliberately contains a data mismatch - * [1] https://wiki.mozilla.org/Sandbox - * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ - // user_pref("security.sandbox.content.level", "donotuse"); - // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); - // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); -/* 1111: enable sandbox logging ***/ - // user_pref("security.sandbox.logging.enabled", true); - -/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) - Note that your cipher and other settings can be used server side as a fingerprint attack - vector, see [1] (It's quite technical but the first part is easy to understand - and you can stop reading when you reach the second section titled "Enter Bro") - - Option 1: Use our settings to tighten up encryption options. It *is* a fingerprinting attack - vector, and we certainly do want to reduce any attack surface, but this is not how - you *DEFEAT* fingerprinting - to do that you need large numbers to buy into the same - enforced browser-wide settings (such as TBB), and/or you use OpSec. - Option 2: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local only - anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and other - browsers) will always lag for fear of breakage and upset end-users - - [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ - ***/ -user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); -/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ -/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack - * [WARNING] Tested Feb 2017 - still breaks too many sites - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ - // user_pref("security.ssl.require_safe_negotiation", true); -/* 1202: control TLS versions with min and max - * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc - * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call. - * [1] http://kb.mozillazine.org/Security.tls.version.* - * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ - // user_pref("security.tls.version.min", 2); -user_pref("security.tls.version.fallback-limit", 3); -user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 -/* 1203: disable SSL session tracking (FF36+) - * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. - * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, - * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking - * [1] https://tools.ietf.org/html/rfc5077 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ -user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) -/* 1204: disable SSL Error Reporting - * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); -/** OCSP (Online Certificate Status Protocol) ***/ -/* 1210: enable OCSP Stapling - * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ -user_pref("security.ssl.enable_ocsp_stapling", true); -/* 1211: control use of OCSP responder servers to confirm current validity of certificates - * 0=disable, 1=validate only certificates that specify an OCSP service URL (default) - * 2=enable and use values in security.OCSP.URL and security.OCSP.signing. - * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) - * It's a trade-off between security (checking) and privacy (leaking info to the CA) - * [1] https://en.wikipedia.org/wiki/Ocsp ***/ -user_pref("security.OCSP.enabled", 1); -/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently - * continues the connection. With OCSP revocation, Firefox terminates the connection instead. - * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some - * site breakage. Some users have previously mentioned issues with youtube, microsoft etc - * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ - // user_pref("security.OCSP.require", true); -/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ -/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) - * 0=disable detecting Family Safety mode and importing the root - * 1=only attempt to detect Family Safety mode (don't import the root) - * 2=detect Family Safety mode and import the root - * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ -user_pref("security.family_safety.mode", 0); -/* 1221: disable intermediate certificate caching (fingerprinting attack vector) - * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) - * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. - * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [TEST] https://fiprinca.0x90.eu/poc/ - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ - // user_pref("security.nocertdb", true); // (hidden pref) -/* 1222: enforce strict pinning - * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict - * [WARNING] If you rely on an AV (antivirus) to protect your web browsing - * by inspecting ALL your web traffic, then leave at current default=1 - * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ -user_pref("security.cert_pinning.enforcement_level", 2); -/* 1223: enforce HSTS preload list (default is true) - * The list is compiled into Firefox and used to always load those domains over HTTPS - * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ - * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ -user_pref("network.stricttransportsecurity.preloadlist", true); -/** MIXED CONTENT ***/ -/* 1240: disable insecure active content on https pages - mixed content - * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ -user_pref("security.mixed_content.block_active_content", true); -/* 1241: disable insecure passive content (such as images) on https pages - mixed context - * [WARNING] When set to true, this will visually break many sites (March 2017) ***/ - // user_pref("security.mixed_content.block_display_content", true); -/* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) - * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list - * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because - * those may cause noticeable delays eg requests time out or are not handled well by servers - * [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ -user_pref("security.mixed_content.use_hsts", true); -user_pref("security.mixed_content.send_hsts_priming", false); -/** CIPHERS [see the section 1200 intro] ***/ -/* 1260: disable or limit SHA-1 - * 0=all SHA1 certs are allowed - * 1=all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) - * 2=deprecated option that now maps to 1 - * 3=only allowed for locally-added roots (e.g. anti-virus) - * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [WARNING] When disabled, some man-in-the-middle devices (eg security scanners and - * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. - * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ -user_pref("security.pki.sha1_enforcement_level", 1); -/* 1261: disable 3DES (effective key size < 128) - * [1] https://en.wikipedia.org/wiki/3des#Security - * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack - * [3] http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ -user_pref("security.ssl3.rsa_des_ede3_sha", false); -/* 1262: disable 128 bits ***/ -user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -/* 1263: disable DHE (Diffie-Hellman Key Exchange) - * [WARNING] May break obscure sites, but not major sites, which should support ECDH over DHE - * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -/* 1264: disable the remaining non-modern cipher suites as of FF52 - * [NOTE] Commented out because it still breaks too many sites ***/ - // user_pref("security.ssl3.rsa_aes_128_sha", false); - // user_pref("security.ssl3.rsa_aes_256_sha", false); -/** UI (User Interface) ***/ -/* 1270: display warning (red padlock) for "broken security" - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ -user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -/* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) - * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ -user_pref("browser.ssl_override_behavior", 1); -/* 1272: display advanced information on Insecure Connection warning pages - * only works when it's possible to add an exception - * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) - * [TEST] https://expired.badssl.com/ ***/ -user_pref("browser.xul.error_pages.expert_bad_cert", true); - -/*** 1400: FONTS ***/ -user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1401: disable websites choosing fonts (0=block, 1=allow) - * If you disallow fonts, this drastically limits/reduces font - * enumeration (by JS) which is a high entropy fingerprinting vector. - * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... - * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ -user_pref("browser.display.use_document_fonts", 0); -/* 1402: enable icon fonts (glyphs) (FF41+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ -user_pref("gfx.downloadable_fonts.enabled", true); -/* 1403: disable rendering of SVG OpenType fonts - * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ -user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1404: set more legible default fonts - * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [SETUP] These are optional, comment out if you do not require them - * [NOTE] Been using this for 18 months, it really grows on you ***/ -user_pref("font.name.serif.x-unicode", "Georgia"); -user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman -user_pref("font.name.sans-serif.x-unicode", "Arial"); -user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial -user_pref("font.name.monospace.x-unicode", "Lucida Console"); -user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New -/* 1405: disable WOFF2 (Web Open Font Format) ***/ -user_pref("gfx.downloadable_fonts.woff2.enabled", false); -/* 1406: disable CSS Font Loading API - * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ -user_pref("layout.css.font-loading-api.enabled", false); -/* 1407: disable special underline handling for a few fonts which you will probably never use. - * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. - * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ -user_pref("font.blacklist.underline_offset", ""); -/* 1408: disable graphite which FF49 turned back on by default - * In the past it had security issues - need citation ***/ -user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] - * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If - * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ - // user_pref("font.system.whitelist", ""); // (hidden pref) - -/*** 1600: HEADERS / REFERERS [SETUP] - Except for DNT (Do Not Track), referers are best controlled by an extension. - It is important to realize that it is *cross domain* referers that need - controlling, and this is best handled by EITHER 1603 or 1604, not both. - - Option 1: Recommended: Use an extension to block all referers, and then whitelist - sites on a granular, per domain level. - Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage) - or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 - Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 - - full URI: https://example.com:8888/foo/bar.html?id=1234 - scheme+host+path+port: https://example.com:8888/foo/bar.html - scheme+host+port: https://example.com:8888 - - #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ - ***/ -user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: ALL: control when images/links send a referer - * 0=never, 1=send only when links are clicked, 2=for links and images (default) - * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/ -user_pref("network.http.sendRefererHeader", 2); -/* 1602: ALL: control the amount of information to send - * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port - * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests - * is rather pointless. Recommended left at default for zero same origin breakage ***/ -user_pref("network.http.referer.trimmingPolicy", 0); -/* 1603: CROSS ORIGIN: control when to send a referer [SETUP] - * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/ -user_pref("network.http.referer.XOriginPolicy", 1); -/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) - * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ -user_pref("network.http.referer.XOriginTrimmingPolicy", 0); -/* 1605: ALL: disable spoofing a referer - * Spoofing increases your exposure to cross-site request forgeries ***/ -user_pref("network.http.referer.spoofSource", false); -/* 1606: ALL: set the default Referrer Policy (FF53+) - * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin - * 3=no-referrer-when-downgrade (default) - * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy - * [1] https://www.w3.org/TR/referrer-policy/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ -user_pref("network.http.referer.userControlPolicy", 3); -/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) - * [NOTE] Firefox cannot access .onion sites by default. We recommend you use - * TBB (Tor Browser Bundle) which is specifically designed for the dark web - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ -user_pref("network.http.referer.hideOnionSource", true); -/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) - * [SETTING] Options>Privacy>Tracking>Request that sites not track you - * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ -user_pref("privacy.donottrackheader.enabled", false); - -/*** 1700: CONTAINERS [SETUP] - [1] https://support.mozilla.org/kb/containers-experiment - [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers - [3] https://github.com/mozilla/testpilot-containers -***/ -user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot rests in peace!"); -/* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ - // user_pref("privacy.userContext.ui.enabled", true); -/* 1702: enable Container Tabs (FF50+) - * [SETTING] Options>Privacy>Container Tabs>Enable Container Tabs ***/ - // user_pref("privacy.userContext.enabled", true); -/* 1703: enable a private container for thumbnail loads (FF51+) ***/ - // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); -/* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) - * 0=disables long press, 1=when clicked, the menu is shown - * 2=the menu is shown after X milliseconds - * [NOTE] The menu does not contain a non-container tab option - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1328756 ***/ - // user_pref("privacy.userContext.longPressBehavior", 2); - -/*** 1800: PLUGINS ***/ -user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1801: set default plugin state (i.e new plugins on discovery) to never activate - * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ -user_pref("plugin.default.state", 0); -user_pref("plugin.defaultXpi.state", 0); -/* 1802: enable click to play and set to 0 minutes ***/ -user_pref("plugins.click_to_play", true); -user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) - * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config - * [NOTE] You can still over-ride individual sites eg youtube via site permissions - * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ - // user_pref("plugin.state.flash", 0); -/* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ -user_pref("security.xpconnect.plugin.unrestricted", false); -/* 1805: disable scanning for plugins [WINDOWS] - * [1] http://kb.mozillazine.org/Plugin_scanning - * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. - * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ -user_pref("plugin.scan.plid.all", false); -/* 1820: disable all GMP (Gecko Media Plugins) [SETUP] - * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ -user_pref("media.gmp-provider.enabled", false); -user_pref("media.gmp.trial-create.enabled", false); -/* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ -user_pref("media.gmp-widevinecdm.visible", false); -user_pref("media.gmp-widevinecdm.enabled", false); -user_pref("media.gmp-widevinecdm.autoupdate", false); -/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ -user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content -user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required -/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - * and disable pings to the external update/download server - * This is the bundled codec used for video chat in WebRTC ***/ -user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) -user_pref("media.gmp-gmpopenh264.autoupdate", false); -user_pref("media.gmp-manager.url", "data:text/plain,"); - -/*** 2000: MEDIA / CAMERA / MIC ***/ -user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); -/* 2001: disable WebRTC (Web Real-Time Communication) - * [1] https://www.privacytools.io/#webrtc ***/ -user_pref("media.peerconnection.enabled", false); -user_pref("media.peerconnection.use_document_iceservers", false); -user_pref("media.peerconnection.video.enabled", false); -user_pref("media.peerconnection.identity.enabled", false); -user_pref("media.peerconnection.identity.timeout", 1); -user_pref("media.peerconnection.turn.disable", true); -user_pref("media.peerconnection.ice.tcp", false); -user_pref("media.navigator.video.enabled", false); // video capability for WebRTC -/* 2002: limit WebRTC IP leaks if using WebRTC - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416 - * [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ -user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) -user_pref("media.peerconnection.ice.no_host", true); // (FF51+) -/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions - * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ - * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ -user_pref("webgl.disabled", true); -user_pref("pdfjs.enableWebGL", false); -user_pref("webgl.min_capability_mode", true); -user_pref("webgl.disable-extensions", true); -user_pref("webgl.disable-fail-if-major-performance-caveat", true); -/* 2011: disable WebGL debug info being available to websites - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 - * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ -user_pref("webgl.enable-debug-renderer-info", false); -/* 2012: disable two more webgl preferences (FF51+) ***/ -user_pref("webgl.dxgl.enabled", false); // [WINDOWS] -user_pref("webgl.enable-webgl2", false); -/* 2021: disable speech recognition - * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition - * [2] https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis - * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ -user_pref("media.webspeech.recognition.enable", false); -user_pref("media.webspeech.synth.enabled", false); -/* 2022: disable screensharing ***/ -user_pref("media.getusermedia.screensharing.enabled", false); -user_pref("media.getusermedia.screensharing.allowed_domains", ""); -user_pref("media.getusermedia.browser.enabled", false); -user_pref("media.getusermedia.audiocapture.enabled", false); -/* 2023: disable camera stuff ***/ -user_pref("camera.control.face_detection.enabled", false); -/* 2024: enable/disable MSE (Media Source Extensions) - * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ -user_pref("media.mediasource.enabled", true); -user_pref("media.mediasource.mp4.enabled", true); -user_pref("media.mediasource.webm.audio.enabled", true); -user_pref("media.mediasource.webm.enabled", true); -/* 2026: disable canvas capture stream - * [1] https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ -user_pref("canvas.capturestream.enabled", false); -/* 2027: disable camera image capture - * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ -user_pref("dom.imagecapture.enabled", false); -/* 2028: disable offscreen canvas - * [1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ -user_pref("gfx.offscreencanvas.enabled", false); -/* 2030: disable auto-play of HTML5 media - * [WARNING] This may break video playback on various sites ***/ -user_pref("media.autoplay.enabled", false); -/* 2031: disable audio auto-play in non-active tabs (FF51+) - * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ -user_pref("media.block-autoplay-until-in-foreground", true); - -/*** 2200: UI MEDDLING - see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ -user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: disable website control over browser right-click context menu - * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ - // user_pref("dom.event.contextmenu.enabled", false); -/* 2202: disable [new window] scripts hiding or disabling the following ***/ -user_pref("dom.disable_window_open_feature.location", true); -user_pref("dom.disable_window_open_feature.menubar", true); -user_pref("dom.disable_window_open_feature.resizable", true); -user_pref("dom.disable_window_open_feature.status", true); -user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2203: disable [popup window] scripts hiding or disabling the following ***/ -user_pref("dom.disable_window_flip", true); // window z-order -user_pref("dom.disable_window_move_resize", true); -user_pref("dom.disable_window_open_feature.close", true); -user_pref("dom.disable_window_open_feature.minimizable", true); -user_pref("dom.disable_window_open_feature.personalbar", true); //bookmarks toolbar -user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.disable_window_status_change", true); -user_pref("dom.allow_scripts_to_close_windows", false); -/* 2204: disable links opening in a new window - * This is to stop malicious window sizes and screen res leaks etc in conjunction - * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false - * [NOTE] You can still right click a link and select open in a new window - * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html - * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ -user_pref("browser.link.open_newwindow.restriction", 0); -/* 2205: disable "Confirm you want to leave" dialog on page close - * Does not prevent JS leaks of the page close event. - * [1] https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload - * [2] https://support.mozilla.org/en-US/questions/1043508 ***/ -user_pref("dom.disable_beforeunload", true); - -/*** 2300: WEB WORKERS [SETUP] - A worker is a JS "background task" running in a global context, i.e it is different from - the current window. Workers can spawn new workers (must be the same origin & scheme), - including service and shared workers. Shared workers can be utilized by multiple scripts - and communicate between browsing contexts (windows/tabs/iframes) and can even control your - cache. Push and web notifications require service workers, which in turn require workers. - - [WARNING] Disabling workers *will* break sites (eg Google Street View, Twitter). - It is recommended that you use a separate profile for these sorts of sites. - - [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API - [2] Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker - [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API - [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker - [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker - ***/ -user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -/* 2301: disable workers - * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/ -user_pref("dom.workers.enabled", false); -/* 2302: disable service workers - * Service workers essentially act as proxy servers that sit between web apps, and the browser - * and network, are event driven, and can control the web page/site it is associated with, - * intercepting and modifying navigation and resource requests, and caching resources. - * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. - * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ -user_pref("dom.serviceWorkers.enabled", false); -/* 2303: disable service workers' cache and cache storage ***/ -user_pref("dom.caches.enabled", false); -/* 2304: disable web notifications - * [NOTE] You can still override individual domains under site permissions (FF44+) - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API ***/ -user_pref("dom.webnotifications.enabled", false); -user_pref("dom.webnotifications.serviceworker.enabled", false); -/* 2305: disable push notifications (FF44+) - * web apps can receive messages pushed to them from a server, whether or - * not the web app is in the foreground, or even currently loaded - * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ -user_pref("dom.push.enabled", false); -user_pref("dom.push.connection.enabled", false); -user_pref("dom.push.serverURL", ""); -user_pref("dom.push.userAgentID", ""); - -/*** 2400: DOM & JAVASCRIPT ***/ -user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -/* 2402: disable website access to clipboard events/content - * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress - * this applies to onCut, onCopy, onPaste events - i.e you have to interact with - * the website for it to look at the clipboard - * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ -user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) - * this disables document.execCommand("cut"/"copy") to protect your clipboard - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ -user_pref("dom.allow_cut_copy", false); // (hidden pref) -/* 2404: disable JS storing data permanently - * This setting WAS under about:permissions>All Sites>Maintain Offline Storage - * [NOTE] about:permissions is no longer available since FF46 but you can still override - * individual domains: use info icon in urlbar etc or right click on a web page>view page info - * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES - * break a lot of sites' functionality. Applies to websites, add-ons and session data. - * [1] https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ ***/ -user_pref("dom.indexedDB.enabled", false); -/* 2410: disable User Timing API - * [1] https://trac.torproject.org/projects/tor/ticket/16336 ***/ -user_pref("dom.enable_user_timing", false); -/* 2411: disable resource/navigation timing ***/ -user_pref("dom.enable_resource_timing", false); -/* 2412: disable timing attacks - javascript performance fingerprinting - * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ -user_pref("dom.enable_performance", false); -/* 2414: disable shaking the screen ***/ -user_pref("dom.vibrator.enabled", false); -/* 2415: set max popups from a single non-click event - default is 20! ***/ -user_pref("dom.popup_maximum", 3); -/* 2415b: limit events that can cause a popup - * default is "change click dblclick mouseup notificationclick reset submit touchend" - * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ -user_pref("dom.popup_allowed_events", "click dblclick"); -/* 2416: disable idle observation ***/ -user_pref("dom.idle-observers-api.enabled", false); -/* 2418: disable full-screen API - * This setting WAS under about:permissions>All Sites>Fullscreen - * [NOTE] about:permissions is no longer available since FF46 but you can still override - * individual domains: use info icon in urlbar etc or right click on a web page>view page info - * set to false=block, set to true=ask ***/ -user_pref("full-screen-api.enabled", false); -/* 2420: disable support for asm.js ( http://asmjs.org/ ) - * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ - * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ - * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ -user_pref("javascript.options.asmjs", false); -/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 - * [WARNING] Causes the odd site issue and there is also a performance loss - * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ - // user_pref("javascript.options.ion", false); - // user_pref("javascript.options.baselinejit", false); -/* 2422: disable WebAssembly for now (FF52+) - * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/ -user_pref("javascript.options.wasm", false); -/* 2426: disable Intersection Observer API (FF53+) - * Almost a year to complete, three versions late to stable (as default false), - * number #1 cause of crashes in nightly numerous times, and is (primarily) an - * ad network API for "ad viewability checks" down to a pixel level - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API - * [2] https://wicg.github.io/IntersectionObserver/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ -user_pref("dom.IntersectionObserver.enabled", false); -/* 2450a: enforce websites to ask to store data for offline use - * [1] https://support.mozilla.org/en-US/questions/1098540 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ -user_pref("offline-apps.allow_by_default", false); -/* 2450b: display a notification when websites ask to store data for offline use - * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ -user_pref("browser.offline-apps.notify", true); -/* 2450c: set size of warning quota for offline cache (default 51200) - * Offline cache is only used in rare cases to store data locally. FF will store small amounts - * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ - // user_pref("offline-apps.quota.warn", 51200); - -/*** 2500: HARDWARE FINGERPRINTING ***/ -user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* 2501: disable gamepad API - USB device ID enumeration - * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ -user_pref("dom.gamepad.enabled", false); -/* 2503: disable giving away network info - * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API - * [2] https://wicg.github.io/netinfo/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ -user_pref("dom.netinfo.enabled", false); -/* 2504: disable virtual reality devices - * [1] https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ -user_pref("dom.vr.enabled", false); -user_pref("dom.vr.oculus.enabled", false); -user_pref("dom.vr.osvr.enabled", false); // (FF49+) -user_pref("dom.vr.openvr.enabled", false); // (FF51+) -/* 2505: disable media device enumeration (FF29+) - * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) - * [1] https://wiki.mozilla.org/Media/getUserMedia - * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ -user_pref("media.navigator.enabled", false); -/* 2506: disable video statistics - JS performance fingerprinting - * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/ -user_pref("media.video_stats.enabled", false); -/* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) - * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on - * web pages. These parameters vary between types of keyboard layouts such as QWERTY, - * AZERTY, Dvorak, and between various languages, eg German vs English. - * [WARNING] Don't use if Android + physical keyboard - * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) - * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code - * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/ -user_pref("dom.keyboardevent.code.enabled", false); -user_pref("dom.keyboardevent.dispatch_during_composition", false); -/* 2508: disable hardware acceleration to reduce graphics fingerprinting - * [SETTING] Options>Advanced>General>Use hardware acceleration when available - * [NOTE] Changing this option changes BOTH these preferences - * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance - * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ -user_pref("gfx.direct2d.disabled", true); // [WINDOWS] -user_pref("layers.acceleration.disabled", true); -/* 2509: disable touch events [SETUP] - * fingerprinting attack vector - leaks screen res & actual screen coordinates - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Touch_events - * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ -user_pref("dom.w3c_touch_events.enabled", 0); -/* 2510: disable Web Audio API (FF51+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ -user_pref("dom.webaudio.enabled", false); -/* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) - * [1] https://developer.mozilla.org/en-US/docs/Web/Events/devicechange - * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ -user_pref("media.ondevicechange.enabled", false); -/* 2512: disable device sensor API - * [1] https://trac.torproject.org/projects/tor/ticket/15758 - * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 - * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ -user_pref("device.sensors.enabled", false); -/* 2513: disable Presentation API - * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI - * [2] https://www.w3.org/TR/presentation-api/ ***/ -user_pref("dom.presentation.enabled", false); -user_pref("dom.presentation.controller.enabled", false); -user_pref("dom.presentation.discoverable", false); -user_pref("dom.presentation.discovery.enabled", false); -user_pref("dom.presentation.receiver.enabled", false); -user_pref("dom.presentation.session_transport.data_channel.enable", false); -/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) - * [WARNING] *may* affect core chrome/Firefox performance, will affect content. - * Highly recommended to leave this (dom) and use 2699f (navigator) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 - * [2] https://trac.torproject.org/projects/tor/ticket/21675 - * [3] https://trac.torproject.org/projects/tor/ticket/22127 - * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/ - // user_pref("dom.maxHardwareConcurrency", 2); -/* 2515: disable site specific zoom - * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using - * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs - * and new windows are reset to default and only the current tab retains the current zoom ***/ -user_pref("browser.zoom.siteSpecific", false); - -/*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ -user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); -/* 2601: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ -user_pref("beacon.enabled", false); -/* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) - * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ -user_pref("browser.download.folderList", 2); -/* 2603: enforce user interaction for security by always asking the user where to download ***/ -user_pref("browser.download.useDownloadDir", false); -/* 2604: remove temp files opened with an external application - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ -user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable adding downloads to the system's "recent documents" list ***/ -user_pref("browser.download.manager.addToRecentDocs", false); -/* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ -user_pref("browser.download.hide_plugins_without_extensions", false); -/* 2607: disable page thumbnail collection - * look in profile/thumbnails directory - you may want to clean that out ***/ -user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) -/* 2608: disable JAR from opening Unsafe File Types ***/ -user_pref("network.jar.open-unsafe-types", false); -/* 2609: disable exposure of system colors to CSS or canvas (FF44+) - * [NOTE] see [2] bug may cause black on black for elements with undefined colors - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ -user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) -/* 2611: disable WebIDE to prevent remote debugging and add-on downloads - * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ -user_pref("devtools.webide.autoinstallADBHelper", false); -user_pref("devtools.webide.autoinstallFxdtAdapters", false); -user_pref("devtools.debugger.remote-enabled", false); -user_pref("devtools.webide.enabled", false); -/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku - * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ -user_pref("browser.casting.enabled", false); -user_pref("gfx.layerscope.enabled", false); -/* 2614: disable HTTP2 (which was based on SPDY which is now deprecated) - * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance - * privacy, and in fact opens up a number of server-side fingerprinting opportunities - * [1] https://http2.github.io/faq/ - * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html - * [3] https://queue.acm.org/detail.cfm?id=2716278 - * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ -user_pref("network.http.spdy.enabled", false); -user_pref("network.http.spdy.enabled.deps", false); -user_pref("network.http.spdy.enabled.http2", false); -/* 2617: enable Firefox's built-in PDF reader [SETUP] - * [SETTING] Options>Applications>Portable Document Format (PDF) - * This setting controls if the option "Display in Firefox" in the above setting is available - * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * [WHY USE false=default=view PDFs in Firefox] - * pdfjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more - * vetted than most. Exploits are rare (1 serious case in 3 years), treated seriously and patched quickly. - * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It - * maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. - * [WHY USE true=open with or save to disk] - * If you think a particular external app is more secure... - * [NOTE] - * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling it's own code (rare) ***/ -user_pref("pdfjs.disabled", false); -/* 2618: enforce the proxy server to do any DNS lookups when using SOCKS - * eg in TOR, this stops your local DNS server from knowing your Tor destination - * as a remote Tor node will handle the DNS request - * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns - * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ -user_pref("network.proxy.socks_remote_dns", true); -/* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [WARNING] A low setting of 5 or under will probably break some sites (eg gmail logins) - * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ -user_pref("network.http.redirection-limit", 10); -/* 2620: disable middle mouse click opening links from clipboard - * [1] https://trac.torproject.org/projects/tor/ticket/10089 - * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ -user_pref("middlemouse.contentLoadURL", false); -/* 2621: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) - * This is all about covert channels such as MAC addresses being included/abused in the - * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way - * to do it. It's 2016, IPv6 is here. Here are some old links - * 2010: https://www.christopher-parsons.com/ipv6-and-the-future-of-privacy/ - * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 - * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ - * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection - * [1] http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ - // user_pref("network.dns.disableIPv6", true); - // user_pref("network.http.fast-fallback-to-IPv4", true); -/* 2622: enforce a security delay when installing add-ons (milliseconds) - * default=1000, This also covers the delay in "Save" on downloading files. - * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - * [2] http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 700); -/* 2623: enable Strict File Origin Policy on local files - * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ -user_pref("security.fileuri.strict_origin_policy", true); -/* 2624: enable Subresource Integrity (SRI) (FF43+) - * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity - * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ -user_pref("security.sri.enable", true); -/* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ -user_pref("network.dns.blockDotOnion", true); -/* 2626: disable optional user agent token, default is false, included for completeness - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ -user_pref("general.useragent.compatMode.firefox", false); -/* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ -user_pref("browser.uitour.enabled", false); -user_pref("browser.uitour.url", ""); -/* 2629: disable remote JAR files being opened, regardless of content type - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ -user_pref("network.jar.block-remote-files", true); -/* 2662: disable "open with" in download dialog (FF50+) - * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) - * in such a way that it is forbidden to run external applications. - * [SETUP] This may interfere with some users' workflow or methods - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ -user_pref("browser.download.forbid_open_with", true); -/* 2663: disable MathML (Mathematical Markup Language) (FF51+) - * [TEST] http://browserspy.dk/mathml.php - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ -user_pref("mathml.disabled", true); -/* 2664: disable DeviceStorage API - * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ -user_pref("device.storage.enabled", false); -/* 2665: remove webchannel whitelist ***/ -user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2666: disable HTTP Alternative Services - * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ -user_pref("network.http.altsvc.enabled", false); -user_pref("network.http.altsvc.oe", false); -/* 2667: disable various developer tools in browser context - * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * [1] http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ -user_pref("devtools.chrome.enabled", false); -/* 2668: lock down allowed extension directories - * [WARNING] This will break add-ons that do not use the default XPI directories - * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [2] archived: http://archive.is/DYjAM ***/ -user_pref("extensions.enabledScopes", 1); // (hidden pref) -user_pref("extensions.autoDisableScopes", 15); -/* 2669: remove paths when sending URLs to PAC scripts (FF51+) - * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ -user_pref("network.proxy.autoconfig_url.include_path", false); -/* 2670: disable "image/" mime types bypassing CSP (FF51+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ -user_pref("security.block_script_with_wrong_mime", true); -/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) - * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage - * including youtube player controls. Best left for "hardened" or specific profiles. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ - // user_pref("svg.disabled", true); -/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing security risk - * Firefox has *some* protections to mitigate the risk, but it is better to be safe - * than sorry. The downside: it will also display legitimate IDN's punycoded, which - * might be undesirable for users from countries with non-latin alphabets - * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) - * [1] http://kb.mozillazine.org/Network.IDN_show_punycode - * [2] https://wiki.mozilla.org/IDN_Display_Algorithm - * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ - * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ -user_pref("network.IDN_show_punycode", true); -/* 2673: enable CSP (Content Security Policy) (default is true) - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ -user_pref("security.csp.enable", true); -/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ -user_pref("security.csp.experimentalEnabled", true); - -/*** 2697: USER AGENT (UA) SPOOFING - Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage - depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the - latest ESR, it still *does* *not* *work*. There are two main reasons for this. - 1. Many of the components that make up your UA can be derived by other means. And when - those values differ, you provide more bits and raise entropy. Examples of leaks include - navigator objects, resource://URIs, locale, feature detection and more. - 2. You are not in a controlled set of significant numbers, where the values are enforced - by default. It works for TBB because for TBB, the spoofed values ARE their default. - * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) - * Values below are for example only based on the current ESR/TBB at the time of writing -***/ -/* 2697a: navigator.userAgent leaks in JS - * [NOTE] Setting this will break any UA spoofing add-on whitelisting ***/ - // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) -/* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time - * down to the second which defeats user agent spoofing and can compromise OS etc - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ - // user_pref("general.buildID.override", "20100101"); // (hidden pref) -/* 2697c: navigator.appName ***/ - //user_pref("general.appname.override", "Netscape"); // (hidden pref) -/* 2697d: navigator.appVersion ***/ - // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) -/* 2697e: navigator.platform leaks in JS ***/ - // user_pref("general.platform.override", "Win32"); // (hidden pref) -/* 2697f: navigator.oscpu leaks in JS ***/ - // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 2697g: general.useragent.locale (related, see 0204) ***/ - -/*** 2698: FIRST PARTY ISOLATION (FPI) ***/ -/* 2698a: enable first party isolation pref and OriginAttribute (FF51+) - * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ -/* 2698b: isolate favicons (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ -/* 2698c: isolate OCSP cache (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ -/* 2698d: isolate Shared Workers (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ -/* 2698e: isolate SSL session cache (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ -/* 2698f: isolate media cache (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ -/* 2698g: isolate HSTS and HPKP (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ -/* 2698h: isolate HTTP Alternative Services (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ -/* 2698i: isolate SPDY/HTTP2 (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2698j: isolate DNS cache (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ -/* 2698k: isolate blob: URI (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/ - // user_pref("privacy.firstparty.isolate", true); - // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+) - -/*** 2699: TOR UPLIFT: privacy.resistFingerprinting - This preference will be used as a generic switch for a wide range of items. - This section will attempt to list all the ramifications and Mozilla tickets ***/ -/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. - * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - * [NOTE] This will probably make your values pretty unique until you resize or snap the - * inner window width + height into standard/common resolutions (mine is at 1366x768) - * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - * your window size, do some math, resize to allow for all the non inner window elements - * [TEST] http://browserspy.dk/screen.php - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ -/* 2699b: spoof screen orientation - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ -/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ -/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] If override values are too big, the code determines it for you - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1366); - // user_pref("privacy.window.maxInnerHeight", 768); -/* 2699e: spoof timezone as UTC 0 (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ -/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) - * This spoof *shouldn't* affect core chrome/Firefox performance - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ -/* 2699g: reduce precision of time exposed by javascript (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/ -user_pref("privacy.resistFingerprinting", true); // (hidden pref) - -/*** 2700: COOKIES & DOM STORAGE ***/ -user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable cookies on all sites [SETUP] - * You can set exceptions under site permissions or use an extension (eg Cookie Controller) - * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie - * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ -user_pref("network.cookie.cookieBehavior", 2); -/* 2702: set third-party cookies (if enabled, see above pref) to session-only - * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ - * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ -user_pref("network.cookie.thirdparty.sessionOnly", true); -/* 2703: set cookie lifetime policy - * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ - // user_pref("network.cookie.lifetimePolicy", 0); -/* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ - // user_pref("network.cookie.lifetime.days", 90); -/* 2705: disable dom storage - * [WARNING] This will break a LOT of sites' functionality. - * You are better off using an extension for more granular control ***/ - // user_pref("dom.storage.enabled", false); -/* 2706: disable Storage API - * The API gives sites the ability to find out how much space they can use, how much - * they are already using, and even control whether or not they need to be alerted - * before the user agent disposes of site data in order to make room for other things. - * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API - * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ -user_pref("dom.storageManager.enabled", false); // (FF51+) -user_pref("browser.storageManager.enabled", false); // (FF53+) -/* 2707: clear localStorage and UUID when a WebExtension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) - * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ -user_pref("network.cookie.leave-secure-alone", true); - -/*** 2800: SHUTDOWN [SETUP] - You should set the values to what suits you best. Be aware that the settings below clear - browsing, download and form history, but not cookies (we expect you to use an extension). - [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the - firefox interface as "Browsing & Download History" and their values will be synced - ***/ -user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/* 2802: enable Firefox to clear history items on shutdown - * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ -user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: set what history items to clear on shutdown - * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings - * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value - * but if 'history' is false, downloads can still be cleared independently - * However, this may not always be the case. The interface combines and syncs these - * prefs when set from there, and the sanitize code may change at any time ***/ -user_pref("privacy.clearOnShutdown.cache", true); -user_pref("privacy.clearOnShutdown.cookies", false); -user_pref("privacy.clearOnShutdown.downloads", true); // see note above -user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History -user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History -user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data -user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins -user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -/* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) - * This dialog can also be accessed from the menu History>Clear Recent History - * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ -user_pref("privacy.cpd.cache", true); -user_pref("privacy.cpd.cookies", false); - // user_pref("privacy.cpd.downloads", true); // not used, see note above -user_pref("privacy.cpd.formdata", true); // Form & Search History -user_pref("privacy.cpd.history", true); // Browsing & Download History -user_pref("privacy.cpd.offlineApps", true); // Offline Website Data -user_pref("privacy.cpd.passwords", false); // this is not listed -user_pref("privacy.cpd.sessions", true); // Active Logins -user_pref("privacy.cpd.siteSettings", false); // Site Preferences -/* 2805: privacy.*.openWindows (clear session restore data) (FF34+) - * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts. - * You do not need these anyway if session restore is disabled (see 1020) ***/ - // user_pref("privacy.clearOnShutdown.openWindows", true); - // user_pref("privacy.cpd.openWindows", true); -/* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) - * Firefox remembers your last choice. This will reset the value when you start Firefox. - * 0=everything, 1=last hour, 2=last two hours, 3=last four hours - * 4=today, 5=last five minutes, 6=last twenty-four hours - * [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a - * blank value if they are used, but they do work as advertised ***/ -user_pref("privacy.sanitize.timeSpan", 0); - -/*** 3000: PERSONAL SETTINGS [SETUP] - Settings that are handy to migrate and/or are not in the Options interface. Users - can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ -user_pref("ghacks_user.js.parrot", "3000 syntax error: this is an ex-parrot!"); -/* 3001: disable annoying warnings ***/ -user_pref("general.warnOnAboutConfig", false); -user_pref("browser.tabs.warnOnClose", false); -user_pref("browser.tabs.warnOnCloseOtherTabs", false); -user_pref("browser.tabs.warnOnOpen", false); -/* 3001a: disable warning when a domain requests full screen - * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ - // user_pref("full-screen-api.warning.delay", 0); - // user_pref("full-screen-api.warning.timeout", 0); -/* 3002: disable closing browser with last tab ***/ -user_pref("browser.tabs.closeWindowWithLastTab", false); -/* 3004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ -user_pref("browser.backspace_action", 2); -/* 3005: disable autocopy default (linux) ***/ - // user_pref("clipboard.autocopy", false); -/* 3006: disable enforced add-on signing (FF43+) - * [NOTE] Only applicable to Nightly and ESR (FF48+) - * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ - // user_pref("xpinstall.signatures.required", false); -/* 3007: open new windows in a new tab instead - * 1=current window, 2=new window, 3=most recent window - * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ -user_pref("browser.link.open_newwindow", 3); -/* 3009: enable APZ (Async Pan/Zoom) - requires e10s - * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ - // user_pref("layers.async-pan-zoom.enabled", true); -/* 3010: enable ctrl-tab previews ***/ -user_pref("browser.ctrlTab.previews", true); -/* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner - * and easier to use and move around (eg developers/multi-screen). ***/ -user_pref("view_source.tab", false); -/* 3012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ -user_pref("layout.spellcheckDefault", 1); -/* 3013: disable automatic "Work Offline" status - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ -user_pref("network.manage-offline-status", false); -/* 3015: disable tab animation, speed things up a little ***/ -user_pref("browser.tabs.animate", false); -/* 3016: disable fullscreeen animation. Test using F11. - * Animation is smother but is annoyingly slow, while no animation can be startling ***/ -user_pref("browser.fullscreen.animate", false); -/* 3017: set submenu delay in milliseconds. 0=instant while a small number allows - * a mouse pass over menu items without any submenus alarmingly shooting out ***/ -user_pref("ui.submenuDelay", 150); // (hidden pref) -/* 3018: set maximum number of daily bookmark backups to keep (default is 15) ***/ -user_pref("browser.bookmarks.max_backups", 2); -/* 3020: control urlbar click behaviour (with defaults) ***/ -user_pref("browser.urlbar.clickSelectsAll", true); -user_pref("browser.urlbar.doubleClickSelectsAll", false); -/* 3021a: control tab behaviours (with defaults) - * open links in a new tab immediately to the right of parent tab, not far right ***/ -user_pref("browser.tabs.insertRelatedAfterCurrent", true); -/* 3021b: switch to the parent tab (if it has one) on close, rather than - * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. - * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ -user_pref("browser.tabs.selectOwnerOnClose", true); -/* 3021c: stay on the parent tab when opening links in a new tab - * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ -user_pref("browser.tabs.loadInBackground", true); -/* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" - * or from an external program), but that have instead been loaded in a new tab. - * true: load the new tab in the background, leaving focus on the current tab - * false: load the new tab in the foreground, taking the focus from the current tab. ***/ -user_pref("browser.tabs.loadDivertedInBackground", false); -/* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ -user_pref("browser.bookmarks.showRecentlyBookmarked", false); -/* 3024: enable "Find As You Type" - * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ - // user_pref("accessibility.typeaheadfind", true); -/* 3025: enable/disable various media types ***/ - // user_pref("media.mp4.enabled", false); - // user_pref("media.flac.enabled", false); // (FF51+) - // user_pref("media.ogg.enabled", false); - // user_pref("media.ogg.flac.enabled", false); // (FF51+) - // user_pref("media.opus.enabled", false); - // user_pref("media.raw.enabled", false); - // user_pref("media.wave.enabled", false); - // user_pref("media.webm.enabled", false); - // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries -/* 3026: disable "Reader View" ***/ - // user_pref("reader.parse-on-load.enabled", false); -/* 3027: decode URLs on copy from the urlbar (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ -user_pref("browser.urlbar.decodeURLsOnCopy", true); -/* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ - // user_pref("general.autoScroll", false); -/* 3029: disable Firefox Screenshots (FF54+) - * [1] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ - * [2] https://github.com/mozilla-services/screenshots ***/ - // user_pref("extensions.screenshots.system-disabled", true); - -/* END: internal custom pref to test for syntax errors ***/ -user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); - -/*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, - viewer-friendly version of the deprecated bugzilla tickets. To enable a section - change /* FFxx to // FFxx. The original state of each pref has been preserved, - or changed to match the current setup, but you are advised to review them. - [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 -***/ -/* FF42 and older -// 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 -user_pref("pageThumbs.enabled", false); -// 2503: (31+) disable network API - replaced by dom.netinfo.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -user_pref("dom.network.enabled", false); -// 2620: (35+) disable WebSockets - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1091016 -user_pref("network.websocket.enabled", false); -// 1610: (36+) set DNT "value" to "not be tracked" (FF21+) - // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101 - // user_pref("privacy.donottrackheader.value", 1); -// 2023: (37+) disable camera autofocus callback - // The API will be superceded by the WebRTC Capture and Stream API - // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 -user_pref("camera.control.autofocus_moving_callback.enabled", false); -// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475 -user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL -user_pref("browser.safebrowsing.reportGenericURL", ""); // removed -user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL -user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed -user_pref("browser.safebrowsing.reportURL", ""); // removed -// 1804: (41+) disable plugin enumeration - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 -user_pref("plugins.enumerable_names", ""); -// 2614: (41+) disable HTTP2 (draft) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 -user_pref("network.http.spdy.enabled.http2draft", false); -// 2803: (42+) clear passwords on shutdown - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 - // user_pref("privacy.clearOnShutdown.passwords", false); -// 3001a: (42+) disable warning when a domain requests full screen - // replaced by setting full-screen-api.warning.timeout to zero - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017 - // user_pref("full-screen-api.approval-required", false); -// ***/ -/* FF43 -// 0410's: disable safebrowsing urls & updates - replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 - // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL - // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL -user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL -// 0420's: disable tracking protection - replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 - // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL - // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL -// 1803: remove plugin finder service - // [1] http://kb.mozillazine.org/Pfs.datasource.url - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 -user_pref("pfs.datasource.url", ""); -// 3003: disable new search panel UI - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 - // user_pref("browser.search.showOneOffButtons", false); -// ***/ -/* FF44 -// 0414: disable safebrowsing's real-time binary checking (google) (FF43+) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 -user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL -// 1200's: block rc4 whitelist - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 -user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2301: disable SharedWorkers - // [1] https://bugs.torproject.org/15562 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 -user_pref("dom.workers.sharedWorkers.enabled", false); -// 2403: disable scripts changing images - // [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - // [WARNING] Will break some sites such as Google Maps and a lot of web apps - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 - // user_pref("dom.disable_image_src_set", true); -// ***/ -/* FF45 -// 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none - // extra session data contains contents of forms, scrollbar positions, cookies and POST data - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379 -user_pref("browser.sessionstore.privacy_level_deferred", 2); -// ***/ -/* FF46 -// 0333a: disable health report - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 -user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) -user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) -// 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522 -user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -// 0373: disable "Pocket" - replaced by extensions.pocket.* - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 -user_pref("browser.pocket.enabled", false); -user_pref("browser.pocket.api", ""); -user_pref("browser.pocket.site", ""); -user_pref("browser.pocket.oAuthConsumerKey", ""); -// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587 -user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check -// 0420: disable polaris (part of Tracking Protection, never used in stable) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565 - // user_pref("browser.polaris.enabled", false); -// ***/ -/* FF47 -// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 -user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) -// 0333b: disable about:healthreport page UNIFIED - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 -user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -// 0807: disable history manipulation - // [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 -user_pref("browser.history.allowPopState", false); -user_pref("browser.history.allowPushState", false); -user_pref("browser.history.allowReplaceState", false); -// ***/ -/* FF48 -// 0806: disable 'unified complete': 'Search with [default search engine]' - // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 -user_pref("browser.urlbar.unifiedcomplete", false); -// ***/ -/* FF49 -// 0372: disable "Hello" - // [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ - // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 -user_pref("loop.enabled", false); -user_pref("loop.server", ""); -user_pref("loop.feedback.formURL", ""); -user_pref("loop.feedback.manualFormURL", ""); -user_pref("loop.facebook.appId", ""); -user_pref("loop.facebook.enabled", false); -user_pref("loop.facebook.fallbackUrl", ""); -user_pref("loop.facebook.shareUrl", ""); -user_pref("loop.logDomains", false); -// 2202: disable new window scrollbars being hidden - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1257887 -user_pref("dom.disable_window_open_feature.scrollbars", true); -// 2303: disable push notification (UDP wake-up) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1265914 -user_pref("dom.push.udp.wakeupEnabled", false); -// ***/ -/* FF50 -// 0101: disable Windows10 intro on startup [WINDOWS] - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633 -user_pref("browser.usedOnWindows10.introURL", ""); -// 0308: disable plugin update notifications - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 -user_pref("plugins.update.notifyUser", false); -// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 - // user_pref("browser.safebrowsing.enabled", false); -// 1266: disable rc4 ciphers - // [1] https://trac.torproject.org/projects/tor/ticket/17369 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 - // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ -user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -user_pref("security.ssl3.rsa_rc4_128_md5", false); -user_pref("security.ssl3.rsa_rc4_128_sha", false); -// 1809: remove Mozilla's plugin update URL - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 -user_pref("plugins.update.url", ""); -// ***/ -/* FF51 -// 1851: delay play of videos until they're visible - // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053 -user_pref("media.block-play-until-visible", true); -// 2504: disable virtual reality devices - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244 -user_pref("dom.vr.oculus050.enabled", false); -// 2614: disable SPDY - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 -user_pref("network.http.spdy.enabled.v3-1", false); -// ***/ -/* FF52 -// 1601: disable referer from an SSL Website - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 -user_pref("network.http.sendSecureXSiteReferrer", false); -// 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) - // [1] https://trac.torproject.org/projects/tor/ticket/16285 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329538 // FF52 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1337121 // FF52 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329543 // FF53 -user_pref("media.gmp-eme-adobe.enabled", false); -user_pref("media.gmp-eme-adobe.visible", false); -user_pref("media.gmp-eme-adobe.autoupdate", false); -// 2405: disable WebTelephony API - // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719 -user_pref("dom.telephony.enabled", false); -// 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that - // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. - // eg: do you have a battery or not, current charging status, charge level, times remaining etc - // [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 - // [3] https://www.w3.org/TR/battery-status/ - // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online - // [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 -user_pref("dom.battery.enabled", false); -// ***/ -/* FF53 -// 1265: block rc4 fallback - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670 -user_pref("security.tls.unrestricted_rc4_fallback", false); -// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317109 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317110 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317108 -user_pref("plugin.scan.Acrobat", "99999"); -user_pref("plugin.scan.Quicktime", "99999"); -user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -// 2022: disable screensharing - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329562 -user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); -// 2507: disable keyboard fingerprinting - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 -user_pref("dom.beforeAfterKeyboardEvent.enabled", false); -// ***/ -/* FF54 -// 0415: disable reporting URLs (safe browsing) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633 -user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); -user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); -// 1830: block websites detecting DRM is disabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321 -user_pref("media.eme.apiVisible", false); -// 2425: disable Archive Reader API - // i.e reading archive contents directly in the browser, through DOM file objects - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 -user_pref("dom.archivereader.enabled", false); -// ***/ +/****** +* name: ghacks user.js +* date: 14 June 2017 +* version 54: Pantsthumping +* "I get pulled down, but I get up again, you're never gonna keep me down" +* authors: v52+ github | v51- www.ghacks.net +* url: https://github.com/ghacksuserjs/ghacks-user.js + +* releases: These are end-of-stable-life-cycle legacy archives. + *Always* use the master branch user.js for a current up-to-date version. + url: https://github.com/ghacksuserjs/ghacks-user.js/releases + +* README: + + 1. READ the full README + * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md + 2. READ this + * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation + 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum + * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) + * Some user data is erased (section 2800), namely history (browsing, form, download) + * Site breakage WILL happen + - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting + and these need to be balanced against Functionality & Convenience & Breakage + * You will need to make a few changes to suit your own needs + - Search this file for the "[SETUP]" tag to find SOME common items you could check + before using to avoid unexpected surprises + - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues + 4. BACKUP BACKUP BACKUP your profile folder before implementing (and/or test in a new profile) + 5. Did you do a BACKUP? + + ******/ + +/* START: internal custom pref to test for syntax errors (thanks earthling) + * Yes, this next pref setting is redundant, but we like it! + * [1] https://en.wikipedia.org/wiki/Dead_parrot + * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ +user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); + +/* 0001: start Firefox in PB (Private Browsing) mode + * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode + * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed + * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, + * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or + * removes the ability to control these, and you need to quit Firefox to clear them. PB is best + * used as a one off window (File>New Private Window) to provide a temporary self-contained + * new instance. Closing all Private Windows clears all traces. Repeat as required. + * [1] https://wiki.mozilla.org/Private_Browsing ***/ + // user_pref("browser.privatebrowsing.autostart", true); + +/*** 0100: STARTUP ***/ +user_pref("ghacks_user.js.parrot", "0100 syntax error: the parrot's dead!"); +/* 0101: disable "slow startup" options + * warnings, disk history, welcomes, intros, EULA, default browser check ***/ +user_pref("browser.slowStartup.notificationDisabled", true); +user_pref("browser.slowStartup.maxSamples", 0); +user_pref("browser.slowStartup.samples", 0); +user_pref("browser.rights.3.shown", true); +user_pref("browser.startup.homepage_override.mstone", "ignore"); +user_pref("startup.homepage_welcome_url", ""); +user_pref("startup.homepage_welcome_url.additional", ""); +user_pref("startup.homepage_override_url", ""); // what's new page after updates +user_pref("browser.laterrun.enabled", false); +user_pref("browser.shell.checkDefaultBrowser", false); +/* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) + * home = browser.startup.homepage preference. + * [SETTING] Options>General>Startup>When Firefox starts ***/ + // user_pref("browser.startup.page", 0); + +/*** 0200: GEOLOCATION ***/ +user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); +/* 0201: disable location-aware browsing, but enforce Mozilla's service over Google's ***/ +user_pref("geo.enabled", false); +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation +user_pref("geo.wifi.logging.enabled", false); // (hidden pref) +user_pref("browser.search.geoip.url", ""); +user_pref("browser.search.geoip.timeout", 1); +/* 0202: disable GeoIP-based search results + * [NOTE] May not be hidden if Firefox has changed your settings due to your locale + * [1] https://trac.torproject.org/projects/tor/ticket/16254 ***/ +user_pref("browser.search.countryCode", "US"); // (hidden pref) +user_pref("browser.search.region", "US"); // (hidden pref) +/* 0203: disable using OS locale, force APP locale ***/ +user_pref("intl.locale.matchOS", false); +/* 0204: set APP locale ***/ +user_pref("general.useragent.locale", "en-US"); +/* 0206: disable geographically specific results/search engines eg: "browser.search.*.US" + * i.e ignore all of Mozilla's various search engines in multiple locales ***/ +user_pref("browser.search.geoSpecificDefaults", false); +user_pref("browser.search.geoSpecificDefaults.url", ""); +/* 0207: set language to match ***/ +user_pref("intl.accept_languages", "en-US, en"); +/* 0208: enforce US English locale regardless of the system locale + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ +user_pref("javascript.use_us_english_locale", true); // (hidden pref) +/* 0209: disable geolocation on non-secure origins (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 + * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ +user_pref("geo.security.allowinsecure", false); + +/*** 0300: QUIET FOX + We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). + There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or + monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. + It is still important to do updates for security reasons, please do so manually. ***/ +user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); +/* 0301a: disable auto-update checks for Firefox + * [NOTE} Firefox currently checks every 12 hrs and allows 8 day notification dismissal + * [SETTING] Options>Advanced>Update>Never check for updates ***/ + // user_pref("app.update.enabled", false); +/* 0301b: disable auto-update checks for add-ons ***/ + // user_pref("extensions.update.enabled", false); +/* 0302a: disable auto update installing for Firefox (after the check in 0301a) + * [SETTING] Options>Advanced>Update>Check for updates but let you choose whether to install them + * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ +user_pref("app.update.auto", false); +/* 0302b: disable auto update installing for add-ons (after the check in 0301b) + * [SETTING] about:addons>Extensions>Settings[gear-icon]>Update Addons Automatically (toggle) ***/ +user_pref("extensions.update.autoUpdateDefault", false); +/* 0303: disable background update service [WINDOWS] + * [SETTING] Options>Advanced>Update>Use a background service to install updates ***/ +user_pref("app.update.service.enabled", false); +/* 0304: disable background update staging ***/ +user_pref("app.update.staging.enabled", false); +/* 0305: enforce update information is displayed + * This is the update available, downloaded, error and success information ***/ +user_pref("app.update.silent", false); +/* 0306: disable add-on metadata updating + * sends daily pings to Mozilla about extensions and recent startups ***/ +user_pref("extensions.getAddons.cache.enabled", false); +/* 0307: disable auto updating of personas (themes) ***/ +user_pref("lightweightThemes.update.enabled", false); +/* 0308: disable search update + * [SETTING] Options>Advanced>Update>Automatically update: Search Engines ***/ +user_pref("browser.search.update", false); +/* 0309: disable sending Flash crash reports ***/ +user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +/* 0310: disable sending the URL of the website where a plugin crashed ***/ +user_pref("dom.ipc.plugins.reportCrashURL", false); +/* 0320: disable extension discovery + * featured extensions for displaying in Get Add-ons panel ***/ +user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); +/* 0330: disable telemetry + * the pref (.unified) affects the behaviour of the pref (.enabled) + * IF unified=false then .enabled controls the telemetry module + * IF unified=true then .enabled ONLY controls whether to record extended data + * so make sure to have both set as false + * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ +user_pref("toolkit.telemetry.unified", false); +user_pref("toolkit.telemetry.enabled", false); +/* 0331: remove url of server telemetry pings are sent to ***/ +user_pref("toolkit.telemetry.server", ""); +/* 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false ***/ +user_pref("toolkit.telemetry.archive.enabled", false); +/* 0333a: disable health report ***/ +user_pref("datareporting.healthreport.uploadEnabled", false); +/* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) + * If you have disabled health reports, then this about page is useless - disable it + * If you want to see what health data is present, then this must be set at default ***/ +user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); +/* 0334: disable new data submission, master kill switch (FF41+) + * If disabled, no policy is shown or upload takes place, ever + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ +user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 0335: remove telemetry clientID ***/ +user_pref("toolkit.telemetry.cachedClientID", ""); +/* 0336: disable "Heartbeat" (Mozilla user rating telemetry) + * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ +user_pref("browser.selfsupport.enabled", false); // (hidden pref) +user_pref("browser.selfsupport.url", ""); +/* 0340: disable experiments + * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ +user_pref("experiments.enabled", false); +user_pref("experiments.manifest.uri", ""); +user_pref("experiments.supported", false); +user_pref("experiments.activeExperiment", false); +/* 0341: disable Mozilla permission to silently opt you into tests ***/ +user_pref("network.allow-experiments", false); +/* 0350: disable crash reports ***/ +user_pref("breakpad.reportURL", ""); +/* 0351: disable sending of crash reports (FF44+) ***/ +user_pref("browser.tabs.crashReporting.sendReport", false); +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+) +/* 0360: disable new tab tile ads & preload & marketing junk ***/ +user_pref("browser.newtab.preload", false); +user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); +user_pref("browser.newtabpage.directory.source", "data:text/plain,"); +user_pref("browser.newtabpage.enabled", false); +user_pref("browser.newtabpage.enhanced", false); +user_pref("browser.newtabpage.introShown", true); +/* 0361: disable Activity Stream (system addon) (FF54+) + * [1] https://wiki.mozilla.org/Firefox/Activity_Stream ***/ +user_pref("browser.newtabpage.activity-stream.enabled", false); +/* 0370: disable "Snippets" (Mozilla content shown on about:home screen) + * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks + * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ +user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); +/* 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure + * [NOTE] Important: Remove the pocket icon from your toolbar first + * [1] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ +user_pref("extensions.pocket.enabled", false); +user_pref("extensions.pocket.api", ""); +user_pref("extensions.pocket.site", ""); +user_pref("extensions.pocket.oAuthConsumerKey", ""); +/* 0374: disable "social" integration + * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ +user_pref("social.whitelist", ""); +user_pref("social.toast-notifications.enabled", false); +user_pref("social.shareDirectory", ""); +user_pref("social.remote-install.enabled", false); +user_pref("social.directories", ""); +user_pref("social.share.activationPanelEnabled", false); +user_pref("social.enabled", false); // (hidden pref) +/* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers + * [1] https://wiki.mozilla.org/FlyWeb + * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ +user_pref("dom.flyweb.enabled", false); + +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION + This section has security & tracking protection implications vs privacy concerns vs effectiveness + vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) + and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. + + Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed to + lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. They + do rely on 3rd parties: Google for safe browsing and Disconnect for tracking protection. but many steps, + continually being improved, have been taken to preserve privacy. Disable at your own risk. +***/ +user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); +/** BLOCKLISTS ***/ +/* 0401: enable Firefox blocklist, but sanitize blocklist url + * [NOTE] It includes updates for "revoked certificates" + * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl + * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ +user_pref("extensions.blocklist.enabled", true); +user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); +/* 0402: enable Kinto blocklist updates (FF50+) + * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications + * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be + * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes ***/ +user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.signing.enforced", true); +/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ + // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates + // user_pref("services.blocklist.addons.collection", ""); + // user_pref("services.blocklist.plugins.collection", ""); + // user_pref("services.blocklist.gfx.collection", ""); +/** SAFE BROWSING (SB) + This sub-section has been redesigned to differentiate between "real-time"/"user initiated" + data being sent to Google from all other settings such as using local blocklists/whitelists and + updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent + to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. + Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox + also takes measures such as striping out identifying parameters and storing safe browsing + cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ +/* 0410: disable "Block dangerous and deceptive content" (under Options>Security) + * This covers deceptive sites such as phishing and social engineering ***/ + // user_pref("browser.safebrowsing.malware.enabled", false); + // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) +/* 0411: disable "Block dangerous downloads" (under Options>Security) + * This covers malware and PUPs (potentially unwanted programs) ***/ + // user_pref("browser.safebrowsing.downloads.enabled", false); +/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ + // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); + // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) +/* 0413: disable Google safebrowsing updates ***/ + // user_pref("browser.safebrowsing.provider.google.updateURL", ""); + // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); + // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) + // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) +/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ +user_pref("browser.safebrowsing.downloads.remote.enabled", false); +user_pref("browser.safebrowsing.downloads.remote.url", ""); +/* 0415: disable reporting URLs ***/ +user_pref("browser.safebrowsing.provider.google.reportURL", ""); +user_pref("browser.safebrowsing.reportPhishURL", ""); +user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) +user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // (FF54+) +user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) +/* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked + * bypasses the block for that session. This is a means for admins to enforce SB + * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ + // user_pref("browser.safebrowsing.allowOverride", false); +/** TRACKING PROTECTION (TP) + There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, + as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ +/* 0420: enable Tracking Protection in all windows + * [1] https://wiki.mozilla.org/Security/Tracking_protection + * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ +user_pref("privacy.trackingprotection.pbmode.enabled", true); +user_pref("privacy.trackingprotection.enabled", true); +/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection + * Displays three choices: "Always", "Only in private windows", "Never" ***/ +user_pref("privacy.trackingprotection.ui.enabled", true); +/* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! + * [SETTING] Options>Privacy>Use Tracking Protection>Change Block List ***/ + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict +/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) + * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ + // user_pref("browser.safebrowsing.blockedURIs.enabled", false); +/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ + // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); + // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); + +/*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ +user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); +/* 0601: disable link prefetching + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ +user_pref("network.prefetch-next", false); +/* 0602: disable DNS prefetching + * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ + * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ +user_pref("network.dns.disablePrefetch", true); +user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) +/* 0603a: disable Seer/Necko + * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ +user_pref("network.predictor.enabled", false); +/* 0603b: disable more Necko/Captive Portal + * [1] https://en.wikipedia.org/wiki/Captive_portal + * [2] https://wiki.mozilla.org/Necko/CaptivePortal + * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ +user_pref("captivedetect.canonicalURL", ""); +user_pref("network.captive-portal-service.enabled", false); // (FF52+) +/* 0605: disable link-mouseover opening connection to linked server + * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests + * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ +user_pref("network.http.speculative-parallel-limit", 0); +/* 0606: disable pings (but enforce same host in case) + * [1] http://kb.mozillazine.org/Browser.send_pings + * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ +user_pref("browser.send_pings", false); +user_pref("browser.send_pings.require_same_host", true); +/* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] + * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ +user_pref("network.protocol-handler.external.ms-windows-store", false); +/* 0608: disable predictor / prefetching (FF48+) ***/ +user_pref("network.predictor.enable-prefetch", false); + +/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] + If you are in a private environment (no unwanted eyeballs) and your device is private + (restricted access), and the device is secure when unattended (locked, encrypted, forensic + hardened), then items 0850 and above can be relaxed in return for more convenience and + functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. + [NOTE] The urlbar is also commonly referred to as the location bar and address bar + #Required reading [#] https://xkcd.com/538/ + ***/ +user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); +/* 0801: disable location bar using search - PRIVACY + * don't leak typos to a search engine, give an error message instead ***/ +user_pref("keyword.enabled", false); +/* 0802: disable location bar domain guessing - PRIVACY/SECURITY + * domain guessing intercepts DNS "hostname not found errors" and resends a + * request (eg by adding www or .com). This is inconsistent use (eg FQDNs), does not work + * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com + * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't + * intend to), can leak sensitive data (eg query strings: eg Princeton attack), + * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ +user_pref("browser.fixup.alternate.enabled", false); +/* 0803: display all parts of the url in the location bar - helps SECURITY ***/ +user_pref("browser.urlbar.trimURLs", false); +/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY + * This is a PER TAB session history. You still have a full history stored under all history + * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages + * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ +user_pref("browser.sessionhistory.max_entries", 10); +/* 0805: disable CSS querying page history - CSS history leak - PRIVACY + * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's + * only in 'certain circumstances', also see latest comments in [2] + * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) + * [1] https://dbaron.org/mozilla/visited-privacy + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 + * [3] https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ +user_pref("layout.css.visited_links_enabled", false); +/* 0806: disable displaying javascript in history URLs - SECURITY ***/ +user_pref("browser.urlbar.filter.javascript", true); +/* 0807: disable search bar LIVE search suggestions - PRIVACY + * [SETTING] Options>Search>Provide search suggestions ***/ +user_pref("browser.search.suggest.enabled", false); +/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY + * Also disable the location bar prompt to enable/disable or learn more about it. + * [SETTING] Options>Search>Show search suggestions in location bar results ***/ +user_pref("browser.urlbar.suggest.searches", false); +user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) +/* 0809: disable location bar suggesting "preloaded" top websites (FF54+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ +user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); +/* 0850a: disable location bar autocomplete [controlled by 0850b] + // user_pref("browser.urlbar.autocomplete.enabled", false); +/* 0850b: disable location bar suggestion types [controls 0850a] + * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest + * [NOTE] If any of these are true, 0850a will be FORCED to true + * and if all three are false, 0850a will be FORCED to false + * [WARNING] If all three are false, search engine keywords are disabled ***/ +user_pref("browser.urlbar.suggest.history", false); +user_pref("browser.urlbar.suggest.bookmark", false); +user_pref("browser.urlbar.suggest.openpage", false); +/* 0850c: disable location bar dropdown + * This value controls the total number of entries to appear in the location bar dropdown + * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always + * be displayed (no we do not know how these are calculated or what the threshold is), + * and this does not affect the search by search engine suggestion (see 0808) + * [USAGE] This setting is only useful if you want to enable search engine keywords + * (i.e at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ + // user_pref("browser.urlbar.maxRichResults", 0); +/* 0850d: disable location bar autofill + * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ +user_pref("browser.urlbar.autoFill", false); +user_pref("browser.urlbar.autoFill.typed", false); +/* 0850e: disable location bar one-off searches (FF51+) + * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ +user_pref("browser.urlbar.oneOffSearches", false); +/* 0860: disable search and form history + * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history + * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ + // user_pref("browser.formfill.enable", false); +/* 0861: disable saving form history on secure websites + * For convenience & functionality, this is best left at default true, + * especially as the web moves more and more to encrypted services + * You can clear form history on exiting Firefox (see 2803) ***/ + // user_pref("browser.formfill.saveHttpsForms", false); +/* 0862: disable browsing and download history + * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history + * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ + // user_pref("places.history.enabled", false); +/* 0863: disable Form Autofill (FF54+) + * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ + * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ +user_pref("browser.formautofill.enabled", false); +/* 0870: disable Windows jumplist [WINDOWS] ***/ +user_pref("browser.taskbar.lists.enabled", false); +user_pref("browser.taskbar.lists.frequent.enabled", false); +user_pref("browser.taskbar.lists.recent.enabled", false); +user_pref("browser.taskbar.lists.tasks.enabled", false); +/* 0871: disable Windows taskbar preview [WINDOWS] ***/ +user_pref("browser.taskbar.previews.enable", false); + +/*** 0900: PASSWORDS ***/ +user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); +/* 0901: disable saving passwords + * [SETTING] Options>Security>Logins>Remember logins for sites + * [NOTE] This does not clear any passwords already saved ***/ + // user_pref("signon.rememberSignons", false); +/* 0902: use a master password (recommended if you save passwords) + * There are no preferences for this. It is all handled internally. + * [SETTING] Options>Security>Logins>Use a master password + * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ +/* 0903: set how often Firefox should ask for the master password + * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ +user_pref("security.ask_for_password", 2); +/* 0904: set how often in minutes Firefox should ask for the master password (see pref above) + * in minutes, default is 30 ***/ +user_pref("security.password_lifetime", 5); +/* 0905: disable auto-filling username & password form fields - SECURITY + * can leak in cross-site forms AND be spoofed + * [NOTE] Password will still be auto-filled after a user name is manually entered + * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ +user_pref("signon.autofillForms", false); +/* 0906: disable websites' autocomplete="off" (FF30+) + * Don't let sites dictate use of saved logins and passwords. Increase security through + * stronger password use. The trade-off is the convenience. Some sites should never be + * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ +user_pref("signon.storeWhenAutocompleteOff", true); +/* 0907: display warnings for logins on non-secure (non HTTPS) pages + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ +user_pref("security.insecure_password.ui.enabled", true); +/* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true) + * e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ +user_pref("browser.fixup.hide_user_pass", true); +/* 0909: disable formless login capture for Password Manager (FF51+) ***/ +user_pref("signon.formlessCapture.enabled", false); +/* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) + * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 ***/ +user_pref("signon.autofillForms.http", false); +user_pref("security.insecure_field_warning.contextual.enabled", true); + +/*** 1000: CACHE [SETUP] ***/ +user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); +/** CACHE ***/ +/* 1001: disable disk cache ***/ +user_pref("browser.cache.disk.enable", false); +user_pref("browser.cache.disk.capacity", 0); +user_pref("browser.cache.disk.smart_size.enabled", false); +user_pref("browser.cache.disk.smart_size.first_run", false); +/* 1002: disable disk cache for SSL pages + * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ +user_pref("browser.cache.disk_cache_ssl", false); +/* 1003: disable memory cache + * [NOTE] Not recommended due to performance issues ***/ + // user_pref("browser.cache.memory.enable", false); +/* 1004: disable offline cache ***/ +user_pref("browser.cache.offline.enable", false); +/* 1005: disable fastback cache + * To improve performance when pressing back/forward Firefox stores visited pages + * so they don't have to be re-parsed. This is not the same as memory cache. + * 0=none, -1=auto (that's minus 1), or for other values see [1] + * [NOTE] Not recommended unless you know what you're doing + * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ + // user_pref("browser.sessionhistory.max_total_viewers", 0); +/* 1006: disable permissions manager from writing to disk (requires restart) + * [NOTE] This means any permission changes are session only + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ + // user_pref("permissions.memory_only", true); // (hidden pref) +/* 1007: disable randomized FF HTTP cache decay experiments + * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ +user_pref("browser.cache.frecency_experiment", -1); +/* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ + // user_pref("network.dnsCacheEntries", 400); + // user_pref("network.dnsCacheExpiration", 60); +/** SESSIONS & SESSION RESTORE ***/ +/* 1020: disable the Session Restore service completely + * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature + * It does not affect "Recently Closed Windows" or any history. ***/ +user_pref("browser.sessionstore.max_tabs_undo", 0); +user_pref("browser.sessionstore.max_windows_undo", 0); +/* 1021: disable storing extra session data + * extra session data contains contents of forms, scrollbar positions, cookies and POST data + * define on which sites to save extra session data: + * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ +user_pref("browser.sessionstore.privacy_level", 2); +/* 1022: disable resuming session from crash [SETUP] ***/ +user_pref("browser.sessionstore.resume_from_crash", false); +/* 1023: set the minimum interval between session save operations - increasing it + * can help on older machines and some websites, as well as reducing writes, see [1] + * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc + * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: + * i.e the longer the interval the more chance a quick tab open/close won't be captured. + * This longer interval *may* affect history but we cannot replicate any history not recorded + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1304389 ***/ +user_pref("browser.sessionstore.interval", 30000); +/** FAVICONS ***/ +/* 1030: disable favicons in shortcuts + * URL shortcuts use a cached randomly named .ico file which is stored in your + * profile/shortcutCache directory. The .ico remains after the shortcut is deleted. + * If set to false then the shortcuts use a generic Firefox icon ***/ +user_pref("browser.shell.shortcutFavicons", false); +/* 1031: disable favicons in tabs and new bookmarks + * bookmark favicons are stored as data blobs in places.sqlite>moz_favicons ***/ + // user_pref("browser.chrome.site_icons", false); + // user_pref("browser.chrome.favicons", false); +/* 1032: disable favicons in web notifications ***/ +user_pref("alerts.showFavicons", false); + +/*** 1100: MULTI-PROCESS (e10s) + We recommend you let Firefox handle this. Until e10s is enforced, if + - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s + - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s + - any add-ons are missing the 'multiprocessCompatible' flag, then they *might* be disabled (FF53+) + [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ +***/ +/* 1101: start the browser in e10s mode (FF48+) + * about:support>Application Basics>Multiprocess Windows ***/ + // user_pref("browser.tabs.remote.autostart", true); + // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref) + // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) + // user_pref("extensions.e10sBlocksEnabling", false); +/* 1102: control number of content rendering processes + * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ + // user_pref("dom.ipc.processCount", 4); +/* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) + * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/ + // user_pref("extensions.webextensions.remote", true); +/* 1104: enforce separate content process for file://URLs (FF53+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 + * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ + // user_pref("browser.tabs.remote.separateFileUriProcess", true); +/* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ +user_pref("dom.ipc.shims.enabledWarnings", true); +/* 1106: control number of WebExtension processes ***/ + // user_pref("dom.ipc.processCount.extension", 1); +/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play + * with them. The values are integers, but the code below deliberately contains a data mismatch + * [1] https://wiki.mozilla.org/Sandbox + * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ + // user_pref("security.sandbox.content.level", "donotuse"); + // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); + // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); +/* 1111: enable sandbox logging ***/ + // user_pref("security.sandbox.logging.enabled", true); + +/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) + Note that your cipher and other settings can be used server side as a fingerprint attack + vector, see [1] (It's quite technical but the first part is easy to understand + and you can stop reading when you reach the second section titled "Enter Bro") + + Option 1: Use our settings to tighten up encryption options. It *is* a fingerprinting attack + vector, and we certainly do want to reduce any attack surface, but this is not how + you *DEFEAT* fingerprinting - to do that you need large numbers to buy into the same + enforced browser-wide settings (such as TBB), and/or you use OpSec. + Option 2: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local only + anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and other + browsers) will always lag for fear of breakage and upset end-users + + [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ + ***/ +user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); +/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ +/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack + * [WARNING] Tested Feb 2017 - still breaks too many sites + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ + // user_pref("security.ssl.require_safe_negotiation", true); +/* 1202: control TLS versions with min and max + * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc + * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call. + * [1] http://kb.mozillazine.org/Security.tls.version.* + * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ + // user_pref("security.tls.version.min", 2); +user_pref("security.tls.version.fallback-limit", 3); +user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 +/* 1203: disable SSL session tracking (FF36+) + * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. + * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, + * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking + * [1] https://tools.ietf.org/html/rfc5077 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ +user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) +/* 1204: disable SSL Error Reporting + * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ +user_pref("security.ssl.errorReporting.automatic", false); +user_pref("security.ssl.errorReporting.enabled", false); +user_pref("security.ssl.errorReporting.url", ""); +/** OCSP (Online Certificate Status Protocol) ***/ +/* 1210: enable OCSP Stapling + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ +user_pref("security.ssl.enable_ocsp_stapling", true); +/* 1211: control use of OCSP responder servers to confirm current validity of certificates + * 0=disable, 1=validate only certificates that specify an OCSP service URL (default) + * 2=enable and use values in security.OCSP.URL and security.OCSP.signing. + * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) + * It's a trade-off between security (checking) and privacy (leaking info to the CA) + * [1] https://en.wikipedia.org/wiki/Ocsp ***/ +user_pref("security.OCSP.enabled", 1); +/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently + * continues the connection. With OCSP revocation, Firefox terminates the connection instead. + * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some + * site breakage. Some users have previously mentioned issues with youtube, microsoft etc + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ + // user_pref("security.OCSP.require", true); +/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ +/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) + * 0=disable detecting Family Safety mode and importing the root + * 1=only attempt to detect Family Safety mode (don't import the root) + * 2=detect Family Safety mode and import the root + * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ +user_pref("security.family_safety.mode", 0); +/* 1221: disable intermediate certificate caching (fingerprinting attack vector) + * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) + * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. + * Saved logins and passwords are not available. Reset the pref and restart to return them. + * [TEST] https://fiprinca.0x90.eu/poc/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ + // user_pref("security.nocertdb", true); // (hidden pref) +/* 1222: enforce strict pinning + * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * [WARNING] If you rely on an AV (antivirus) to protect your web browsing + * by inspecting ALL your web traffic, then leave at current default=1 + * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ +user_pref("security.cert_pinning.enforcement_level", 2); +/* 1223: enforce HSTS preload list (default is true) + * The list is compiled into Firefox and used to always load those domains over HTTPS + * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ + * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ +user_pref("network.stricttransportsecurity.preloadlist", true); +/** MIXED CONTENT ***/ +/* 1240: disable insecure active content on https pages - mixed content + * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ +user_pref("security.mixed_content.block_active_content", true); +/* 1241: disable insecure passive content (such as images) on https pages - mixed context + * [WARNING] When set to true, this will visually break many sites (March 2017) ***/ + // user_pref("security.mixed_content.block_display_content", true); +/* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) + * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list + * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because + * those may cause noticeable delays eg requests time out or are not handled well by servers + * [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ +user_pref("security.mixed_content.use_hsts", true); +user_pref("security.mixed_content.send_hsts_priming", false); +/** CIPHERS [see the section 1200 intro] ***/ +/* 1260: disable or limit SHA-1 + * 0=all SHA1 certs are allowed + * 1=all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) + * 2=deprecated option that now maps to 1 + * 3=only allowed for locally-added roots (e.g. anti-virus) + * 4=only allowed for locally-added roots or for certs in 2015 and earlier + * [WARNING] When disabled, some man-in-the-middle devices (eg security scanners and + * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. + * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ +user_pref("security.pki.sha1_enforcement_level", 1); +/* 1261: disable 3DES (effective key size < 128) + * [1] https://en.wikipedia.org/wiki/3des#Security + * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack + * [3] http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ +user_pref("security.ssl3.rsa_des_ede3_sha", false); +/* 1262: disable 128 bits ***/ +user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +/* 1263: disable DHE (Diffie-Hellman Key Exchange) + * [WARNING] May break obscure sites, but not major sites, which should support ECDH over DHE + * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ +user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); +user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); +/* 1264: disable the remaining non-modern cipher suites as of FF52 + * [NOTE] Commented out because it still breaks too many sites ***/ + // user_pref("security.ssl3.rsa_aes_128_sha", false); + // user_pref("security.ssl3.rsa_aes_256_sha", false); +/** UI (User Interface) ***/ +/* 1270: display warning (red padlock) for "broken security" + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ +user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +/* 1271: control "Add Security Exception" dialog on SSL warnings + * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) + * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ +user_pref("browser.ssl_override_behavior", 1); +/* 1272: display advanced information on Insecure Connection warning pages + * only works when it's possible to add an exception + * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) + * [TEST] https://expired.badssl.com/ ***/ +user_pref("browser.xul.error_pages.expert_bad_cert", true); + +/*** 1400: FONTS ***/ +user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +/* 1401: disable websites choosing fonts (0=block, 1=allow) + * If you disallow fonts, this drastically limits/reduces font + * enumeration (by JS) which is a high entropy fingerprinting vector. + * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... + * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ +user_pref("browser.display.use_document_fonts", 0); +/* 1402: enable icon fonts (glyphs) (FF41+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ +user_pref("gfx.downloadable_fonts.enabled", true); +/* 1403: disable rendering of SVG OpenType fonts + * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ +user_pref("gfx.font_rendering.opentype_svg.enabled", false); +/* 1404: set more legible default fonts + * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETUP] These are optional, comment out if you do not require them + * [NOTE] Been using this for 18 months, it really grows on you ***/ +user_pref("font.name.serif.x-unicode", "Georgia"); +user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman +user_pref("font.name.sans-serif.x-unicode", "Arial"); +user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial +user_pref("font.name.monospace.x-unicode", "Lucida Console"); +user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New +/* 1405: disable WOFF2 (Web Open Font Format) ***/ +user_pref("gfx.downloadable_fonts.woff2.enabled", false); +/* 1406: disable CSS Font Loading API + * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ +user_pref("layout.css.font-loading-api.enabled", false); +/* 1407: disable special underline handling for a few fonts which you will probably never use. + * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. + * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ +user_pref("font.blacklist.underline_offset", ""); +/* 1408: disable graphite which FF49 turned back on by default + * In the past it had security issues - need citation ***/ +user_pref("gfx.font_rendering.graphite.enabled", false); +/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] + * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. + * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If + * you block sites choosing fonts in 1401, this preference is irrelevant. In future, + * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ + // user_pref("font.system.whitelist", ""); // (hidden pref) + +/*** 1600: HEADERS / REFERERS [SETUP] + Except for DNT (Do Not Track), referers are best controlled by an extension. + It is important to realize that it is *cross domain* referers that need + controlling, and this is best handled by EITHER 1603 or 1604, not both. + + Option 1: Recommended: Use an extension to block all referers, and then whitelist + sites on a granular, per domain level. + Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage) + or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 + Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 + + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+path+port: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 + + #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ + ***/ +user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); +/* 1601: ALL: control when images/links send a referer + * 0=never, 1=send only when links are clicked, 2=for links and images (default) + * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/ +user_pref("network.http.sendRefererHeader", 2); +/* 1602: ALL: control the amount of information to send + * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port + * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests + * is rather pointless. Recommended left at default for zero same origin breakage ***/ +user_pref("network.http.referer.trimmingPolicy", 0); +/* 1603: CROSS ORIGIN: control when to send a referer [SETUP] + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/ +user_pref("network.http.referer.XOriginPolicy", 1); +/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) + * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ +user_pref("network.http.referer.XOriginTrimmingPolicy", 0); +/* 1605: ALL: disable spoofing a referer + * Spoofing increases your exposure to cross-site request forgeries ***/ +user_pref("network.http.referer.spoofSource", false); +/* 1606: ALL: set the default Referrer Policy (FF53+) + * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin + * 3=no-referrer-when-downgrade (default) + * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy + * [1] https://www.w3.org/TR/referrer-policy/ + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ +user_pref("network.http.referer.userControlPolicy", 3); +/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) + * [NOTE] Firefox cannot access .onion sites by default. We recommend you use + * TBB (Tor Browser Bundle) which is specifically designed for the dark web + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ +user_pref("network.http.referer.hideOnionSource", true); +/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) + * [SETTING] Options>Privacy>Tracking>Request that sites not track you + * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ +user_pref("privacy.donottrackheader.enabled", false); + +/*** 1700: CONTAINERS [SETUP] + [1] https://support.mozilla.org/kb/containers-experiment + [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers + [3] https://github.com/mozilla/testpilot-containers +***/ +user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot rests in peace!"); +/* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ + // user_pref("privacy.userContext.ui.enabled", true); +/* 1702: enable Container Tabs (FF50+) + * [SETTING] Options>Privacy>Container Tabs>Enable Container Tabs ***/ + // user_pref("privacy.userContext.enabled", true); +/* 1703: enable a private container for thumbnail loads (FF51+) ***/ + // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); +/* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) + * 0=disables long press, 1=when clicked, the menu is shown + * 2=the menu is shown after X milliseconds + * [NOTE] The menu does not contain a non-container tab option + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1328756 ***/ + // user_pref("privacy.userContext.longPressBehavior", 2); + +/*** 1800: PLUGINS ***/ +user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); +/* 1801: set default plugin state (i.e new plugins on discovery) to never activate + * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ +user_pref("plugin.default.state", 0); +user_pref("plugin.defaultXpi.state", 0); +/* 1802: enable click to play and set to 0 minutes ***/ +user_pref("plugins.click_to_play", true); +user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); +/* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) + * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config + * [NOTE] You can still over-ride individual sites eg youtube via site permissions + * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ + // user_pref("plugin.state.flash", 0); +/* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ +user_pref("security.xpconnect.plugin.unrestricted", false); +/* 1805: disable scanning for plugins [WINDOWS] + * [1] http://kb.mozillazine.org/Plugin_scanning + * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. + * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ +user_pref("plugin.scan.plid.all", false); +/* 1820: disable all GMP (Gecko Media Plugins) [SETUP] + * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ +user_pref("media.gmp-provider.enabled", false); +user_pref("media.gmp.trial-create.enabled", false); +/* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ +user_pref("media.gmp-widevinecdm.visible", false); +user_pref("media.gmp-widevinecdm.enabled", false); +user_pref("media.gmp-widevinecdm.autoupdate", false); +/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ +user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content +user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required +/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" + * and disable pings to the external update/download server + * This is the bundled codec used for video chat in WebRTC ***/ +user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) +user_pref("media.gmp-gmpopenh264.autoupdate", false); +user_pref("media.gmp-manager.url", "data:text/plain,"); + +/*** 2000: MEDIA / CAMERA / MIC ***/ +user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); +/* 2001: disable WebRTC (Web Real-Time Communication) + * [1] https://www.privacytools.io/#webrtc ***/ +user_pref("media.peerconnection.enabled", false); +user_pref("media.peerconnection.use_document_iceservers", false); +user_pref("media.peerconnection.video.enabled", false); +user_pref("media.peerconnection.identity.enabled", false); +user_pref("media.peerconnection.identity.timeout", 1); +user_pref("media.peerconnection.turn.disable", true); +user_pref("media.peerconnection.ice.tcp", false); +user_pref("media.navigator.video.enabled", false); // video capability for WebRTC +/* 2002: limit WebRTC IP leaks if using WebRTC + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416 + * [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ +user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) +user_pref("media.peerconnection.ice.no_host", true); // (FF51+) +/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions + * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ + * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ +user_pref("webgl.disabled", true); +user_pref("pdfjs.enableWebGL", false); +user_pref("webgl.min_capability_mode", true); +user_pref("webgl.disable-extensions", true); +user_pref("webgl.disable-fail-if-major-performance-caveat", true); +/* 2011: disable WebGL debug info being available to websites + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 + * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ +user_pref("webgl.enable-debug-renderer-info", false); +/* 2012: disable two more webgl preferences (FF51+) ***/ +user_pref("webgl.dxgl.enabled", false); // [WINDOWS] +user_pref("webgl.enable-webgl2", false); +/* 2021: disable speech recognition + * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition + * [2] https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis + * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ +user_pref("media.webspeech.recognition.enable", false); +user_pref("media.webspeech.synth.enabled", false); +/* 2022: disable screensharing ***/ +user_pref("media.getusermedia.screensharing.enabled", false); +user_pref("media.getusermedia.screensharing.allowed_domains", ""); +user_pref("media.getusermedia.browser.enabled", false); +user_pref("media.getusermedia.audiocapture.enabled", false); +/* 2023: disable camera stuff ***/ +user_pref("camera.control.face_detection.enabled", false); +/* 2024: enable/disable MSE (Media Source Extensions) + * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ +user_pref("media.mediasource.enabled", true); +user_pref("media.mediasource.mp4.enabled", true); +user_pref("media.mediasource.webm.audio.enabled", true); +user_pref("media.mediasource.webm.enabled", true); +/* 2026: disable canvas capture stream + * [1] https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ +user_pref("canvas.capturestream.enabled", false); +/* 2027: disable camera image capture + * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ +user_pref("dom.imagecapture.enabled", false); +/* 2028: disable offscreen canvas + * [1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ +user_pref("gfx.offscreencanvas.enabled", false); +/* 2030: disable auto-play of HTML5 media + * [WARNING] This may break video playback on various sites ***/ +user_pref("media.autoplay.enabled", false); +/* 2031: disable audio auto-play in non-active tabs (FF51+) + * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ +user_pref("media.block-autoplay-until-in-foreground", true); + +/*** 2200: UI MEDDLING + see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ +user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); +/* 2201: disable website control over browser right-click context menu + * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ + // user_pref("dom.event.contextmenu.enabled", false); +/* 2202: disable [new window] scripts hiding or disabling the following ***/ +user_pref("dom.disable_window_open_feature.location", true); +user_pref("dom.disable_window_open_feature.menubar", true); +user_pref("dom.disable_window_open_feature.resizable", true); +user_pref("dom.disable_window_open_feature.status", true); +user_pref("dom.disable_window_open_feature.toolbar", true); +/* 2203: disable [popup window] scripts hiding or disabling the following ***/ +user_pref("dom.disable_window_flip", true); // window z-order +user_pref("dom.disable_window_move_resize", true); +user_pref("dom.disable_window_open_feature.close", true); +user_pref("dom.disable_window_open_feature.minimizable", true); +user_pref("dom.disable_window_open_feature.personalbar", true); //bookmarks toolbar +user_pref("dom.disable_window_open_feature.titlebar", true); +user_pref("dom.disable_window_status_change", true); +user_pref("dom.allow_scripts_to_close_windows", false); +/* 2204: disable links opening in a new window + * This is to stop malicious window sizes and screen res leaks etc in conjunction + * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false + * [NOTE] You can still right click a link and select open in a new window + * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html + * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ +user_pref("browser.link.open_newwindow.restriction", 0); +/* 2205: disable "Confirm you want to leave" dialog on page close + * Does not prevent JS leaks of the page close event. + * [1] https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload + * [2] https://support.mozilla.org/en-US/questions/1043508 ***/ +user_pref("dom.disable_beforeunload", true); + +/*** 2300: WEB WORKERS [SETUP] + A worker is a JS "background task" running in a global context, i.e it is different from + the current window. Workers can spawn new workers (must be the same origin & scheme), + including service and shared workers. Shared workers can be utilized by multiple scripts + and communicate between browsing contexts (windows/tabs/iframes) and can even control your + cache. Push and web notifications require service workers, which in turn require workers. + + [WARNING] Disabling workers *will* break sites (eg Google Street View, Twitter). + It is recommended that you use a separate profile for these sorts of sites. + + [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API + [2] Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker + [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API + [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker + [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker + ***/ +user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); +/* 2301: disable workers + * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/ +user_pref("dom.workers.enabled", false); +/* 2302: disable service workers + * Service workers essentially act as proxy servers that sit between web apps, and the browser + * and network, are event driven, and can control the web page/site it is associated with, + * intercepting and modifying navigation and resource requests, and caching resources. + * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. + * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ +user_pref("dom.serviceWorkers.enabled", false); +/* 2303: disable service workers' cache and cache storage ***/ +user_pref("dom.caches.enabled", false); +/* 2304: disable web notifications + * [NOTE] You can still override individual domains under site permissions (FF44+) + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API ***/ +user_pref("dom.webnotifications.enabled", false); +user_pref("dom.webnotifications.serviceworker.enabled", false); +/* 2305: disable push notifications (FF44+) + * web apps can receive messages pushed to them from a server, whether or + * not the web app is in the foreground, or even currently loaded + * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ +user_pref("dom.push.enabled", false); +user_pref("dom.push.connection.enabled", false); +user_pref("dom.push.serverURL", ""); +user_pref("dom.push.userAgentID", ""); + +/*** 2400: DOM & JAVASCRIPT ***/ +user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); +/* 2402: disable website access to clipboard events/content + * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress + * this applies to onCut, onCopy, onPaste events - i.e you have to interact with + * the website for it to look at the clipboard + * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ +user_pref("dom.event.clipboardevents.enabled", false); +/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) + * this disables document.execCommand("cut"/"copy") to protect your clipboard + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ +user_pref("dom.allow_cut_copy", false); // (hidden pref) +/* 2404: disable JS storing data permanently + * This setting WAS under about:permissions>All Sites>Maintain Offline Storage + * [NOTE] about:permissions is no longer available since FF46 but you can still override + * individual domains: use info icon in urlbar etc or right click on a web page>view page info + * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES + * break a lot of sites' functionality. Applies to websites, add-ons and session data. + * [1] https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ ***/ +user_pref("dom.indexedDB.enabled", false); +/* 2410: disable User Timing API + * [1] https://trac.torproject.org/projects/tor/ticket/16336 ***/ +user_pref("dom.enable_user_timing", false); +/* 2411: disable resource/navigation timing ***/ +user_pref("dom.enable_resource_timing", false); +/* 2412: disable timing attacks - javascript performance fingerprinting + * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ +user_pref("dom.enable_performance", false); +/* 2414: disable shaking the screen ***/ +user_pref("dom.vibrator.enabled", false); +/* 2415: set max popups from a single non-click event - default is 20! ***/ +user_pref("dom.popup_maximum", 3); +/* 2415b: limit events that can cause a popup + * default is "change click dblclick mouseup notificationclick reset submit touchend" + * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ +user_pref("dom.popup_allowed_events", "click dblclick"); +/* 2416: disable idle observation ***/ +user_pref("dom.idle-observers-api.enabled", false); +/* 2418: disable full-screen API + * This setting WAS under about:permissions>All Sites>Fullscreen + * [NOTE] about:permissions is no longer available since FF46 but you can still override + * individual domains: use info icon in urlbar etc or right click on a web page>view page info + * set to false=block, set to true=ask ***/ +user_pref("full-screen-api.enabled", false); +/* 2420: disable support for asm.js ( http://asmjs.org/ ) + * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ + * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ + * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ +user_pref("javascript.options.asmjs", false); +/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 + * [WARNING] Causes the odd site issue and there is also a performance loss + * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ + // user_pref("javascript.options.ion", false); + // user_pref("javascript.options.baselinejit", false); +/* 2422: disable WebAssembly for now (FF52+) + * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/ +user_pref("javascript.options.wasm", false); +/* 2426: disable Intersection Observer API (FF53+) + * Almost a year to complete, three versions late to stable (as default false), + * number #1 cause of crashes in nightly numerous times, and is (primarily) an + * ad network API for "ad viewability checks" down to a pixel level + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API + * [2] https://wicg.github.io/IntersectionObserver/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ +user_pref("dom.IntersectionObserver.enabled", false); +/* 2450a: enforce websites to ask to store data for offline use + * [1] https://support.mozilla.org/en-US/questions/1098540 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ +user_pref("offline-apps.allow_by_default", false); +/* 2450b: display a notification when websites ask to store data for offline use + * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ +user_pref("browser.offline-apps.notify", true); +/* 2450c: set size of warning quota for offline cache (default 51200) + * Offline cache is only used in rare cases to store data locally. FF will store small amounts + * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ + // user_pref("offline-apps.quota.warn", 51200); + +/*** 2500: HARDWARE FINGERPRINTING ***/ +user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); +/* 2501: disable gamepad API - USB device ID enumeration + * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ +user_pref("dom.gamepad.enabled", false); +/* 2503: disable giving away network info + * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API + * [2] https://wicg.github.io/netinfo/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ +user_pref("dom.netinfo.enabled", false); +/* 2504: disable virtual reality devices + * [1] https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ +user_pref("dom.vr.enabled", false); +user_pref("dom.vr.oculus.enabled", false); +user_pref("dom.vr.osvr.enabled", false); // (FF49+) +user_pref("dom.vr.openvr.enabled", false); // (FF51+) +/* 2505: disable media device enumeration (FF29+) + * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) + * [1] https://wiki.mozilla.org/Media/getUserMedia + * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ +user_pref("media.navigator.enabled", false); +/* 2506: disable video statistics - JS performance fingerprinting + * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/ +user_pref("media.video_stats.enabled", false); +/* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) + * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on + * web pages. These parameters vary between types of keyboard layouts such as QWERTY, + * AZERTY, Dvorak, and between various languages, eg German vs English. + * [WARNING] Don't use if Android + physical keyboard + * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) + * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code + * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/ +user_pref("dom.keyboardevent.code.enabled", false); +user_pref("dom.keyboardevent.dispatch_during_composition", false); +/* 2508: disable hardware acceleration to reduce graphics fingerprinting + * [SETTING] Options>Advanced>General>Use hardware acceleration when available + * [NOTE] Changing this option changes BOTH these preferences + * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance + * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ +user_pref("gfx.direct2d.disabled", true); // [WINDOWS] +user_pref("layers.acceleration.disabled", true); +/* 2509: disable touch events [SETUP] + * fingerprinting attack vector - leaks screen res & actual screen coordinates + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Touch_events + * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ +user_pref("dom.w3c_touch_events.enabled", 0); +/* 2510: disable Web Audio API (FF51+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ +user_pref("dom.webaudio.enabled", false); +/* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) + * [1] https://developer.mozilla.org/en-US/docs/Web/Events/devicechange + * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ +user_pref("media.ondevicechange.enabled", false); +/* 2512: disable device sensor API + * [1] https://trac.torproject.org/projects/tor/ticket/15758 + * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 + * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ +user_pref("device.sensors.enabled", false); +/* 2513: disable Presentation API + * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI + * [2] https://www.w3.org/TR/presentation-api/ ***/ +user_pref("dom.presentation.enabled", false); +user_pref("dom.presentation.controller.enabled", false); +user_pref("dom.presentation.discoverable", false); +user_pref("dom.presentation.discovery.enabled", false); +user_pref("dom.presentation.receiver.enabled", false); +user_pref("dom.presentation.session_transport.data_channel.enable", false); +/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) + * [WARNING] *may* affect core chrome/Firefox performance, will affect content. + * Highly recommended to leave this (dom) and use 2699f (navigator) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 + * [2] https://trac.torproject.org/projects/tor/ticket/21675 + * [3] https://trac.torproject.org/projects/tor/ticket/22127 + * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/ + // user_pref("dom.maxHardwareConcurrency", 2); +/* 2515: disable site specific zoom + * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using + * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs + * and new windows are reset to default and only the current tab retains the current zoom ***/ +user_pref("browser.zoom.siteSpecific", false); + +/*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ +user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); +/* 2601: disable sending additional analytics to web servers + * [1] https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ +user_pref("beacon.enabled", false); +/* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) + * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ +user_pref("browser.download.folderList", 2); +/* 2603: enforce user interaction for security by always asking the user where to download ***/ +user_pref("browser.download.useDownloadDir", false); +/* 2604: remove temp files opened with an external application + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ +user_pref("browser.helperApps.deleteTempFileOnExit", true); +/* 2605: disable adding downloads to the system's "recent documents" list ***/ +user_pref("browser.download.manager.addToRecentDocs", false); +/* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ +user_pref("browser.download.hide_plugins_without_extensions", false); +/* 2607: disable page thumbnail collection + * look in profile/thumbnails directory - you may want to clean that out ***/ +user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) +/* 2608: disable JAR from opening Unsafe File Types ***/ +user_pref("network.jar.open-unsafe-types", false); +/* 2609: disable exposure of system colors to CSS or canvas (FF44+) + * [NOTE] see [2] bug may cause black on black for elements with undefined colors + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ +user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) +/* 2611: disable WebIDE to prevent remote debugging and add-on downloads + * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ +user_pref("devtools.webide.autoinstallADBHelper", false); +user_pref("devtools.webide.autoinstallFxdtAdapters", false); +user_pref("devtools.debugger.remote-enabled", false); +user_pref("devtools.webide.enabled", false); +/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku + * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ +user_pref("browser.casting.enabled", false); +user_pref("gfx.layerscope.enabled", false); +/* 2614: disable HTTP2 (which was based on SPDY which is now deprecated) + * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance + * privacy, and in fact opens up a number of server-side fingerprinting opportunities + * [1] https://http2.github.io/faq/ + * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html + * [3] https://queue.acm.org/detail.cfm?id=2716278 + * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ +user_pref("network.http.spdy.enabled", false); +user_pref("network.http.spdy.enabled.deps", false); +user_pref("network.http.spdy.enabled.http2", false); +/* 2617: enable Firefox's built-in PDF reader [SETUP] + * [SETTING] Options>Applications>Portable Document Format (PDF) + * This setting controls if the option "Display in Firefox" in the above setting is available + * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") + * [WHY USE false=default=view PDFs in Firefox] + * pdfjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more + * vetted than most. Exploits are rare (1 serious case in 3 years), treated seriously and patched quickly. + * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It + * maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. + * [WHY USE true=open with or save to disk] + * If you think a particular external app is more secure... + * [NOTE] + * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling it's own code (rare) ***/ +user_pref("pdfjs.disabled", false); +/* 2618: enforce the proxy server to do any DNS lookups when using SOCKS + * eg in TOR, this stops your local DNS server from knowing your Tor destination + * as a remote Tor node will handle the DNS request + * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns + * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ +user_pref("network.proxy.socks_remote_dns", true); +/* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) + * [WARNING] A low setting of 5 or under will probably break some sites (eg gmail logins) + * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ +user_pref("network.http.redirection-limit", 10); +/* 2620: disable middle mouse click opening links from clipboard + * [1] https://trac.torproject.org/projects/tor/ticket/10089 + * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ +user_pref("middlemouse.contentLoadURL", false); +/* 2621: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) + * This is all about covert channels such as MAC addresses being included/abused in the + * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way + * to do it. It's 2016, IPv6 is here. Here are some old links + * 2010: https://www.christopher-parsons.com/ipv6-and-the-future-of-privacy/ + * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 + * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ + * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection + * [1] http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ + // user_pref("network.dns.disableIPv6", true); + // user_pref("network.http.fast-fallback-to-IPv4", true); +/* 2622: enforce a security delay when installing add-ons (milliseconds) + * default=1000, This also covers the delay in "Save" on downloading files. + * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox + * [2] http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ +user_pref("security.dialog_enable_delay", 700); +/* 2623: enable Strict File Origin Policy on local files + * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ +user_pref("security.fileuri.strict_origin_policy", true); +/* 2624: enable Subresource Integrity (SRI) (FF43+) + * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity + * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ +user_pref("security.sri.enable", true); +/* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ +user_pref("network.dns.blockDotOnion", true); +/* 2626: disable optional user agent token, default is false, included for completeness + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ +user_pref("general.useragent.compatMode.firefox", false); +/* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ +user_pref("browser.uitour.enabled", false); +user_pref("browser.uitour.url", ""); +/* 2629: disable remote JAR files being opened, regardless of content type + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ +user_pref("network.jar.block-remote-files", true); +/* 2662: disable "open with" in download dialog (FF50+) + * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) + * in such a way that it is forbidden to run external applications. + * [SETUP] This may interfere with some users' workflow or methods + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ +user_pref("browser.download.forbid_open_with", true); +/* 2663: disable MathML (Mathematical Markup Language) (FF51+) + * [TEST] http://browserspy.dk/mathml.php + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ +user_pref("mathml.disabled", true); +/* 2664: disable DeviceStorage API + * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ +user_pref("device.storage.enabled", false); +/* 2665: remove webchannel whitelist ***/ +user_pref("webchannel.allowObject.urlWhitelist", ""); +/* 2666: disable HTTP Alternative Services + * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ +user_pref("network.http.altsvc.enabled", false); +user_pref("network.http.altsvc.oe", false); +/* 2667: disable various developer tools in browser context + * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes + * [1] http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ +user_pref("devtools.chrome.enabled", false); +/* 2668: lock down allowed extension directories + * [WARNING] This will break add-ons that do not use the default XPI directories + * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ + * [2] archived: http://archive.is/DYjAM ***/ +user_pref("extensions.enabledScopes", 1); // (hidden pref) +user_pref("extensions.autoDisableScopes", 15); +/* 2669: remove paths when sending URLs to PAC scripts (FF51+) + * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ +user_pref("network.proxy.autoconfig_url.include_path", false); +/* 2670: disable "image/" mime types bypassing CSP (FF51+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ +user_pref("security.block_script_with_wrong_mime", true); +/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) + * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage + * including youtube player controls. Best left for "hardened" or specific profiles. + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ + // user_pref("svg.disabled", true); +/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing security risk + * Firefox has *some* protections to mitigate the risk, but it is better to be safe + * than sorry. The downside: it will also display legitimate IDN's punycoded, which + * might be undesirable for users from countries with non-latin alphabets + * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) + * [1] http://kb.mozillazine.org/Network.IDN_show_punycode + * [2] https://wiki.mozilla.org/IDN_Display_Algorithm + * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack + * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ + * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ +user_pref("network.IDN_show_punycode", true); +/* 2673: enable CSP (Content Security Policy) (default is true) + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ +user_pref("security.csp.enable", true); +/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ +user_pref("security.csp.experimentalEnabled", true); + +/*** 2697: USER AGENT (UA) SPOOFING + Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage + depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the + latest ESR, it still *does* *not* *work*. There are two main reasons for this. + 1. Many of the components that make up your UA can be derived by other means. And when + those values differ, you provide more bits and raise entropy. Examples of leaks include + navigator objects, resource://URIs, locale, feature detection and more. + 2. You are not in a controlled set of significant numbers, where the values are enforced + by default. It works for TBB because for TBB, the spoofed values ARE their default. + * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) + * Values below are for example only based on the current ESR/TBB at the time of writing +***/ +/* 2697a: navigator.userAgent leaks in JS + * [NOTE] Setting this will break any UA spoofing add-on whitelisting ***/ + // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) +/* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time + * down to the second which defeats user agent spoofing and can compromise OS etc + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ + // user_pref("general.buildID.override", "20100101"); // (hidden pref) +/* 2697c: navigator.appName ***/ + //user_pref("general.appname.override", "Netscape"); // (hidden pref) +/* 2697d: navigator.appVersion ***/ + // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) +/* 2697e: navigator.platform leaks in JS ***/ + // user_pref("general.platform.override", "Win32"); // (hidden pref) +/* 2697f: navigator.oscpu leaks in JS ***/ + // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) +/* 2697g: general.useragent.locale (related, see 0204) ***/ + +/*** 2698: FIRST PARTY ISOLATION (FPI) ***/ +/* 2698a: enable first party isolation pref and OriginAttribute (FF51+) + * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ +/* 2698b: isolate favicons (FF52+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ +/* 2698c: isolate OCSP cache (FF52+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ +/* 2698d: isolate Shared Workers (FF52+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ +/* 2698e: isolate SSL session cache (FF52+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ +/* 2698f: isolate media cache (FF53+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ +/* 2698g: isolate HSTS and HPKP (FF54+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ +/* 2698h: isolate HTTP Alternative Services (FF54+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ +/* 2698i: isolate SPDY/HTTP2 (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ +/* 2698j: isolate DNS cache (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ +/* 2698k: isolate blob: URI (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/ + // user_pref("privacy.firstparty.isolate", true); + // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+) + +/*** 2699: TOR UPLIFT: privacy.resistFingerprinting + This preference will be used as a generic switch for a wide range of items. + This section will attempt to list all the ramifications and Mozilla tickets ***/ +/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. + * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + * [NOTE] This will probably make your values pretty unique until you resize or snap the + * inner window width + height into standard/common resolutions (mine is at 1366x768) + * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + * your window size, do some math, resize to allow for all the non inner window elements + * [TEST] http://browserspy.dk/screen.php + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ +/* 2699b: spoof screen orientation + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ +/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ +/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP] + * [NOTE] If override values are too big, the code determines it for you + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 + * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ + // user_pref("privacy.window.maxInnerWidth", 1366); + // user_pref("privacy.window.maxInnerHeight", 768); +/* 2699e: spoof timezone as UTC 0 (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ +/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + * This spoof *shouldn't* affect core chrome/Firefox performance + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ +/* 2699g: reduce precision of time exposed by javascript (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/ +user_pref("privacy.resistFingerprinting", true); // (hidden pref) + +/*** 2700: COOKIES & DOM STORAGE ***/ +user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); +/* 2701: disable cookies on all sites [SETUP] + * You can set exceptions under site permissions or use an extension (eg Cookie Controller) + * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie + * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ +user_pref("network.cookie.cookieBehavior", 2); +/* 2702: set third-party cookies (if enabled, see above pref) to session-only + * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ + * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ +user_pref("network.cookie.thirdparty.sessionOnly", true); +/* 2703: set cookie lifetime policy + * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) + * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ + // user_pref("network.cookie.lifetimePolicy", 0); +/* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ + // user_pref("network.cookie.lifetime.days", 90); +/* 2705: disable dom storage + * [WARNING] This will break a LOT of sites' functionality. + * You are better off using an extension for more granular control ***/ + // user_pref("dom.storage.enabled", false); +/* 2706: disable Storage API + * The API gives sites the ability to find out how much space they can use, how much + * they are already using, and even control whether or not they need to be alerted + * before the user agent disposes of site data in order to make room for other things. + * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager + * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API + * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ +user_pref("dom.storageManager.enabled", false); // (FF51+) +user_pref("browser.storageManager.enabled", false); // (FF53+) +/* 2707: clear localStorage and UUID when a WebExtension is uninstalled + * [NOTE] Both preferences must be the same + * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ +user_pref("extensions.webextensions.keepStorageOnUninstall", false); +user_pref("extensions.webextensions.keepUuidOnUninstall", false); +/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) + * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ +user_pref("network.cookie.leave-secure-alone", true); + +/*** 2800: SHUTDOWN [SETUP] + You should set the values to what suits you best. Be aware that the settings below clear + browsing, download and form history, but not cookies (we expect you to use an extension). + [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the + firefox interface as "Browsing & Download History" and their values will be synced + ***/ +user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); +/* 2802: enable Firefox to clear history items on shutdown + * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ +user_pref("privacy.sanitize.sanitizeOnShutdown", true); +/* 2803: set what history items to clear on shutdown + * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings + * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value + * but if 'history' is false, downloads can still be cleared independently + * However, this may not always be the case. The interface combines and syncs these + * prefs when set from there, and the sanitize code may change at any time ***/ +user_pref("privacy.clearOnShutdown.cache", true); +user_pref("privacy.clearOnShutdown.cookies", false); +user_pref("privacy.clearOnShutdown.downloads", true); // see note above +user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History +user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History +user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data +user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins +user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences +/* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) + * This dialog can also be accessed from the menu History>Clear Recent History + * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog + * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ +user_pref("privacy.cpd.cache", true); +user_pref("privacy.cpd.cookies", false); + // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.cpd.formdata", true); // Form & Search History +user_pref("privacy.cpd.history", true); // Browsing & Download History +user_pref("privacy.cpd.offlineApps", true); // Offline Website Data +user_pref("privacy.cpd.passwords", false); // this is not listed +user_pref("privacy.cpd.sessions", true); // Active Logins +user_pref("privacy.cpd.siteSettings", false); // Site Preferences +/* 2805: privacy.*.openWindows (clear session restore data) (FF34+) + * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts. + * You do not need these anyway if session restore is disabled (see 1020) ***/ + // user_pref("privacy.clearOnShutdown.openWindows", true); + // user_pref("privacy.cpd.openWindows", true); +/* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) + * Firefox remembers your last choice. This will reset the value when you start Firefox. + * 0=everything, 1=last hour, 2=last two hours, 3=last four hours + * 4=today, 5=last five minutes, 6=last twenty-four hours + * [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a + * blank value if they are used, but they do work as advertised ***/ +user_pref("privacy.sanitize.timeSpan", 0); + +/*** 3000: PERSONAL SETTINGS [SETUP] + Settings that are handy to migrate and/or are not in the Options interface. Users + can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ +user_pref("ghacks_user.js.parrot", "3000 syntax error: this is an ex-parrot!"); +/* 3001: disable annoying warnings ***/ +user_pref("general.warnOnAboutConfig", false); +user_pref("browser.tabs.warnOnClose", false); +user_pref("browser.tabs.warnOnCloseOtherTabs", false); +user_pref("browser.tabs.warnOnOpen", false); +/* 3001a: disable warning when a domain requests full screen + * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ + // user_pref("full-screen-api.warning.delay", 0); + // user_pref("full-screen-api.warning.timeout", 0); +/* 3002: disable closing browser with last tab ***/ +user_pref("browser.tabs.closeWindowWithLastTab", false); +/* 3004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ +user_pref("browser.backspace_action", 2); +/* 3005: disable autocopy default (linux) ***/ + // user_pref("clipboard.autocopy", false); +/* 3006: disable enforced add-on signing (FF43+) + * [NOTE] Only applicable to Nightly and ESR (FF48+) + * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ + // user_pref("xpinstall.signatures.required", false); +/* 3007: open new windows in a new tab instead + * 1=current window, 2=new window, 3=most recent window + * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ +user_pref("browser.link.open_newwindow", 3); +/* 3009: enable APZ (Async Pan/Zoom) - requires e10s + * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ + // user_pref("layers.async-pan-zoom.enabled", true); +/* 3010: enable ctrl-tab previews ***/ +user_pref("browser.ctrlTab.previews", true); +/* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner + * and easier to use and move around (eg developers/multi-screen). ***/ +user_pref("view_source.tab", false); +/* 3012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ +user_pref("layout.spellcheckDefault", 1); +/* 3013: disable automatic "Work Offline" status + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 + * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ +user_pref("network.manage-offline-status", false); +/* 3015: disable tab animation, speed things up a little ***/ +user_pref("browser.tabs.animate", false); +/* 3016: disable fullscreeen animation. Test using F11. + * Animation is smother but is annoyingly slow, while no animation can be startling ***/ +user_pref("browser.fullscreen.animate", false); +/* 3017: set submenu delay in milliseconds. 0=instant while a small number allows + * a mouse pass over menu items without any submenus alarmingly shooting out ***/ +user_pref("ui.submenuDelay", 150); // (hidden pref) +/* 3018: set maximum number of daily bookmark backups to keep (default is 15) ***/ +user_pref("browser.bookmarks.max_backups", 2); +/* 3020: control urlbar click behaviour (with defaults) ***/ +user_pref("browser.urlbar.clickSelectsAll", true); +user_pref("browser.urlbar.doubleClickSelectsAll", false); +/* 3021a: control tab behaviours (with defaults) + * open links in a new tab immediately to the right of parent tab, not far right ***/ +user_pref("browser.tabs.insertRelatedAfterCurrent", true); +/* 3021b: switch to the parent tab (if it has one) on close, rather than + * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. + * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ +user_pref("browser.tabs.selectOwnerOnClose", true); +/* 3021c: stay on the parent tab when opening links in a new tab + * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ +user_pref("browser.tabs.loadInBackground", true); +/* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" + * or from an external program), but that have instead been loaded in a new tab. + * true: load the new tab in the background, leaving focus on the current tab + * false: load the new tab in the foreground, taking the focus from the current tab. ***/ +user_pref("browser.tabs.loadDivertedInBackground", false); +/* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ +user_pref("browser.bookmarks.showRecentlyBookmarked", false); +/* 3024: enable "Find As You Type" + * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ + // user_pref("accessibility.typeaheadfind", true); +/* 3025: enable/disable various media types ***/ + // user_pref("media.mp4.enabled", false); + // user_pref("media.flac.enabled", false); // (FF51+) + // user_pref("media.ogg.enabled", false); + // user_pref("media.ogg.flac.enabled", false); // (FF51+) + // user_pref("media.opus.enabled", false); + // user_pref("media.raw.enabled", false); + // user_pref("media.wave.enabled", false); + // user_pref("media.webm.enabled", false); + // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries +/* 3026: disable "Reader View" ***/ + // user_pref("reader.parse-on-load.enabled", false); +/* 3027: decode URLs on copy from the urlbar (FF53+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ +user_pref("browser.urlbar.decodeURLsOnCopy", true); +/* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ + // user_pref("general.autoScroll", false); +/* 3029: disable Firefox Screenshots (FF54+) + * [1] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ + * [2] https://github.com/mozilla-services/screenshots ***/ + // user_pref("extensions.screenshots.system-disabled", true); + +/* END: internal custom pref to test for syntax errors ***/ +user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); + +/*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, + viewer-friendly version of the deprecated bugzilla tickets. To enable a section + change /* FFxx to // FFxx. The original state of each pref has been preserved, + or changed to match the current setup, but you are advised to review them. + [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 +***/ +/* FF42 and older +// 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 +user_pref("pageThumbs.enabled", false); +// 2503: (31+) disable network API - replaced by dom.netinfo.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +user_pref("dom.network.enabled", false); +// 2620: (35+) disable WebSockets + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1091016 +user_pref("network.websocket.enabled", false); +// 1610: (36+) set DNT "value" to "not be tracked" (FF21+) + // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101 + // user_pref("privacy.donottrackheader.value", 1); +// 2023: (37+) disable camera autofocus callback + // The API will be superceded by the WebRTC Capture and Stream API + // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 +user_pref("camera.control.autofocus_moving_callback.enabled", false); +// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475 +user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL +user_pref("browser.safebrowsing.reportGenericURL", ""); // removed +user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL +user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed +user_pref("browser.safebrowsing.reportURL", ""); // removed +// 1804: (41+) disable plugin enumeration + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 +user_pref("plugins.enumerable_names", ""); +// 2614: (41+) disable HTTP2 (draft) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 +user_pref("network.http.spdy.enabled.http2draft", false); +// 2803: (42+) clear passwords on shutdown + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 + // user_pref("privacy.clearOnShutdown.passwords", false); +// 3001a: (42+) disable warning when a domain requests full screen + // replaced by setting full-screen-api.warning.timeout to zero + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017 + // user_pref("full-screen-api.approval-required", false); +// ***/ +/* FF43 +// 0410's: disable safebrowsing urls & updates - replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL + // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL +user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL +// 0420's: disable tracking protection - replaced by various + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL + // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL +// 1803: remove plugin finder service + // [1] http://kb.mozillazine.org/Pfs.datasource.url + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 +user_pref("pfs.datasource.url", ""); +// 3003: disable new search panel UI + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 + // user_pref("browser.search.showOneOffButtons", false); +// ***/ +/* FF44 +// 0414: disable safebrowsing's real-time binary checking (google) (FF43+) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 +user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL +// 1200's: block rc4 whitelist + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 +user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); +// 2301: disable SharedWorkers + // [1] https://bugs.torproject.org/15562 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 +user_pref("dom.workers.sharedWorkers.enabled", false); +// 2403: disable scripts changing images + // [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 + // [WARNING] Will break some sites such as Google Maps and a lot of web apps + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 + // user_pref("dom.disable_image_src_set", true); +// ***/ +/* FF45 +// 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none + // extra session data contains contents of forms, scrollbar positions, cookies and POST data + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379 +user_pref("browser.sessionstore.privacy_level_deferred", 2); +// ***/ +/* FF46 +// 0333a: disable health report + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 +user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) +user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) +// 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522 +user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); +// 0373: disable "Pocket" - replaced by extensions.pocket.* + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 +user_pref("browser.pocket.enabled", false); +user_pref("browser.pocket.api", ""); +user_pref("browser.pocket.site", ""); +user_pref("browser.pocket.oAuthConsumerKey", ""); +// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587 +user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check +// 0420: disable polaris (part of Tracking Protection, never used in stable) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565 + // user_pref("browser.polaris.enabled", false); +// ***/ +/* FF47 +// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry + // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 +user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) +// 0333b: disable about:healthreport page UNIFIED + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 +user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); +// 0807: disable history manipulation + // [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 +user_pref("browser.history.allowPopState", false); +user_pref("browser.history.allowPushState", false); +user_pref("browser.history.allowReplaceState", false); +// ***/ +/* FF48 +// 0806: disable 'unified complete': 'Search with [default search engine]' + // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 +user_pref("browser.urlbar.unifiedcomplete", false); +// ***/ +/* FF49 +// 0372: disable "Hello" + // [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ + // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 +user_pref("loop.enabled", false); +user_pref("loop.server", ""); +user_pref("loop.feedback.formURL", ""); +user_pref("loop.feedback.manualFormURL", ""); +user_pref("loop.facebook.appId", ""); +user_pref("loop.facebook.enabled", false); +user_pref("loop.facebook.fallbackUrl", ""); +user_pref("loop.facebook.shareUrl", ""); +user_pref("loop.logDomains", false); +// 2202: disable new window scrollbars being hidden + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1257887 +user_pref("dom.disable_window_open_feature.scrollbars", true); +// 2303: disable push notification (UDP wake-up) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1265914 +user_pref("dom.push.udp.wakeupEnabled", false); +// ***/ +/* FF50 +// 0101: disable Windows10 intro on startup [WINDOWS] + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633 +user_pref("browser.usedOnWindows10.introURL", ""); +// 0308: disable plugin update notifications + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 +user_pref("plugins.update.notifyUser", false); +// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 + // user_pref("browser.safebrowsing.enabled", false); +// 1266: disable rc4 ciphers + // [1] https://trac.torproject.org/projects/tor/ticket/17369 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 + // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ +user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); +user_pref("security.ssl3.rsa_rc4_128_md5", false); +user_pref("security.ssl3.rsa_rc4_128_sha", false); +// 1809: remove Mozilla's plugin update URL + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 +user_pref("plugins.update.url", ""); +// ***/ +/* FF51 +// 1851: delay play of videos until they're visible + // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053 +user_pref("media.block-play-until-visible", true); +// 2504: disable virtual reality devices + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244 +user_pref("dom.vr.oculus050.enabled", false); +// 2614: disable SPDY + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 +user_pref("network.http.spdy.enabled.v3-1", false); +// ***/ +/* FF52 +// 1601: disable referer from an SSL Website + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 +user_pref("network.http.sendSecureXSiteReferrer", false); +// 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) + // [1] https://trac.torproject.org/projects/tor/ticket/16285 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329538 // FF52 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1337121 // FF52 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329543 // FF53 +user_pref("media.gmp-eme-adobe.enabled", false); +user_pref("media.gmp-eme-adobe.visible", false); +user_pref("media.gmp-eme-adobe.autoupdate", false); +// 2405: disable WebTelephony API + // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719 +user_pref("dom.telephony.enabled", false); +// 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that + // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. + // eg: do you have a battery or not, current charging status, charge level, times remaining etc + // [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + // [3] https://www.w3.org/TR/battery-status/ + // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online + // [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 +user_pref("dom.battery.enabled", false); +// ***/ +/* FF53 +// 1265: block rc4 fallback + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670 +user_pref("security.tls.unrestricted_rc4_fallback", false); +// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317109 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317110 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317108 +user_pref("plugin.scan.Acrobat", "99999"); +user_pref("plugin.scan.Quicktime", "99999"); +user_pref("plugin.scan.WindowsMediaPlayer", "99999"); +// 2022: disable screensharing + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329562 +user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); +// 2507: disable keyboard fingerprinting + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 +user_pref("dom.beforeAfterKeyboardEvent.enabled", false); +// ***/ +/* FF54 +// 0415: disable reporting URLs (safe browsing) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633 +user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); +user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); +// 1830: block websites detecting DRM is disabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321 +user_pref("media.eme.apiVisible", false); +// 2425: disable Archive Reader API + // i.e reading archive contents directly in the browser, through DOM file objects + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 +user_pref("dom.archivereader.enabled", false); +// ***/ From 5e0f37c9259cf05ab3e479c7872d741e6d01ee83 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jun 2017 03:05:51 +1200 Subject: [PATCH 0252/1961] 2698 revamp #143 & FPI=>active --- user.js | 54 +++++++++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 0ffa575..5215906 100644 --- a/user.js +++ b/user.js @@ -1394,32 +1394,36 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 2697g: general.useragent.locale (related, see 0204) ***/ -/*** 2698: FIRST PARTY ISOLATION (FPI) ***/ -/* 2698a: enable first party isolation pref and OriginAttribute (FF51+) - * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected +/*** 2698: FIRST PARTY ISOLATION (FPI) + ** isolate favicons (FF52+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 + ** isolate OCSP cache (FF52+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 + ** isolate Shared Workers (FF52+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 + ** isolate SSL session cache (FF52+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 + ** isolate media cache (FF53+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 + ** isolate HSTS and HPKP (FF54+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 + ** isolate HTTP Alternative Services (FF54+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 + ** isolate SPDY/HTTP2 (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 + ** isolate DNS cache (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 + ** isolate blob: URI (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 +***/ +/* 2698a: enable First Party Isolation and Origin Attributes (FF51+) + * [WARNING] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ -/* 2698b: isolate favicons (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/ -/* 2698c: isolate OCSP cache (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/ -/* 2698d: isolate Shared Workers (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/ -/* 2698e: isolate SSL session cache (FF52+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/ -/* 2698f: isolate media cache (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/ -/* 2698g: isolate HSTS and HPKP (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/ -/* 2698h: isolate HTTP Alternative Services (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/ -/* 2698i: isolate SPDY/HTTP2 (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/ -/* 2698j: isolate DNS cache (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/ -/* 2698k: isolate blob: URI (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/ - // user_pref("privacy.firstparty.isolate", true); - // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+) +user_pref("privacy.firstparty.isolate", true); +/* 2698b: enforce FPI restriction across window.opener (FF54+) + * [NOTE] Setting this to false may reduce the breakage in 2698a + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ +user_pref("privacy.firstparty.isolate.restrict_opener_access", true); /*** 2699: TOR UPLIFT: privacy.resistFingerprinting This preference will be used as a generic switch for a wide range of items. From 907e0aaa24154cf94e8ea9734e9d1110281c5a56 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jun 2017 03:25:31 +1200 Subject: [PATCH 0253/1961] 1408: graphite: update & add ref --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 5215906..bbf39f5 100644 --- a/user.js +++ b/user.js @@ -766,7 +766,8 @@ user_pref("layout.css.font-loading-api.enabled", false); * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default - * In the past it had security issues - need citation ***/ + * In the past it had security issues. Update: This continues to be the case, see [1] + * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. From 319db71e82d703eaf9c22c72fd3555cd3111fbaf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jun 2017 03:56:15 +1200 Subject: [PATCH 0254/1961] nits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index bbf39f5..61fec8e 100644 --- a/user.js +++ b/user.js @@ -1135,7 +1135,7 @@ user_pref("dom.vr.openvr.enabled", false); // (FF51+) * [1] https://wiki.mozilla.org/Media/getUserMedia * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); -/* 2506: disable video statistics - JS performance fingerprinting +/* 2506: disable video statistics - JS performance fingerprinting (FF25+) * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/ user_pref("media.video_stats.enabled", false); /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) @@ -1417,11 +1417,11 @@ user_pref("security.csp.experimentalEnabled", true); ** isolate blob: URI (FF55+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/ -/* 2698a: enable First Party Isolation and Origin Attributes (FF51+) +/* 2698a: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ user_pref("privacy.firstparty.isolate", true); -/* 2698b: enforce FPI restriction across window.opener (FF54+) +/* 2698b: enforce FPI restriction when accessing window.opener (FF54+) * [NOTE] Setting this to false may reduce the breakage in 2698a * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); From 8cdc6e766cf4659c2df210c910b31649732719d7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jun 2017 10:47:11 +1200 Subject: [PATCH 0255/1961] 2699 revamp #143 --- user.js | 57 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/user.js b/user.js index 61fec8e..18d29d3 100644 --- a/user.js +++ b/user.js @@ -1421,42 +1421,47 @@ user_pref("security.csp.experimentalEnabled", true); * [WARNING] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ user_pref("privacy.firstparty.isolate", true); -/* 2698b: enforce FPI restriction when accessing window.opener (FF54+) +/* 2698b: enforce FPI restriction for window.opener (FF54+) * [NOTE] Setting this to false may reduce the breakage in 2698a * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); -/*** 2699: TOR UPLIFT: privacy.resistFingerprinting - This preference will be used as a generic switch for a wide range of items. - This section will attempt to list all the ramifications and Mozilla tickets ***/ -/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info. - * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - * [NOTE] This will probably make your values pretty unique until you resize or snap the - * inner window width + height into standard/common resolutions (mine is at 1366x768) - * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - * your window size, do some math, resize to allow for all the non inner window elements - * [TEST] http://browserspy.dk/screen.php +/*** 2699: privacy.resistFingerprinting + This master switch will be used for a wide range of items, + many of which will **override** existing prefs from FF55+ + ** limit window.screen & CSS media queries leaking identifiable info (FF41+) + [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + [NOTE] This will probably make your values pretty unique until you resize or snap the + inner window width + height into standard/common resolutions (such as 1366x768) + To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + your window size, do some math, resize to allow for all the non inner window elements + [TEST] http://browserspy.dk/screen.php + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 + ** spoof screen orientation (FF50+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 + ** hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 + ** spoof timezone as UTC 0 (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 + ** spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + This spoof *shouldn't* affect core chrome/Firefox performance + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 + ** reduce precision of time exposed by javascript (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 + ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303 +***/ +/* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ -/* 2699b: spoof screen orientation - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/ -/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/ -/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP] +user_pref("privacy.resistFingerprinting", true); +/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP] * [NOTE] If override values are too big, the code determines it for you * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ // user_pref("privacy.window.maxInnerWidth", 1366); // user_pref("privacy.window.maxInnerHeight", 768); -/* 2699e: spoof timezone as UTC 0 (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/ -/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) - * This spoof *shouldn't* affect core chrome/Firefox performance - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/ -/* 2699g: reduce precision of time exposed by javascript (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/ -user_pref("privacy.resistFingerprinting", true); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); From 791b4114c6c81d4845984742cbdf1b580cbbb5bd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2017 17:15:56 +1200 Subject: [PATCH 0256/1961] 2699: spoof Navigator API https://reviewboard.mozilla.org/r/147474/diff/4#index_header I would have thought rounding DOWN to the nearest multiple of 10 would be better. Imagine being on FF61 and claiming to be 70 = might cause site issues --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 18d29d3..34d8d9b 100644 --- a/user.js +++ b/user.js @@ -1452,6 +1452,9 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303 + ** spoof Navigator API (see section 2697) (FF56+) + The version number will be rounded to the "nearest" multiple of 10 + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From fba479944d23f8fd6673d2c51ad1a58ebfeaf79a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2017 17:17:15 +1200 Subject: [PATCH 0257/1961] spacing nit --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 34d8d9b..8ac473f 100644 --- a/user.js +++ b/user.js @@ -1453,8 +1453,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303 ** spoof Navigator API (see section 2697) (FF56+) - The version number will be rounded to the "nearest" multiple of 10 - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 + The version number will be rounded to the "nearest" multiple of 10 + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From da1b9054ad79dd89f94ed411e2cdf487b4f3facf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2017 18:31:00 +1200 Subject: [PATCH 0258/1961] 2629: fix ref source --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8ac473f..60b70fc 100644 --- a/user.js +++ b/user.js @@ -1303,8 +1303,8 @@ user_pref("general.useragent.compatMode.firefox", false); /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); -/* 2629: disable remote JAR files being opened, regardless of content type - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/ +/* 2629: disable remote JAR files being opened, regardless of content type (FF42+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/ user_pref("network.jar.block-remote-files", true); /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) From 0176d8676c16238c89c1e0fad9c8af23d07c0d0a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2017 18:37:27 +1200 Subject: [PATCH 0259/1961] 2698: isolate data://, about: --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 60b70fc..a66cd8c 100644 --- a/user.js +++ b/user.js @@ -1416,6 +1416,8 @@ user_pref("security.csp.experimentalEnabled", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ** isolate blob: URI (FF55+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 + ** isolate data://, about: URLs (FF55+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1300671 ***/ /* 2698a: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected From 6ef86fbde60b5349cab07d55181500a25973704d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 22 Jun 2017 05:37:47 +1200 Subject: [PATCH 0260/1961] 0209 FF version fix, 2699a hidden pref info I removed the "(hidden pref)" info when we revamped 2699, as it will no longer be hidden. In hindsight, that info needs to stay (we haven't archived off end-of-life 54, and it's good information for backwards compatibility). --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a66cd8c..b39adcb 100644 --- a/user.js +++ b/user.js @@ -94,7 +94,7 @@ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) -/* 0209: disable geolocation on non-secure origins (FF55+) +/* 0209: disable geolocation on non-secure origins (FF54+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ user_pref("geo.security.allowinsecure", false); @@ -1460,7 +1460,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ -user_pref("privacy.resistFingerprinting", true); +user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) /* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP] * [NOTE] If override values are too big, the code determines it for you * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 From 6b7032ccaf12733c40a764a12f6f464bc92a2fe7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 29 Jun 2017 04:48:56 +1200 Subject: [PATCH 0261/1961] 2699: device sensor API --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index b39adcb..55356f0 100644 --- a/user.js +++ b/user.js @@ -1457,6 +1457,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** spoof Navigator API (see section 2697) (FF56+) The version number will be rounded to the "nearest" multiple of 10 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 + ** disable device sensor API (see 2512) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From ac77e65d82598f623cb681c4630907af2bcd41a3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 30 Jun 2017 03:09:19 +1200 Subject: [PATCH 0262/1961] 2699: site specific zoom --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 55356f0..1dda946 100644 --- a/user.js +++ b/user.js @@ -1459,6 +1459,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 ** disable device sensor API (see 2512) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319 + ** disable site specific zoom (see 2515) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From d1306aee26e9c24590327974eed8da9961b21764 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 30 Jun 2017 03:10:39 +1200 Subject: [PATCH 0263/1961] 2699: gamepad API --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 1dda946..8119a9c 100644 --- a/user.js +++ b/user.js @@ -1461,6 +1461,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319 ** disable site specific zoom (see 2515) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357 + ** disable gamepad API (see 2501) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 32327e15c10eb7f27e33b177da20f5d5029d64ee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 1 Jul 2017 03:05:45 +1200 Subject: [PATCH 0264/1961] 2699: spoof network info API --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 8119a9c..532650f 100644 --- a/user.js +++ b/user.js @@ -1463,6 +1463,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357 ** disable gamepad API (see 2501) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161 + ** spoof network information API as "unknown" (see 2503) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From ba787026866767afda6c44a05cb950920eafa69a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Jul 2017 19:03:36 +1200 Subject: [PATCH 0265/1961] 1610 DNT & 0420 TP clarify conflicts #163 --- user.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 532650f..55dc137 100644 --- a/user.js +++ b/user.js @@ -294,10 +294,11 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ /* 0420: enable Tracking Protection in all windows + * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ -user_pref("privacy.trackingprotection.pbmode.enabled", true); -user_pref("privacy.trackingprotection.enabled", true); + // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default false + // user_pref("privacy.trackingprotection.enabled", true); // default true /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); @@ -826,8 +827,12 @@ user_pref("network.http.referer.userControlPolicy", 3); * TBB (Tor Browser Bundle) which is specifically designed for the dark web * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); -/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy) - * [SETTING] Options>Privacy>Tracking>Request that sites not track you +/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS + * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined. + * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy. + * Sending a DNT header *highly likely* raises entropy, especially in standard windows. + * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings + * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (eg in default PB Mode) * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); From b55a986d5221319e9574587109fb05b463765b92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jul 2017 00:09:54 +1200 Subject: [PATCH 0266/1961] 1210's: OCSP add reference --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 55dc137..1d48310 100644 --- a/user.js +++ b/user.js @@ -633,7 +633,8 @@ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); -/** OCSP (Online Certificate Status Protocol) ***/ +/** OCSP (Online Certificate Status Protocol) + #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ /* 1210: enable OCSP Stapling * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); From 6348826519ad139d72a5fee90f1c7f695b94ccb4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Jul 2017 05:12:52 +1200 Subject: [PATCH 0267/1961] 1212: turn on OCSP --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 1d48310..8b65eec 100644 --- a/user.js +++ b/user.js @@ -647,10 +647,9 @@ user_pref("security.ssl.enable_ocsp_stapling", true); user_pref("security.OCSP.enabled", 1); /* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently * continues the connection. With OCSP revocation, Firefox terminates the connection instead. - * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some - * site breakage. Some users have previously mentioned issues with youtube, microsoft etc + * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ - // user_pref("security.OCSP.require", true); +user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) * 0=disable detecting Family Safety mode and importing the root From e01858308281ac3fa8061d0b0b039e0835999fda Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Jul 2017 05:24:33 +1200 Subject: [PATCH 0268/1961] 2701: cookies & 3rd party info #159 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 8b65eec..cfc8f40 100644 --- a/user.js +++ b/user.js @@ -1486,7 +1486,9 @@ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the b /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension (eg Cookie Controller) * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie - * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/ + * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites + * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache + * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 2); /* 2702: set third-party cookies (if enabled, see above pref) to session-only * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ From 4d31983e06974eb92e0b9fdcb98813688be2d32b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Jul 2017 22:58:57 +1200 Subject: [PATCH 0269/1961] 0420: TP fixup default values --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index cfc8f40..7625621 100644 --- a/user.js +++ b/user.js @@ -297,8 +297,8 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default false - // user_pref("privacy.trackingprotection.enabled", true); // default true + // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true + // user_pref("privacy.trackingprotection.enabled", true); // default false /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); From 8b0bc463c5de6e39a8756df6a2a770aae4e6adec Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 9 Jul 2017 17:58:05 +0200 Subject: [PATCH 0270/1961] 2001: link update www.privacytools.io redirects to https://privacytoolsio.github.io/privacytools.io/ and in the process drops the anchor info (#webrtc) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7625621..30a108a 100644 --- a/user.js +++ b/user.js @@ -899,7 +899,7 @@ user_pref("media.gmp-manager.url", "data:text/plain,"); /*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * [1] https://www.privacytools.io/#webrtc ***/ + * [1] https://privacytoolsio.github.io/privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.use_document_iceservers", false); user_pref("media.peerconnection.video.enabled", false); From b24dd123d099457b20ff34e66dba952faa34f9ec Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 9 Jul 2017 18:49:39 +0200 Subject: [PATCH 0271/1961] update ghacks.net links to use https --- user.js | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/user.js b/user.js index 30a108a..c53f187 100644 --- a/user.js +++ b/user.js @@ -215,7 +215,7 @@ user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // (hidden pref) /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers * [1] https://wiki.mozilla.org/FlyWeb - * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ + * [2] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION @@ -307,7 +307,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) - * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ + * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ @@ -320,7 +320,7 @@ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching - * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ + * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) @@ -335,7 +335,7 @@ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) /* 0605: disable link-mouseover opening connection to linked server * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ + * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: disable pings (but enforce same host in case) * [1] http://kb.mozillazine.org/Browser.send_pings @@ -343,7 +343,7 @@ user_pref("network.http.speculative-parallel-limit", 0); user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); /* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] - * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ + * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); @@ -419,7 +419,7 @@ user_pref("browser.urlbar.suggest.openpage", false); user_pref("browser.urlbar.autoFill", false); user_pref("browser.urlbar.autoFill.typed", false); /* 0850e: disable location bar one-off searches (FF51+) - * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ + * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history @@ -568,7 +568,7 @@ user_pref("alerts.showFavicons", false); // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) // user_pref("extensions.e10sBlocksEnabling", false); /* 1102: control number of content rendering processes - * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ + * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) @@ -576,7 +576,7 @@ user_pref("alerts.showFavicons", false); // user_pref("extensions.webextensions.remote", true); /* 1104: enforce separate content process for file://URLs (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ + * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ // user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); @@ -585,7 +585,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox - * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ + * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ // user_pref("security.sandbox.content.level", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); @@ -869,7 +869,7 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config * [NOTE] You can still over-ride individual sites eg youtube via site permissions - * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ + * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ user_pref("security.xpconnect.plugin.unrestricted", false); @@ -943,7 +943,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2023: disable camera stuff ***/ user_pref("camera.control.face_detection.enabled", false); /* 2024: enable/disable MSE (Media Source Extensions) - * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ + * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ user_pref("media.mediasource.enabled", true); user_pref("media.mediasource.mp4.enabled", true); user_pref("media.mediasource.webm.audio.enabled", true); @@ -961,7 +961,7 @@ user_pref("gfx.offscreencanvas.enabled", false); * [WARNING] This may break video playback on various sites ***/ user_pref("media.autoplay.enabled", false); /* 2031: disable audio auto-play in non-active tabs (FF51+) - * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ + * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING @@ -1047,7 +1047,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e you have to interact with * the website for it to look at the clipboard - * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ + * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) * this disables document.execCommand("cut"/"copy") to protect your clipboard @@ -1327,7 +1327,7 @@ user_pref("device.storage.enabled", false); /* 2665: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2666: disable HTTP Alternative Services - * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ + * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 2667: disable various developer tools in browser context @@ -1601,7 +1601,7 @@ user_pref("browser.backspace_action", 2); * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); /* 3009: enable APZ (Async Pan/Zoom) - requires e10s - * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ + * [1] https://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ // user_pref("layers.async-pan-zoom.enabled", true); /* 3010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); From 063b731054ec73174d85083ba2f88dd4dcebc2b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 05:52:44 +1200 Subject: [PATCH 0272/1961] nits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c53f187..c08a476 100644 --- a/user.js +++ b/user.js @@ -1123,7 +1123,7 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off /* 2501: disable gamepad API - USB device ID enumeration * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ user_pref("dom.gamepad.enabled", false); -/* 2503: disable giving away network info +/* 2503: disable giving away network info (FF31+) * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API * [2] https://wicg.github.io/netinfo/ @@ -1337,7 +1337,7 @@ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories * [WARNING] This will break add-ons that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [2] archived: http://archive.is/DYjAM ***/ + * [1] archived: http://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); /* 2669: remove paths when sending URLs to PAC scripts (FF51+) From c864c8ebb06c97a895515bdcdf9127b95beefea2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 06:22:52 +1200 Subject: [PATCH 0273/1961] 1202: TLS min raised to 1.2 #167 --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c08a476..a70e297 100644 --- a/user.js +++ b/user.js @@ -615,9 +615,12 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); // user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc - * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call. + * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 + * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error temporarily + * set a lower value for 'security.tls.version.min' in about:config * [1] http://kb.mozillazine.org/Security.tls.version.* - * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/ + * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ + * [2] archived: https://archive.is/hY2Mm ***/ // user_pref("security.tls.version.min", 2); user_pref("security.tls.version.fallback-limit", 3); user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 From 132e0fa503447399ccfab100f5c8aab97e34fdc2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 06:26:55 +1200 Subject: [PATCH 0274/1961] 1202: aaaaaaand actually change the pref this time --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index a70e297..49661cc 100644 --- a/user.js +++ b/user.js @@ -621,7 +621,7 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ - // user_pref("security.tls.version.min", 2); +user_pref("security.tls.version.min", 3); user_pref("security.tls.version.fallback-limit", 3); user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1203: disable SSL session tracking (FF36+) From 4a0074d1ab4cd9d74231cb7e6a457b533b732250 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 06:47:23 +1200 Subject: [PATCH 0275/1961] start 55 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 49661cc..314e389 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 14 June 2017 -* version 54: Pantsthumping -* "I get pulled down, but I get up again, you're never gonna keep me down" +* version 55-beta: There Must Be an Angel [Playing with My Pants] +* "I walk into an empty room, and suddenly my pants go boom" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 1ed4c45051a1b8f3b051ce6e80becfd6d96c8821 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 06:47:57 +1200 Subject: [PATCH 0276/1961] 55-beta date --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 314e389..a43cf9f 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: ghacks user.js -* date: 14 June 2017 +* date: 09 July 2017 * version 55-beta: There Must Be an Angel [Playing with My Pants] * "I walk into an empty room, and suddenly my pants go boom" * authors: v52+ github | v51- www.ghacks.net From 40a62aa38dcf85ed7dfbf2237fb9ce7d55d99cde Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 07:33:56 +1200 Subject: [PATCH 0277/1961] 2415b: FF55+ pointerup added to default --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index a43cf9f..adc02c2 100644 --- a/user.js +++ b/user.js @@ -1077,7 +1077,7 @@ user_pref("dom.vibrator.enabled", false); /* 2415: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); /* 2415b: limit events that can cause a popup - * default is "change click dblclick mouseup notificationclick reset submit touchend" + * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); /* 2416: disable idle observation ***/ From 35fd208af9ef91b0be93bab498543ed12492aaff Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2017 11:39:30 +1200 Subject: [PATCH 0278/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd523c5..54ed5f5 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ INFORMATION IS POWER. So you can make informed decisions to better protect yours * Accessible (provide information and simpler, less-technical descriptions if possible) * Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice) * Change trackable (yay! we're on github now, with commits) -* Compatible (including a deprecated section, [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) +* Compatible (including a [deprecated section](https://github.com/ghacksuserjs/ghacks-user.js/issues/123), [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) * Comprehensive (including enforcing defaults and future-proofing) * Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) From 54cf998f789fe76882d4f3eba612b04961efd19b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Jul 2017 20:34:34 +1200 Subject: [PATCH 0279/1961] 2300: add notifications ref --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index adc02c2..de05a10 100644 --- a/user.js +++ b/user.js @@ -1016,6 +1016,7 @@ user_pref("dom.disable_beforeunload", true); [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker + [6] Notifications: https://support.mozilla.org/en-US/questions/1165867#answer-981820 ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2301: disable workers From 7d89436f27f3a35a43912203b7993ad98b444206 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Jul 2017 04:39:31 +1200 Subject: [PATCH 0280/1961] 1003: add `browser.cache.memory.capacity` #169 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index de05a10..b624c98 100644 --- a/user.js +++ b/user.js @@ -501,6 +501,7 @@ user_pref("browser.cache.disk_cache_ssl", false); /* 1003: disable memory cache * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); + // user_pref("browser.cache.memory.capacity", 0); // (hidden pref) /* 1004: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); /* 1005: disable fastback cache From 34d0054d9569a712238f24c7f7c7ed2251c813b4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Jul 2017 02:20:40 +1200 Subject: [PATCH 0281/1961] tweak readme section --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b624c98..3a6aaa1 100644 --- a/user.js +++ b/user.js @@ -19,6 +19,7 @@ 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) * Some user data is erased (section 2800), namely history (browsing, form, download) + * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting and these need to be balanced against Functionality & Convenience & Breakage @@ -26,8 +27,8 @@ - Search this file for the "[SETUP]" tag to find SOME common items you could check before using to avoid unexpected surprises - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues - 4. BACKUP BACKUP BACKUP your profile folder before implementing (and/or test in a new profile) - 5. Did you do a BACKUP? + 4. BACKUP your profile folder before implementing (and/or test in a new profile) + 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Keeping-Up-To-Date ******/ From 3cdc4a93d77200613ec701ca93e025c23431fdbf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Jul 2017 19:37:27 +1200 Subject: [PATCH 0282/1961] 2699: disable geolocation API --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3a6aaa1..de68054 100644 --- a/user.js +++ b/user.js @@ -27,7 +27,7 @@ - Search this file for the "[SETUP]" tag to find SOME common items you could check before using to avoid unexpected surprises - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues - 4. BACKUP your profile folder before implementing (and/or test in a new profile) + 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Keeping-Up-To-Date ******/ @@ -1476,6 +1476,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161 ** spoof network information API as "unknown" (see 2503) (FF56+) [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072 + ** disable geolocation API (see 0201) (FF56+) + [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372069 ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From b6567f3de97562594b935af7a794dd0cf54883eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 19 Jul 2017 05:35:00 +1200 Subject: [PATCH 0283/1961] miscellaneous Add missing parrot for 1100s, replace parrot for 1700 with a unique euphemism, a readme tweak (so it's technically correct), and deprecated pocket number change in prep for new system add-on section --- user.js | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index de68054..3578796 100644 --- a/user.js +++ b/user.js @@ -18,7 +18,7 @@ * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) - * Some user data is erased (section 2800), namely history (browsing, form, download) + * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting @@ -563,6 +563,7 @@ user_pref("alerts.showFavicons", false); - any add-ons are missing the 'multiprocessCompatible' flag, then they *might* be disabled (FF53+) [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ ***/ +user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the farm!"); /* 1101: start the browser in e10s mode (FF48+) * about:support>Application Basics>Multiprocess Windows ***/ // user_pref("browser.tabs.remote.autostart", true); @@ -846,7 +847,7 @@ user_pref("privacy.donottrackheader.enabled", false); [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [3] https://github.com/mozilla/testpilot-containers ***/ -user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot rests in peace!"); +user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); @@ -1776,18 +1777,18 @@ user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) // 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -// 0373: disable "Pocket" - replaced by extensions.pocket.* - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 -user_pref("browser.pocket.enabled", false); -user_pref("browser.pocket.api", ""); -user_pref("browser.pocket.site", ""); -user_pref("browser.pocket.oAuthConsumerKey", ""); // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587 user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check // 0420: disable polaris (part of Tracking Protection, never used in stable) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565 // user_pref("browser.polaris.enabled", false); +// 0510: disable "Pocket" - replaced by extensions.pocket.* + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 +user_pref("browser.pocket.enabled", false); +user_pref("browser.pocket.api", ""); +user_pref("browser.pocket.site", ""); +user_pref("browser.pocket.oAuthConsumerKey", ""); // ***/ /* FF47 // 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry From 71c81992f5607609746015e9f48661fed4cc45c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 19 Jul 2017 05:55:03 +1200 Subject: [PATCH 0284/1961] add 0500s system add-ons / experiments #172 new items will have their own commits --- user.js | 56 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index 3578796..fff97fd 100644 --- a/user.js +++ b/user.js @@ -170,14 +170,6 @@ user_pref("toolkit.telemetry.cachedClientID", ""); * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ user_pref("browser.selfsupport.enabled", false); // (hidden pref) user_pref("browser.selfsupport.url", ""); -/* 0340: disable experiments - * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("experiments.supported", false); -user_pref("experiments.activeExperiment", false); -/* 0341: disable Mozilla permission to silently opt you into tests ***/ -user_pref("network.allow-experiments", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ @@ -191,20 +183,10 @@ user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -/* 0361: disable Activity Stream (system addon) (FF54+) - * [1] https://wiki.mozilla.org/Firefox/Activity_Stream ***/ -user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); -/* 0373: disable "Pocket" (third party "save for later" service) & remove urls for good measure - * [NOTE] Important: Remove the pocket icon from your toolbar first - * [1] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ -user_pref("extensions.pocket.enabled", false); -user_pref("extensions.pocket.api", ""); -user_pref("extensions.pocket.site", ""); -user_pref("extensions.pocket.oAuthConsumerKey", ""); /* 0374: disable "social" integration * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ user_pref("social.whitelist", ""); @@ -214,10 +196,6 @@ user_pref("social.remote-install.enabled", false); user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // (hidden pref) -/* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers - * [1] https://wiki.mozilla.org/FlyWeb - * [2] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ -user_pref("dom.flyweb.enabled", false); /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness @@ -315,6 +293,40 @@ user_pref("privacy.trackingprotection.ui.enabled", true); // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); +/*** 0500: SYSTEM ADD-ONS / EXPERIMENTS + System add-ons are a method for shipping extensions, considered to be + built-in features to Firefox, that are hidden from the about:addons UI. + To view your system add-ons go to about:support, they are listed under "Features" + [1] https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html + [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions +***/ +user_pref("ghacks_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); +/* 0501: disable experiments + * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ +user_pref("experiments.enabled", false); +user_pref("experiments.manifest.uri", ""); +user_pref("experiments.supported", false); +user_pref("experiments.activeExperiment", false); +/* 0502: disable Mozilla permission to silently opt you into tests ***/ +user_pref("network.allow-experiments", false); +/* 0510: disable Pocket (FF39+) + * Pocket is a third party (now owned by Mozilla) "save for later" cloud service + * [1] https://en.wikipedia.org/wiki/Pocket_(application) + * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ +user_pref("extensions.pocket.enabled", false); +/* 0511: disable FlyWeb (FF49+) + * Flyweb is a set of APIs for advertising and discovering local-area web servers + * [1] https://flyweb.github.io/ + * [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios + * [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ +user_pref("dom.flyweb.enabled", false); +/* 0513: disable Activity Stream (FF54+) + * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, + * and includes telemetry as well as web content such as snippets and "spotlight" + * [1] https://wiki.mozilla.org/Firefox/Activity_Stream + * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ +user_pref("browser.newtabpage.activity-stream.enabled", false); + /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching From bcf38ca80b0728d919ee87aecbe41b30d9bb8aef Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 19 Jul 2017 06:00:34 +1200 Subject: [PATCH 0285/1961] 0512: disable Shield system add-on #171 --- user.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/user.js b/user.js index fff97fd..b1e2bb0 100644 --- a/user.js +++ b/user.js @@ -320,6 +320,12 @@ user_pref("extensions.pocket.enabled", false); * [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios * [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ user_pref("dom.flyweb.enabled", false); +/* 0512: disable Shield (FF53+) + * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" + * [1] https://wiki.mozilla.org/Firefox/Shield + * [2] https://github.com/mozilla/normandy ***/ +user_pref("extensions.shield-recipe-client.enabled", false); +user_pref("extensions.shield-recipe-client.api_url", ""); /* 0513: disable Activity Stream (FF54+) * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, * and includes telemetry as well as web content such as snippets and "spotlight" From 4e36051192b2ee20c0fc5a26473e8fc6f6f7b802 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Jul 2017 18:14:05 +1200 Subject: [PATCH 0286/1961] 0515: disable Onboarding --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index b1e2bb0..dfc1d96 100644 --- a/user.js +++ b/user.js @@ -332,6 +332,11 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); +/* 0515: disable Onboarding (FF55+) + * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time + * about:home or about:newtab is opened, the onboarding overlay is injected into that page + * [1] https://wiki.mozilla.org/Firefox/Onboarding ***/ +user_pref("browser.onboarding.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 16499e961100e750751fa9187e2b72174f736063 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Jul 2017 18:18:47 +1200 Subject: [PATCH 0287/1961] 0516: Screenshots #171 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index dfc1d96..11dcdab 100644 --- a/user.js +++ b/user.js @@ -337,6 +337,10 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); * about:home or about:newtab is opened, the onboarding overlay is injected into that page * [1] https://wiki.mozilla.org/Firefox/Onboarding ***/ user_pref("browser.onboarding.enabled", false); +/* 0516: disable Screenshots (FF55+) + * [1] https://github.com/mozilla-services/screenshots + * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ + // user_pref("extensions.screenshots.disabled", true); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 049841acb13f88dcc06fd5eef3ead4019000a346 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Jul 2017 18:23:14 +1200 Subject: [PATCH 0288/1961] 0518: disable Web Compatibility Reporter #171 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 11dcdab..dc0ff04 100644 --- a/user.js +++ b/user.js @@ -341,6 +341,9 @@ user_pref("browser.onboarding.enabled", false); * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ // user_pref("extensions.screenshots.disabled", true); +/* 0518: disable Web Compatibility Reporter (FF56+) + * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ +user_pref("extensions.webcompat-reporter.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 989a5816b1d4fbbdb5dd78fc193804f8a8e86d56 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 22 Jul 2017 04:14:51 +1200 Subject: [PATCH 0289/1961] indexedDB #173 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index dc0ff04..49a3cb8 100644 --- a/user.js +++ b/user.js @@ -1091,9 +1091,6 @@ user_pref("dom.event.clipboardevents.enabled", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently - * This setting WAS under about:permissions>All Sites>Maintain Offline Storage - * [NOTE] about:permissions is no longer available since FF46 but you can still override - * individual domains: use info icon in urlbar etc or right click on a web page>view page info * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES * break a lot of sites' functionality. Applies to websites, add-ons and session data. * [1] https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ ***/ From 0eb7a927e6d46978bbdaa46af6d62d95b2e02156 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 23 Jul 2017 03:11:56 +1200 Subject: [PATCH 0290/1961] 0810: disable speculative connects #175 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 49a3cb8..019504d 100644 --- a/user.js +++ b/user.js @@ -427,6 +427,9 @@ user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0809: disable location bar suggesting "preloaded" top websites (FF54+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); +/* 08010: disable location bar making speculative connections (FF56+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/ +user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar autocomplete [controlled by 0850b] // user_pref("browser.urlbar.autocomplete.enabled", false); /* 0850b: disable location bar suggestion types [controls 0850a] From dc955fb846fa2ede4a64b06c656c34f63add3003 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 23 Jul 2017 04:02:33 +1200 Subject: [PATCH 0291/1961] renumber 0513 to 0514 in order to keep system add-ons in order of first appearance --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 019504d..7e6a034 100644 --- a/user.js +++ b/user.js @@ -326,7 +326,7 @@ user_pref("dom.flyweb.enabled", false); * [2] https://github.com/mozilla/normandy ***/ user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); -/* 0513: disable Activity Stream (FF54+) +/* 0514: disable Activity Stream (FF54+) * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, * and includes telemetry as well as web content such as snippets and "spotlight" * [1] https://wiki.mozilla.org/Firefox/Activity_Stream From 0bf6323e6f91614c8de2ebaf851e3e14d9bb5683 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 22 Jul 2017 22:25:07 +0200 Subject: [PATCH 0292/1961] typo + fix comment thanks @Forsaked --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7e6a034..17e930f 100644 --- a/user.js +++ b/user.js @@ -427,10 +427,10 @@ user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0809: disable location bar suggesting "preloaded" top websites (FF54+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); -/* 08010: disable location bar making speculative connections (FF56+) +/* 0810: disable location bar making speculative connections (FF56+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0850a: disable location bar autocomplete [controlled by 0850b] +/* 0850a: disable location bar autocomplete [controlled by 0850b] ***/ // user_pref("browser.urlbar.autocomplete.enabled", false); /* 0850b: disable location bar suggestion types [controls 0850a] * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest From 656b755a342351687f3822a202157f74c5365ec7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 23 Jul 2017 09:01:36 +1200 Subject: [PATCH 0293/1961] 0505: system add-on URL --- user.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user.js b/user.js index 17e930f..e9c1698 100644 --- a/user.js +++ b/user.js @@ -297,6 +297,12 @@ user_pref("privacy.trackingprotection.ui.enabled", true); System add-ons are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. To view your system add-ons go to about:support, they are listed under "Features" + + Some system add-ons have no on-off prefs. Instead you can manually remove them. Note that app + updates will restore them. They may also be updated and possibly restored automatically (see 0505) + * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) + * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) + [1] https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions ***/ @@ -309,6 +315,9 @@ user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); +/* 0505: block URL used for system add-on updates (FF44+) + * [NOTE] You will not get system add-on security/privacy fixes except when you update Firefox ***/ + // user_pref("extensions.systemAddon.update.url", ""); /* 0510: disable Pocket (FF39+) * Pocket is a third party (now owned by Mozilla) "save for later" cloud service * [1] https://en.wikipedia.org/wiki/Pocket_(application) From 9499122d961d6120df7ac361ea9db0c48a548ec3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 24 Jul 2017 03:15:58 +1200 Subject: [PATCH 0294/1961] 0505: system add-on update tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e9c1698..685cded 100644 --- a/user.js +++ b/user.js @@ -316,7 +316,7 @@ user_pref("experiments.activeExperiment", false); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); /* 0505: block URL used for system add-on updates (FF44+) - * [NOTE] You will not get system add-on security/privacy fixes except when you update Firefox ***/ + * [NOTE] You will not get any system add-on updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.url", ""); /* 0510: disable Pocket (FF39+) * Pocket is a third party (now owned by Mozilla) "save for later" cloud service From e4002913d95b38114badb1938fd3d0a51806e2a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 24 Jul 2017 03:32:57 +1200 Subject: [PATCH 0295/1961] 0515: some onboarding truths --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 685cded..f0cb8b1 100644 --- a/user.js +++ b/user.js @@ -344,7 +344,10 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0515: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page - * [1] https://wiki.mozilla.org/Firefox/Onboarding ***/ + * [NOTE] Onboarding leaks resource://URIs [2], and uses Google Analytics [3] + * [1] https://wiki.mozilla.org/Firefox/Onboarding + * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf + * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0516: disable Screenshots (FF55+) * [1] https://github.com/mozilla-services/screenshots From 4fac8f71c482a2b02057d262828534e997fcd7c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 24 Jul 2017 06:50:55 +1200 Subject: [PATCH 0296/1961] misc typos #178 Thanks Just-me-ghacks --- user.js | 60 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index f0cb8b1..be3b77e 100644 --- a/user.js +++ b/user.js @@ -86,7 +86,7 @@ user_pref("browser.search.region", "US"); // (hidden pref) user_pref("intl.locale.matchOS", false); /* 0204: set APP locale ***/ user_pref("general.useragent.locale", "en-US"); -/* 0206: disable geographically specific results/search engines eg: "browser.search.*.US" +/* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); @@ -202,9 +202,9 @@ user_pref("social.enabled", false); // (hidden pref) vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. - Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed to - lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. They - do rely on 3rd parties: Google for safe browsing and Disconnect for tracking protection. but many steps, + Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed + to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. + These do rely on 3rd parties (Google for SB and Disconnect for TP). but many steps, which are continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); @@ -357,7 +357,7 @@ user_pref("browser.onboarding.enabled", false); * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); -/*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ +/*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ @@ -405,18 +405,18 @@ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be user_pref("keyword.enabled", false); /* 0802: disable location bar domain guessing - PRIVACY/SECURITY * domain guessing intercepts DNS "hostname not found errors" and resends a - * request (eg by adding www or .com). This is inconsistent use (eg FQDNs), does not work + * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - * intend to), can leak sensitive data (eg query strings: eg Princeton attack), - * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ + * intend to), can leak sensitive data (eg query strings: e.g. Princeton attack), + * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar - helps SECURITY ***/ user_pref("browser.urlbar.trimURLs", false); /* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY * This is a PER TAB session history. You still have a full history stored under all history * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ + * use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical ***/ user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable CSS querying page history - CSS history leak - PRIVACY * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's @@ -522,7 +522,7 @@ user_pref("signon.storeWhenAutocompleteOff", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); /* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true) - * e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ + * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ user_pref("signon.formlessCapture.enabled", false); @@ -737,7 +737,7 @@ user_pref("security.mixed_content.block_active_content", true); /* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because - * those may cause noticeable delays eg requests time out or are not handled well by servers + * those may cause noticeable delays e.g. requests time out or are not handled well by servers * [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ user_pref("security.mixed_content.use_hsts", true); @@ -749,7 +749,7 @@ user_pref("security.mixed_content.send_hsts_priming", false); * 2=deprecated option that now maps to 1 * 3=only allowed for locally-added roots (e.g. anti-virus) * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [WARNING] When disabled, some man-in-the-middle devices (eg security scanners and + * [WARNING] When disabled, some man-in-the-middle devices (e.g. security scanners and * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); @@ -883,7 +883,7 @@ user_pref("network.http.referer.hideOnionSource", true); * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy. * Sending a DNT header *highly likely* raises entropy, especially in standard windows. * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings - * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (eg in default PB Mode) + * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (e.g. in default PB Mode) * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); @@ -919,7 +919,7 @@ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config - * [NOTE] You can still over-ride individual sites eg youtube via site permissions + * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ @@ -1056,7 +1056,7 @@ user_pref("dom.disable_beforeunload", true); and communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. Push and web notifications require service workers, which in turn require workers. - [WARNING] Disabling workers *will* break sites (eg Google Street View, Twitter). + [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). It is recommended that you use a separate profile for these sorts of sites. [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API @@ -1093,7 +1093,7 @@ user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); -/*** 2400: DOM & JAVASCRIPT ***/ +/*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress @@ -1173,7 +1173,7 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ user_pref("dom.gamepad.enabled", false); /* 2503: disable giving away network info (FF31+) - * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none + * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API * [2] https://wicg.github.io/netinfo/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ @@ -1195,7 +1195,7 @@ user_pref("media.video_stats.enabled", false); /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on * web pages. These parameters vary between types of keyboard layouts such as QWERTY, - * AZERTY, Dvorak, and between various languages, eg German vs English. + * AZERTY, Dvorak, and between various languages, e.g. German vs English. * [WARNING] Don't use if Android + physical keyboard * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code @@ -1238,7 +1238,7 @@ user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.session_transport.data_channel.enable", false); /* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) * [WARNING] *may* affect core chrome/Firefox performance, will affect content. - * Highly recommended to leave this (dom) and use 2699f (navigator) + * Highly recommended to leave this (DOM) and use 2699f (navigator) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 * [2] https://trac.torproject.org/projects/tor/ticket/21675 * [3] https://trac.torproject.org/projects/tor/ticket/22127 @@ -1283,7 +1283,7 @@ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.webide.autoinstallFxdtAdapters", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - eg Roku +/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("browser.casting.enabled", false); user_pref("gfx.layerscope.enabled", false); @@ -1309,17 +1309,17 @@ user_pref("network.http.spdy.enabled.http2", false); * [WHY USE true=open with or save to disk] * If you think a particular external app is more secure... * [NOTE] - * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling it's own code (rare) ***/ + * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); /* 2618: enforce the proxy server to do any DNS lookups when using SOCKS - * eg in TOR, this stops your local DNS server from knowing your Tor destination + * e.g. in TOR, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [WARNING] A low setting of 5 or under will probably break some sites (eg gmail logins) - * To control HTML Meta tag and JS redirects, use an add-on (eg NoRedirect). Default is 20 ***/ + * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) + * To control HTML Meta tag and JS redirects, use an add-on (e.g. NoRedirect). Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2620: disable middle mouse click opening links from clipboard * [1] https://trac.torproject.org/projects/tor/ticket/10089 @@ -1440,7 +1440,7 @@ user_pref("security.csp.experimentalEnabled", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ // user_pref("general.buildID.override", "20100101"); // (hidden pref) /* 2697c: navigator.appName ***/ - //user_pref("general.appname.override", "Netscape"); // (hidden pref) + // user_pref("general.appname.override", "Netscape"); // (hidden pref) /* 2697d: navigator.appVersion ***/ // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) /* 2697e: navigator.platform leaks in JS ***/ @@ -1535,7 +1535,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] - * You can set exceptions under site permissions or use an extension (eg Cookie Controller) + * You can set exceptions under site permissions or use an extension (e.g. Cookie Controller) * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache @@ -1551,7 +1551,7 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); -/* 2705: disable dom storage +/* 2705: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); @@ -1578,7 +1578,7 @@ user_pref("network.cookie.leave-secure-alone", true); You should set the values to what suits you best. Be aware that the settings below clear browsing, download and form history, but not cookies (we expect you to use an extension). [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the - firefox interface as "Browsing & Download History" and their values will be synced + Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown @@ -1657,7 +1657,7 @@ user_pref("browser.link.open_newwindow", 3); /* 3010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); /* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner - * and easier to use and move around (eg developers/multi-screen). ***/ + * and easier to use and move around (e.g. developers/multi-screen). ***/ user_pref("view_source.tab", false); /* 3012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ user_pref("layout.spellcheckDefault", 1); @@ -1926,7 +1926,7 @@ user_pref("media.gmp-eme-adobe.autoupdate", false); user_pref("dom.telephony.enabled", false); // 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. - // eg: do you have a battery or not, current charging status, charge level, times remaining etc + // e.g. do you have a battery or not, current charging status, charge level, times remaining etc // [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 // [3] https://www.w3.org/TR/battery-status/ From aeb784620072f2c280a6d2adec7a5ad53349778a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 24 Jul 2017 06:57:33 +1200 Subject: [PATCH 0297/1961] typo: missed one #178 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index be3b77e..68c4c63 100644 --- a/user.js +++ b/user.js @@ -408,7 +408,7 @@ user_pref("keyword.enabled", false); * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - * intend to), can leak sensitive data (eg query strings: e.g. Princeton attack), + * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack), * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar - helps SECURITY ***/ From 8d7fceb6da4a05f3a3c45c413851868d3043be33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Jul 2017 05:15:37 +1200 Subject: [PATCH 0298/1961] misc grammar for nerds #178 Thanks Just-me-ghacks --- user.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 68c4c63..8f12c20 100644 --- a/user.js +++ b/user.js @@ -87,7 +87,7 @@ user_pref("intl.locale.matchOS", false); /* 0204: set APP locale ***/ user_pref("general.useragent.locale", "en-US"); /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" - * i.e ignore all of Mozilla's various search engines in multiple locales ***/ + * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); /* 0207: set language to match ***/ @@ -204,7 +204,7 @@ user_pref("social.enabled", false); // (hidden pref) Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. - These do rely on 3rd parties (Google for SB and Disconnect for TP). but many steps, which are + These do rely on 3rd parties (Google for SB and Disconnect for TP), but many steps, which are continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); @@ -458,7 +458,7 @@ user_pref("browser.urlbar.suggest.openpage", false); * be displayed (no we do not know how these are calculated or what the threshold is), * and this does not affect the search by search engine suggestion (see 0808) * [USAGE] This setting is only useful if you want to enable search engine keywords - * (i.e at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ + * (i.e. at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ @@ -521,7 +521,7 @@ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); -/* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true) +/* 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager (FF51+) ***/ @@ -584,7 +584,7 @@ user_pref("browser.sessionstore.resume_from_crash", false); * can help on older machines and some websites, as well as reducing writes, see [1] * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: - * i.e the longer the interval the more chance a quick tab open/close won't be captured. + * i.e. the longer the interval the more chance a quick tab open/close won't be captured. * This longer interval *may* affect history but we cannot replicate any history not recorded * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1304389 ***/ user_pref("browser.sessionstore.interval", 30000); @@ -780,7 +780,7 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages * only works when it's possible to add an exception - * i.e doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) + * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); @@ -910,7 +910,7 @@ user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot's bit the dust /*** 1800: PLUGINS ***/ user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1801: set default plugin state (i.e new plugins on discovery) to never activate +/* 1801: set default plugin state (i.e. new plugins on discovery) to never activate * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ user_pref("plugin.default.state", 0); user_pref("plugin.defaultXpi.state", 0); @@ -1050,7 +1050,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); user_pref("dom.disable_beforeunload", true); /*** 2300: WEB WORKERS [SETUP] - A worker is a JS "background task" running in a global context, i.e it is different from + A worker is a JS "background task" running in a global context, i.e. it is different from the current window. Workers can spawn new workers (must be the same origin & scheme), including service and shared workers. Shared workers can be utilized by multiple scripts and communicate between browsing contexts (windows/tabs/iframes) and can even control your @@ -1097,7 +1097,7 @@ user_pref("dom.push.userAgentID", ""); user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress - * this applies to onCut, onCopy, onPaste events - i.e you have to interact with + * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with * the website for it to look at the clipboard * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); @@ -1962,7 +1962,7 @@ user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321 user_pref("media.eme.apiVisible", false); // 2425: disable Archive Reader API - // i.e reading archive contents directly in the browser, through DOM file objects + // i.e. reading archive contents directly in the browser, through DOM file objects // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); // ***/ From bb07b0e78c06c606a4c54fb4e3d6eb3c9a443b38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Jul 2017 05:36:32 +1200 Subject: [PATCH 0299/1961] remove references to specific extensions Non e10s and non WebExtension = out the door. NoRedirect & Disable IndexedDB were not e10s, and Cookie Controller is not WE (and besides, there are lots of cookie alternatives). I think that's all of them. In fact I think the only extensions left mentioned are uBlock Origin and NoScript Also `addon-ons` typo not picked up by Just-me-ghacks - I am bitterly disappointed. --- user.js | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 8f12c20..3e73e24 100644 --- a/user.js +++ b/user.js @@ -17,7 +17,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Auto-installing updates for Firefox and extensions/addon-ons are disabled (section 0302's) + * Auto-installing updates for Firefox and extensions/add-ons are disabled (section 0302's) * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension * Site breakage WILL happen @@ -1105,10 +1105,8 @@ user_pref("dom.event.clipboardevents.enabled", false); * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) -/* 2404: disable JS storing data permanently - * [WARNING] [SETUP] If set as false (disabled), this WILL break some [old] add-ons and DOES - * break a lot of sites' functionality. Applies to websites, add-ons and session data. - * [1] https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/ ***/ +/* 2404: disable JS storing data permanently [SETUP] + * [WARNING] This *may* break some add-ons and *will* break some sites ***/ user_pref("dom.indexedDB.enabled", false); /* 2410: disable User Timing API * [1] https://trac.torproject.org/projects/tor/ticket/16336 ***/ @@ -1319,7 +1317,7 @@ user_pref("pdfjs.disabled", false); user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) - * To control HTML Meta tag and JS redirects, use an add-on (e.g. NoRedirect). Default is 20 ***/ + * To control HTML Meta tag and JS redirects, use an add-on. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2620: disable middle mouse click opening links from clipboard * [1] https://trac.torproject.org/projects/tor/ticket/10089 @@ -1535,7 +1533,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] - * You can set exceptions under site permissions or use an extension (e.g. Cookie Controller) + * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache From 71fd837308ad5f7db5426b32eef4efc45dda6696 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Jul 2017 06:29:20 +1200 Subject: [PATCH 0300/1961] 0515: correct reference notation --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3e73e24..cdc0572 100644 --- a/user.js +++ b/user.js @@ -344,7 +344,7 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0515: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page - * [NOTE] Onboarding leaks resource://URIs [2], and uses Google Analytics [3] + * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] * [1] https://wiki.mozilla.org/Firefox/Onboarding * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=863246#c154 ***/ From 4397bc91378007dba01ba80963d2ff6c7cbb66f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Jul 2017 06:43:12 +1200 Subject: [PATCH 0301/1961] 0330: amalgamate telemetry prefs, add two new ones --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index cdc0572..ce392ab 100644 --- a/user.js +++ b/user.js @@ -150,10 +150,11 @@ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); -/* 0331: remove url of server telemetry pings are sent to ***/ user_pref("toolkit.telemetry.server", ""); -/* 0332: disable archiving pings locally - irrelevant if toolkit.telemetry.unified is false ***/ user_pref("toolkit.telemetry.archive.enabled", false); +user_pref("toolkit.telemetry.cachedClientID", ""); +user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) +user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) /* 0333a: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) @@ -164,8 +165,6 @@ user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0335: remove telemetry clientID ***/ -user_pref("toolkit.telemetry.cachedClientID", ""); /* 0336: disable "Heartbeat" (Mozilla user rating telemetry) * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ user_pref("browser.selfsupport.enabled", false); // (hidden pref) From 8c3cb3a834d99cf65e53167f738017aa16059d4b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jul 2017 20:46:52 +1200 Subject: [PATCH 0302/1961] 2506: add bugzilla ref + 2203: grammar for nerds --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ce392ab..21e2d00 100644 --- a/user.js +++ b/user.js @@ -1031,7 +1031,7 @@ user_pref("dom.disable_window_flip", true); // window z-order user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_window_open_feature.close", true); user_pref("dom.disable_window_open_feature.minimizable", true); -user_pref("dom.disable_window_open_feature.personalbar", true); //bookmarks toolbar +user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_status_change", true); user_pref("dom.allow_scripts_to_close_windows", false); @@ -1187,7 +1187,8 @@ user_pref("dom.vr.openvr.enabled", false); // (FF51+) * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); /* 2506: disable video statistics - JS performance fingerprinting (FF25+) - * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/15757 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/ user_pref("media.video_stats.enabled", false); /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on From f00cc290b40f5336c6db691808780e2ed7b34ed3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jul 2017 23:24:18 +1200 Subject: [PATCH 0303/1961] 0864: disable form @autocomplete The default is false in FF54 (and also in FF55 beta), so there should be no downsides. Not sure how this will affect AutoFormFill system addon, and don't care since we'll disable that as well --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 21e2d00..2544f76 100644 --- a/user.js +++ b/user.js @@ -483,6 +483,10 @@ user_pref("browser.urlbar.oneOffSearches", false); * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("browser.formautofill.enabled", false); +/* 0864: disable form @autocomplete (FF32+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1009935 + * [2] https://html.spec.whatwg.org/#attr-fe-autocomplete ***/ +user_pref("dom.forms.autocomplete.experimental", false) /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From 808196718736b84d9ec9938212c47fc23fa8fd87 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jul 2017 23:37:45 +1200 Subject: [PATCH 0304/1961] 0517: disable Form Autofill #171 --- user.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user.js b/user.js index 2544f76..5fa0e92 100644 --- a/user.js +++ b/user.js @@ -352,6 +352,15 @@ user_pref("browser.onboarding.enabled", false); * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ // user_pref("extensions.screenshots.disabled", true); +/* 0517: disable Form Autofill (also see 0864) (FF55+) + * [SETTING] Options>Privacy>Forms & Passwords>Enable Profile Autofill + * [NOTE] Stored data is NOT secure (uses a JSON file) + * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes + * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill + * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ +user_pref("extensions.formautofill.addresses.enabled", false); +user_pref("extensions.formautofill.experimental", false); +user_pref("extensions.formautofill.heuristics.enabled", false); /* 0518: disable Web Compatibility Reporter (FF56+) * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); From 63ba049ccb576d925b19fe48613dcb40374e5144 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 27 Jul 2017 00:03:30 +1200 Subject: [PATCH 0305/1961] 0864: syntax missing trailing ; - oophs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5fa0e92..9bc61bb 100644 --- a/user.js +++ b/user.js @@ -495,7 +495,7 @@ user_pref("browser.formautofill.enabled", false); /* 0864: disable form @autocomplete (FF32+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1009935 * [2] https://html.spec.whatwg.org/#attr-fe-autocomplete ***/ -user_pref("dom.forms.autocomplete.experimental", false) +user_pref("dom.forms.autocomplete.experimental", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From 998069f4409878b5779e5e64d5ec4bfbc5b092fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jul 2017 21:02:10 +1200 Subject: [PATCH 0306/1961] remove 0864 default is false has been since FF32, if it ever changes (eg maybe for auto formfill?) then we will pick up on it from diffs --- user.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/user.js b/user.js index 9bc61bb..24b914f 100644 --- a/user.js +++ b/user.js @@ -352,7 +352,7 @@ user_pref("browser.onboarding.enabled", false); * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ // user_pref("extensions.screenshots.disabled", true); -/* 0517: disable Form Autofill (also see 0864) (FF55+) +/* 0517: disable Form Autofill (FF55+) * [SETTING] Options>Privacy>Forms & Passwords>Enable Profile Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes @@ -492,10 +492,6 @@ user_pref("browser.urlbar.oneOffSearches", false); * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("browser.formautofill.enabled", false); -/* 0864: disable form @autocomplete (FF32+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1009935 - * [2] https://html.spec.whatwg.org/#attr-fe-autocomplete ***/ -user_pref("dom.forms.autocomplete.experimental", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From 63ed779776d15440df93417c0204993a984bf591 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jul 2017 21:06:38 +1200 Subject: [PATCH 0307/1961] 0513: disable Follow On Search --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 24b914f..32dc6bb 100644 --- a/user.js +++ b/user.js @@ -334,6 +334,9 @@ user_pref("dom.flyweb.enabled", false); * [2] https://github.com/mozilla/normandy ***/ user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); +/* 0513: disable Follow On Search (FF53+) + * Just DELETE the XPI file in your system add-ons directory + * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, * and includes telemetry as well as web content such as snippets and "spotlight" From cb5593f09e54352553b61f8c2260cd7c1e7e80e1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 28 Jul 2017 18:15:10 +0200 Subject: [PATCH 0308/1961] 1840 - add override url + disable local fallback they are both in Tor 7.0.2. With .url.override set, media.gmp-manager.url is never used (but let's keep it anyway) source: https://dxr.mozilla.org/mozilla-central/source/toolkit/modules/GMPInstallManager.jsm#66 Since ESR52 it is not enough anymore to block pinging the GMP update/download server. There is a local fallback that must be blocked now as well. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1267495. --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 32dc6bb..c68dba0 100644 --- a/user.js +++ b/user.js @@ -957,6 +957,8 @@ user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); +user_pref("media.gmp-manager.url.override", "data:,"); +user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback /*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); From 12e25652e62673ba8a16fdecbd268ba08764ec36 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 28 Jul 2017 18:20:57 +0200 Subject: [PATCH 0309/1961] 1840 PR - add hidden pref tags --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c68dba0..69814a4 100644 --- a/user.js +++ b/user.js @@ -957,8 +957,8 @@ user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:,"); -user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback +user_pref("media.gmp-manager.url.override", "data:,"); // (hidden pref) +user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) /*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); From fa778f2a87726b4bdba9fb5fda99fd1aad6b7336 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 28 Jul 2017 18:31:46 +0200 Subject: [PATCH 0310/1961] 0515+0516 - screenshots already bundled with FF54 moved screenshots up to 0515 and added the FF54 pref. I know I said we can remove that pref but the item needs to be for FF54+ regardless. To make it less confusing I added the pref back in. --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 32dc6bb..3c1e541 100644 --- a/user.js +++ b/user.js @@ -343,7 +343,12 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); -/* 0515: disable Onboarding (FF55+) +/* 0515: disable Screenshots (FF54+) + * [1] https://github.com/mozilla-services/screenshots + * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ + // user_pref("extensions.screenshots.system-disabled", true); // (FF54+) + // user_pref("extensions.screenshots.disabled", true); // (FF55+) +/* 0516: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] @@ -351,10 +356,6 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=863246#c154 ***/ user_pref("browser.onboarding.enabled", false); -/* 0516: disable Screenshots (FF55+) - * [1] https://github.com/mozilla-services/screenshots - * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ - // user_pref("extensions.screenshots.disabled", true); /* 0517: disable Form Autofill (FF55+) * [SETTING] Options>Privacy>Forms & Passwords>Enable Profile Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) From a6fe71d24aeeb62a887a4369379a1835fd62349c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 04:47:43 +1200 Subject: [PATCH 0311/1961] 1840: add override url + disable local fallback fixup: consistent data:* --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 69814a4..8a1386d 100644 --- a/user.js +++ b/user.js @@ -957,7 +957,7 @@ user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:,"); // (hidden pref) +user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) /*** 2000: MEDIA / CAMERA / MIC ***/ From f52cb0e3346f5ca95309a4da56198295e3d99f0d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 05:10:40 +1200 Subject: [PATCH 0312/1961] 0515+0516: screenshots already bundled with FF54 swap 515+516 to keep FF version order, screenshot is 54 (tag 55 pref as 55, but add deprecated 54 pref to section 9999) --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3c1e541..f39f940 100644 --- a/user.js +++ b/user.js @@ -346,7 +346,6 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0515: disable Screenshots (FF54+) * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ - // user_pref("extensions.screenshots.system-disabled", true); // (FF54+) // user_pref("extensions.screenshots.disabled", true); // (FF55+) /* 0516: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time @@ -1977,3 +1976,7 @@ user_pref("media.eme.apiVisible", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); // ***/ +/* FF55 + // 0515: disable Screenshots (FF54+) - replaced by extensions.screenshots.disabled + // user_pref("extensions.screenshots.system-disabled", true); +***/ From dcf4ebfbade0016c5cdf119929d9f5e19fac129b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 05:28:59 +1200 Subject: [PATCH 0313/1961] 2698: streamline FPI meta references --- user.js | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index 3e78c94..4d79996 100644 --- a/user.js +++ b/user.js @@ -1462,28 +1462,17 @@ user_pref("security.csp.experimentalEnabled", true); /* 2697g: general.useragent.locale (related, see 0204) ***/ /*** 2698: FIRST PARTY ISOLATION (FPI) - ** isolate favicons (FF52+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 - ** isolate OCSP cache (FF52+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 - ** isolate Shared Workers (FF52+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 - ** isolate SSL session cache (FF52+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 - ** isolate media cache (FF53+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 - ** isolate HSTS and HPKP (FF54+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 - ** isolate HTTP Alternative Services (FF54+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 - ** isolate SPDY/HTTP2 (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 - ** isolate DNS cache (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 - ** isolate blob: URI (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 - ** isolate data://, about: URLs (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1300671 + ** 1277803 - isolate favicons (FF52+) + ** 1264562 - isolate OCSP cache (FF52+) + ** 1268726 - isolate Shared Workers (FF52+) + ** 1316283 - isolate SSL session cache (FF52+) + ** 1317927 - isolate media cache (FF53+) + ** 1323644 - isolate HSTS and HPKP (FF54+) + ** 1334690 - isolate HTTP Alternative Services (FF54+) + ** 1334693 - isolate SPDY/HTTP2 (FF55+) + ** 1337893 - isolate DNS cache (FF55+) + ** 1344170 - isolate blob: URI (FF55+) + ** 1300671 - isolate data://, about: URLs (FF55+) ***/ /* 2698a: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected From 66cf6b7641e0a1a41ba3ea6138af7d541a4183f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 05:37:59 +1200 Subject: [PATCH 0314/1961] 2699: streamline resistFP meta references --- user.js | 59 ++++++++++++++++++++++----------------------------------- 1 file changed, 23 insertions(+), 36 deletions(-) diff --git a/user.js b/user.js index 4d79996..fc1f677 100644 --- a/user.js +++ b/user.js @@ -1486,42 +1486,29 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); /*** 2699: privacy.resistFingerprinting This master switch will be used for a wide range of items, many of which will **override** existing prefs from FF55+ - ** limit window.screen & CSS media queries leaking identifiable info (FF41+) - [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - [NOTE] This will probably make your values pretty unique until you resize or snap the - inner window width + height into standard/common resolutions (such as 1366x768) - To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - your window size, do some math, resize to allow for all the non inner window elements - [TEST] http://browserspy.dk/screen.php - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 - ** spoof screen orientation (FF50+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 - ** hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 - ** spoof timezone as UTC 0 (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 - ** spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) - This spoof *shouldn't* affect core chrome/Firefox performance - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 - ** reduce precision of time exposed by javascript (FF55+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 - ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303 - ** spoof Navigator API (see section 2697) (FF56+) - The version number will be rounded to the "nearest" multiple of 10 - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 - ** disable device sensor API (see 2512) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319 - ** disable site specific zoom (see 2515) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357 - ** disable gamepad API (see 2501) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161 - ** spoof network information API as "unknown" (see 2503) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072 - ** disable geolocation API (see 0201) (FF56+) - [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372069 + ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) + [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + [NOTE] This will probably make your values pretty unique until you resize or snap the + inner window width + height into standard/common resolutions (such as 1366x768) + To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + your window size, do some math, resize to allow for all the non inner window elements + [TEST] http://browserspy.dk/screen.php + ** 1281949 - spoof screen orientation (FF50+) + ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + ** 1330890 - spoof timezone as UTC 0 (FF55+) + ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + This spoof *shouldn't* affect core chrome/Firefox performance + ** 1217238 - reduce precision of time exposed by javascript (FF55+) + ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) + ** 1333651 - spoof Navigator API (see section 2697) (FF56+) + The version number will be rounded to the "nearest" multiple of 10 + ** 1369319 - disable device sensor API (see 2512) (FF56+) + ** 1369357 - disable site specific zoom (see 2515) (FF56+) + ** 1337161 - disable gamepad API (see 2501) (FF56+) + ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) + ** 1372069 - disable geolocation API (see 0201) (FF56+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 7e92f86244edc75aa182b863768d6cb12be04d35 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 05:55:11 +1200 Subject: [PATCH 0315/1961] fixup extensions.screenshots.system-disabled --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index fc1f677..6c973ed 100644 --- a/user.js +++ b/user.js @@ -346,6 +346,7 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); /* 0515: disable Screenshots (FF54+) * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ + // user_pref("extensions.screenshots.system-disabled", true); // (FF54+) // user_pref("extensions.screenshots.disabled", true); // (FF55+) /* 0516: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time @@ -1954,7 +1955,3 @@ user_pref("media.eme.apiVisible", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); // ***/ -/* FF55 - // 0515: disable Screenshots (FF54+) - replaced by extensions.screenshots.disabled - // user_pref("extensions.screenshots.system-disabled", true); -***/ From ed2f829af968290725db42e0c84c17f2e6b54841 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 06:18:02 +1200 Subject: [PATCH 0316/1961] 2699: disable WebSpeech API --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 6c973ed..023c483 100644 --- a/user.js +++ b/user.js @@ -1510,6 +1510,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - disable gamepad API (see 2501) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) ** 1372069 - disable geolocation API (see 0201) (FF56+) + ** 1333641 - disable WebSpeech API (see 2021) (FF56+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 0e2e54238c575cf63a0265d731023cbb415f1fe5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 28 Jul 2017 21:15:25 +0200 Subject: [PATCH 0317/1961] nits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 023c483..e274b9d 100644 --- a/user.js +++ b/user.js @@ -676,7 +676,7 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 - * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error temporarily + * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error, temporarily * set a lower value for 'security.tls.version.min' in about:config * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ @@ -1608,7 +1608,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences // user_pref("privacy.cpd.openWindows", true); /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) * Firefox remembers your last choice. This will reset the value when you start Firefox. - * 0=everything, 1=last hour, 2=last two hours, 3=last four hours + * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, * 4=today, 5=last five minutes, 6=last twenty-four hours * [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a * blank value if they are used, but they do work as advertised ***/ From f8cdfbcd93cb4ec124289ac679250765b2a70648 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jul 2017 08:17:42 +1200 Subject: [PATCH 0318/1961] 3029: removed - now 0515 system add-ons --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index e274b9d..084ed50 100644 --- a/user.js +++ b/user.js @@ -1705,10 +1705,6 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); user_pref("browser.urlbar.decodeURLsOnCopy", true); /* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ // user_pref("general.autoScroll", false); -/* 3029: disable Firefox Screenshots (FF54+) - * [1] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ - * [2] https://github.com/mozilla-services/screenshots ***/ - // user_pref("extensions.screenshots.system-disabled", true); /* END: internal custom pref to test for syntax errors ***/ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); From 9e573ea97fa9194c971625d1e753936da4e125d2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 29 Jul 2017 21:24:58 +0200 Subject: [PATCH 0319/1961] 3009 - remove it the default value in 54 is true. It's not in my OS diff for 54 either so it's true on Linux and Mac as well. I don't think anyone would want to disable this anyway, and we have it as "enable APZ". It's only wasting space, let's remove it. class discuss xD --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 084ed50..546d573 100644 --- a/user.js +++ b/user.js @@ -1641,9 +1641,6 @@ user_pref("browser.backspace_action", 2); * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); -/* 3009: enable APZ (Async Pan/Zoom) - requires e10s - * [1] https://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/ - // user_pref("layers.async-pan-zoom.enabled", true); /* 3010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); /* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner From c7cd524f21985a4da9400f46b76ed03a05b3e81a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Aug 2017 08:30:21 +1200 Subject: [PATCH 0320/1961] 2504: simplify VR to master switch --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 546d573..7476d71 100644 --- a/user.js +++ b/user.js @@ -1193,9 +1193,6 @@ user_pref("dom.netinfo.enabled", false); /* 2504: disable virtual reality devices * [1] https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ user_pref("dom.vr.enabled", false); -user_pref("dom.vr.oculus.enabled", false); -user_pref("dom.vr.osvr.enabled", false); // (FF49+) -user_pref("dom.vr.openvr.enabled", false); // (FF51+) /* 2505: disable media device enumeration (FF29+) * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) * [1] https://wiki.mozilla.org/Media/getUserMedia From 29ce8317745bb6dca35d964cbdaeeabfb6d5fb6c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Aug 2017 09:07:09 +1200 Subject: [PATCH 0321/1961] 0201: remove mozilla API as it is now default 55+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7476d71..ff41a35 100644 --- a/user.js +++ b/user.js @@ -72,7 +72,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable location-aware browsing, but enforce Mozilla's service over Google's ***/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +user_pref("geo.wifi.uri", ""); user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); From eb532d61bea4116b6a0448c76056ac44c1012478 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Aug 2017 09:09:44 +1200 Subject: [PATCH 0322/1961] 1104: now active at default 55+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ff41a35..600d505 100644 --- a/user.js +++ b/user.js @@ -637,7 +637,7 @@ user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the f /* 1104: enforce separate content process for file://URLs (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ - // user_pref("browser.tabs.remote.separateFileUriProcess", true); +user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); /* 1106: control number of WebExtension processes ***/ From ea713abfc6f40dcd867e56d5d5aa3ed94e70b75e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Aug 2017 09:13:11 +1200 Subject: [PATCH 0323/1961] 0325: add media.wmf.vp9.enabled --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 600d505..0215d79 100644 --- a/user.js +++ b/user.js @@ -1692,6 +1692,7 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); // user_pref("media.wave.enabled", false); // user_pref("media.webm.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries + // user_pref("media.wmf.vp9.enabled", false); /* 3026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); /* 3027: decode URLs on copy from the urlbar (FF53+) From 98698c8e6872955c7331c6bef914fb5e3aba7643 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Aug 2017 04:25:46 +1200 Subject: [PATCH 0324/1961] 0201: geo.wifi.uri fixup This description should cover everyone. No longer care if and when Mozilla push the change --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0215d79..a5962ce 100644 --- a/user.js +++ b/user.js @@ -70,9 +70,10 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: disable location-aware browsing, but enforce Mozilla's service over Google's ***/ +/* 0201: disable location-aware browsing + [NOTE] Use Mozilla's API key if required ***/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", ""); +user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation user_pref("geo.wifi.logging.enabled", false); // (hidden pref) user_pref("browser.search.geoip.url", ""); From f18197c22e49688fad7717f618cb8853b30f83d0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Aug 2017 04:40:49 +1200 Subject: [PATCH 0325/1961] 0860+0861: disable form history => Active #186 --- user.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index a5962ce..9d173d3 100644 --- a/user.js +++ b/user.js @@ -483,12 +483,9 @@ user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ - // user_pref("browser.formfill.enable", false); -/* 0861: disable saving form history on secure websites - * For convenience & functionality, this is best left at default true, - * especially as the web moves more and more to encrypted services - * You can clear form history on exiting Firefox (see 2803) ***/ - // user_pref("browser.formfill.saveHttpsForms", false); +user_pref("browser.formfill.enable", false); +/* 0861: disable saving form history on secure websites ***/ +user_pref("browser.formfill.saveHttpsForms", false); /* 0862: disable browsing and download history * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ From 80c95cbac4f7822f55fd55cf0bac0b2742a3368d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 05:33:26 +1200 Subject: [PATCH 0326/1961] 0500s: system add-ons: add Mac info --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 9d173d3..30e40e4 100644 --- a/user.js +++ b/user.js @@ -302,6 +302,8 @@ user_pref("privacy.trackingprotection.ui.enabled", true); updates will restore them. They may also be updated and possibly restored automatically (see 0505) * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) + * Mac: "...\Applications\Firefox\Contents\Resources\browser\extensions\" + [NOTE] On Mac you can right-click on the application and select "Show Package Contents" [1] https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions From 0861490d39d14713c3f23e22dd867a20de6e9d86 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 07:33:07 +1200 Subject: [PATCH 0327/1961] 2699b: privacy.window.maxInner* fix descriptions --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 30e40e4..0818c7b 100644 --- a/user.js +++ b/user.js @@ -1513,11 +1513,12 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) /* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] If override values are too big, the code determines it for you + * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. + * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1366); - // user_pref("privacy.window.maxInnerHeight", 768); + // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) + // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); From 3970c1db9eab917902b13d8afb5df66a73dbfb88 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 10:03:32 +1200 Subject: [PATCH 0328/1961] 2699: Navigator API spoof correction See: https://bugzilla.mozilla.org/show_bug.cgi?id=1383495#c8 - the comment in code is incorrect and hopefully will be fixed. Version is always rounded DOWN --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0818c7b..856f851 100644 --- a/user.js +++ b/user.js @@ -1501,7 +1501,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) ** 1333651 - spoof Navigator API (see section 2697) (FF56+) - The version number will be rounded to the "nearest" multiple of 10 + The version number will be rounded down to the nearest multiple of 10 ** 1369319 - disable device sensor API (see 2512) (FF56+) ** 1369357 - disable site specific zoom (see 2515) (FF56+) ** 1337161 - disable gamepad API (see 2501) (FF56+) From ebcf5bec9e726c5d81972f07747c655e80ad6798 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 10:33:16 +1200 Subject: [PATCH 0329/1961] 1830: add media.eme.chromium-api.enabled --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 856f851..acdb10f 100644 --- a/user.js +++ b/user.js @@ -952,6 +952,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required +user_pref("media.eme.chromium-api.enabled", false); // (FF55+) /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * and disable pings to the external update/download server * This is the bundled codec used for video chat in WebRTC ***/ From 09ccb74d695b6596d8cc6656f8ee3bea9f3c291f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 10:44:20 +1200 Subject: [PATCH 0330/1961] 0209: fix bugzilla ref https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 is the one for removing it in 55+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index acdb10f..b1ff17d 100644 --- a/user.js +++ b/user.js @@ -97,7 +97,7 @@ user_pref("intl.accept_languages", "en-US, en"); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: disable geolocation on non-secure origins (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269531 * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ user_pref("geo.security.allowinsecure", false); From 69449f8593d4fb98e875ec12f77d0b05581e5add Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Aug 2017 18:43:47 +1200 Subject: [PATCH 0331/1961] Update user.js - should check if 0360 `user_pref("browser.newtabpage.directory.source", "data:text/plain,");` is still around since the ping pref is gone. - A bit iffy about 2507 - this spilts two prefs and there's a lot of text. Not sure if FF38+ refers to the second one. We should investigate the still active 2507 and fix that up with some info and version --- user.js | 72 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 32 deletions(-) diff --git a/user.js b/user.js index b1ff17d..e93cb6a 100644 --- a/user.js +++ b/user.js @@ -96,10 +96,6 @@ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) -/* 0209: disable geolocation on non-secure origins (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269531 - * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/ -user_pref("geo.security.allowinsecure", false); /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). @@ -166,10 +162,6 @@ user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0336: disable "Heartbeat" (Mozilla user rating telemetry) - * [1] https://trac.torproject.org/projects/tor/ticket/18738 ***/ -user_pref("browser.selfsupport.enabled", false); // (hidden pref) -user_pref("browser.selfsupport.url", ""); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ @@ -178,7 +170,6 @@ user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+) /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); -user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); @@ -486,16 +477,10 @@ user_pref("browser.urlbar.oneOffSearches", false); * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ user_pref("browser.formfill.enable", false); -/* 0861: disable saving form history on secure websites ***/ -user_pref("browser.formfill.saveHttpsForms", false); /* 0862: disable browsing and download history * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); -/* 0863: disable Form Autofill (FF54+) - * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ - * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ -user_pref("browser.formautofill.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); @@ -1123,9 +1108,6 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently [SETUP] * [WARNING] This *may* break some add-ons and *will* break some sites ***/ user_pref("dom.indexedDB.enabled", false); -/* 2410: disable User Timing API - * [1] https://trac.torproject.org/projects/tor/ticket/16336 ***/ -user_pref("dom.enable_user_timing", false); /* 2411: disable resource/navigation timing ***/ user_pref("dom.enable_resource_timing", false); /* 2412: disable timing attacks - javascript performance fingerprinting @@ -1203,15 +1185,7 @@ user_pref("media.navigator.enabled", false); * [1] https://trac.torproject.org/projects/tor/ticket/15757 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/ user_pref("media.video_stats.enabled", false); -/* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) - * The Keyboard API allows tracking the "read parameter" of pressed keys in forms on - * web pages. These parameters vary between types of keyboard layouts such as QWERTY, - * AZERTY, Dvorak, and between various languages, e.g. German vs English. - * [WARNING] Don't use if Android + physical keyboard - * [UPDATE] This MAY be incorporated better under privacy.resistFingerprinting (see 2699) - * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code - * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/ -user_pref("dom.keyboardevent.code.enabled", false); +/* 2507: disable keyboard fingerprinting ***/ user_pref("dom.keyboardevent.dispatch_during_composition", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>Advanced>General>Use hardware acceleration when available @@ -1651,11 +1625,6 @@ user_pref("layout.spellcheckDefault", 1); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); -/* 3015: disable tab animation, speed things up a little ***/ -user_pref("browser.tabs.animate", false); -/* 3016: disable fullscreeen animation. Test using F11. - * Animation is smother but is annoyingly slow, while no animation can be startling ***/ -user_pref("browser.fullscreen.animate", false); /* 3017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 150); // (hidden pref) @@ -1949,3 +1918,42 @@ user_pref("media.eme.apiVisible", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); // ***/ +/* FF55 +// 0209: disable geolocation on non-secure origins (FF54+) + // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269531 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 +user_pref("geo.security.allowinsecure", false); +// 0336: disable "Heartbeat" (Mozilla user rating telemetry) (FF37+) + // [1] https://trac.torproject.org/projects/tor/ticket/18738 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1361578 +user_pref("browser.selfsupport.enabled", false); // (hidden pref) +user_pref("browser.selfsupport.url", ""); +// 0360: disable new tab "pings" + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1241390 +user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); +// 0861: disable saving form history on secure websites + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1361220 +user_pref("browser.formfill.saveHttpsForms", false); +// 0863: disable Form Autofill (FF54+) - replaced by extensions.formautofill.* + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1364334 +user_pref("browser.formautofill.enabled", false); +// 2410: disable User Timing API + // [1] https://trac.torproject.org/projects/tor/ticket/16336 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1344669 +user_pref("dom.enable_user_timing", false); +// 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) + // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on + // web pages. These parameters vary between types of keyboard layouts such as QWERTY, + // AZERTY, Dvorak, and between various languages, e.g. German vs English. + // [WARNING] Don't use if Android + physical keyboard + // [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code + // [2] https://www.privacy-handbuch.de/handbuch_21v.htm + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352949 +user_pref("dom.keyboardevent.code.enabled", false); +// 3015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 +user_pref("browser.tabs.animate", false); +// 3016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 +user_pref("browser.fullscreen.animate", false); +// ***/ From 7a05580c625968d7870e4044aa6990308cf56df1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 8 Aug 2017 06:28:36 +1200 Subject: [PATCH 0332/1961] 2507: remove dom.keyboardevent.dispatch_during_composition The bulk of 2507 with `dom.keyboardevent.code.enabled` (links, description etc) is now deprecated in section 9999 under FF55+. This leaves `dom.keyboardevent.dispatch_during_composition` as a valid pref. It's default is false, so rather than leave it hanging out on it's own with no info, lets remove it. [If it ever becomes true we will pick up in diffs] --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index e93cb6a..9f18e0b 100644 --- a/user.js +++ b/user.js @@ -1185,8 +1185,6 @@ user_pref("media.navigator.enabled", false); * [1] https://trac.torproject.org/projects/tor/ticket/15757 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/ user_pref("media.video_stats.enabled", false); -/* 2507: disable keyboard fingerprinting ***/ -user_pref("dom.keyboardevent.dispatch_during_composition", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>Advanced>General>Use hardware acceleration when available * [NOTE] Changing this option changes BOTH these preferences From 6be84b85165b792fab115d769cfb3cdc8a6456d4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 8 Aug 2017 14:43:39 +1200 Subject: [PATCH 0333/1961] 0500s" fix Mac directory info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9f18e0b..04ccdcf 100644 --- a/user.js +++ b/user.js @@ -293,7 +293,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); updates will restore them. They may also be updated and possibly restored automatically (see 0505) * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) - * Mac: "...\Applications\Firefox\Contents\Resources\browser\extensions\" + * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" [NOTE] On Mac you can right-click on the application and select "Show Package Contents" [1] https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html From 3e3acd5897e434d7a15190e8aac01ff8891b9c2a Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 8 Aug 2017 13:15:45 +0200 Subject: [PATCH 0334/1961] 9999 - JS-comment re-grouping for ESR users makes it even easier for ESR users to re-enable the prefs they still need --- user.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 04ccdcf..a09385f 100644 --- a/user.js +++ b/user.js @@ -1885,7 +1885,9 @@ user_pref("dom.telephony.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 user_pref("dom.battery.enabled", false); // ***/ -/* FF53 +/* ESR52 still needs all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x +// FF53 // 1265: block rc4 fallback // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670 user_pref("security.tls.unrestricted_rc4_fallback", false); @@ -1902,8 +1904,8 @@ user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // 2507: disable keyboard fingerprinting // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 user_pref("dom.beforeAfterKeyboardEvent.enabled", false); -// ***/ -/* FF54 +// * * * / +// FF54 // 0415: disable reporting URLs (safe browsing) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633 user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); @@ -1915,8 +1917,8 @@ user_pref("media.eme.apiVisible", false); // i.e. reading archive contents directly in the browser, through DOM file objects // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); -// ***/ -/* FF55 +// * * * / +// FF55 // 0209: disable geolocation on non-secure origins (FF54+) // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269531 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 @@ -1954,4 +1956,5 @@ user_pref("browser.tabs.animate", false); // 3016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 user_pref("browser.fullscreen.animate", false); +// * * * / // ***/ From bc58c10f349ed1c02d55992cace2e9b04866f173 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 9 Aug 2017 00:42:53 +1200 Subject: [PATCH 0335/1961] 3015: toolkit.cosmeticAnimations.enabled --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 04ccdcf..deaa7b7 100644 --- a/user.js +++ b/user.js @@ -1622,6 +1622,9 @@ user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ +/* 3015: disable animations + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ + // user_pref("toolkit.cosmeticAnimations.enabled", false); user_pref("network.manage-offline-status", false); /* 3017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ From cf2a6fd554f4ee1b5e7184938317b092cf9b78df Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 9 Aug 2017 00:48:05 +1200 Subject: [PATCH 0336/1961] fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index deaa7b7..3dbbe51 100644 --- a/user.js +++ b/user.js @@ -1622,10 +1622,10 @@ user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ +user_pref("network.manage-offline-status", false); /* 3015: disable animations * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); -user_pref("network.manage-offline-status", false); /* 3017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 150); // (hidden pref) From 17555435945c1a70059eeaff5474e1d1184a053a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 10 Aug 2017 22:52:59 +1200 Subject: [PATCH 0337/1961] 1800s: move gmp update prefs to 1820 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 3dbbe51..3aa802a 100644 --- a/user.js +++ b/user.js @@ -930,6 +930,9 @@ user_pref("plugin.scan.plid.all", false); * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); +user_pref("media.gmp-manager.url", "data:text/plain,"); +user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) +user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) /* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); @@ -943,9 +946,6 @@ user_pref("media.eme.chromium-api.enabled", false); // (FF55+) * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); -user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) -user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) /*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); From b527e5c65ecdd5353ca55f1460097358f890e06e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 10 Aug 2017 23:28:03 +1200 Subject: [PATCH 0338/1961] 9999 - tweak for JS-comment re-grouping for ESR --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index a09385f..2614f50 100644 --- a/user.js +++ b/user.js @@ -1675,9 +1675,10 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem /*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, - viewer-friendly version of the deprecated bugzilla tickets. To enable a section - change /* FFxx to // FFxx. The original state of each pref has been preserved, - or changed to match the current setup, but you are advised to review them. + viewer-friendly version of the deprecated bugzilla tickets. The original state of each pref + has been preserved, or changed to match the current setup, but you are advised to review them. + [NOTE] Up to FF53, to enable a section change /* FFxx to // FFxx + For FF53 on, we have bundled releases to cater for ESR. Change /* to // on the first line [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ /* FF42 and older @@ -1885,6 +1886,7 @@ user_pref("dom.telephony.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 user_pref("dom.battery.enabled", false); // ***/ + /* ESR52 still needs all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x // FF53 From 2182bdfbe81410513ac1a58c675ad9d5a798580a Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 10 Aug 2017 14:24:13 +0200 Subject: [PATCH 0339/1961] 1840 - fixup --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 5cb01cf..0c388c1 100644 --- a/user.js +++ b/user.js @@ -942,7 +942,6 @@ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required user_pref("media.eme.chromium-api.enabled", false); // (FF55+) /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - * and disable pings to the external update/download server * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); From cda46d8342b609c19600880e6e83a6e58783e9f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Aug 2017 06:38:59 +1200 Subject: [PATCH 0340/1961] 1107: dom.ipc.processCount.file FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=1352359 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 0c388c1..6770bd5 100644 --- a/user.js +++ b/user.js @@ -627,6 +627,8 @@ user_pref("browser.tabs.remote.separateFileUriProcess", true); user_pref("dom.ipc.shims.enabledWarnings", true); /* 1106: control number of WebExtension processes ***/ // user_pref("dom.ipc.processCount.extension", 1); +/* 1107: control number of file processes ***/ + // user_pref("dom.ipc.processCount.file", 1); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox From 911a98c675bda8eb31ae878cf71a7aaa46c90783 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Aug 2017 08:30:52 +1200 Subject: [PATCH 0341/1961] 1108: block web content in file processes --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 6770bd5..36403ae 100644 --- a/user.js +++ b/user.js @@ -629,6 +629,10 @@ user_pref("dom.ipc.shims.enabledWarnings", true); // user_pref("dom.ipc.processCount.extension", 1); /* 1107: control number of file processes ***/ // user_pref("dom.ipc.processCount.file", 1); +/* 1108: block web content in file processes + * [WARNING] [SETUP] You may want to disable this for corporate or developer environments + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch * [1] https://wiki.mozilla.org/Sandbox From f7dea0a1e94c228d4d4087de4574c9993f10f612 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 12 Aug 2017 13:55:17 +1200 Subject: [PATCH 0342/1961] 2699: spoof media statistics to 0 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 36403ae..3af6f94 100644 --- a/user.js +++ b/user.js @@ -1486,6 +1486,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) ** 1372069 - disable geolocation API (see 0201) (FF56+) ** 1333641 - disable WebSpeech API (see 2021) (FF56+) + ** 1369309 - spoof media statistics to 0 (see 2506) (FF57+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 6c2f3ad33ab49f5b4fc728fa8b42e6ec4c7ec1d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Aug 2017 14:21:28 +1200 Subject: [PATCH 0343/1961] 2699: reduce screen co-ordinate FP in Touch API --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 3af6f94..46364ee 100644 --- a/user.js +++ b/user.js @@ -1487,6 +1487,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1372069 - disable geolocation API (see 0201) (FF56+) ** 1333641 - disable WebSpeech API (see 2021) (FF56+) ** 1369309 - spoof media statistics to 0 (see 2506) (FF57+) + ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 996e760f8cf34ab3db3ca92fe9ef38515d5be18a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Aug 2017 15:09:34 +1200 Subject: [PATCH 0344/1961] 2699: spoof navigator platform as win64 While the change has just landed, it is being pushed with 56, same as the rest of the resistFP UA/Nav spoofing --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 46364ee..494b48f 100644 --- a/user.js +++ b/user.js @@ -1478,7 +1478,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 - spoof Navigator API (see section 2697) (FF56+) + ** 1333651 & 1383495 - spoof Navigator API (see section 2697) (FF56+) The version number will be rounded down to the nearest multiple of 10 ** 1369319 - disable device sensor API (see 2512) (FF56+) ** 1369357 - disable site specific zoom (see 2515) (FF56+) From e95d2afc95e827a1712f9fc5d7847e637ae64770 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 18 Aug 2017 13:58:30 +1200 Subject: [PATCH 0345/1961] 1205: disable TLS1.3 0-RTT --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 494b48f..d8c26a4 100644 --- a/user.js +++ b/user.js @@ -687,6 +687,10 @@ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); +/* 1205: disable TLS1.3 0-RTT (round-trip time) (FF51+) + * [1] https://github.com/tlswg/tls13-spec/issues/1001 + * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ +user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true) /** OCSP (Online Certificate Status Protocol) #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ /* 1210: enable OCSP Stapling From 31b1f6624e0a289b37e51a4520a8dee5dcef3598 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 18 Aug 2017 12:28:12 +0200 Subject: [PATCH 0346/1961] subresource-img-cross-origin-http-auth-allow;false https://github.com/ghacksuserjs/ghacks-user.js/issues/144#issuecomment-321980962 https://github.com/ghacksuserjs/ghacks-user.js/issues/144#issuecomment-322903835 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index d8c26a4..d768202 100644 --- a/user.js +++ b/user.js @@ -529,6 +529,9 @@ user_pref("signon.formlessCapture.enabled", false); * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); +/* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt (FF55+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1357835 ***/ +user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); /*** 1000: CACHE [SETUP] ***/ user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); From 595eaf540cf02b7d2b5c2896149a139c37e21450 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 19 Aug 2017 13:35:27 +1200 Subject: [PATCH 0347/1961] 0425: passive TP --- user.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d768202..0b04030 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 09 July 2017 -* version 55-beta: There Must Be an Angel [Playing with My Pants] +* date: 18 August 2017 +* version 55: There Must Be an Angel [Playing with My Pants] * "I walk into an empty room, and suddenly my pants go boom" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js @@ -283,6 +283,14 @@ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); +/* 0425: disable passive Tracking Protection (FF53+) + * Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list + * [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows + * This is included for people who want to completely disable Tracking Protection. + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170190 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1141814 ***/ + // user_pref("privacy.trackingprotection.annotate_channels", false); + // user_pref("privacy.trackingprotection.lower_network_priority", false); /*** 0500: SYSTEM ADD-ONS / EXPERIMENTS System add-ons are a method for shipping extensions, considered to be From 3d109664bb3c17046f782c09d3035b98e7e930af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 19 Aug 2017 18:12:08 +1200 Subject: [PATCH 0348/1961] couple of [SETTING] updates #212 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 0b04030..50fef07 100644 --- a/user.js +++ b/user.js @@ -624,6 +624,7 @@ user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the f // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) // user_pref("extensions.e10sBlocksEnabling", false); /* 1102: control number of content rendering processes + * [SETTING] Options>General>Performance>Custom>Content process limit * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); @@ -1206,7 +1207,7 @@ user_pref("media.navigator.enabled", false); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/ user_pref("media.video_stats.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting - * [SETTING] Options>Advanced>General>Use hardware acceleration when available + * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available * [NOTE] Changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ From dd25413c98b751b2b8ac274ac74296e80f50af0b Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 24 Aug 2017 16:00:05 +0200 Subject: [PATCH 0349/1961] all-round -> all-around --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 54ed5f5..6dcf699 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Everyone, experts included, should at least read the [implementation](https://gi Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 2 - * 100% genuine super-nice all-round good guy + * 100% genuine super-nice all-around good guy * The ghacks community and commentators * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) From eab3a0b714bb3e050b689bfb4b1aa56757ecc747 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 Aug 2017 16:11:03 +1200 Subject: [PATCH 0350/1961] 2699: enable fingerprinting resistance for WebGL --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 50fef07..8ebc5db 100644 --- a/user.js +++ b/user.js @@ -1504,6 +1504,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1333641 - disable WebSpeech API (see 2021) (FF56+) ** 1369309 - spoof media statistics to 0 (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) + ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 4977d01fec82e2acff3ab2c8248736e8fbc31596 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 26 Aug 2017 16:27:48 +0200 Subject: [PATCH 0351/1961] 0517: add .creditCards.enabled;false (FF56+) it's most likely covered by disabling extensions.formautofill but is nice to know for people who want to enable form-autofill but may want to disable creditCards autofill --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 8ebc5db..848ce10 100644 --- a/user.js +++ b/user.js @@ -365,6 +365,7 @@ user_pref("browser.onboarding.enabled", false); * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); +user_pref("extensions.formautofill.creditCards.enabled", false); // (FF56+) user_pref("extensions.formautofill.experimental", false); user_pref("extensions.formautofill.heuristics.enabled", false); /* 0518: disable Web Compatibility Reporter (FF56+) From b6533689cfcccd8932467c408d70b35c340fa5ff Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Aug 2017 07:20:45 +1200 Subject: [PATCH 0352/1961] 2699: add Animation API, description fixups #222 --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 848ce10..de175ea 100644 --- a/user.js +++ b/user.js @@ -1499,13 +1499,14 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); The version number will be rounded down to the nearest multiple of 10 ** 1369319 - disable device sensor API (see 2512) (FF56+) ** 1369357 - disable site specific zoom (see 2515) (FF56+) - ** 1337161 - disable gamepad API (see 2501) (FF56+) + ** 1337161 - hide gamepads from content (see 2501) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) ** 1372069 - disable geolocation API (see 0201) (FF56+) ** 1333641 - disable WebSpeech API (see 2021) (FF56+) - ** 1369309 - spoof media statistics to 0 (see 2506) (FF57+) + ** 1369309 - spoof media statistics (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) + ** 1382545 - reduce fingerprinting in Animation API (FF57+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From a19a3d2a35b44d0ca53f2beeda957efb43c972a3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 29 Aug 2017 17:27:18 +1200 Subject: [PATCH 0353/1961] worlds tiniest typo } -> ] Sidenote: Not sure if this is true anymore. Since I ditched CTR and I have the hamburger menu back, it loves to annoy me with a doorhanger ALL THE F**kng TIME - certainly not 8 days grace. Seems more like 12 hours (but I swear it also comes up soon after a restart as well) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index de175ea..869a134 100644 --- a/user.js +++ b/user.js @@ -104,7 +104,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) It is still important to do updates for security reasons, please do so manually. ***/ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable auto-update checks for Firefox - * [NOTE} Firefox currently checks every 12 hrs and allows 8 day notification dismissal + * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal * [SETTING] Options>Advanced>Update>Never check for updates ***/ // user_pref("app.update.enabled", false); /* 0301b: disable auto-update checks for add-ons ***/ From 9f30adee648649879b167491cb85184a8149abc8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Aug 2017 17:07:43 +1200 Subject: [PATCH 0354/1961] URL changes #224 Thanks Theemim. Double check, so far: 27 changes, 27 items checked in Theemim's list --- user.js | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/user.js b/user.js index 869a134..f6adf00 100644 --- a/user.js +++ b/user.js @@ -144,7 +144,7 @@ user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); * IF unified=false then .enabled controls the telemetry module * IF unified=true then .enabled ONLY controls whether to record extended data * so make sure to have both set as false - * [1] https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html ***/ + * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); user_pref("toolkit.telemetry.server", ""); @@ -202,7 +202,7 @@ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!") /** BLOCKLISTS ***/ /* 0401: enable Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" - * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl + * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); @@ -304,7 +304,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" [NOTE] On Mac you can right-click on the application and select "Show Package Contents" - [1] https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html + [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions ***/ user_pref("ghacks_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); @@ -379,7 +379,7 @@ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/ + * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) /* 0603a: disable Seer/Necko @@ -392,8 +392,8 @@ user_pref("network.predictor.enabled", false); user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) /* 0605: disable link-mouseover opening connection to linked server - * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ + * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests + * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: disable pings (but enforce same host in case) * [1] http://kb.mozillazine.org/Browser.send_pings @@ -696,7 +696,7 @@ user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) /* 1204: disable SSL Error Reporting - * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ + * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); @@ -776,7 +776,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); /* 1261: disable 3DES (effective key size < 128) * [1] https://en.wikipedia.org/wiki/3des#Security * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack - * [3] http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ + * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ user_pref("security.ssl3.rsa_des_ede3_sha", false); /* 1262: disable 128 bits ***/ user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); @@ -972,7 +972,7 @@ user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** 2000: MEDIA / CAMERA / MIC ***/ user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * [1] https://privacytoolsio.github.io/privacytools.io/#webrtc ***/ + * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.use_document_iceservers", false); user_pref("media.peerconnection.video.enabled", false); @@ -988,7 +988,7 @@ user_pref("media.navigator.video.enabled", false); // video capability for WebRT user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) user_pref("media.peerconnection.ice.no_host", true); // (FF51+) /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions - * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ + * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); user_pref("pdfjs.enableWebGL", false); @@ -1083,7 +1083,7 @@ user_pref("dom.disable_beforeunload", true); [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API [2] Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker - [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API + [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker [6] Notifications: https://support.mozilla.org/en-US/questions/1165867#answer-981820 @@ -1258,7 +1258,7 @@ user_pref("browser.zoom.siteSpecific", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); /* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ @@ -1334,17 +1334,17 @@ user_pref("middlemouse.contentLoadURL", false); * This is all about covert channels such as MAC addresses being included/abused in the * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way * to do it. It's 2016, IPv6 is here. Here are some old links - * 2010: https://www.christopher-parsons.com/ipv6-and-the-future-of-privacy/ - * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6 + * 2010: https://christopher-parsons.com/ipv6-and-the-future-of-privacy/ + * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6/ * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection - * [1] http://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection ***/ + * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); /* 2622: enforce a security delay when installing add-ons (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - * [2] http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ + * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); /* 2623: enable Strict File Origin Policy on local files * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ @@ -1357,7 +1357,7 @@ user_pref("security.sri.enable", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); /* 2626: disable optional user agent token, default is false, included for completeness - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); @@ -1386,12 +1386,12 @@ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 2667: disable various developer tools in browser context * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * [1] http://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ + * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories * [WARNING] This will break add-ons that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] archived: http://archive.is/DYjAM ***/ + * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); /* 2669: remove paths when sending URLs to PAC scripts (FF51+) @@ -1515,7 +1515,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/ + * [2] https://hardware.metrics.mozilla.com/ ***/ // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) @@ -1621,7 +1621,7 @@ user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); /* 3001a: disable warning when a domain requests full screen - * [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Using_full_screen_mode ***/ + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Fullscreen_API ***/ // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); /* 3002: disable closing browser with last tab ***/ @@ -1726,7 +1726,7 @@ user_pref("network.websocket.enabled", false); // user_pref("privacy.donottrackheader.value", 1); // 2023: (37+) disable camera autofocus callback // The API will be superceded by the WebRTC Capture and Stream API - // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ + // [1] https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/CameraControl // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); // 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various @@ -1776,11 +1776,11 @@ user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safe // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // 2301: disable SharedWorkers - // [1] https://bugs.torproject.org/15562 + // [1] https://trac.torproject.org/projects/tor/ticket/15562 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 user_pref("dom.workers.sharedWorkers.enabled", false); // 2403: disable scripts changing images - // [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 + // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 // [WARNING] Will break some sites such as Google Maps and a lot of web apps // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 // user_pref("dom.disable_image_src_set", true); @@ -1821,7 +1821,7 @@ user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); // 0807: disable history manipulation - // [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history + // [1] https://developer.mozilla.org/en-US/docs/Web/API/History_API // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 user_pref("browser.history.allowPopState", false); user_pref("browser.history.allowPushState", false); @@ -1835,7 +1835,7 @@ user_pref("browser.urlbar.unifiedcomplete", false); // ***/ /* FF49 // 0372: disable "Hello" - // [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ + // [1] https://www.mozilla.org/en-US/privacy/archive/hello/2016-03/ // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 user_pref("loop.enabled", false); @@ -1907,7 +1907,7 @@ user_pref("dom.telephony.enabled", false); // 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. // e.g. do you have a battery or not, current charging status, charge level, times remaining etc - // [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ + // [1] https://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 // [3] https://www.w3.org/TR/battery-status/ // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online From 4120419cd5589e6fac59161f5f62439320c2ebea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Aug 2017 18:17:06 +1200 Subject: [PATCH 0355/1961] URL changes ##224 Part2 [Ch-ch-ch-ch-changes](https://en.wikipedia.org/wiki/Changes_(David_Bowie_song)) --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index f6adf00..c5b2625 100644 --- a/user.js +++ b/user.js @@ -732,7 +732,7 @@ user_pref("security.family_safety.mode", 0); * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [TEST] https://fiprinca.0x90.eu/poc/ + * [TEST] https://fiprinca.0x90.eu/poc/ [NOTE: 2017-08: expired cert] * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) @@ -1169,7 +1169,7 @@ user_pref("javascript.options.wasm", false); * number #1 cause of crashes in nightly numerous times, and is (primarily) an * ad network API for "ad viewability checks" down to a pixel level * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API - * [2] https://wicg.github.io/IntersectionObserver/ + * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); /* 2450a: enforce websites to ask to store data for offline use From 431b55f47f8ad312619966c47f601ce8263c1b9c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Aug 2017 16:51:38 +1200 Subject: [PATCH 0356/1961] 2404: indexedDB=>inactive, required for uBo 1.14.0+ #226 Not just uBo but many web exts are using indexedDB for storage. Users will have to deal with indexedDB persistent storage via other means. --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c5b2625..ab21301 100644 --- a/user.js +++ b/user.js @@ -1128,8 +1128,10 @@ user_pref("dom.event.clipboardevents.enabled", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently [SETUP] - * [WARNING] This *may* break some add-ons and *will* break some sites ***/ -user_pref("dom.indexedDB.enabled", false); + * [WARNING] This BREAKS uBlock Origin 1.14.0+ [2017-08-30] + * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 + * [WARNING] This *will* break other add-ons and web extensions, and *will* break some sites ***/ + // user_pref("dom.indexedDB.enabled", false); /* 2411: disable resource/navigation timing ***/ user_pref("dom.enable_resource_timing", false); /* 2412: disable timing attacks - javascript performance fingerprinting From b86f625b020bb0d7401fa5fea5f580d1d17002ff Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Aug 2017 17:27:04 +1200 Subject: [PATCH 0357/1961] URL changes #224 Part3 check: 49 items as per issue comment --- user.js | 98 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/user.js b/user.js index ab21301..75b6997 100644 --- a/user.js +++ b/user.js @@ -179,7 +179,7 @@ user_pref("browser.newtabpage.introShown", true); * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); /* 0374: disable "social" integration - * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Social_API ***/ + * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API ***/ user_pref("social.whitelist", ""); user_pref("social.toast-notifications.enabled", false); user_pref("social.shareDirectory", ""); @@ -266,7 +266,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // /* 0420: enable Tracking Protection in all windows * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) * [1] https://wiki.mozilla.org/Security/Tracking_protection - * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ + * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true // user_pref("privacy.trackingprotection.enabled", true); // default false /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection @@ -375,15 +375,15 @@ user_pref("extensions.webcompat-reporter.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/ + * [1] https://developer.mozilla.org/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ + * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) /* 0603a: disable Seer/Necko - * [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Necko ***/ + * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Necko ***/ user_pref("network.predictor.enabled", false); /* 0603b: disable more Necko/Captive Portal * [1] https://en.wikipedia.org/wiki/Captive_portal @@ -439,7 +439,7 @@ user_pref("browser.sessionhistory.max_entries", 10); * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * [1] https://dbaron.org/mozilla/visited-privacy * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 - * [3] https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ + * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); @@ -507,7 +507,7 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. * [SETTING] Options>Security>Logins>Use a master password - * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ + * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ user_pref("security.ask_for_password", 2); @@ -839,7 +839,7 @@ user_pref("layout.css.font-loading-api.enabled", false); user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues. Update: This continues to be the case, see [1] - * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ + * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. @@ -997,14 +997,14 @@ user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); /* 2011: disable WebGL debug info being available to websites * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 - * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ + * [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); /* 2012: disable two more webgl preferences (FF51+) ***/ user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); /* 2021: disable speech recognition - * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition - * [2] https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis + * [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition + * [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); @@ -1022,13 +1022,13 @@ user_pref("media.mediasource.mp4.enabled", true); user_pref("media.mediasource.webm.audio.enabled", true); user_pref("media.mediasource.webm.enabled", true); /* 2026: disable canvas capture stream - * [1] https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/captureStream ***/ + * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); /* 2027: disable camera image capture * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ user_pref("dom.imagecapture.enabled", false); /* 2028: disable offscreen canvas - * [1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas ***/ + * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); /* 2030: disable auto-play of HTML5 media * [WARNING] This may break video playback on various sites ***/ @@ -1067,8 +1067,8 @@ user_pref("dom.allow_scripts_to_close_windows", false); user_pref("browser.link.open_newwindow.restriction", 0); /* 2205: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. - * [1] https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload - * [2] https://support.mozilla.org/en-US/questions/1043508 ***/ + * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload + * [2] https://support.mozilla.org/questions/1043508 ***/ user_pref("dom.disable_beforeunload", true); /*** 2300: WEB WORKERS [SETUP] @@ -1081,12 +1081,12 @@ user_pref("dom.disable_beforeunload", true); [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). It is recommended that you use a separate profile for these sorts of sites. - [1] Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API - [2] Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker - [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API - [4] SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker - [5] ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker - [6] Notifications: https://support.mozilla.org/en-US/questions/1165867#answer-981820 + [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API + [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker + [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API + [4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker + [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker + [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 ***/ user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2301: disable workers @@ -1103,13 +1103,13 @@ user_pref("dom.serviceWorkers.enabled", false); user_pref("dom.caches.enabled", false); /* 2304: disable web notifications * [NOTE] You can still override individual domains under site permissions (FF44+) - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API ***/ + * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ user_pref("dom.webnotifications.enabled", false); user_pref("dom.webnotifications.serviceworker.enabled", false); /* 2305: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/ + * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); @@ -1154,8 +1154,8 @@ user_pref("dom.idle-observers-api.enabled", false); * set to false=block, set to true=ask ***/ user_pref("full-screen-api.enabled", false); /* 2420: disable support for asm.js ( http://asmjs.org/ ) - * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ - * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ + * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/ + * [2] https://www.mozilla.org/security/advisories/mfsa2015-50/ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 @@ -1164,18 +1164,18 @@ user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly for now (FF52+) - * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/ + * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2426: disable Intersection Observer API (FF53+) * Almost a year to complete, three versions late to stable (as default false), * number #1 cause of crashes in nightly numerous times, and is (primarily) an * ad network API for "ad viewability checks" down to a pixel level - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API + * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); /* 2450a: enforce websites to ask to store data for offline use - * [1] https://support.mozilla.org/en-US/questions/1098540 + * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2450b: display a notification when websites ask to store data for offline use @@ -1193,17 +1193,17 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off user_pref("dom.gamepad.enabled", false); /* 2503: disable giving away network info (FF31+) * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API + * [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API * [2] https://wicg.github.io/netinfo/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ user_pref("dom.netinfo.enabled", false); /* 2504: disable virtual reality devices - * [1] https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API ***/ + * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ user_pref("dom.vr.enabled", false); /* 2505: disable media device enumeration (FF29+) * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) * [1] https://wiki.mozilla.org/Media/getUserMedia - * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/ + * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); /* 2506: disable video statistics - JS performance fingerprinting (FF25+) * [1] https://trac.torproject.org/projects/tor/ticket/15757 @@ -1218,15 +1218,15 @@ user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); /* 2509: disable touch events [SETUP] * fingerprinting attack vector - leaks screen res & actual screen coordinates - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Touch_events + * [1] https://developer.mozilla.org/docs/Web/API/Touch_events * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ user_pref("dom.w3c_touch_events.enabled", 0); /* 2510: disable Web Audio API (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); /* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) - * [1] https://developer.mozilla.org/en-US/docs/Web/Events/devicechange - * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/ + * [1] https://developer.mozilla.org/docs/Web/Events/devicechange + * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); /* 2512: disable device sensor API * [1] https://trac.torproject.org/projects/tor/ticket/15758 @@ -1260,7 +1260,7 @@ user_pref("browser.zoom.siteSpecific", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon ***/ + * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); /* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ @@ -1352,14 +1352,14 @@ user_pref("security.dialog_enable_delay", 700); * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ user_pref("security.fileuri.strict_origin_policy", true); /* 2624: enable Subresource Integrity (SRI) (FF43+) - * [1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity + * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); /* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); /* 2626: disable optional user agent token, default is false, included for completeness - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ + * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); @@ -1416,11 +1416,11 @@ user_pref("security.block_script_with_wrong_mime", true); * [1] http://kb.mozillazine.org/Network.IDN_show_punycode * [2] https://wiki.mozilla.org/IDN_Display_Algorithm * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [4] CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ + * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); /* 2673: enable CSP (Content Security Policy) (default is true) - * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ + * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 @@ -1548,19 +1548,19 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager - * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API + * [1] https://developer.mozilla.org/docs/Web/API/StorageManager + * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ user_pref("dom.storageManager.enabled", false); // (FF51+) user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when a WebExtension is uninstalled * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local + * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) - * [1] https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP ***/ + * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); /*** 2800: SHUTDOWN [SETUP] @@ -1623,7 +1623,7 @@ user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); /* 3001a: disable warning when a domain requests full screen - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Fullscreen_API ***/ + * [1] https://developer.mozilla.org/docs/Web/API/Fullscreen_API ***/ // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); /* 3002: disable closing browser with last tab ***/ @@ -1649,7 +1649,7 @@ user_pref("view_source.tab", false); user_pref("layout.spellcheckDefault", 1); /* 3013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - * [2] https://developer.mozilla.org/en-US/docs/Online_and_offline_events ***/ + * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); /* 3015: disable animations * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ @@ -1728,7 +1728,7 @@ user_pref("network.websocket.enabled", false); // user_pref("privacy.donottrackheader.value", 1); // 2023: (37+) disable camera autofocus callback // The API will be superceded by the WebRTC Capture and Stream API - // [1] https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/CameraControl + // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); // 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various @@ -1823,7 +1823,7 @@ user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); // 0807: disable history manipulation - // [1] https://developer.mozilla.org/en-US/docs/Web/API/History_API + // [1] https://developer.mozilla.org/docs/Web/API/History_API // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 user_pref("browser.history.allowPopState", false); user_pref("browser.history.allowPushState", false); @@ -1837,7 +1837,7 @@ user_pref("browser.urlbar.unifiedcomplete", false); // ***/ /* FF49 // 0372: disable "Hello" - // [1] https://www.mozilla.org/en-US/privacy/archive/hello/2016-03/ + // [1] https://www.mozilla.org/privacy/archive/hello/2016-03/ // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 user_pref("loop.enabled", false); @@ -1979,7 +1979,7 @@ user_pref("dom.enable_user_timing", false); // web pages. These parameters vary between types of keyboard layouts such as QWERTY, // AZERTY, Dvorak, and between various languages, e.g. German vs English. // [WARNING] Don't use if Android + physical keyboard - // [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code + // [1] https://developer.mozilla.org/docs/Web/API/KeyboardEvent/code // [2] https://www.privacy-handbuch.de/handbuch_21v.htm // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352949 user_pref("dom.keyboardevent.code.enabled", false); From 346b945ee33499f083ed2224d20979c73bd91cc1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 3 Sep 2017 00:44:23 +1200 Subject: [PATCH 0358/1961] 2699: limit MediaError.message --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 75b6997..7ced2cf 100644 --- a/user.js +++ b/user.js @@ -1509,6 +1509,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ** 1382545 - reduce fingerprinting in Animation API (FF57+) + ** 1354633 - limit MediaError.message to a whitelist (FF57+) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From ffc8280c0c361ed67853c27d4da229be6fec524e Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 2 Sep 2017 19:07:28 +0200 Subject: [PATCH 0359/1961] 9999: 2502 cleanup --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7ced2cf..88f373e 100644 --- a/user.js +++ b/user.js @@ -1907,8 +1907,9 @@ user_pref("media.gmp-eme-adobe.autoupdate", false); // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719 user_pref("dom.telephony.enabled", false); -// 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that - // was fixed. However, it is still another metric for fingerprinting, used to raise entropy. +// 2502: disable Battery Status API + // Initially a Linux issue (high precision readout) that was fixed. + // However, it is still another metric for fingerprinting, used to raise entropy. // e.g. do you have a battery or not, current charging status, charge level, times remaining etc // [1] https://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 From f3c87367fb0798a13bdc776113cb34fa0c951c91 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Sep 2017 14:46:31 +1200 Subject: [PATCH 0360/1961] 2699: spoof FF version changes --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 88f373e..9b2111e 100644 --- a/user.js +++ b/user.js @@ -1497,8 +1497,9 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 & 1383495 - spoof Navigator API (see section 2697) (FF56+) - The version number will be rounded down to the nearest multiple of 10 + ** 1333651 & 1383495 & 1393283 - spoof Navigator API (see section 2697) (FF56+) + FF56: The version number will be rounded down to the nearest multiple of 10 + FF57+: The version number will match current ESR ** 1369319 - disable device sensor API (see 2512) (FF56+) ** 1369357 - disable site specific zoom (see 2515) (FF56+) ** 1337161 - hide gamepads from content (see 2501) (FF56+) From 83bb51b9882f10c322831c56f24dcd4c4c14f557 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Sep 2017 15:35:14 +1200 Subject: [PATCH 0361/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6dcf699..c134cd6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js -The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons) 1 ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions) 1 ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. @@ -16,7 +16,7 @@ INFORMATION IS POWER. So you can make informed decisions to better protect yours * Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) * Detailed (preference versioning, hidden preference information, explanations, and more) * Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [add-ons](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Firefox-Add-ons), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more) +* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more) * Innovative (formatting, special tags, and future plans such as branches) ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage From b907dd7e834d8dc74a3363e27fc8e8743c1d5fcf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Sep 2017 16:18:16 +1200 Subject: [PATCH 0362/1961] new terminology https://wiki.mozilla.org/Add-ons/Terminology . The only "Web Extension" or "WebExtension" or "Add-on" references left are due to UI wording or links or pref names --- user.js | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/user.js b/user.js index 9b2111e..25141e4 100644 --- a/user.js +++ b/user.js @@ -17,7 +17,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Auto-installing updates for Firefox and extensions/add-ons are disabled (section 0302's) + * Auto-installing updates for Firefox and extensions are disabled (section 0302's) * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension * Site breakage WILL happen @@ -107,13 +107,13 @@ user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' f * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal * [SETTING] Options>Advanced>Update>Never check for updates ***/ // user_pref("app.update.enabled", false); -/* 0301b: disable auto-update checks for add-ons ***/ +/* 0301b: disable auto-update checks for extensions ***/ // user_pref("extensions.update.enabled", false); /* 0302a: disable auto update installing for Firefox (after the check in 0301a) * [SETTING] Options>Advanced>Update>Check for updates but let you choose whether to install them * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ user_pref("app.update.auto", false); -/* 0302b: disable auto update installing for add-ons (after the check in 0301b) +/* 0302b: disable auto update installing for extensions (after the check in 0301b) * [SETTING] about:addons>Extensions>Settings[gear-icon]>Update Addons Automatically (toggle) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] @@ -124,7 +124,7 @@ user_pref("app.update.staging.enabled", false); /* 0305: enforce update information is displayed * This is the update available, downloaded, error and success information ***/ user_pref("app.update.silent", false); -/* 0306: disable add-on metadata updating +/* 0306: disable extension metadata updating * sends daily pings to Mozilla about extensions and recent startups ***/ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ @@ -209,7 +209,7 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi /* 0402: enable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes ***/ + * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/ user_pref("services.blocklist.update_enabled", true); user_pref("services.blocklist.signing.enforced", true); /* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ @@ -292,12 +292,12 @@ user_pref("privacy.trackingprotection.ui.enabled", true); // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); -/*** 0500: SYSTEM ADD-ONS / EXPERIMENTS - System add-ons are a method for shipping extensions, considered to be +/*** 0500: SYSTEM EXTENSIONS / EXPERIMENTS + System extensions are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. - To view your system add-ons go to about:support, they are listed under "Features" + To view your system extensions go to about:support, they are listed under "Firefox Features" - Some system add-ons have no on-off prefs. Instead you can manually remove them. Note that app + Some system extensions have no on-off prefs. Instead you can manually remove them. Note that app updates will restore them. They may also be updated and possibly restored automatically (see 0505) * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) @@ -316,8 +316,8 @@ user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); -/* 0505: block URL used for system add-on updates (FF44+) - * [NOTE] You will not get any system add-on updates except when you update Firefox ***/ +/* 0505: block URL used for system extension updates (FF44+) + * [NOTE] You will not get any system extension updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.url", ""); /* 0510: disable Pocket (FF39+) * Pocket is a third party (now owned by Mozilla) "save for later" cloud service @@ -337,7 +337,7 @@ user_pref("dom.flyweb.enabled", false); user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); /* 0513: disable Follow On Search (FF53+) - * Just DELETE the XPI file in your system add-ons directory + * Just DELETE the XPI file in your system extensions directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, @@ -612,9 +612,9 @@ user_pref("alerts.showFavicons", false); /*** 1100: MULTI-PROCESS (e10s) We recommend you let Firefox handle this. Until e10s is enforced, if - - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s - - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s - - any add-ons are missing the 'multiprocessCompatible' flag, then they *might* be disabled (FF53+) + - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s + - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s + - any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ ***/ user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the farm!"); @@ -629,16 +629,16 @@ user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the f * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ // user_pref("dom.ipc.processCount", 4); -/* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+) +/* 1103: enable extension code to run in a separate process (webext-oop) (FF53+) * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/ // user_pref("extensions.webextensions.remote", true); /* 1104: enforce separate content process for file://URLs (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ user_pref("browser.tabs.remote.separateFileUriProcess", true); -/* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/ +/* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); -/* 1106: control number of WebExtension processes ***/ +/* 1106: control number of extension processes ***/ // user_pref("dom.ipc.processCount.extension", 1); /* 1107: control number of file processes ***/ // user_pref("dom.ipc.processCount.file", 1); @@ -1128,9 +1128,9 @@ user_pref("dom.event.clipboardevents.enabled", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2404: disable JS storing data permanently [SETUP] - * [WARNING] This BREAKS uBlock Origin 1.14.0+ [2017-08-30] + * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 - * [WARNING] This *will* break other add-ons and web extensions, and *will* break some sites ***/ + * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); /* 2411: disable resource/navigation timing ***/ user_pref("dom.enable_resource_timing", false); @@ -1284,7 +1284,7 @@ user_pref("network.jar.open-unsafe-types", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) -/* 2611: disable WebIDE to prevent remote debugging and add-on downloads +/* 2611: disable WebIDE to prevent remote debugging and extension downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.webide.autoinstallFxdtAdapters", false); @@ -1326,7 +1326,7 @@ user_pref("pdfjs.disabled", false); user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) - * To control HTML Meta tag and JS redirects, use an add-on. Default is 20 ***/ + * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2620: disable middle mouse click opening links from clipboard * [1] https://trac.torproject.org/projects/tor/ticket/10089 @@ -1343,7 +1343,7 @@ user_pref("middlemouse.contentLoadURL", false); * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); -/* 2622: enforce a security delay when installing add-ons (milliseconds) +/* 2622: enforce a security delay when installing extensions (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ @@ -1391,7 +1391,7 @@ user_pref("network.http.altsvc.oe", false); * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2668: lock down allowed extension directories - * [WARNING] This will break add-ons that do not use the default XPI directories + * [WARNING] This will break extensions that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) @@ -1440,7 +1440,7 @@ user_pref("security.csp.experimentalEnabled", true); * Values below are for example only based on the current ESR/TBB at the time of writing ***/ /* 2697a: navigator.userAgent leaks in JS - * [NOTE] Setting this will break any UA spoofing add-on whitelisting ***/ + * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) /* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time * down to the second which defeats user agent spoofing and can compromise OS etc @@ -1555,7 +1555,7 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ user_pref("dom.storageManager.enabled", false); // (FF51+) user_pref("browser.storageManager.enabled", false); // (FF53+) -/* 2707: clear localStorage and UUID when a WebExtension is uninstalled +/* 2707: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ @@ -1634,7 +1634,7 @@ user_pref("browser.tabs.closeWindowWithLastTab", false); user_pref("browser.backspace_action", 2); /* 3005: disable autocopy default (linux) ***/ // user_pref("clipboard.autocopy", false); -/* 3006: disable enforced add-on signing (FF43+) +/* 3006: disable enforced extension signing (FF43+) * [NOTE] Only applicable to Nightly and ESR (FF48+) * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ // user_pref("xpinstall.signatures.required", false); From 0277ba81027dbf134ad3581c29813c8c4ba3f123 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Sep 2017 16:49:26 +1200 Subject: [PATCH 0363/1961] 2699: more UA spoofing stuff move along people, nothing to see: added 1396468 which fixes a leak, it will probably be pushed to beta (FF56) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 25141e4..8d8d684 100644 --- a/user.js +++ b/user.js @@ -1497,7 +1497,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 & 1383495 & 1393283 - spoof Navigator API (see section 2697) (FF56+) + ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 FF57+: The version number will match current ESR ** 1369319 - disable device sensor API (see 2512) (FF56+) From 9a0edfe8875291b1218e3b6782267ec71422f8b4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 10 Sep 2017 01:43:02 +1200 Subject: [PATCH 0364/1961] 0330: another ping bites the dust --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 8d8d684..ce966cc 100644 --- a/user.js +++ b/user.js @@ -152,6 +152,7 @@ user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.cachedClientID", ""); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) +user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) /* 0333a: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) From bb2325cad29ae411e500b08e9e24f6d627ca13b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 11 Sep 2017 17:03:52 +1200 Subject: [PATCH 0365/1961] 2699: fixup 1333641 description bug 1333641 does not disable the WebSpeech API --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ce966cc..ab7c1a2 100644 --- a/user.js +++ b/user.js @@ -1506,7 +1506,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - hide gamepads from content (see 2501) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) ** 1372069 - disable geolocation API (see 0201) (FF56+) - ** 1333641 - disable WebSpeech API (see 2021) (FF56+) + ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) ** 1369309 - spoof media statistics (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) From d9f76d3add5af90c179af61eec520490d1da87be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 13 Sep 2017 03:14:56 +1200 Subject: [PATCH 0366/1961] start 56 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index ab7c1a2..de8853c 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 18 August 2017 -* version 55: There Must Be an Angel [Playing with My Pants] -* "I walk into an empty room, and suddenly my pants go boom" +* date: 12 September 2017 +* version 56-beta: You're So Pants +* "You're so pants, you probably think this song is about you. Don't you? Don't You?" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From caed9d833c0d302142bcc6202d87f8980394e01b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 13 Sep 2017 04:56:21 +1200 Subject: [PATCH 0367/1961] shove 3000s personal out to 5000s couple of number changes to get rid of alphabet soup: 3001a->5002, 3002->5003 --- user.js | 64 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/user.js b/user.js index de8853c..25806ef 100644 --- a/user.js +++ b/user.js @@ -1616,76 +1616,76 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences * blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** 3000: PERSONAL SETTINGS [SETUP] +/*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ -user_pref("ghacks_user.js.parrot", "3000 syntax error: this is an ex-parrot!"); -/* 3001: disable annoying warnings ***/ +user_pref("ghacks_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); +/* 5001: disable annoying warnings ***/ user_pref("general.warnOnAboutConfig", false); user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); -/* 3001a: disable warning when a domain requests full screen +/* 5002: disable warning when a domain requests full screen * [1] https://developer.mozilla.org/docs/Web/API/Fullscreen_API ***/ // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); -/* 3002: disable closing browser with last tab ***/ +/* 5003: disable closing browser with last tab ***/ user_pref("browser.tabs.closeWindowWithLastTab", false); -/* 3004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ +/* 5004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ user_pref("browser.backspace_action", 2); -/* 3005: disable autocopy default (linux) ***/ +/* 5005: disable autocopy default (linux) ***/ // user_pref("clipboard.autocopy", false); -/* 3006: disable enforced extension signing (FF43+) +/* 5006: disable enforced extension signing (FF43+) * [NOTE] Only applicable to Nightly and ESR (FF48+) * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ // user_pref("xpinstall.signatures.required", false); -/* 3007: open new windows in a new tab instead +/* 5007: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); -/* 3010: enable ctrl-tab previews ***/ +/* 5010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); -/* 3011: don't open "page/selection source" in a tab. The window used instead is cleaner +/* 5011: don't open "page/selection source" in a tab. The window used instead is cleaner * and easier to use and move around (e.g. developers/multi-screen). ***/ user_pref("view_source.tab", false); -/* 3012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ +/* 5012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ user_pref("layout.spellcheckDefault", 1); -/* 3013: disable automatic "Work Offline" status +/* 5013: disable automatic "Work Offline" status * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); -/* 3015: disable animations +/* 5015: disable animations * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); -/* 3017: set submenu delay in milliseconds. 0=instant while a small number allows +/* 5017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 150); // (hidden pref) -/* 3018: set maximum number of daily bookmark backups to keep (default is 15) ***/ +/* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); -/* 3020: control urlbar click behaviour (with defaults) ***/ +/* 5020: control urlbar click behaviour (with defaults) ***/ user_pref("browser.urlbar.clickSelectsAll", true); user_pref("browser.urlbar.doubleClickSelectsAll", false); -/* 3021a: control tab behaviours (with defaults) +/* 5021a: control tab behaviours (with defaults) * open links in a new tab immediately to the right of parent tab, not far right ***/ user_pref("browser.tabs.insertRelatedAfterCurrent", true); -/* 3021b: switch to the parent tab (if it has one) on close, rather than +/* 5021b: switch to the parent tab (if it has one) on close, rather than * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. - * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 3007) ***/ + * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 5007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); -/* 3021c: stay on the parent tab when opening links in a new tab +/* 5021c: stay on the parent tab when opening links in a new tab * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ user_pref("browser.tabs.loadInBackground", true); -/* 3021d: set behavior of pages normally meant to open in a new window (such as target="_blank" +/* 5021d: set behavior of pages normally meant to open in a new window (such as target="_blank" * or from an external program), but that have instead been loaded in a new tab. * true: load the new tab in the background, leaving focus on the current tab * false: load the new tab in the foreground, taking the focus from the current tab. ***/ user_pref("browser.tabs.loadDivertedInBackground", false); -/* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ +/* 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); -/* 3024: enable "Find As You Type" +/* 5024: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); -/* 3025: enable/disable various media types ***/ +/* 5025: enable/disable various media types ***/ // user_pref("media.mp4.enabled", false); // user_pref("media.flac.enabled", false); // (FF51+) // user_pref("media.ogg.enabled", false); @@ -1696,12 +1696,12 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); // user_pref("media.webm.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries // user_pref("media.wmf.vp9.enabled", false); -/* 3026: disable "Reader View" ***/ +/* 5026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); -/* 3027: decode URLs on copy from the urlbar (FF53+) +/* 5027: decode URLs on copy from the urlbar (FF53+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ user_pref("browser.urlbar.decodeURLsOnCopy", true); -/* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ +/* 5028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ // user_pref("general.autoScroll", false); /* END: internal custom pref to test for syntax errors ***/ @@ -1750,7 +1750,7 @@ user_pref("network.http.spdy.enabled.http2draft", false); // 2803: (42+) clear passwords on shutdown // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 // user_pref("privacy.clearOnShutdown.passwords", false); -// 3001a: (42+) disable warning when a domain requests full screen +// 5002: (42+) disable warning when a domain requests full screen // replaced by setting full-screen-api.warning.timeout to zero // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017 // user_pref("full-screen-api.approval-required", false); @@ -1769,7 +1769,7 @@ user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing // [1] http://kb.mozillazine.org/Pfs.datasource.url // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 user_pref("pfs.datasource.url", ""); -// 3003: disable new search panel UI +// 5003: disable new search panel UI // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 // user_pref("browser.search.showOneOffButtons", false); // ***/ @@ -1987,10 +1987,10 @@ user_pref("dom.enable_user_timing", false); // [2] https://www.privacy-handbuch.de/handbuch_21v.htm // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352949 user_pref("dom.keyboardevent.code.enabled", false); -// 3015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled +// 5015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 user_pref("browser.tabs.animate", false); -// 3016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled +// 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 user_pref("browser.fullscreen.animate", false); // * * * / From e09e5ab8db754fa91f2fc368ea07d3855f96f3ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 12:12:09 +1200 Subject: [PATCH 0368/1961] 2699: FP resistance for Presentation API --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 25806ef..c5898db 100644 --- a/user.js +++ b/user.js @@ -1512,6 +1512,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ** 1382545 - reduce fingerprinting in Animation API (FF57+) ** 1354633 - limit MediaError.message to a whitelist (FF57+) + ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) + This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ***/ /* 2699a: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ From 17ba1401cf15e090a36c369f170836296f32e871 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 15:25:32 +1200 Subject: [PATCH 0369/1961] 2698 FPI -> 4000s --- user.js | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index c5898db..7c8a9e9 100644 --- a/user.js +++ b/user.js @@ -1457,28 +1457,6 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 2697g: general.useragent.locale (related, see 0204) ***/ -/*** 2698: FIRST PARTY ISOLATION (FPI) - ** 1277803 - isolate favicons (FF52+) - ** 1264562 - isolate OCSP cache (FF52+) - ** 1268726 - isolate Shared Workers (FF52+) - ** 1316283 - isolate SSL session cache (FF52+) - ** 1317927 - isolate media cache (FF53+) - ** 1323644 - isolate HSTS and HPKP (FF54+) - ** 1334690 - isolate HTTP Alternative Services (FF54+) - ** 1334693 - isolate SPDY/HTTP2 (FF55+) - ** 1337893 - isolate DNS cache (FF55+) - ** 1344170 - isolate blob: URI (FF55+) - ** 1300671 - isolate data://, about: URLs (FF55+) -***/ -/* 2698a: enable First Party Isolation (FF51+) - * [WARNING] May break cross-domain logins and site functionality until perfected - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ -user_pref("privacy.firstparty.isolate", true); -/* 2698b: enforce FPI restriction for window.opener (FF54+) - * [NOTE] Setting this to false may reduce the breakage in 2698a - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ -user_pref("privacy.firstparty.isolate.restrict_opener_access", true); - /*** 2699: privacy.resistFingerprinting This master switch will be used for a wide range of items, many of which will **override** existing prefs from FF55+ @@ -1618,6 +1596,28 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences * blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); +/*** 4000: FIRST PARTY ISOLATION (FPI) + ** 1277803 - isolate favicons (FF52+) + ** 1264562 - isolate OCSP cache (FF52+) + ** 1268726 - isolate Shared Workers (FF52+) + ** 1316283 - isolate SSL session cache (FF52+) + ** 1317927 - isolate media cache (FF53+) + ** 1323644 - isolate HSTS and HPKP (FF54+) + ** 1334690 - isolate HTTP Alternative Services (FF54+) + ** 1334693 - isolate SPDY/HTTP2 (FF55+) + ** 1337893 - isolate DNS cache (FF55+) + ** 1344170 - isolate blob: URI (FF55+) + ** 1300671 - isolate data://, about: URLs (FF55+) +***/ +/* 4001: enable First Party Isolation (FF51+) + * [WARNING] May break cross-domain logins and site functionality until perfected + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ +user_pref("privacy.firstparty.isolate", true); +/* 4002: enforce FPI restriction for window.opener (FF54+) + * [NOTE] Setting this to false may reduce the breakage in 4001 + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ +user_pref("privacy.firstparty.isolate.restrict_opener_access", true); + /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ From 54b64e3f3cad891fa3ef5ceb3489a6d2a9c59a37 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 15:57:42 +1200 Subject: [PATCH 0370/1961] 2699 RFP -> 4500s --- user.js | 105 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 54 insertions(+), 51 deletions(-) diff --git a/user.js b/user.js index 7c8a9e9..488e07e 100644 --- a/user.js +++ b/user.js @@ -846,7 +846,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. + * privacy.resistFingerprinting (see 4500) may cover this, and 1401 can be relaxed. * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) @@ -1244,9 +1244,8 @@ user_pref("dom.presentation.discoverable", false); user_pref("dom.presentation.discovery.enabled", false); user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.session_transport.data_channel.enable", false); -/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) +/* 2514: spoof (or limit?) number of CPU cores (FF48+) * [WARNING] *may* affect core chrome/Firefox performance, will affect content. - * Highly recommended to leave this (DOM) and use 2699f (navigator) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 * [2] https://trac.torproject.org/projects/tor/ticket/21675 * [3] https://trac.torproject.org/projects/tor/ticket/22127 @@ -1437,7 +1436,7 @@ user_pref("security.csp.experimentalEnabled", true); navigator objects, resource://URIs, locale, feature detection and more. 2. You are not in a controlled set of significant numbers, where the values are enforced by default. It works for TBB because for TBB, the spoofed values ARE their default. - * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) + * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) * Values below are for example only based on the current ESR/TBB at the time of writing ***/ /* 2697a: navigator.userAgent leaks in JS @@ -1457,53 +1456,6 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 2697g: general.useragent.locale (related, see 0204) ***/ -/*** 2699: privacy.resistFingerprinting - This master switch will be used for a wide range of items, - many of which will **override** existing prefs from FF55+ - ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) - [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - [NOTE] This will probably make your values pretty unique until you resize or snap the - inner window width + height into standard/common resolutions (such as 1366x768) - To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - your window size, do some math, resize to allow for all the non inner window elements - [TEST] http://browserspy.dk/screen.php - ** 1281949 - spoof screen orientation (FF50+) - ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - ** 1330890 - spoof timezone as UTC 0 (FF55+) - ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) - This spoof *shouldn't* affect core chrome/Firefox performance - ** 1217238 - reduce precision of time exposed by javascript (FF55+) - ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) - FF56: The version number will be rounded down to the nearest multiple of 10 - FF57+: The version number will match current ESR - ** 1369319 - disable device sensor API (see 2512) (FF56+) - ** 1369357 - disable site specific zoom (see 2515) (FF56+) - ** 1337161 - hide gamepads from content (see 2501) (FF56+) - ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) - ** 1372069 - disable geolocation API (see 0201) (FF56+) - ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) - ** 1369309 - spoof media statistics (see 2506) (FF57+) - ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) - ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) - ** 1382545 - reduce fingerprinting in Animation API (FF57+) - ** 1354633 - limit MediaError.message to a whitelist (FF57+) - ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) - This blocks exposure of local IP Addresses via mDNS (Multicast DNS) -***/ -/* 2699a: enable privacy.resistFingerprinting (FF41+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ -user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) -/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. - * The override values are a starting point to round from if you want some control - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - * [2] https://hardware.metrics.mozilla.com/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) - // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) - /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] @@ -1618,6 +1570,57 @@ user_pref("privacy.firstparty.isolate", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); +/*** 4500: privacy.resistFingerprinting + This master switch will be used for a wide range of items, many of which will + **override** existing prefs from FF55+, often providing a **better** solution + + IMPORTANT: As existing prefs become redundant, and some of them WILL interfere + with how RFP works, they will be moved to section 4600 and made inactive + + ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) + [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + [NOTE] This will probably make your values pretty unique until you resize or snap the + inner window width + height into standard/common resolutions (such as 1366x768) + To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + your window size, do some math, resize to allow for all the non inner window elements + [TEST] http://browserspy.dk/screen.php + ** 1281949 - spoof screen orientation (FF50+) + ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + ** 1330890 - spoof timezone as UTC 0 (FF55+) + ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + This spoof *shouldn't* affect core chrome/Firefox performance + ** 1217238 - reduce precision of time exposed by javascript (FF55+) + ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) + ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) + FF56: The version number will be rounded down to the nearest multiple of 10 + FF57+: The version number will match current ESR + ** 1369319 - disable device sensor API (see 2512) (FF56+) + ** 1369357 - disable site specific zoom (see 2515) (FF56+) + ** 1337161 - hide gamepads from content (see 2501) (FF56+) + ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) + ** 1372069 - disable geolocation API (see 0201) (FF56+) + ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) + ** 1369309 - spoof media statistics (see 2506) (FF57+) + ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) + ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) + ** 1382545 - reduce fingerprinting in Animation API (FF57+) + ** 1354633 - limit MediaError.message to a whitelist (FF57+) + ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) + This blocks exposure of local IP Addresses via mDNS (Multicast DNS) +***/ +/* 4501: enable privacy.resistFingerprinting (FF41+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ +user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) +/* 4502: set new window sizes to round to hundreds (FF55+) [SETUP] + * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. + * The override values are a starting point to round from if you want some control + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 + * [2] https://hardware.metrics.mozilla.com/ ***/ +user_pref("privacy.window.maxInnerWidth", 1400); // (hidden pref) +user_pref("privacy.window.maxInnerHeight", 800); // (hidden pref) + /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ From a5ae7d17a3d8cd1c131066cee6aa7a89bbbdb227 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 16:39:05 +1200 Subject: [PATCH 0371/1961] oophs --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 488e07e..05a0b27 100644 --- a/user.js +++ b/user.js @@ -1618,8 +1618,8 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ -user_pref("privacy.window.maxInnerWidth", 1400); // (hidden pref) -user_pref("privacy.window.maxInnerHeight", 800); // (hidden pref) +user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) +user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users From 76672ed767174f2ac9cdc7c8a69f8312e40acf03 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 17:00:55 +1200 Subject: [PATCH 0372/1961] 2697 spoofing -> 4700s --- user.js | 62 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index 05a0b27..75da9b7 100644 --- a/user.js +++ b/user.js @@ -1427,35 +1427,6 @@ user_pref("security.csp.enable", true); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ user_pref("security.csp.experimentalEnabled", true); -/*** 2697: USER AGENT (UA) SPOOFING - Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage - depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the - latest ESR, it still *does* *not* *work*. There are two main reasons for this. - 1. Many of the components that make up your UA can be derived by other means. And when - those values differ, you provide more bits and raise entropy. Examples of leaks include - navigator objects, resource://URIs, locale, feature detection and more. - 2. You are not in a controlled set of significant numbers, where the values are enforced - by default. It works for TBB because for TBB, the spoofed values ARE their default. - * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) - * Values below are for example only based on the current ESR/TBB at the time of writing -***/ -/* 2697a: navigator.userAgent leaks in JS - * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ - // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref) -/* 2697b: navigator.buildID (see gecko.buildID in about:config) reveals build time - * down to the second which defeats user agent spoofing and can compromise OS etc - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ - // user_pref("general.buildID.override", "20100101"); // (hidden pref) -/* 2697c: navigator.appName ***/ - // user_pref("general.appname.override", "Netscape"); // (hidden pref) -/* 2697d: navigator.appVersion ***/ - // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) -/* 2697e: navigator.platform leaks in JS ***/ - // user_pref("general.platform.override", "Win32"); // (hidden pref) -/* 2697f: navigator.oscpu leaks in JS ***/ - // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 2697g: general.useragent.locale (related, see 0204) ***/ - /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] @@ -1593,7 +1564,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) + ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 FF57+: The version number will match current ESR ** 1369319 - disable device sensor API (see 2512) (FF56+) @@ -1621,6 +1592,37 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) +/*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING + Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage + depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the + latest ESR, it still *does* *not* *work*. There are two main reasons for this. + 1. Many of the components that make up your UA can be derived by other means. And when + those values differ, you provide more bits and raise entropy. Examples of leaks include + navigator objects, date locale/formats, iframes, headers, resource://URIs, + feature detection and more. + 2. You are not in a controlled set of significant numbers, where the values are enforced + by default. It works for TBB because for TBB, the spoofed values ARE their default. + * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) + which is already plugging leaks (see 2 above) the prefs below do not address + * Values below are for example only based on the current ESR/TBB at the time of writing +***/ +/* 4701: navigator.userAgent leaks in JS + * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ + // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); // (hidden pref) +/* 4702: navigator.buildID (see gecko.buildID in about:config) reveals build time + * down to the second which defeats user agent spoofing and can compromise OS etc + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ + // user_pref("general.buildID.override", "20100101"); // (hidden pref) +/* 4703: navigator.appName ***/ + // user_pref("general.appname.override", "Netscape"); // (hidden pref) +/* 4704: navigator.appVersion ***/ + // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) +/* 4705: navigator.platform leaks in JS ***/ + // user_pref("general.platform.override", "Win64"); // (hidden pref) +/* 4706: navigator.oscpu leaks in JS ***/ + // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) +/* 4707: general.useragent.locale (related, see 0204) ***/ + /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ From 13aa4a0290cb231cb6b8e704124e2ec52ad81a27 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 17:28:52 +1200 Subject: [PATCH 0373/1961] create 4600s: RFP alternatives --- user.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/user.js b/user.js index 75da9b7..5584b42 100644 --- a/user.js +++ b/user.js @@ -1592,6 +1592,16 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) +/*** 4600: RFP (4500) ALTERNATIVES [SETUP] + * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, + some even cause RFP to not behave as you would expect and alter your fingerprint. + Make sure they are RESET in about:config as per your Firefox version + * IF you DO NOT use RFP or are on ESR... read on +***/ +/* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these +// * * * / +// ***/ + /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the From 5e414ff5cb2d9dbb366c22574335175d5ab571f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 17:43:24 +1200 Subject: [PATCH 0374/1961] 4600: redundant prefs FF55 due to RFP --- user.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 5584b42..77133fa 100644 --- a/user.js +++ b/user.js @@ -1244,13 +1244,6 @@ user_pref("dom.presentation.discoverable", false); user_pref("dom.presentation.discovery.enabled", false); user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.session_transport.data_channel.enable", false); -/* 2514: spoof (or limit?) number of CPU cores (FF48+) - * [WARNING] *may* affect core chrome/Firefox performance, will affect content. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 - * [2] https://trac.torproject.org/projects/tor/ticket/21675 - * [3] https://trac.torproject.org/projects/tor/ticket/22127 - * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/ - // user_pref("dom.maxHardwareConcurrency", 2); /* 2515: disable site specific zoom * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs @@ -1560,7 +1553,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) ** 1330890 - spoof timezone as UTC 0 (FF55+) - ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+) This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) @@ -1596,9 +1589,17 @@ user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, some even cause RFP to not behave as you would expect and alter your fingerprint. Make sure they are RESET in about:config as per your Firefox version - * IF you DO NOT use RFP or are on ESR... read on + * IF you DO NOT use RFP or are on ESR... then turn on each ESR section below ***/ /* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these +// FF55+ +// 4601: spoof (or limit?) number of CPU cores (FF48+) + // [WARNING] *may* affect core chrome/Firefox performance, will affect content. + // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 + // [2] https://trac.torproject.org/projects/tor/ticket/21675 + // [3] https://trac.torproject.org/projects/tor/ticket/22127 + // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency +user_pref("dom.maxHardwareConcurrency", 2); // * * * / // ***/ From 7c2be97879112fbadeab3fbbe0da9178a6f4c6ca Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Sep 2017 22:54:55 +1200 Subject: [PATCH 0375/1961] 2418 full-screen site permission fix site permission no longer has a full screen override - no idea when it was removed --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index 77133fa..ddb4dc8 100644 --- a/user.js +++ b/user.js @@ -1149,10 +1149,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); /* 2416: disable idle observation ***/ user_pref("dom.idle-observers-api.enabled", false); /* 2418: disable full-screen API - * This setting WAS under about:permissions>All Sites>Fullscreen - * [NOTE] about:permissions is no longer available since FF46 but you can still override - * individual domains: use info icon in urlbar etc or right click on a web page>view page info - * set to false=block, set to true=ask ***/ + * false=block, true=ask ***/ user_pref("full-screen-api.enabled", false); /* 2420: disable support for asm.js ( http://asmjs.org/ ) * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/ From 6900924aa6ef24fb401db18b745457e0fd33128b Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 15 Sep 2017 01:47:54 +0200 Subject: [PATCH 0376/1961] 0320 - disable Get Add-ons panel --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index ddb4dc8..719bcb4 100644 --- a/user.js +++ b/user.js @@ -136,9 +136,9 @@ user_pref("browser.search.update", false); user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); /* 0310: disable sending the URL of the website where a plugin crashed ***/ user_pref("dom.ipc.plugins.reportCrashURL", false); -/* 0320: disable extension discovery - * featured extensions for displaying in Get Add-ons panel ***/ -user_pref("extensions.webservice.discoverURL", "http://127.0.0.1"); +/* 0320: disable about:addons' Get Add-ons panel (uses Google-Analytics) ***/ +user_pref("extensions.getAddons.showPane", false); // hidden pref +user_pref("extensions.webservice.discoverURL", ""); /* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) * IF unified=false then .enabled controls the telemetry module From 6a7dac32ccacc568d6eb5b21e919e28f2687a0b8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 15 Sep 2017 18:39:43 +1200 Subject: [PATCH 0377/1961] 4601: => inactive Are the possible/unknown downsides of this one FP measure really worth it for ESR users? - see earthlng --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 719bcb4..264e92d 100644 --- a/user.js +++ b/user.js @@ -1596,7 +1596,7 @@ user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) // [2] https://trac.torproject.org/projects/tor/ticket/21675 // [3] https://trac.torproject.org/projects/tor/ticket/22127 // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency -user_pref("dom.maxHardwareConcurrency", 2); + // user_pref("dom.maxHardwareConcurrency", 2); // * * * / // ***/ From f450c2172b163e2444b6087b84e43a76aee6cd53 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 15 Sep 2017 14:44:05 +0200 Subject: [PATCH 0378/1961] 1221 - test site works again --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 264e92d..6815425 100644 --- a/user.js +++ b/user.js @@ -733,7 +733,7 @@ user_pref("security.family_safety.mode", 0); * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [TEST] https://fiprinca.0x90.eu/poc/ [NOTE: 2017-08: expired cert] + * [TEST] https://fiprinca.0x90.eu/poc/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) From e794611920537727bd9b85d09e83376978c4a2cd Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 15 Sep 2017 14:46:31 +0200 Subject: [PATCH 0379/1961] 4502 - will always round down ... --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6815425..e9a4874 100644 --- a/user.js +++ b/user.js @@ -1575,7 +1575,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) /* 4502: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. + * [NOTE] Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ From f3bd095fe97445fccd1d11620ce53a3eb68babb2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 15 Sep 2017 14:56:24 +0200 Subject: [PATCH 0380/1961] 5015 - add version info (FF55+) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e9a4874..e8d1d94 100644 --- a/user.js +++ b/user.js @@ -1669,7 +1669,7 @@ user_pref("layout.spellcheckDefault", 1); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); -/* 5015: disable animations +/* 5015: disable animations (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); /* 5017: set submenu delay in milliseconds. 0=instant while a small number allows From 4d35be7ccbf8b9ed1bce95bc0e3d699e5ec00531 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 01:32:22 +1200 Subject: [PATCH 0381/1961] 0517: *.formautofill.available replaces `extensions.formautofill.experimental` --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index e8d1d94..879e619 100644 --- a/user.js +++ b/user.js @@ -366,6 +366,7 @@ user_pref("browser.onboarding.enabled", false); * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); +user_pref("extensions.formautofill.available", "off"); // (FF56+) user_pref("extensions.formautofill.creditCards.enabled", false); // (FF56+) user_pref("extensions.formautofill.experimental", false); user_pref("extensions.formautofill.heuristics.enabled", false); From 2e4e0a6327d76571a47bf112e1f6471a26a4c80d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 02:33:29 +1200 Subject: [PATCH 0382/1961] Bwooooarrkkk .. missing parrots For the four new sections .. hopefully no more parrots need be harmed in the making of this js. PS: The origin of popping clogs is interesting --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 879e619..0809d6f 100644 --- a/user.js +++ b/user.js @@ -1523,6 +1523,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data://, about: URLs (FF55+) ***/ +user_pref("ghacks_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ @@ -1572,6 +1573,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ***/ +user_pref("ghacks_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) @@ -1589,6 +1591,7 @@ user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) Make sure they are RESET in about:config as per your Firefox version * IF you DO NOT use RFP or are on ESR... then turn on each ESR section below ***/ +user_pref("ghacks_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these // FF55+ // 4601: spoof (or limit?) number of CPU cores (FF48+) @@ -1615,6 +1618,7 @@ user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) which is already plugging leaks (see 2 above) the prefs below do not address * Values below are for example only based on the current ESR/TBB at the time of writing ***/ +user_pref("ghacks_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); /* 4701: navigator.userAgent leaks in JS * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); // (hidden pref) From 598ee751f5faba6f602db8f2ae0a5ca97f562bd2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 05:26:07 +1200 Subject: [PATCH 0383/1961] 2500s: 4 h/w prefs=>inactive #237 --- user.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 0809d6f..3982b12 100644 --- a/user.js +++ b/user.js @@ -1188,8 +1188,9 @@ user_pref("browser.offline-apps.notify", true); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2501: disable gamepad API - USB device ID enumeration + * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ -user_pref("dom.gamepad.enabled", false); + // user_pref("dom.gamepad.enabled", false); /* 2503: disable giving away network info (FF31+) * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none * [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API @@ -1197,8 +1198,9 @@ user_pref("dom.gamepad.enabled", false); * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ user_pref("dom.netinfo.enabled", false); /* 2504: disable virtual reality devices + * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ -user_pref("dom.vr.enabled", false); + // user_pref("dom.vr.enabled", false); /* 2505: disable media device enumeration (FF29+) * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) * [1] https://wiki.mozilla.org/Media/getUserMedia @@ -1215,11 +1217,11 @@ user_pref("media.video_stats.enabled", false); * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); -/* 2509: disable touch events [SETUP] +/* 2509: disable touch events * fingerprinting attack vector - leaks screen res & actual screen coordinates * [1] https://developer.mozilla.org/docs/Web/API/Touch_events * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ -user_pref("dom.w3c_touch_events.enabled", 0); + // user_pref("dom.w3c_touch_events.enabled", 0); /* 2510: disable Web Audio API (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); @@ -1228,11 +1230,12 @@ user_pref("dom.webaudio.enabled", false); * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); /* 2512: disable device sensor API + * [WARNING] [SETUP] Optional protection depending on your device * [1] https://trac.torproject.org/projects/tor/ticket/15758 * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ -user_pref("device.sensors.enabled", false); + // user_pref("device.sensors.enabled", false); /* 2513: disable Presentation API * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI * [2] https://www.w3.org/TR/presentation-api/ ***/ From c84a59fd952083ca885175b2172b519f7a57c592 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 05:43:45 +1200 Subject: [PATCH 0384/1961] ESR parrot a deprecated parrot.. seems apt... and that's it, no more parrots, please.. I'm all parroted out --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 3982b12..bc17460 100644 --- a/user.js +++ b/user.js @@ -36,7 +36,7 @@ * Yes, this next pref setting is redundant, but we like it! * [1] https://en.wikipedia.org/wiki/Dead_parrot * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ -user_pref("ghacks_user.js.parrot", "Oh yes, the Norwegian Blue... what's wrong with it?"); +user_pref("ghacks_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode @@ -1727,9 +1727,6 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); /* 5028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ // user_pref("general.autoScroll", false); -/* END: internal custom pref to test for syntax errors ***/ -user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); - /*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, viewer-friendly version of the deprecated bugzilla tickets. The original state of each pref @@ -1738,6 +1735,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem For FF53 on, we have bundled releases to cater for ESR. Change /* to // on the first line [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ +user_pref("ghacks_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* FF42 and older // 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 @@ -2018,3 +2016,6 @@ user_pref("browser.tabs.animate", false); user_pref("browser.fullscreen.animate", false); // * * * / // ***/ + +/* END: internal custom pref to test for syntax errors ***/ +user_pref("ghacks_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 89474d014f866c365e3292a4aa71657c9ded3484 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 06:20:00 +1200 Subject: [PATCH 0385/1961] 1200s: ciphers=>inactive #237 --- user.js | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index bc17460..bbd1bf6 100644 --- a/user.js +++ b/user.js @@ -663,13 +663,11 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); vector, see [1] (It's quite technical but the first part is easy to understand and you can stop reading when you reach the second section titled "Enter Bro") - Option 1: Use our settings to tighten up encryption options. It *is* a fingerprinting attack - vector, and we certainly do want to reduce any attack surface, but this is not how - you *DEFEAT* fingerprinting - to do that you need large numbers to buy into the same - enforced browser-wide settings (such as TBB), and/or you use OpSec. - Option 2: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local only - anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and other - browsers) will always lag for fear of breakage and upset end-users + Option 1: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local + only anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and + other browsers) will always lag for fear of breakage and upset end-users + Option 2: Disable the ciphers in 1261, 1262 and 1263. These shouldn't break anything. + Optionally, disable the ciphers in 1264. [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ ***/ @@ -779,15 +777,15 @@ user_pref("security.pki.sha1_enforcement_level", 1); * [1] https://en.wikipedia.org/wiki/3des#Security * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ -user_pref("security.ssl3.rsa_des_ede3_sha", false); + // user_pref("security.ssl3.rsa_des_ede3_sha", false); /* 1262: disable 128 bits ***/ -user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) * [WARNING] May break obscure sites, but not major sites, which should support ECDH over DHE * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); + // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); + // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); /* 1264: disable the remaining non-modern cipher suites as of FF52 * [NOTE] Commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); From bdf0e5ed569523e934a93d61905ce9a9f7de26ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 10:28:22 +1200 Subject: [PATCH 0386/1961] parrot pref name change #237 --- user.js | 62 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/user.js b/user.js index bbd1bf6..15b6fd5 100644 --- a/user.js +++ b/user.js @@ -36,7 +36,7 @@ * Yes, this next pref setting is redundant, but we like it! * [1] https://en.wikipedia.org/wiki/Dead_parrot * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ -user_pref("ghacks_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); +user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode @@ -50,7 +50,7 @@ user_pref("ghacks_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's // user_pref("browser.privatebrowsing.autostart", true); /*** 0100: STARTUP ***/ -user_pref("ghacks_user.js.parrot", "0100 syntax error: the parrot's dead!"); +user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable "slow startup" options * warnings, disk history, welcomes, intros, EULA, default browser check ***/ user_pref("browser.slowStartup.notificationDisabled", true); @@ -69,7 +69,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); // user_pref("browser.startup.page", 0); /*** 0200: GEOLOCATION ***/ -user_pref("ghacks_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); +user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable location-aware browsing [NOTE] Use Mozilla's API key if required ***/ user_pref("geo.enabled", false); @@ -102,7 +102,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. It is still important to do updates for security reasons, please do so manually. ***/ -user_pref("ghacks_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); +user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable auto-update checks for Firefox * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal * [SETTING] Options>Advanced>Update>Never check for updates ***/ @@ -199,7 +199,7 @@ user_pref("social.enabled", false); // (hidden pref) These do rely on 3rd parties (Google for SB and Disconnect for TP), but many steps, which are continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ -user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); +user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /** BLOCKLISTS ***/ /* 0401: enable Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" @@ -308,7 +308,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions ***/ -user_pref("ghacks_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); +user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0501: disable experiments * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ user_pref("experiments.enabled", false); @@ -375,7 +375,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); user_pref("extensions.webcompat-reporter.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ -user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!"); +user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); @@ -416,7 +416,7 @@ user_pref("network.predictor.enable-prefetch", false); [NOTE] The urlbar is also commonly referred to as the location bar and address bar #Required reading [#] https://xkcd.com/538/ ***/ -user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); +user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY * don't leak typos to a search engine, give an error message instead ***/ user_pref("keyword.enabled", false); @@ -501,7 +501,7 @@ user_pref("browser.taskbar.lists.tasks.enabled", false); user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ -user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!"); +user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords * [SETTING] Options>Security>Logins>Remember logins for sites * [NOTE] This does not clear any passwords already saved ***/ @@ -545,7 +545,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); /*** 1000: CACHE [SETUP] ***/ -user_pref("ghacks_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); +user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ /* 1001: disable disk cache ***/ user_pref("browser.cache.disk.enable", false); @@ -619,7 +619,7 @@ user_pref("alerts.showFavicons", false); - any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ ***/ -user_pref("ghacks_user.js.parrot", "1100 syntax error: the parrot's bought the farm!"); +user_pref("_user.js.parrot", "1100 syntax error: the parrot's bought the farm!"); /* 1101: start the browser in e10s mode (FF48+) * about:support>Application Basics>Multiprocess Windows ***/ // user_pref("browser.tabs.remote.autostart", true); @@ -671,7 +671,7 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ ***/ -user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); +user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /* 1201: disable old SSL/TLS - vulnerable to a MiTM attack * [WARNING] Tested Feb 2017 - still breaks too many sites @@ -805,7 +805,7 @@ user_pref("browser.ssl_override_behavior", 1); user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** 1400: FONTS ***/ -user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. @@ -866,7 +866,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ -user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); +user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/ @@ -912,7 +912,7 @@ user_pref("privacy.donottrackheader.enabled", false); [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [3] https://github.com/mozilla/testpilot-containers ***/ -user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); +user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); @@ -929,7 +929,7 @@ user_pref("ghacks_user.js.parrot", "1700 syntax error: the parrot's bit the dust // user_pref("privacy.userContext.longPressBehavior", 2); /*** 1800: PLUGINS ***/ -user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); +user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); /* 1801: set default plugin state (i.e. new plugins on discovery) to never activate * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ user_pref("plugin.default.state", 0); @@ -970,7 +970,7 @@ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** 2000: MEDIA / CAMERA / MIC ***/ -user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); +user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); @@ -1039,7 +1039,7 @@ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: UI MEDDLING see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ -user_pref("ghacks_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); +user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); /* 2201: disable website control over browser right-click context menu * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ // user_pref("dom.event.contextmenu.enabled", false); @@ -1088,7 +1088,7 @@ user_pref("dom.disable_beforeunload", true); [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 ***/ -user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); +user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2301: disable workers * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/ user_pref("dom.workers.enabled", false); @@ -1116,7 +1116,7 @@ user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); /*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ -user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); +user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with @@ -1184,7 +1184,7 @@ user_pref("browser.offline-apps.notify", true); // user_pref("offline-apps.quota.warn", 51200); /*** 2500: HARDWARE FINGERPRINTING ***/ -user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); +user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2501: disable gamepad API - USB device ID enumeration * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ @@ -1250,7 +1250,7 @@ user_pref("dom.presentation.session_transport.data_channel.enable", false); user_pref("browser.zoom.siteSpecific", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ -user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); +user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); @@ -1420,7 +1420,7 @@ user_pref("security.csp.enable", true); user_pref("security.csp.experimentalEnabled", true); /*** 2700: COOKIES & DOM STORAGE ***/ -user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); +user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie @@ -1467,7 +1467,7 @@ user_pref("network.cookie.leave-secure-alone", true); [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced ***/ -user_pref("ghacks_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); +user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); @@ -1524,7 +1524,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data://, about: URLs (FF55+) ***/ -user_pref("ghacks_user.js.parrot", "4000 syntax error: the parrot's pegged out"); +user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ @@ -1574,7 +1574,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ***/ -user_pref("ghacks_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); +user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) @@ -1592,7 +1592,7 @@ user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) Make sure they are RESET in about:config as per your Firefox version * IF you DO NOT use RFP or are on ESR... then turn on each ESR section below ***/ -user_pref("ghacks_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); +user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these // FF55+ // 4601: spoof (or limit?) number of CPU cores (FF48+) @@ -1619,7 +1619,7 @@ user_pref("ghacks_user.js.parrot", "4600 syntax error: the parrot's crossed the which is already plugging leaks (see 2 above) the prefs below do not address * Values below are for example only based on the current ESR/TBB at the time of writing ***/ -user_pref("ghacks_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); +user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); /* 4701: navigator.userAgent leaks in JS * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); // (hidden pref) @@ -1640,7 +1640,7 @@ user_pref("ghacks_user.js.parrot", "4700 syntax error: the parrot's taken 'is la /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ -user_pref("ghacks_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); +user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* 5001: disable annoying warnings ***/ user_pref("general.warnOnAboutConfig", false); user_pref("browser.tabs.warnOnClose", false); @@ -1733,7 +1733,7 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true); For FF53 on, we have bundled releases to cater for ESR. Change /* to // on the first line [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ -user_pref("ghacks_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); +user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* FF42 and older // 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 @@ -2016,4 +2016,4 @@ user_pref("browser.fullscreen.animate", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ -user_pref("ghacks_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); +user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 5338b6fb60c9c92951949244194b03fa3635d9a3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2017 10:36:30 +1200 Subject: [PATCH 0387/1961] 4500: add our acronym RFP --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 15b6fd5..6acc023 100644 --- a/user.js +++ b/user.js @@ -1534,7 +1534,7 @@ user_pref("privacy.firstparty.isolate", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); -/*** 4500: privacy.resistFingerprinting +/*** 4500: privacy.resistFingerprinting (RFP) This master switch will be used for a wide range of items, many of which will **override** existing prefs from FF55+, often providing a **better** solution From ca30ba4994497867e6be8909cdb96a102e628925 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Sep 2017 19:58:54 +1200 Subject: [PATCH 0388/1961] 0500: add Linux path Looks weird: portable, windows, mac using `\` and Linux using `/` :) --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 6acc023..a010941 100644 --- a/user.js +++ b/user.js @@ -304,6 +304,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" [NOTE] On Mac you can right-click on the application and select "Show Package Contents" + * Linux: "/usr/lib/firefox/browser/features" (or similar) [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions From 39594629e521a529f66cb1f0de197931f30ad52e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Sep 2017 20:31:42 +1200 Subject: [PATCH 0389/1961] 2513: presentation API => inactive #237 --- user.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index a010941..ee7e804 100644 --- a/user.js +++ b/user.js @@ -1236,14 +1236,15 @@ user_pref("media.ondevicechange.enabled", false); * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ // user_pref("device.sensors.enabled", false); /* 2513: disable Presentation API + * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI * [2] https://www.w3.org/TR/presentation-api/ ***/ -user_pref("dom.presentation.enabled", false); -user_pref("dom.presentation.controller.enabled", false); -user_pref("dom.presentation.discoverable", false); -user_pref("dom.presentation.discovery.enabled", false); -user_pref("dom.presentation.receiver.enabled", false); -user_pref("dom.presentation.session_transport.data_channel.enable", false); + // user_pref("dom.presentation.enabled", false); + // user_pref("dom.presentation.controller.enabled", false); + // user_pref("dom.presentation.discoverable", false); + // user_pref("dom.presentation.discovery.enabled", false); + // user_pref("dom.presentation.receiver.enabled", false); + // user_pref("dom.presentation.session_transport.data_channel.enable", false); /* 2515: disable site specific zoom * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs From 2f6deda172c9acbe6892e896b3d714c5b7849d72 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Sep 2017 22:29:05 +1200 Subject: [PATCH 0390/1961] readme: add RFP alt / deprecated info --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index ee7e804..bed4e4a 100644 --- a/user.js +++ b/user.js @@ -20,6 +20,10 @@ * Auto-installing updates for Firefox and extensions are disabled (section 0302's) * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension + * EACH RELEASE check: + - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) + or enable them as an alternative to RFP or for ESR users + - 9999s: reset deprecated prefs in about:config or enable relevant section(s) for ESR * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting and these need to be balanced against Functionality & Convenience & Breakage From 31e7c72f642425668d8153e12f29332a6b2eb5a2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2017 02:38:09 +1200 Subject: [PATCH 0391/1961] 0209: add regional pref OS locale --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index bed4e4a..84dd55f 100644 --- a/user.js +++ b/user.js @@ -100,6 +100,9 @@ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) +/* 0209: use APP locale over OS locale in regional preferences (FF56+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1379420 [also 1364789] ***/ +user_pref("intl.regional_prefs.use_os_locales", true); /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). From f5ffeff97197dab9a5e2c7066ac49db66f669031 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2017 18:40:15 +1200 Subject: [PATCH 0392/1961] 4503: RFP mozAddonManager Inactive: 1: currently only three sites (hard-coded) can access this, all run by Mozilla 2: it is likely to be used on the new AMO site to determine your Firefox version --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 84dd55f..e1921b6 100644 --- a/user.js +++ b/user.js @@ -1594,6 +1594,9 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * [2] https://hardware.metrics.mozilla.com/ ***/ user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) +/* 4503: disable mozAddonManager Web API (FF57+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1384330 ***/ + // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) /*** 4600: RFP (4500) ALTERNATIVES [SETUP] * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, From 985c164cd08806ecb2ace6fe97885c3b4cb53227 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Sep 2017 16:07:43 +0200 Subject: [PATCH 0393/1961] tiny update --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e1921b6..75a9e31 100644 --- a/user.js +++ b/user.js @@ -75,7 +75,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable location-aware browsing - [NOTE] Use Mozilla's API key if required ***/ + * [NOTE] Use Mozilla's API key if required ***/ user_pref("geo.enabled", false); user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation @@ -652,7 +652,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true); // user_pref("dom.ipc.processCount.extension", 1); /* 1107: control number of file processes ***/ // user_pref("dom.ipc.processCount.file", 1); -/* 1108: block web content in file processes +/* 1108: block web content in file processes (FF55+) * [WARNING] [SETUP] You may want to disable this for corporate or developer environments * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); From 367972155a9ec150b5140ed420c2d3651faae5f0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Sep 2017 03:25:07 +1200 Subject: [PATCH 0394/1961] 2509: tidy up Touch API #237 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 75a9e31..9735c43 100644 --- a/user.js +++ b/user.js @@ -1225,6 +1225,8 @@ user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); /* 2509: disable touch events * fingerprinting attack vector - leaks screen res & actual screen coordinates + * 0=disabled, 1=enabled, 2=autodetect + * [WARNING] [SETUP] Optional protection depending on your device * [1] https://developer.mozilla.org/docs/Web/API/Touch_events * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ // user_pref("dom.w3c_touch_events.enabled", 0); From a93ce5d9f145146a3be9346fe2adff06d8db5c82 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Sep 2017 03:49:51 +1200 Subject: [PATCH 0395/1961] 2024 MSE => 5024 => inactive #237 --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 9735c43..f062a8c 100644 --- a/user.js +++ b/user.js @@ -1023,12 +1023,6 @@ user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); /* 2023: disable camera stuff ***/ user_pref("camera.control.face_detection.enabled", false); -/* 2024: enable/disable MSE (Media Source Extensions) - * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ -user_pref("media.mediasource.enabled", true); -user_pref("media.mediasource.mp4.enabled", true); -user_pref("media.mediasource.webm.audio.enabled", true); -user_pref("media.mediasource.webm.enabled", true); /* 2026: disable canvas capture stream * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); @@ -1717,9 +1711,15 @@ user_pref("browser.tabs.loadInBackground", true); user_pref("browser.tabs.loadDivertedInBackground", false); /* 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ user_pref("browser.bookmarks.showRecentlyBookmarked", false); -/* 5024: enable "Find As You Type" +/* 5023: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); +/* 5024: enable/disable MSE (Media Source Extensions) + * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ + // user_pref("media.mediasource.enabled", false); + // user_pref("media.mediasource.mp4.enabled", false); + // user_pref("media.mediasource.webm.audio.enabled", false); + // user_pref("media.mediasource.webm.enabled", false); /* 5025: enable/disable various media types ***/ // user_pref("media.mp4.enabled", false); // user_pref("media.flac.enabled", false); // (FF51+) From 80ac9dfa1f916f0db80d7b10faa998e6c6b9cf23 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Sep 2017 04:54:52 +1200 Subject: [PATCH 0396/1961] 1404->1402: default fonts => inactive #237 Inactive as this actually can cause problems on Linux with tofu (I think arial on debian causes tofu - ask nodiscc) . Also incomplete with non-Western settings --- user.js | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index f062a8c..340436e 100644 --- a/user.js +++ b/user.js @@ -820,22 +820,21 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); -/* 1402: enable icon fonts (glyphs) (FF41+) +/* 1402: set more legible default fonts [SETUP] + * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [NOTE] Example below for Windows/Western only ***/ + // user_pref("font.name.serif.x-unicode", "Georgia"); + // user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman + // user_pref("font.name.sans-serif.x-unicode", "Arial"); + // user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial + // user_pref("font.name.monospace.x-unicode", "Lucida Console"); + // user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New +/* 1403: enable icon fonts (glyphs) (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ user_pref("gfx.downloadable_fonts.enabled", true); -/* 1403: disable rendering of SVG OpenType fonts +/* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1404: set more legible default fonts - * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [SETUP] These are optional, comment out if you do not require them - * [NOTE] Been using this for 18 months, it really grows on you ***/ -user_pref("font.name.serif.x-unicode", "Georgia"); -user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman -user_pref("font.name.sans-serif.x-unicode", "Arial"); -user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial -user_pref("font.name.monospace.x-unicode", "Lucida Console"); -user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New /* 1405: disable WOFF2 (Web Open Font Format) ***/ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API From 7fa0025bafd968b7dbc5fd0db5b36e3bd7cfd2f1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Sep 2017 05:22:25 +1200 Subject: [PATCH 0397/1961] 2804: clarify Clear Recent History #237 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 340436e..2580acb 100644 --- a/user.js +++ b/user.js @@ -1489,8 +1489,9 @@ user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download Histo user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -/* 2804: set what history items to clear with Ctrl-Shift-Del (to match above) +/* 2804: reset default history items to clear with Ctrl-Shift-Del (to match above) * This dialog can also be accessed from the menu History>Clear Recent History + * Firefox remembers your last choices. This will reset them when you start Firefox. * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ user_pref("privacy.cpd.cache", true); From a25df4c942f4d9759df6defd49b0cdc6d080b70b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 20 Sep 2017 03:23:10 +1200 Subject: [PATCH 0398/1961] 0209: fixup regional pref OS locale I think I need a break --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2580acb..63770c6 100644 --- a/user.js +++ b/user.js @@ -102,7 +102,7 @@ user_pref("intl.accept_languages", "en-US, en"); user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: use APP locale over OS locale in regional preferences (FF56+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1379420 [also 1364789] ***/ -user_pref("intl.regional_prefs.use_os_locales", true); +user_pref("intl.regional_prefs.use_os_locales", false); /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). From 620a0ee29cd9b23df95d767b0d93f090080b5aae Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Sep 2017 03:40:04 +1300 Subject: [PATCH 0399/1961] 5016: reload/stop animation FF56+ [1355924](https://bugzilla.mozilla.org/show_bug.cgi?id=1355924) and for some fixes in 57 see [1384180](https://bugzilla.mozilla.org/show_bug.cgi?id=1384180) --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 63770c6..a4f5a4d 100644 --- a/user.js +++ b/user.js @@ -1686,6 +1686,8 @@ user_pref("network.manage-offline-status", false); /* 5015: disable animations (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); +/* 5016: disable reload/stop animation (FF56+) ***/ + // user_pref("browser.stopReloadAnimation.enabled", true); /* 5017: set submenu delay in milliseconds. 0=instant while a small number allows * a mouse pass over menu items without any submenus alarmingly shooting out ***/ user_pref("ui.submenuDelay", 150); // (hidden pref) From fa94f9b3c1f55cce827730deef9d1608d4a1c259 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Sep 2017 12:38:02 +1300 Subject: [PATCH 0400/1961] 0001: PB breaks Extensions+IDB Mozilla should really exempt moz-extensions from being blocked by indexedDB=false --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index a4f5a4d..e59aaf9 100644 --- a/user.js +++ b/user.js @@ -50,6 +50,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong * removes the ability to control these, and you need to quit Firefox to clear them. PB is best * used as a one off window (File>New Private Window) to provide a temporary self-contained * new instance. Closing all Private Windows clears all traces. Repeat as required. + * [WARNING] PB does not allow indexedDB which breaks many Extensions that use it + * including uBlock Origin, uMatrix, Violentmonkey and Stylus * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); From 88216743a50970ea18be4ba2d02b5a6bc3d545bb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 28 Sep 2017 06:12:19 +1300 Subject: [PATCH 0401/1961] 2508: gfx h/w #244 - In FF55 (windows) this no longer changes both prefs, only `layers.acceleration.disabled` - `gfx.direct2d.disabled` => inactive (I do not think it is used much if at all anymore - do a DXR search) --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index e59aaf9..523d816 100644 --- a/user.js +++ b/user.js @@ -1213,10 +1213,9 @@ user_pref("media.navigator.enabled", false); user_pref("media.video_stats.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available - * [NOTE] Changing this option changes BOTH these preferences * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ -user_pref("gfx.direct2d.disabled", true); // [WINDOWS] + // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); /* 2509: disable touch events * fingerprinting attack vector - leaks screen res & actual screen coordinates From 12f80bdf65910f039445eb9243c4f59434da5f77 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 28 Sep 2017 21:27:40 +1300 Subject: [PATCH 0402/1961] FF56 deprecation --- user.js | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 523d816..4b75e86 100644 --- a/user.js +++ b/user.js @@ -356,11 +356,10 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); -/* 0515: disable Screenshots (FF54+) +/* 0515: disable Screenshots (FF55+) * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ - // user_pref("extensions.screenshots.system-disabled", true); // (FF54+) - // user_pref("extensions.screenshots.disabled", true); // (FF55+) + // user_pref("extensions.screenshots.disabled", true); /* 0516: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page @@ -378,7 +377,6 @@ user_pref("browser.onboarding.enabled", false); user_pref("extensions.formautofill.addresses.enabled", false); user_pref("extensions.formautofill.available", "off"); // (FF56+) user_pref("extensions.formautofill.creditCards.enabled", false); // (FF56+) -user_pref("extensions.formautofill.experimental", false); user_pref("extensions.formautofill.heuristics.enabled", false); /* 0518: disable Web Compatibility Reporter (FF56+) * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ @@ -2030,6 +2028,14 @@ user_pref("browser.tabs.animate", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 user_pref("browser.fullscreen.animate", false); // * * * / +// FF56 +// 0515: disable Screenshots (rollout pref only) (FF54+) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1386333 + // user_pref("extensions.screenshots.system-disabled", true); +// 0517: disable Form Autofill (FF55+) - replaced by extensions.formautofill.available + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1385201 +user_pref("extensions.formautofill.experimental", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 0912b03f625bea673516969c5b96bf2389c251df Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 29 Sep 2017 03:06:22 +1300 Subject: [PATCH 0403/1961] 2675: block top level data: URIs note: I changed `data://` to `data:` in section 4000's 1300671 description --- user.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 4b75e86..326d271 100644 --- a/user.js +++ b/user.js @@ -1421,6 +1421,11 @@ user_pref("security.csp.enable", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ user_pref("security.csp.experimentalEnabled", true); +/* 2675: block top level window data: URIs (FF56+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1331351 + * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ + * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ +user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); @@ -1526,7 +1531,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1334693 - isolate SPDY/HTTP2 (FF55+) ** 1337893 - isolate DNS cache (FF55+) ** 1344170 - isolate blob: URI (FF55+) - ** 1300671 - isolate data://, about: URLs (FF55+) + ** 1300671 - isolate data:, about: URLs (FF55+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) From 4a91b866a40e4e24d3e0d32bf07d520223cb8cfc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 30 Sep 2017 19:05:30 +1300 Subject: [PATCH 0404/1961] 4500: clarify RFP Geo API This is not the same as disabling the API with `geo.enabled` - see https://bugzilla.mozilla.org/show_bug.cgi?id=1403813 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 326d271..357baac 100644 --- a/user.js +++ b/user.js @@ -1573,7 +1573,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1369357 - disable site specific zoom (see 2515) (FF56+) ** 1337161 - hide gamepads from content (see 2501) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) - ** 1372069 - disable geolocation API (see 0201) (FF56+) + ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) ** 1369309 - spoof media statistics (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) From 908a8d66f4987568fc76649a7f47e8f61f8588f2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 30 Sep 2017 20:15:41 +1300 Subject: [PATCH 0405/1961] 4600: redundant prefs FF55 due to RFP [Part1] --- user.js | 80 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 39 deletions(-) diff --git a/user.js b/user.js index 357baac..030342a 100644 --- a/user.js +++ b/user.js @@ -1009,12 +1009,6 @@ user_pref("webgl.enable-debug-renderer-info", false); /* 2012: disable two more webgl preferences (FF51+) ***/ user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); -/* 2021: disable speech recognition - * [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition - * [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis - * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ -user_pref("media.webspeech.recognition.enable", false); -user_pref("media.webspeech.synth.enabled", false); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.screensharing.allowed_domains", ""); @@ -1133,11 +1127,6 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref) * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); -/* 2411: disable resource/navigation timing ***/ -user_pref("dom.enable_resource_timing", false); -/* 2412: disable timing attacks - javascript performance fingerprinting - * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ -user_pref("dom.enable_performance", false); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); /* 2415: set max popups from a single non-click event - default is 20! ***/ @@ -1186,16 +1175,6 @@ user_pref("browser.offline-apps.notify", true); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* 2501: disable gamepad API - USB device ID enumeration - * [WARNING] [SETUP] Optional protection depending on your connected devices - * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/ - // user_pref("dom.gamepad.enabled", false); -/* 2503: disable giving away network info (FF31+) - * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - * [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API - * [2] https://wicg.github.io/netinfo/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/ -user_pref("dom.netinfo.enabled", false); /* 2504: disable virtual reality devices * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ @@ -1229,13 +1208,6 @@ user_pref("dom.webaudio.enabled", false); * [1] https://developer.mozilla.org/docs/Web/Events/devicechange * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); -/* 2512: disable device sensor API - * [WARNING] [SETUP] Optional protection depending on your device - * [1] https://trac.torproject.org/projects/tor/ticket/15758 - * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 - * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/ - // user_pref("device.sensors.enabled", false); /* 2513: disable Presentation API * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI @@ -1246,11 +1218,6 @@ user_pref("media.ondevicechange.enabled", false); // user_pref("dom.presentation.discovery.enabled", false); // user_pref("dom.presentation.receiver.enabled", false); // user_pref("dom.presentation.session_transport.data_channel.enable", false); -/* 2515: disable site specific zoom - * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using - * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs - * and new windows are reset to default and only the current tab retains the current zoom ***/ -user_pref("browser.zoom.siteSpecific", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1565,16 +1532,16 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+) This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) - ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) + ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 FF57+: The version number will match current ESR - ** 1369319 - disable device sensor API (see 2512) (FF56+) - ** 1369357 - disable site specific zoom (see 2515) (FF56+) - ** 1337161 - hide gamepads from content (see 2501) (FF56+) - ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) + ** 1369319 - disable device sensor API (see 4604) (FF56+) + ** 1369357 - disable site specific zoom (see 4605) (FF56+) + ** 1337161 - hide gamepads from content (see 4606) (FF56+) + ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) + ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201) (FF56+) - ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) ** 1369309 - spoof media statistics (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) @@ -1615,6 +1582,41 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency // user_pref("dom.maxHardwareConcurrency", 2); // * * * / +// FF56+ +// 4602: disable resource/navigation timing +user_pref("dom.enable_resource_timing", false); +// 4603: disable timing attacks + // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +user_pref("dom.enable_performance", false); +// 4604: disable device sensor API + // [WARNING] [SETUP] Optional protection depending on your device + // [1] https://trac.torproject.org/projects/tor/ticket/15758 + // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ + // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 + // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 + // user_pref("device.sensors.enabled", false); +// 4605: disable site specific zoom + // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using + // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs + // and new windows are reset to default and only the current tab retains the current zoom +user_pref("browser.zoom.siteSpecific", false); +// 4606: disable gamepad API - USB device ID enumeration + // [WARNING] [SETUP] Optional protection depending on your connected devices + // [1] https://trac.torproject.org/projects/tor/ticket/13023 + // user_pref("dom.gamepad.enabled", false); +// 4607: disable giving away network info (FF31+) + // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none + // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API + // [2] https://wicg.github.io/netinfo/ + // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +user_pref("dom.netinfo.enabled", false); +// 4608: disable speech recognition + // [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition + // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis + // [3] https://wiki.mozilla.org/HTML5_Speech_API +user_pref("media.webspeech.recognition.enable", false); +user_pref("media.webspeech.synth.enabled", false); +// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 649e49e0fa713df10946eeadee4ea0932bf6380b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 05:58:13 +1300 Subject: [PATCH 0406/1961] 4600: redundant prefs FF55 due to RFP [Part2] --- user.js | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 030342a..3d36cc2 100644 --- a/user.js +++ b/user.js @@ -76,12 +76,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: disable location-aware browsing - * [NOTE] Use Mozilla's API key if required ***/ -user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" -user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation -user_pref("geo.wifi.logging.enabled", false); // (hidden pref) +/* 0201: disable location-aware search ***/ user_pref("browser.search.geoip.url", ""); user_pref("browser.search.geoip.timeout", 1); /* 0202: disable GeoIP-based search results @@ -1541,7 +1536,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201) (FF56+) + ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+) ** 1369309 - spoof media statistics (see 2506) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) @@ -1616,6 +1611,12 @@ user_pref("dom.netinfo.enabled", false); // [3] https://wiki.mozilla.org/HTML5_Speech_API user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); +// 0409: disable location-aware browsing + // [NOTE] Use Mozilla's API key if required +user_pref("geo.enabled", false); +user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" +user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation +user_pref("geo.wifi.logging.enabled", false); // (hidden pref) // * * * / // ***/ From ddfdf7cb47eec29422e3072cc607ca70d9ae8966 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 06:00:28 +1300 Subject: [PATCH 0407/1961] oophs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3d36cc2..0819f76 100644 --- a/user.js +++ b/user.js @@ -1611,7 +1611,7 @@ user_pref("dom.netinfo.enabled", false); // [3] https://wiki.mozilla.org/HTML5_Speech_API user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); -// 0409: disable location-aware browsing +// 4609: disable location-aware browsing // [NOTE] Use Mozilla's API key if required user_pref("geo.enabled", false); user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" From 1031312f8209ad9ea3291ac908a9fb9ce8d86f80 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 09:32:27 +1300 Subject: [PATCH 0408/1961] FF56+ redesigned preferences UI + [SETTING] tags --- user.js | 83 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index 0819f76..93f53da 100644 --- a/user.js +++ b/user.js @@ -43,7 +43,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0001: start Firefox in PB (Private Browsing) mode - * [SETTING] Options>Privacy>History>Custom Settings>Always use private browsing mode + * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode + * [SETTING-ESR] Options>Privacy>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or @@ -109,19 +110,23 @@ user_pref("intl.regional_prefs.use_os_locales", false); user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable auto-update checks for Firefox * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal - * [SETTING] Options>Advanced>Update>Never check for updates ***/ + * [SETTING-56+] Options>General>Firefox Updates>Never check for updates + * [SETTING-ESR] Options>Advanced>Update>Never check for updates ***/ // user_pref("app.update.enabled", false); -/* 0301b: disable auto-update checks for extensions ***/ +/* 0301b: disable auto-update checks for extensions + * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.enabled", false); /* 0302a: disable auto update installing for Firefox (after the check in 0301a) - * [SETTING] Options>Advanced>Update>Check for updates but let you choose whether to install them + * [SETTING-56+] Options>General>Firefox Updates>Check for updates but let you choose... + * [SETTING-ESR] Options>Advanced>Update>Check for updates but let you choose... * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ user_pref("app.update.auto", false); /* 0302b: disable auto update installing for extensions (after the check in 0301b) - * [SETTING] about:addons>Extensions>Settings[gear-icon]>Update Addons Automatically (toggle) ***/ + * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] - * [SETTING] Options>Advanced>Update>Use a background service to install updates ***/ + * [SETTING-56+] Options>General>Firefox Updates>Use a background service to install updates + * [SETTING-ESR] Options>Advanced>Update>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); /* 0304: disable background update staging ***/ user_pref("app.update.staging.enabled", false); @@ -134,7 +139,8 @@ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update - * [SETTING] Options>Advanced>Update>Automatically update: Search Engines ***/ + * [SETTING-56+] Options>General>Firefox Update>Automatically update search engines + * [SETTING-ESR] Options>Advanced>Update>Automatically update: Search Engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -278,7 +284,8 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! - * [SETTING] Options>Privacy>Use Tracking Protection>Change Block List ***/ + * [SETTING-56+] Options>Privacy & Security>Tracking Protection>Change Block List + * [SETTING-ESR] Options>Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) @@ -364,7 +371,8 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) - * [SETTING] Options>Privacy>Forms & Passwords>Enable Profile Autofill + * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Enable Profile Autofill + * [SETTING-ESR] Options>Privacy>Forms & Passwords>Enable Profile Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill @@ -453,7 +461,7 @@ user_pref("browser.urlbar.filter.javascript", true); user_pref("browser.search.suggest.enabled", false); /* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY * Also disable the location bar prompt to enable/disable or learn more about it. - * [SETTING] Options>Search>Show search suggestions in location bar results ***/ + * [SETTING] Options>Search>Show search suggestions in address bar results ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0809: disable location bar suggesting "preloaded" top websites (FF54+) @@ -465,7 +473,8 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar autocomplete [controlled by 0850b] ***/ // user_pref("browser.urlbar.autocomplete.enabled", false); /* 0850b: disable location bar suggestion types [controls 0850a] - * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest + * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest + * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest * [NOTE] If any of these are true, 0850a will be FORCED to true * and if all three are false, 0850a will be FORCED to false * [WARNING] If all three are false, search engine keywords are disabled ***/ @@ -488,11 +497,13 @@ user_pref("browser.urlbar.autoFill.typed", false); * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history - * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history + * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember search and form history + * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history + * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember my browsing and download history + * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ @@ -506,12 +517,14 @@ user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * [SETTING] Options>Security>Logins>Remember logins for sites + * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Remember logins and passwords for sites + * [SETTING-ESR] Options>Security>Logins>Remember logins for sites * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. - * [SETTING] Options>Security>Logins>Use a master password + * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Use a master password + * [SETTING-ESR] Options>Security>Logins>Use a master password * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ @@ -812,11 +825,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. - * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... + * [SETTING-56+] Options>General>Language and Appearance>Advanced>Allow pages to choose... + * [SETTING-ESR] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts [SETUP] - * [SETTING] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETTING-56+] Options>General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETTING-ESR] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); // user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman @@ -904,7 +919,8 @@ user_pref("network.http.referer.hideOnionSource", true); * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined. * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy. * Sending a DNT header *highly likely* raises entropy, especially in standard windows. - * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings + * [SETTING-56+] Options>Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... + * [SETTING-ESR] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (e.g. in default PB Mode) * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); @@ -915,11 +931,12 @@ user_pref("privacy.donottrackheader.enabled", false); [3] https://github.com/mozilla/testpilot-containers ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); -/* 1701: enable [SETTING] Options>Privacy>Container Tabs (FF50+) +/* 1701: enable Container Tabs setting in preferences (see 1702) (FF50+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) - * [SETTING] Options>Privacy>Container Tabs>Enable Container Tabs ***/ + * [SETTING-56+] Options>Privacy & Security>Tabs>Enable Container Tabs + * [SETTING-ESR] Options>Privacy>Container Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); @@ -1161,7 +1178,8 @@ user_pref("dom.IntersectionObserver.enabled", false); * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2450b: display a notification when websites ask to store data for offline use - * [SETTING] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ + * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... + * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); /* 2450c: set size of warning quota for offline cache (default 51200) * Offline cache is only used in rare cases to store data locally. FF will store small amounts @@ -1262,7 +1280,8 @@ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); /* 2617: enable Firefox's built-in PDF reader [SETUP] - * [SETTING] Options>Applications>Portable Document Format (PDF) + * [SETTING-56+] Options>General>Applications>Portable Document Format (PDF) + * [SETTING-ESR] Options>Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * [WHY USE false=default=view PDFs in Firefox] @@ -1273,7 +1292,7 @@ user_pref("network.http.spdy.enabled.http2", false); * [WHY USE true=open with or save to disk] * If you think a particular external app is more secure... * [NOTE] - * 1. See 2662 2: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ + * See 2662, and JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); /* 2618: enforce the proxy server to do any DNS lookups when using SOCKS * e.g. in TOR, this stops your local DNS server from knowing your Tor destination @@ -1394,7 +1413,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie - * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites + * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites + * [SETTING-ESR] Options>Privacy>History>Custom Settings>Accept cookies from sites * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 2); @@ -1404,7 +1424,8 @@ user_pref("network.cookie.cookieBehavior", 2); user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ + * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until + * [SETTING-ESR] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); @@ -1439,10 +1460,12 @@ user_pref("network.cookie.leave-secure-alone", true); ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown - * [SETTING] Options>Privacy>Clear history when Firefox closes ***/ + * [SETTING-56+] Options>Privacy & Security>History>Clear history when Firefox closes + * [SETTING-ESR] Options>Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what history items to clear on shutdown - * [SETTING] Options>Privacy>Clear history when Firefox closes>Settings + * [SETTING-56+] Options>Privacy & Security>History>Clear history when Firefox closes>Settings + * [SETTING-ESR] Options>Privacy>Clear history when Firefox closes>Settings * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these @@ -1554,8 +1577,8 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ -user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) -user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) + // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) + // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1384330 ***/ // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) @@ -1711,7 +1734,7 @@ user_pref("browser.tabs.insertRelatedAfterCurrent", true); * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 5007) ***/ user_pref("browser.tabs.selectOwnerOnClose", true); /* 5021c: stay on the parent tab when opening links in a new tab - * [SETTING] Options>General>Tabs>When I open a link in a new tab, switch to it immediately ***/ + * [SETTING] Options>General>Tabs>When you open a link in a new tab, switch to it immediately ***/ user_pref("browser.tabs.loadInBackground", true); /* 5021d: set behavior of pages normally meant to open in a new window (such as target="_blank" * or from an external program), but that have instead been loaded in a new tab. From e29a30157858e5a184accf7b9f9731527d34f64e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 09:39:03 +1300 Subject: [PATCH 0409/1961] 56 release --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 93f53da..64d6b77 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 12 September 2017 -* version 56-beta: You're So Pants +* date: 2 October 2017 +* version 56: You're So Pants * "You're so pants, you probably think this song is about you. Don't you? Don't You?" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From a74170e2b093d65b582fbe0f9ed194d8b61625df Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 11:46:34 +1300 Subject: [PATCH 0410/1961] 5005: clipboard.autocopy #109 this is a linux only pref, does nothing in Windows or Mac, as per tagging convention => [LINUX]. Here's a 15 year old ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=160200 .. enjoy! PS: Trying to find an autocopy text (excluding form fields) that auto trims, auto removes multi-spaces, auto trims, and auto removes double blank lines .. I had one, but its legacy. Best I can find is https://addons.mozilla.org/en-US/firefox/addon/autocopy-webextension/ - a wee timer in options lets you control when you copy (that's ok), but it gives a notification every time which is annoying as f - anyone got any ideas --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 64d6b77..4729c35 100644 --- a/user.js +++ b/user.js @@ -1692,7 +1692,7 @@ user_pref("browser.tabs.warnOnOpen", false); user_pref("browser.tabs.closeWindowWithLastTab", false); /* 5004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ user_pref("browser.backspace_action", 2); -/* 5005: disable autocopy default (linux) ***/ +/* 5005: disable autocopy default [LINUX] ***/ // user_pref("clipboard.autocopy", false); /* 5006: disable enforced extension signing (FF43+) * [NOTE] Only applicable to Nightly and ESR (FF48+) From 258e8ff805ef6432ac12ffdfcdc8b64fb5cdf21f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Oct 2017 17:53:24 +1300 Subject: [PATCH 0411/1961] 4700 fixup remove mention of ESR, fix current TBB platform as 32bit - not that it matters, it's all inactive --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4729c35..540a498 100644 --- a/user.js +++ b/user.js @@ -1655,7 +1655,7 @@ user_pref("geo.wifi.logging.enabled", false); // (hidden pref) by default. It works for TBB because for TBB, the spoofed values ARE their default. * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) which is already plugging leaks (see 2 above) the prefs below do not address - * Values below are for example only based on the current ESR/TBB at the time of writing + * Values below are for example only based on the current TBB at the time of writing ***/ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); /* 4701: navigator.userAgent leaks in JS @@ -1670,7 +1670,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow /* 4704: navigator.appVersion ***/ // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) /* 4705: navigator.platform leaks in JS ***/ - // user_pref("general.platform.override", "Win64"); // (hidden pref) + // user_pref("general.platform.override", "Win32"); // (hidden pref) /* 4706: navigator.oscpu leaks in JS ***/ // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 4707: general.useragent.locale (related, see 0204) ***/ From fec0c992873a417717d76dc20321c97b0c1e3de1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 3 Oct 2017 17:00:11 +0200 Subject: [PATCH 0412/1961] 4608 - remove media.webspeech.recognition.enable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit the 2nd part of the Web Speech API, SpeechRecognition, is not yet implemented on Desktop Firefox: https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition#Browser_compatibility > * [2] Can be enabled via the `media.webspeech.recognition.enable` flag in about:config **on mobile**. **Not implemented at all on Desktop Firefox** — see [bug 1248897](https://bugzilla.mozilla.org/show_bug.cgi?id=1248897). --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 540a498..1f434a7 100644 --- a/user.js +++ b/user.js @@ -1628,11 +1628,10 @@ user_pref("browser.zoom.siteSpecific", false); // [2] https://wicg.github.io/netinfo/ // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 user_pref("dom.netinfo.enabled", false); -// 4608: disable speech recognition - // [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition +// 4608: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API + // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API -user_pref("media.webspeech.recognition.enable", false); user_pref("media.webspeech.synth.enabled", false); // 4609: disable location-aware browsing // [NOTE] Use Mozilla's API key if required From bbb29237ccbbe96046b632812d0945d40a6f7e33 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 3 Oct 2017 17:37:50 +0200 Subject: [PATCH 0413/1961] 4609 + 02xx cleanup Only `geo.enabled` is covered by RFP, keep the other prefs under 0200 and do some cleanup - 0202: the /en-US/ in link [2] is necessary for the anchor to work! - `browser.search.geoip.timeout;1` is unnecessary when `browser.search.geoip.url` is empty string: https://dxr.mozilla.org/mozilla-central/source/toolkit/components/search/nsSearchService.js#576 --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 1f434a7..abea6ad 100644 --- a/user.js +++ b/user.js @@ -77,14 +77,13 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: disable location-aware search ***/ -user_pref("browser.search.geoip.url", ""); -user_pref("browser.search.geoip.timeout", 1); /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale - * [1] https://trac.torproject.org/projects/tor/ticket/16254 ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/16254 + * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) +user_pref("browser.search.geoip.url", ""); /* 0203: disable using OS locale, force APP locale ***/ user_pref("intl.locale.matchOS", false); /* 0204: set APP locale ***/ @@ -101,6 +100,10 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: use APP locale over OS locale in regional preferences (FF56+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1379420 [also 1364789] ***/ user_pref("intl.regional_prefs.use_os_locales", false); +/* 0210: When geolocation is enabled, use Mozilla geolocation service instead of Google + * Optionally enable logging to the console (defaults to false) ***/ +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). @@ -1633,12 +1636,9 @@ user_pref("dom.netinfo.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API user_pref("media.webspeech.synth.enabled", false); -// 4609: disable location-aware browsing - // [NOTE] Use Mozilla's API key if required +// 4609: [0201] disable Location-Aware Browsing + // [1] https://www.mozilla.org/firefox/geolocation/ user_pref("geo.enabled", false); -user_pref("geo.wifi.uri", ""); // "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%" -user_pref("geo.wifi.xhr.timeout", 1); // reset this if you use geolocation -user_pref("geo.wifi.logging.enabled", false); // (hidden pref) // * * * / // ***/ From 6e2479dc0fbf030d34cd0c9746a5eee70ecc6474 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Oct 2017 07:53:12 +1300 Subject: [PATCH 0414/1961] 0210 tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index abea6ad..20a5df6 100644 --- a/user.js +++ b/user.js @@ -100,7 +100,7 @@ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: use APP locale over OS locale in regional preferences (FF56+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1379420 [also 1364789] ***/ user_pref("intl.regional_prefs.use_os_locales", false); -/* 0210: When geolocation is enabled, use Mozilla geolocation service instead of Google +/* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) From ca1679272336d39f4049810bcf25d3bcabbd014c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 6 Oct 2017 21:44:19 +1300 Subject: [PATCH 0415/1961] 4600s: add ref to old numbers --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 20a5df6..2073107 100644 --- a/user.js +++ b/user.js @@ -1595,7 +1595,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these // FF55+ -// 4601: spoof (or limit?) number of CPU cores (FF48+) +// 4601: [2514] spoof (or limit?) number of CPU cores (FF48+) // [WARNING] *may* affect core chrome/Firefox performance, will affect content. // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 // [2] https://trac.torproject.org/projects/tor/ticket/21675 @@ -1604,34 +1604,34 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan // user_pref("dom.maxHardwareConcurrency", 2); // * * * / // FF56+ -// 4602: disable resource/navigation timing +// 4602: [2411] disable resource/navigation timing user_pref("dom.enable_resource_timing", false); -// 4603: disable timing attacks +// 4603: [2412] disable timing attacks // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI user_pref("dom.enable_performance", false); -// 4604: disable device sensor API +// 4604: [2512] disable device sensor API // [WARNING] [SETUP] Optional protection depending on your device // [1] https://trac.torproject.org/projects/tor/ticket/15758 // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 // user_pref("device.sensors.enabled", false); -// 4605: disable site specific zoom +// 4605: [2515] disable site specific zoom // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs // and new windows are reset to default and only the current tab retains the current zoom user_pref("browser.zoom.siteSpecific", false); -// 4606: disable gamepad API - USB device ID enumeration +// 4606: [2501] disable gamepad API - USB device ID enumeration // [WARNING] [SETUP] Optional protection depending on your connected devices // [1] https://trac.torproject.org/projects/tor/ticket/13023 // user_pref("dom.gamepad.enabled", false); -// 4607: disable giving away network info (FF31+) +// 4607: [2503] disable giving away network info (FF31+) // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API // [2] https://wicg.github.io/netinfo/ // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 user_pref("dom.netinfo.enabled", false); -// 4608: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API +// 4608: [2012] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API From 6cdfd1a4432a39984312e66be154f3ac15601894 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Oct 2017 17:24:42 +1300 Subject: [PATCH 0416/1961] Add files via upload --- wikipiki/exceptions01.png | Bin 0 -> 47041 bytes wikipiki/exceptions02.png | Bin 0 -> 87107 bytes wikipiki/exceptions03.png | Bin 0 -> 97305 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/exceptions01.png create mode 100644 wikipiki/exceptions02.png create mode 100644 wikipiki/exceptions03.png diff --git a/wikipiki/exceptions01.png b/wikipiki/exceptions01.png new file mode 100644 index 0000000000000000000000000000000000000000..1733fbb8593c7b33b2fc12c50810f956495bd304 GIT binary patch literal 47041 zcmV){Kz+Z7P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z006A)NkldvXeq^^ zltK#yiaQh!5F<+5eUo*)GBfA*$6T4YckbQ0Nw9wB;k9J<%E*}`&v`y3O8bs$GW1v| z(%vMENC&mO%IMp-H$8%M{gv)s1%Yt>*@I)cd`%Si1qwfQp%6Vdm)mEBu-+H856Q%5 zW%A1|jU^nP5`1AH3TrXZgSL|{pGdWYz5nd%W|4c;)!c7RX1|?!qQZ7Ak?X!i#w%i< zKBCOmq;&6RGUs1n-!!;=zQ|~N$(IdsAIv6Se2AR4Blm4T?ZH?S`>el+tohsR!17b> zHDX_WS9G&J@8k8*^*RMYAiFeOZwp3R+XFSFJ`OtW7!En)Fs4kMifNh!-k@|&TGH)( znPYJgS=~iCCP9}on$mrN7Rk>iz9_8gk-5f#lpsXvngw8D=6s6M`M)gEAQBg0O4Hdc zCM2&y%H($?(sbUhl+rq0;()1t0cpzA{YhzB_m=p+DJ3F7PmpG+4WyJvA#KfX9aAC` z=duoHCp}hs351Z=dotZl$^KWVYOxCKFW?=RQA~RNB+vhTSg-D&rx@$AD z8%mkcpE8b+@eI=wi|ElX>lrc0F>0ht4St#Kyoo!r{!2c;}oge2;Pu?_KV3 zPq%j&k@-T-&x^tjFZO&a3P-z(T&q}~_7W~n!bz4z4mKv;`meBmaqj3YXy|olP#SCBi;wBJGo-%+uus(uK!bhf2O?rWf^$7En^n<|Ig_v|Xo6 z+>Vf0Go_UF1>3YO80iHeb>GQrQc~@gv4C2iGfkN~Hkg>EMJS}1BpN1W>RbszkRV9b z?*?Y-caT_wLz+hFv!-b#{!K5$rkQvKsdLzmY1*zU{aTuQ*xNioOpvK|OErlp69mpW zuQX+f0Ez@rk}^$fgep=bD%n?3?Uy2T$>R%95=2o5*U8!Hme#ckq1f8l;;fJ+c-Etl zU^oek=}JuKc0v-ik!zm>3f-w8rGqRaNu`Z~qS*UeVsl_hnYwRlFq?Sr;NgoT0gD{} zlIL|LG3O;-QDKsbm?iu@^xV>4$F8j&?8Szi^oiHYrfp$KbTO}r+A zKv6{Axl$C!e>1sI>Pkgo{euue|mKKA%QWQP^c$l#B06$HJ4M z5{B8W$eX+#nV}iWEOKMI?84K{EQLTwCoz$BBH^-KOD@3Dw)@OfiR=ncni$FSjyVnUrhYe!Y+{lmFUjwxln+x{>Wz)~*nhB{ z!$IJr^*tq_CRt=kIs~iaGf93|NRd94lnGLiIFD_&>riVPyQLhvLXqa`Qkph$B5f*} zbXT=(>X2PdlhQ>+=~gun`FDFgn8F;yBtfF=V@*v-W6Ab5K}rlMF(nwLMKF^j+TQN= zXDc(tL+TkwnZ2WR^28ob&Z*;x^yF)QHg@&TZ8I)hO+zxHjYaNVy)67$BrkYxG=v^& zFanpk$2NbtJgZb2$nMpzd<%x$lRK2zuiLLmxITa3=m!~Vp8M)0Ga5plZTtRT0P(LDBm3tzzauhw$;jMfiLgs;XvxJJ+DdA=~Gd zkcG@|5>WXQpThjKPG_&qoN{Mco3FSg!=WEI9 zOAWLHk#RgNn*x+>H&XJXByE#TJue}VQpwV0Ez?y--$;DdG-VDoQY08}&n(K)_Ut~3 zO_qYQ-Ias_B!oyU2O=dGTLeWYA|d=)-&GXF@jS@cm(!Dsot*3`Dak8%i%i1|h0O=H zkJ}fJE$>x8f?j6Ebzd+fU5MoOeBHOWUxL}J_t zJK-$ULMoHWdwQXh-58f#pMdO!6y`PKWbNZ~epY0zgF-rVRZ~jWF_|=>+vhaLSe0oL zhqT#BGdE%BaV)adJ%n|BH*!)~7ZHV%Z?PvtF$WE_eO9Zks$k66aV-7!F5~J;d_xe=-ei>T)R()r6<*? z5*^9rOOhfIDf3Cf93u^zDJA2Fq{3oXN)jd-({x;q^EHWK%9Na8rW7NYGHWGw;f7(P zZo zQsgyAdb*a0o;QKa^QIs_mrTwr1rbM)pIL}~bloz?`}v8RaQHho<~NtcrpN50 zN5op@{afbIiqfP+WbNwr3`t+99Q{DJk%Mj=t$XZd<4#I4U)vKe96Q0bZ-N}pJn2Iz zZ02p3wJE=HD;>lp^nUd6L{KN1@8f-k5m`o#>M$&P>^= zJ2PWm(qiAS6>{ZSHa6)P147{PoSpxs6%#kpoOJ0sZpU_#lkOTid-&(^uC|>oQ#FyP z4YbX4BYO7yUCog>`k9@GBvtPup;Hva3U*KghGAHLOUt}twR3tLTkmCWZpd&gNPi|V z$VAV2Xx>g;z#-g46_J{g+&--3+)=n$aHMp%>PW{^&px0ahZ1AIvE&J}2UVtxUM8F; zGnJCOCL|#e&Y$@|YgbByEo#SU7P8tQc|1i)kQO6N22$#zX%T_sJ(yBrnudcIrF~M& z#Bt3O32~ZroGJ={VI;mIO)zc#BZh&QG@aN?IWld7OaGm8%FVQIV~-ZH_U;H_Ic3^9 zNVcs!yPeHc|1ncGODWRi#57IkaTNP;GdfHzq9E-)B|Tj%a?6(v|8wDt#F7OH_9BB# z*&|-0!~ACv4f|Rulj<*uQm>Wd;z1Q-kzAQ;O_G zB40R8Dz01PIEmb2lUt$WV{b`{=oyW2)k%a+!Am=Rn+{V*&(xE>Bqh?#Eayf_NRbjp zV~Fk>BP$JpD5L@Ntb%z>I5K0yk?yDVzhyy6OQE`gaBQZW=E(G1m8pWHh>B@#bnU9V zWVE}`NW0HRy7On-a2<}VE=0#+)=4<~+B=A0ChY$Rn@NUrRF1U! zf~3tQ(&1m?R6iVkA&9Kk?0zXu9}=4>$uQE+u+m9#k_w64;n#8hNm7%kDw)}Gx|vc& zY=#myl}tEy$3mtZK+};u>1ZF*p;m}2B5XN5>q zWk$$%(lO12l%z~5_FZkpWR-MKvpN`0| zi5pk2#cX6aJE!M-*ESLP$%$+G2shQl%@ay=f1CMujLf|}(#^ATO(7t%H#pL+Y`U0N za+!0bOsMpv35}hIkYmGf71k`Wj%%7} zLXuQIGD(P?oa8m(nCZXm(LPDPljMMKoI^T&LQ;;nW~M`LMt+hkM_+4VGEJEwcG={~ zq|>T&Q4o^HOXhbG0)*+DAnc|&+yc{bDK#1SOKh3S>|P~ylUmXPzB?biye6AW{}-F{ zpRn8G6NJc4;_aDP9R3P6n{$eYD9#)(f`nx(V~8n2AQNHQZp*g&#ActQW$wA%T@206 z#Zo8{klo4f-S13uFM77NHS;JV-AG@18j&Lk+|kR7oI8ayMV5TuQ&Qr#*vqVG*D-GG z3QC%Q7Zxho^TcKaNRow+6iJ@sgauiQ5Yo-G<~*={{MawsIW{xrDd9@ArEQ~^N_~*I zDNC

EH`{pD-oX)F#|FSuS^7aI9JmMjMHNUns^%UQmN~{2nPQrW zj^K>GNva{4lguQQjkLKb@t%;`c~g=yW5VIpOpq&) zOg3VQgvWW(7H(piNe9dX(J<4}V%pi2l!H_DB$_;K(hWqU!jm1tJ8^y1_f5M&CHW8% zE-TJGs>9jUo`7!eX38FKqXo_gl{ASMZOgI$2QY zvB=&g)8n+CGB?R`nssE3xwd<@l+zq1bDM55zo>}hI2Gya)HYI5Z~}|&NX1?!uFib` zDTQkq+T5f>cKX(r2$EYV&vXS|y=eTi8|Vo-+oiX=X<7WP}N))DBxNj}#ej z?#S(mN6O@q{K+6Hc4Cqhbt97mMq+o2mD0p;BQY}V5Sfn3v51VljjZFD>E~q+@5RWl z1WJbrl^h60>KTeO2}u2&R;3({ml=ydqUGHU%~GVyJwnLr$yvHf^+|J!kj}`jRJ0!U z#X3!CL;-VOuC(k9QX-uTj6-CxC9D&v7ESw$6eP(e$wqPtNo=jGJ5W+8oj^fRZ00s8 zk(T6@Q|-WEYRbK!IGp}6ccz)%jj}+}l1t3UMT(LpB$<&jLT2x$rHf+ZW_pl$`jpdR zBC^#cX;VS=ko@M7`Ex4FHs^FlAI@w%*^P&-U35vdjS!AZpo%LgD@@67&+naiJtA{o zS{TvGNhpN#*w9VXO~xxCzanG#!zorCt)!#BbZ(5Z*GHSGA#4hJGNGC+WIna|5^m`M z5{~kwbP$b{?^)7aQ*nsUkm1v0Im_ahs|2}I#pRNsTpgKRO01+`Gi?OVnZiSJJ*8t5ws;!XEWFsqSn{^^uMUq(9(+5ajg_(}NaO5Ac zDM2Y`(1Z^IGMx?8%xk)_FaAzbPqNdbGOH%9A(6EeGwJkdCd@F-q-$2pBwQ={*Fp@7Q z$1Rmb%E!pz-<$SFO0`i&qO%-IjmUS^!ukCq=@dB^J5jJHBHuG`jq(r~gi^YgYqA)k z(+reJN*wA)4plJg)*K|Wr_4;c?6mh>i`i?q$%UD|B#H4P>}!!Dsbjv>1R`5>6LvD= zv|&i;&|_21?MO47^(ey}gv{^sDjY}5#S2|*Vj}w(g$r8tRas_DvRZP#mi&pwV>C9k zAp#Z7PMkUO%Uof(PMeXdFNw_6$rG|6$+Wz70+S#Wi7c=w>#=kpI^;_HX7gdNElz0y zk}2pp)2llfu$i8K%tS^PfrFZw$#V#cR7gdFVk0+6vx%9!4=b`pk%`WpGDDeGs&ZTU ze23WvGv$z*&ax>T10$93RA$%X$jm9@^v_7kw|3>hxp+D!Ft@Ja2qhI6J5AwKD{@YT znUNzxA=17JJ>HctJ-JVs_Mk5z(ortSNkF>zE9A@dXcz`k$W&&=?nsGDkv5rIPKN@N zNV_7C?S-F|dWFqgB=SuhQuf?jkaOOVIhI`E>|d@bgnPhcPNLx0dWpi9DW|15HMI+e zecYzB*%gM2?6blycsqiTgrkH*_VbkmsSNhJGLxAxMW#O$1(F%*$cUWFE@vktSz}OS zmSK?D{saYtl8S=dq4&@kx_0G;DgyK{UrK99U!p9Kd*eoO?^wg9VCNna`x_kM#j?#i2o1=J(GoO!?sljP8 z?1p9Tu2abMD2hs3OCxPYEKi^6B^3g)(Ry!O- zA~TtubTL>t36x{cD)L*TWZq=wJ#RC2bt}0L=CJ8YyXn+DH-ux?>`0T2tA;4@m``#$ z{pKIVcTmn+5a(Rj`X{t=Q$z;x&0=R3%|%I$aSgiu>!)jpA-^XDFCuee$MD6GUdd~)WnW|3(m@(m#*c{4l7a_l{5OCY3Auy z>EjA}jg>sf(qyjm^&*2X^t9Bhbg3He2v{gYr_1ffTZlJIeu|lcNJ*!{o_SBQhfR<& zyCf>SlPFV>K9)%J`6OXU{v_wXRD#7sA4w%`6Uic}NGuNRhk5tVs_2Df|8;n?FsYNay>znTJSscf~0`5Sj855;m_@nW>hUPV;!u z_G6f&l+u)`*0hm61B45jDX5dSa8*&Pq<~3{MG?tr z02v(1rf#?v49l+oWUXz&o)bc5BxbWO2)Ui=@+bIo`ja@K3zHMO$kr+B0!Q8*v^{Z; z3;B?l$Ll5(H&?__kF*Bi%*W(dtn$?e%2Y)}4#!8Cr5BR3!cwxhq%Bg)9+j1S-?9f| zOcbnk$XpR3d6^bYvh1#v7HoQR_b(Rt$+9Csqup97Y>EO7r&iNGCjbHyX(pmtQ_s{) z6buEDYD%(nnE<4c@Ig@=#4;VQAe=-ouf492oYD4Yk;9Z@oyeXJ-o!Ipc<|8OeCbl2 zK}hEg#$_(dKZO-mgiLWnU|>s2pUml@I3-e<4vkG-b5gQ3ktkANx{?x{$?ojRM1o;B z-F9+&`X?Plo#ig=yKCpfm&}3VzOENgnayP(bky(>nOAHt!+_26FynX`6|dc^;AT5K z3inO&UXc+8NfgeIf7i$^oMtT{GF7d#cd*F2fOi+Al|M)#*XyqBRA5~fdjwu8O3${L zccwBdgbWEsf0I2RliejLbz_RcmKejXa4AaK)MjQ?xfiLl5Xo{DsT?OFF&88<#hSuO zai7e{C~TV%sTc^M+K9H|3}env-pH$@$UIY9hPhM79CBGwF%i-#Hs=u%4<7bFE6FAv z(pK+AEOzBwx3i8?yaN5N`1lqFaqBMbe~|OfW^3 z5|K=fGz5;Y`E23_U>0ci&J|&_w;j-W?q*gSThG!)o`pzNp%&@f3>gl*2@^twFF@`_ z%@JynEiQF`BQjH5a50aFj3^rEOl&S)=%L7w&&KUF;X?c}>8G@h=N^(w=aMe$dl^Kk z{6;cqTOz7X+SDvX!AK<}m5wB!$)bIR75JI*J27qdl>E=ig<{PMGTDcvOhuRpM<(vX zHDxAgluojS=tjFnti^1H9eOU}JskE0^9zhJL? zoFppN9AUbL{|b8~QF_cPsYy(rC^92?pe=cqJ-uo-S->-Qsb;<%w7t%baFP+3xh;kq zJ`9B|4^mp;{fcekwr#jT(5s_|r=Y=iFVWI^Ji^0h>=eUPf_jI|;%(N9go+Gr$>C5&`h1IyP$apbj1iLb&yDk>sT zY~EDT4%Mj*kRxTjYmezxWp?u?ar3Ow_GnUwP_0r$m6NDj0@|rYhaGfs_!98%R?U3}`)$ z3Xa4KhrK!AQ}?QXnGn`76(R6xpWY(=Swh!!UViau*00~l#g}}S($bQ>S4{GGqhqss z=W!y;l1)W-T0r*X>2PYZ{fDa`IG zBW=;3GPgO$?)Y1{s+BuYIIgW}_fgqr+FJLYl!bgs<}}@;GKdOi8zuco6q~st?>S^< zCzRcjj071;=^GOA#vjRSJ;6>2W%sS%-cfATuHBrQ-A0y32{YMwWilg@x+f_o5bVPLO>bv+9inJ1m z86Y7PR6#;aH;L;ep`iAu1&CEvRnpMdSXh{`%Pu)tS|BS;e6GpIZcgo{5!244!Zksa zTj*YT+?hB9k#y>6GN;-+myt@3PulY=d2RM2d~RvMq@%X5a9v1qv+m+K9Mtftsu+CI?prB_d$^{ES-KWS&qn=rK%;) z{+*!+lF(kHVMW+jvBg+ECW?~CNUm5(*%BGkrIM(@l`#3))9Xti-2J;U|IABJGJQ(S z?Cnb8_LQt|i|!YyKGk7;G-x99AZ~{}u)DVkjPx7(2$#>2e!}PJe(2ad( zE0R)DUJ_t%-x30T&6#guACMkZRp?h+L``Lga8TonqlZyd9;7Rx^W8JYFl~(c{d7g* zoPWYd&N^loL;9C6xKA+^r9lSvDWRmupLa0Dbb|rCi@E0FiA)<)lQjssLrgdM&Y5F4 z;gEsUR);z7gb`eD(nwTA>~Ww~XGG`x6Gw2^l)n44jqN0G(&%c&ji{ot%OIwk^sWwb z__Th&rxze*8V06e@@YYkp;~6VE(-j7qu+bQVd{(LBlBk|pd5l+^!~ z)bI8Ui}U+3QPeFXqA&TMqa1>n`Y~m;ecyHCY%?E8GKyD9TNw$Yvm&qK$F$OPOE*%I zS+=1k{UF!=J>wd)E-3r+h5gtjZz&V^h3l~uCGF&_B%GiXk$#3s>b?90)bc;2T#I@x zg3=x7DJ-*Wm6^%`lLXl=dZ8y!-u~S4Rk#Rk__L_-n%5@)7=DS}Tah1}w z&uBeuU?HsC_qN>~{Nwr6Y}nq)jo&|j6Au~0hl}ed3HuTYSRzS_fJjUy8Z$5qi4azG zL;)CviK<%3UUb7u?CJ%EVLC#hG)=)YWvY&gnUJFwEZ@z$3wBUi>_ZU(-7wRMVpPkS z&M=%_%c>$$%8HRlvzTG_a*jjpKeen{U# zvVmf{!Q1n<^U!mv@Tr1;U*(;7+Xx0V0zQSfZlVZ*s#xbuK5WA{rrl52Br7?R5J09Twl9#cwgy#HhB z8alc1yzvYlP)6&$^Z9t?ZbAWV??^~SlBs0fAqkF3&wwM%dm$5x-DKjTNw`ltDH$|> zor(0$$1P32U9oT~5vi)#c3IzTM{BS5BNL?%z>$p2D*C5@X#oN$|P^Z1o?m&2i;W{}-1VlpcxHk}|15Q?oo zDo%5N&7_lD+*5@j%^c4wj}vUVG>E%G;1KpQ)e4ELA5lKjjdY>rx%zAjG zGpZHaoLZ&KBn^qbm2}2rOMyx_RCgyM30!dvWLE%Q$RmUxWhjxJm!oVtQAH(KNv~Pa91ns?!}?B&u`Uzm`$g(3$qZkWg6`V8p;uq=fqB2*162I&aL~h9cnH<44fc8s#tlT*@hj z4QAAkas=?e(6^W4Y(aPdIwU01lp1i*8ERZEofHcQ^69v-juUudJi2 z#LofadhzE+mO3WyP(Y=3b(q8={v2~)e_s1wD;Irb6t$Hhn%iQ$^!_HkdhBrS z`_BqC?`-3;bH=i@u7d@i?B*M%jixB1v3g?*w?4cWiA5Yk0gW?{97FL@nPOGcf@ws-U5%gMU6dmv5gt zlOJC+kyy;2Uu`kZzqyo8R&OWZ53@I3*-}bMOH0r+E!DSmT}KFkrm0j`R!~}6ni{Cl zXpGLz&H~6u#^`fRmX_&4CsWf_(wVJ$Go8$D0+QJidsZ?x7pDq)p|8v;!$JsDAuw=$ zUdXg2V?`!p*JW`g>+HTVN?`_%ZcJa93D{(TbSP($Tj?GZ(gQN#$emJv=wHwUO82a0 z0=Jwb!j`uMo8xGD>9mKS+WUm-W%N`MkOe)uycVjS1}bM?b2k?*rR$~2OuLVuoBXob zCl}q-;K_{Yk!e3IiLlC7NTGv`*Gwc*vtCS_rlm}6 zM3QQXZ!6r_ZzvLGS9#-UUCAb=b1|CrW} z7}e$0;&$R8gLr5D4(@+y1*OG)DocZ?s-UJKgsKS2iv5HG8vpOXMYMIq88@dGKT z&FIfRo?p##Z*QVkWr)(SKefYX?}#(FZwa+kVGf_(kD>ibC@T¥b`VxJgNokIK>@ z4?eS!mi8DAJhPIO8=5IC@)OfdZhBxLrNw?m4lK(uPaH6|7nhwgmh(>>L1k%x(qca$ zzeZ8WM`@9dd!ATMugVaIPw&V33wN@8cL!fRb~ul{yq3o12!DTW6~TbU(FgYDZ_lpc zPY*9))R1zxIrkWF?DPWV}@1o#++^VeF`TY zGKkKIPHk0)Xw0BrO%ZE1w{X&-gYf%RUjJ|_6GvBZ>_G$Q=!zpHj2TwJfIdY$^!#ex zU9f}kBdZu#TY{f)I^#1G2nf(THX1~FLId4-O4l`l= zSXL~Zn|l4D_h08{*Ih+pW7A%%vcg5O&q|4IGfQNCF3aR2({il)j4kast<#?Vw&SPF zFiC~Smd-j;ElR&<&0k95H6`&Q6p?bM#TFW!bw4umryGggMK*VuNOGIQx)bZAyWMCX z{p3@<3N>5gxD)AO5)rm&4qL|7bf_t|q-nxIl0=@yNt*3M=FYZ9>`uDNTisc=a?`xM zS)O`4jAf=tNA~RL6>@axa!=B>VM&Gpo3sRW&Sdyhb`(A({J$bqopUy1^ln`?9OCi`ffzqN##a8=DwVTg3cNc5&VbBdKfXq`o=g z>X2%hlB)6`rNw^UUs%UMlX_Fv(8<8w#q4g1@X^wp)Rc!9Ke7s;z^R-#)(E|{GUsLGUr;^FzhOufx6QSVVnQ{DnKhM4J zDvOpZCmxTdOgU$rc^b_vExh#dYXtljSq+7P%$+-*U@+MIB$F7}&Rue{2(8E!X_>uS zlQO%iv2c$=Nv1x}bPRQ<6&c%3w<3VjW_n9ri$yeS*$YzjwXE=6M0QnDkx}*39{rIS zYU^B}bND#qEEbbqP?eMf?^dKw+V-nC*3$x0t>&uflZ$xly;HxW07HG2hGcha6*foL z^e*37R8NxQ>!q4$uPcF#R@x*K8dbIoAkR?#|F6FB>!J^P8wqdsNl zWl5hXqrAI=1Qgn5ofn->nwU;F=pg=PhN(t49ln$5NYV^gs3W*=C`mGhvgL%9lg$)> zSlmF@CFdPKoR3%T=7YsMIQy8PY~9tt15d9+RRlr5N;s&|r>2PV;s6szS2K6nF4{Ze zsH&Bra^k3J%1iw0Zt7y)<`xc{+LwhZ>pAwI0RXJt*vvr_doy!FZ{{uE#q@EtY~R(9 z8kk8NotE$)@oQFi@8VVU96Yf%Xb9G{|+|n9PVlWjyxcLU!(M z<;n{W<=TrUbMxOnX4S@K0)BOmCznt#$Y1Zghj=`mI(IxC=aiFAVB^NkeE-U;s3sLJItyj8im`PLr=LkG$BK|S4Ky-m{AD_vGMScJahSkm z2H%j*=!-o}(bN;tk#C}w8Mb;M3eAR^ZO%#)5s@On0vF#Xk>O$CVs=v!es>N(lWz0O zWG}_}GpfooxplGcNSQsPWOs%0y0P%>`^dp${}O4}Dwj(TF4vxA&J-E_-A1F++JMY6 z7M%Sgoyaa%h45q=#q5RNVYW#`J(;EiML}SKX*p0Q3jn6-?Ai|go$8f>rY;L7vH)7}+FBIt_h%vn~)56&OQjaM9CrOlO+#?~kcmha-+ z6NYohls=S~_}RFvEupqpJ6Bzo#1ra?VMq*9vUOJnYc@CYqYEdnwXOqS!tpfOC;`99 z>WwYzH>841+uN)V)quvD&8-A{Dsf#B*R7l_(U`%dXYbD)|6WF0M?B?78rNkaQ(n4l z<8d=9VkZ_iF{Q*XtYZQ!S<}FVZEgJi2M5y79AW*|7Cv5CPb_XN3hTGEvS39$KfY)p zaouFa`X+WaMY!&plX>*zH4N!n!Z%OfpFcjd(5660PCI-sM;_3R#+C?w`sY$&af5e1 z-oex{HQe#jS+sY?S-5gH|9EaSYp1p{a!?uTHn$SjOt=r1O&#xkGD)_Yzm^Ez>P0eiy^12sOijL`GyvdROnrt>L!o6uHb|*vvS|HYhA5{b#?w&bNBH79}d^SPpf>?#Sve!S%$k zqx-sO*(7#P8aTVCpUha3q%7p9-8;L8j0(jC)yV9@ow?$X4tIe6cF z_Y)2mVZ=LWj#r}gKMjmX&avjxlvG4VN0**T+$5!?79<@(BQYZts^-%aqH!ylC28^q z_*6_&VkA6{lhH1IpTgzmjl-`g{N|no_n@qZFYlVq<{j;5Hh%|AwN#Jf?}lL}Qh8e)+b|@WD$q2A zc-%}$T*=hk$O%o>RrXsQ*pt`)hld4cN6=w^E$47kz^RX5(k>Ll?8P#nIhRM)=rA!!IjjF)-;gvl2>`D-D z@Weh;mIoNtzm#~~V9jRB^bt=SQ#aCVEa?j(fa4Ath^h(>9AC@&t*taPMaaxG7B|w@ zW&hnUrR{Y|+%U50D%d}hx(~zcH8X?Vrn7Q(Mh&OpqC3Cem1v_R%Z{g z&a<$(I0)q;PtvUtaVq>@q*SDw=XYBr1gSLJ>9yRn)w6NgMT!C^vz)JGw?XQ@_Cis~ zuFl*&$;oy~&P<#p3O>I*v#>N>{Ex`?FUkA7$nM+SDIe1D9QTdDWp9T<%{gw>uqF9o zsL~pz=+V3&dUi40M3#v>Gf3tfB3!OtWc-#i%}AL^L=(|D3R&ss-Tcg)CPZoTQE`%1 z>G(}%jRh@}a7if(nyf_+-YfL8Qd%LTLBEPLB@aBak~imUBUHU*SQ|{!HcX*KS}5*T zJh&GpxCVE(wz#{yy9akDP@uTGyA>!<+}#Pzn_j)2?>N4n+3aq1XLn|2&XHiLPICyG z{~kOYV9IuPgo7%+Dn#>fY_B}eg24$ta}?$|FAk3x>zoH_l*b~yuRRqE=i_Y#i!GUSw^O=914PN8erE)yMHeIVGj}vzFr^9WnqT=AtKwwn!{J z7qBQiZ$4`$A&p{A{tn>MFYl-0q&x%Ba9rR6k{ay$85o`H;y|sOIvg}{MQy9$9oxy} z5F1T6s&x(GLQ2wXZ^yu7du0*s@95{{IlJi)-;e3kzttCvoT+a{m1HHAut**Tfl6w@ z2?+@#CDe_QKfm&HBz!hll;e$%(ilq)Udp{1o2>CedCC4xV=gYl+jbUgT?Gi@jHi+< zlTC|3WW}7Qr{*DdwYs&A%)IXFO0W(9Q06QOs&obkNG3V$@(nMl70M3Z*+jk5!r&1q zcFGpTM_a^p_MAb;?0`M+RNxzS=|#M}t8AC%uOsn94 zs;lHink;Y~J-qbeo4DyB#>V2a3|dMv6@E-+8{`W~vKR_685VsRM^OwF7g@;3j|suF zG{aejPcw`M+67nc=#!91csa!(Di1!IK| z;g@Q=W3?P`NSCaPt>|{_k+qV+e55jqh2--Lh1;pioi5_B62BMsK@F)(%oE_zX*i%> zUZAcLsw>4aO3hHyeX++HxaI>f}l}k`dF=f6n@wjBM-odx_ zqND&;bcw?`XlN#?MHRK*jExNmdHO2;%&=B|%cb$?x}``VjfQDkal39biF={TF8PfK z^^peR7GImA{|%SQarqvHt#g!!&pa*30khs78h~TrIWGl`qU#2MZ9t`(;hA>D$ujqC z5g?sfxpA5FfLprdsx&YI#7Z1T!0lYiHOV8PHyNNmoZ~5tKXhea7oJ}72QVz=-U;VQxKHZ3IO9_EHfc>|M zKjeZphs3v|DtncsFlk{k-4l}POj;|VS}4lv3y{7DZ;h(!;o(Z+qmuA%uN3V$!^P8H z$t@M9|K=%~k%9btUy)QPU&4mKb5QxdIS_4KRX?F#P0Tm}T|}5N34QJ}Uq*2N8H0l{ zB{j9UF*X848Z(^EWqh5S*pO9!Z+pav{uv+Si?<^NU8>3GSlzCO6XDB|dJ#ANG+0$N zNKx5`61K60dxarci<-Dm)#-Gba>W-*na2sFW7aYRGD@w^UFP3anK-NIDj~nswH_K1 z$w^KYtlDy)oLmy%kHc9bXh6hs`UenO~?(l#jnHx=?y0PW(C(sgB7$`pz?+c z+exQYGt#1ErZB-Nj4ErdYfOsW*0oK6R<<&Ysnx*TA+6J+Mmo76ohHpX{odPL!}2}1 zYy>wo@%y6MuIv>T%0#5|78Gw6T6yphd(F>;h}%7rrLj1+K?*4pq_mG)6UbB(vNG?R znP_!ugLkRk3*_PjYnYET`sWTJk7gwekvQ6F6v_M^w~+3qXQlqyvawPIE1UM6lS!p&N7u$5m@=FqH(S`=o}A#ur+jva14K2@)en&7Cm|z=HTIFX zl^Wfc6;tEH5+DCv+car5ku-ZCJ!i8tq$~7cl`O)FW=L1iWyPENKHWG#mCZ$;oQJ0< z5M#WsGw7%CHN8l;SgurfnN*N@zH!w?{BMDxE4zs$A)5kF(Y$RyJSTj>ivZ$zU18nP~_xI@*jP8mQa~3m`%xTo`3w0}{Fm zfVkS*-GKd3i%)dRgh@*Q19IzktBitbv0lyPRRYl!yPKLu+?{imuELEIQnQf7dag+ zPOe_)4`KM`F?Ju;U(Gn>b~R$o}(tFZXc{b7zTd&|&cr@3(wAuoM>I z49B>q#lN-mzJ6wvenyHL^wy#dtXgOlm)M_ zwl*=#+4*>>{zJ~>9?z!7zpcCmD$cM*-fAOyHtf5)xLnS$D{SRGo^3CcS5l&#mqfT> zzwc!MFwt%P)C&Fi>QiuGPEhTZY4{16Lxst`-vxK^=;@<-kH3>YnW3yRqCh)Z`80Mq z`In0PZg)=MNXO3G1?K5>u1C%#t zG*`RK>s#WHcXwN{T0hOup&y0R)V@uCrzsrBu~0e{mdlqp#<{D(F|_?8*^>QxS9vEU zd6MLcaN}7VR?C^;{Eobo1v|>-H}_Am6@5Dt@p<6!Xy}phGOMn z;5pSLvpoMEbbAc9t?_lo)Vs)DE8uvyu}Kz1GMz!5bDA(V$~zgg^*X++;6-u7uPlL- zqC0+7^_&%1;xt9DsPUtZk}lvFk_Ehq&FC2U9-&TdU!~&t_ZUK%nd`)Qwwx+G7rk44 zCy9J|8!r`9JINpYcir8FXntzt3mD-N_Yd#($b)jLtHV+E#zti+k$ZE?$|CFleVbIW zZ=iRjuD-F>Yln_}8X%a1+RLF??SNe%5&dPhc-%>x+}szFjOB*AVqC7TsL1ebor5Z) zn9@{kK~eI&9{j~6#)ymv+DUF{ePEM0`7bo8qMf(i)*PID=hzy`1W{8ne`F+0@!3nB zgZExJGHPQw0wAtQ{su)&`B6eY5{u`*k?T7*Qz5ZHrMbuzC(TOdkn}_cM1W}9-Vf%Nm5ZWz9 z|Ko{`50W5d4mi+gXW>*m9Y(mrtyYQSEDDeY4Y5!^hsT6~-4rDIyt24B{3eu0oRVPt zppLGnu&(ee85RKn;l<-KUU9h5zLQg3$=K)g;%e(h7itimEld&$jrXR%2)bS+~B+YIZ3zm#aQ%5;%?NATQzD3W4`544C+M0?(QZ#}r2f4(+9E7HeonRY&5YcQ(vFe(m4LInHT{6o*5 zb22BBFi;GtW9Q|=&7Hd5tnE$WPUJUy4~%{FB7D_a6OpY;3a5FBd1NAz-=mp4ujSjV zeyy{$e-Ng>TL9`8>GOmdJbw>DeYwZg-{!7-zSqFVJvH{!BW8>yz1U8)o#NP0KIK0X z@>-s+jRxqf`DXH<;M%X)6S`gd>w%sJF0Mb8M&VEA+(w_-Ux`lsES)y&to0d)jU^Qy zEZaFo9?-hFeCF>|MLQ43{7;be;v&khA#@}aTN)L5P2F(MQp-8TVJswmw`lZXP?o`( z8(FM6QvVW1605RYp0X9o7gIB%9QBrG+L>5Q4IO`DC?X%t+IFM2F=uyi&*>xok+zSE z2Wz~1R>u~qiO>oY&b{gRC}GEV{IjG(cYmY(qEfm0?g{F2Y>WS+j|Yb6$bkLnJ+A%G zlzhImD9=mM=-tS+9>YshyxSoBZrkhUcsThD9Rt3I%i@hp&*>9g@57HcKhovSC?u3{ z%qeU#yT`e7hksA(xw+|pw|wmJMIS>h7LdPsRp~QmlWc{NzQkC@mgk?veQ0`WgWJcp zl0+dMbY96ZCSDz_R zow*7(u~Absp6hCeXPWg2*I_S4O7irD>rwC7(udXVQ($@3X2%+7X!VQFVF>ZKvxe?) zJOw3dFConTF8FsamUccJW}YHg$F?)kKM>wwD(awgK}ToV%*uis@0ud0=a!g{HTo&0 zOu9DC9E=s*ON+62hn%7yYc7pcZH6U~y`g9%qg@_4^%`|%XKs#OR759A|L&|2Yr6VS z(8hgRLXczEZYgqsWjEglnWrvnN29%Ki+S>^r75eVE?=}y`?A@wSusT!jM5Ut__2lV zSmynWn7sb5&RP55fT_Gm+0sNM?Vvqm+Gq9tBJt^_l+o(=;iIcQ;wCtph&vy*NVjk2 zMgRIkC6zjcFbC5vF!mM9mpy~$)>RG?r~{+!HO~B647LH}HqQLEn&P$b{YG4Pb%~n2 zJ;9Yn4UG#MOsBq~f=|`*bF;DqTuT@cV?T3|L=4XGpGfgWu<}yO< z&zowwFUseTt+J)=Lv1e>EOYj@4$X;J@A=6?&J&j0{|VrH<4p#UKZ!q8#L+o8I2`(8 zeR>c`$EDjl+z!|#_#qX2@faut*zGdYq^oP|8qu--?w`1)u6KWtpLsFUN`dB7C=cmlkD>g6d)y=ZufRrpuM;BnoOJQHg0cBh?q3FJ8 zZ;V=fv`XYnRM93|Rx07~$kmJg^dAG={=ViH2t#amvH5Xj)!rqkey@S;GaNf=<^&l6 z@z9BHOIo?lCA-VH~@%6Q( ziCuf4d2zPFOpIkNaLkMS-Kuc0k6m(AZhE!}cBV+Pne<)H#h+bl`$~`NbLDCEy9udt z?abkuzd4>$L!bCzb-mIXEW0n-JNthv6vDNH&O zEjLF>obOtNdpIcH)B{ywazQcal-2aR3#)t+xAs;h?mO>3(BJa; zJ4)OX6j&gybzD*sFbjlQE~v5FJAIJFabmISK^!9{{b?skTR;<4f-4Jd_rTqlmUNtn zb6A2W8Byr?9HAjEkY=!e6w$Uh@lPa228QvmF1BQt6`JuPPY+KQ1Kb7dT+^YNj3DmxQadh~pibM3FEm|mESiayA6S*`t=m3FEHeQU zT2X;%K-)F>F+{ZY^nES)>-6~m!>PGNaorFAJzYt@Zb5x%{ME}jKqD5KT#s(B$I~g( zMfmoAkCzyz2E^l;xWtc#JT>*JkJxoB*6&XtWlm6{qC5csfti(+6BaB8=Xz9wNKpwE zEAHyTXJ#X`~Ah{UFY##Hv|RML9xfka&0 zo@X7`f?!#xY&xuY4C^8&np|)|EuJiSakV^I(rJYU3GE_{}n~8ycd~)ZDZ@rNt+7fd40PaU(A_868W6 z79=Tub!AYzf~b?m#bVUdJVAGaqw;xb3YvP`?d?AatJ*I%qUz5x%YjM8+fxb?=Vfg$ z=qSbfY$o9;MT;0BgBW7PoB@v!y_vwaH~8T@E~S{?ObxPkpQYnp%j^97T~JCsu`+pW zWY?$oJ8$8hJgB$W`q2#~#Y_;GK6xg9^k292ZqalwWvvkP#8w!j9C2GcD5UG0AT;g@POsLmnNd}eOe{7BZDk`p=aj~6$Omp@NGI=;! z^_6JhH(Y#noV3?9x6Bb~b&{2}>^Y|X(A1z%GB}diNShU?-~`0lF||^5h}?BhG>X5| z*-ldpl0tKdcVr!Zp)fJW#y7=%$5Hn?byjb;SZEiRGGs;{-yR&N<*j(z#@xJ8>qM$h znl{)FF4O*Pihj9EXE z=}Dqvm&-V>Rz72LYs|2l)^N~y5{EFWBL=2bU!M~O=0O8Y#5E-~OqwvLMeom7`5JP_ zmz?YZl$F+^o3op>cCaCfAMJR6^sL~TKr84x#3=XPD?DzGnJFIk*8f0)Az|T+E%4QV znws1M7QN?rqUcX+NycJ*kac{5CzKnx)M64Bmp)~Hw<#8CTIaf+Ynd>s_vPd1!oY|$ z!ejP`8%qeDA|OHHqA?0;64qgA>e7A*W0}OJx1vZ*V;DA9_0aG#akAYM8^PIHlQ4l} z@|+dQ2GwUo3M+is`=!9@*e`fLB2LKZZ0&r!&sceDe|4*~vNQbtn+aMT%#o7X4=u$w zpd|f&Ak%-7Ss~5y8*lz^w!1%J;ZjuUm{K~s8k5;u|JOPe9{!FtaiVHQ1@!+>fSpyC zoRw8T{r@*q11BW}gl7jO%Kr@|3X`5m6idfoSNp2z!9@L^6oeudli6Uu9UWsSB(S=+ zhXTt#BK@~;u}|?K;YLdZ|0w$RKm`$?Rlz7`I9TQW??9j(C;FiEUJA{P@rpI{e)pP2 zBwaaQ4sy(%;lmTIc|?Y&l^+`jrGJ};{3G!z9&2^Py?ZecY7S!%S_~-`eMGzamc(k) ztu~3k{g-U+BZidc$2GhQZbW~@q~o*yY4-wk+fFvGNHXR7C9p8#~V| zeF6NRi2X`K%_b~U$PriioyZn)uu>ME_baEnixdLvYU9jh=(Ga?%8_MBdIvcnci--_PXE=ZgRohc8&eQVB ztK)YEBt|JIsM3q`%IG4@i^o0}o96@G`*guT4UM>y6R9pl`03V`wvg+;K+-FUvGLph zYZN6-M$h1 z<(xYMGV0;)i0tT0R-cMO@}&~&dy7q%F3!ypFd2NQS2&Q8lUZNtW;G#8mK-)~6S>2Q zw4`i71Duw4+?F`eDIrQSr2L*zCBX{JiKQ>H(X{{`OTKmZ%Tj0OO_WVHcmrd#>;NW3lB^?MJLt~ zOivYI`iBlwro_r-I4i!~OU(QtgX=lcmEaz|Rzf@lR93a7f)cpA?RtdcL=kAFV5 zGiNQQo~K&cZnad}UX51CWA{iEh*>{-1MNhLXMkKahzj-25$ovCmqi2`7H;7aW8V;j$(*MJj*DiU^w zFa19Z>VnLg!sd6!kIjC38~8z%d3!SpAjq6D-c*_&dks@KYDblb_$buM}Cu`*|utESmlCKxg4k+C$lB9!amnHrZ8at;I{zSz(TO=(#lfg=$6*dEPJ{93IPHCmzD*gg zHWmerd&Z|NCoZSnjvrtodOb)Uub7*5iqwv6mPY>cM{2cG#jG)-MZ}_IJwZrcW9d)b zv&OB9x0tSmGoO7sk#m)?QK5|;pDQEv|X7t zcP(vpfsq7nH198opAIKutG}}j6hlb21{aeTT9}W9wA&%p6%u|RQOunfZmCZ2* zz-QK0!o$1u#m#07X8fJ* z#IN!Q3vwvFHeImT=0HW|1N0tP^ph?q4TMR^h?oC^BlD-D z#oJyKen{i8)@@LCN(fWT>%>kJJ#2oseg2)_3jg(b;tza#BvgG5G&+`{wip9}YnDM0 zFUE0Zfu4#;`190GpGf?AAMz~T4#g;qt$?5VUskVN&u15nDqCJWCP*|6n|ea5GgvtQ z^EG(H7K#P6vV(E&U;ISozSHVn-#Fr_zs<^6EBRg*q}YY3C)<1#UKG`Im-=+r)QyHO z{kT-YfO^jWi-)YDj!~EG50t8&!sEDdW8%+EA$|#G3ncTzjNM)Dk58qdX{W&o|kYWGPlJ(qIp@aaDdtp=$ld#e9CuVPHf34>L|Y z_OHex_|C^*|D?9Yup;^+RxWG9uI{xjo%%R$-iL5@2`N$Xadq_A?)DC+8YGI#z>JL0 zqt^%&?H3va807opC^_lKMInkOfJObJ z)8q476UdT!M)4JcjHZDv!Z}I>zd!p5qGq{~-&ihSC}M#={i-7Muc;B>Z(hm*aJ;r8?Bz2U#n+{XAfJkK=GR@w<4`_-fQIOC@pb(Qz6GEKh zRUc?dpuQ{p*0l~8-Sz2_Ppt=XIB~RV>u5F>uU@otI3mzDKBRH~NY9-VlJO6>tL~6F zzgK$Kr>stn&8a}(OU5v(y}2xOLO8f=vs$>)a5RW;$?H%K~f#%>ri8`D=>>f>~JMakj}8LJ<7Q>tdaS1{2O zf^m?h3eeJr#(aEII-Yq^VEWumSGALbB^}P!2_#N{DfkK%-j8pM4iVA5bj)(QTEvx{zT%Q{QJ+qm?E)b$k#gQKTi2qG0VIoS&;)bH_5+&vc|%U zL^T`jF>Ck6Brja_NZ1tT%W(@P1ybv4O-*FN6%f7rXp45P;y!&UPEvnGPw8zi!c#>d z9syrXHVQU|?g8&CX)cx^r|UEtPwDX#j~HyD07yRzYz^ z0X0dKH{KN0n#g*waBn8sj}bUtHeT)f>yPlr8>;7lY2{Vi{%9<>Nw)U=#YcBXw!Xuy z-mo0O@K+VG6BM7e>gpu{q+WCjy4OgltIiY)pYd@&i#&IyCN*26!)hjthK!M@7}oA&K>o z@Ym3@X+k8yV?NY1po41yhQDZ<5I}tiY$drvpz7EEy+Ix80r4-c;*+G#J z+(*-r`1Y5>p5D*IH#f%?=G}-IiaJD}a5w=KOyaWz99GbA*XM`(azjWhkEdzjK$ z-L)uux}uujm&DULN56H~q;=_%e%%%;*nbjm$*(y6Jtt-POYB4Hbd>^j9mk9Xd}$?e zK_4H~-I==xFj4HRu|oK1M#FdHGL4al$S5R!1}%{^OIcW7?cdayG=g!IsT?~sHRa#= zBXcGHZJ8m`;XS%>DODrVuGU6h?cQvJoV6*iuO- zy3?znE^XdLud(r0xMIgUkzkrLIt>W2>`2j0t0t!(%An0}Vj#og{q6*|*tm_KlGXO+ znh^}HxzqS>8sqSv!|26_CG#^54`ERD$6>(j3z(q|KJ75$(8jafqzQ;CIdh7ZS)Lmm9>AA^pH>|HnO)=xi_$OFj zc+bA{m7J?}GV}C{;9erf$CJ$KF1Tw#_K>C|yzmYHW}z5j_phtTy{Nq$({0)kP478& zRF}2B4vY|mO5<@$+lwB{Dz-*zZjIODK_adpOTxb|d3CPVQGgU$f&ehC@+b)lS4Bxb z#3;RQ%f4p=O)nmCC&>tpTG%(vAMPO!kTPklh&LR{ME*)csI?$nPiNcyG|HGT`e z&>Ss#;NsnrSwzB4BwD0cT$#kw*;UOSADcg7LIG}3z%%|3A{V@?*Gt^pKhC%(6%{bZ z*=)gqRqZM92KVnHii-r#^3al4u8t$q4mg9Lc3%f_AEjEK!fD!-B|k}th8*X@%l;z> zuN4?Cg+)u%-)|%n5jpJ)1x-2scrO3-RYQY;;o%r`+k$dlPf^7R>{aVcx5d)oI}#}F zo>xrKymt(q?&G-@^^}8{6IsM5l48?)Y&%`4Cs%!G&KQ^F0qe4CgoQZk8J$n>#LEpf zUIi|hio~yl~jKX~uFQyLV< zhE2y%v|sIze+1v|d1Jg(h?JCswTy*A??B#6QCU`I=T&8}*6|ijxTS^Mul|t{B!CY7 zmLxbh@#S#p4c?%faTmhb&#xJMd$@>XVUiS1;wECPEr`<5WWAw^1eYf180G{}_*WaL z99EItj%6phXg?%PHl1u{QTkUBq7Z<9N?bT7PK-jY4+R@U+{=Nk9hV}~c{u}65A#$1M9_zX-}Fe`MeVm_2X+-2 zEO4OcErcK0lTYJ)Euu;}3pZL$tsxKSkJSqwObKE3_7r| zE%F$`lNU6jE4sjGf&D6`&C56_Ef9nM-u@SU3ENLqaodVs(rEOBXrd1}lmyW=Ya29d zUk&lof0?hgq|>ZvgQhgP&#Pw-NdE-?Sc&y7@^Pui9)HZS%A-0gusT%A!EENRCD~34 zjjMOEl`k)@w2ZV96}psFoH%4IT}a4GC!05|s~i0g9q!YgGVn=9PA<+fmitnbuP2i{ zzHYt&YTkJ6hgwmL5$Mx$s+}YK8U~}BC1d$jHi}*|?}&K6b4$j+`x}XYZ|7v24rZ=+ z6v5!77q7jD^5*Mf{9}vv>{nph^TCX&JwofY<(m#K&y-cM zdhEyuS}Ikvl)5KSs)#)W`~D` z?WO)}uNyvsNtn}T?PaG^%{KyZh!hl%mL>>*`A`Ttf!WCx6)TqnuLQ} z;!xJ)L$egZa|?(``;3m$J`qRT8-BNGm9lleG40J=)e)E=YGLm4;@+@eshUz&XS>?9 zq)wbeeoica;XLj!KW0NSRTZ)Mz{s$=DA9~jP;SY9Yv6;95c8hwDZv_5U??Xk{`!{l zaz%%?yL1DClA&*C85*H|XrfUt?9c8c_IhC;$iM6PbXT46 z{b3o7A0mO91jz0z{s+lTRTz^eCO=~I6^0_jE9ZZI&&fHbnv_ywF|NIN;ifOCPWHB? zvexau0eX6PJYE2~amF9ItsiqHQ;$GmB0yZROD9eJ2B+$zXunh1>Lm(ZZ>>ANst zk;7C|Q+c5u-X~R4Tdey^sG;Wz=bxLS5(^AL$!M&xyHFMphQ#R^4II$n_xwacz|?+K zsC>BSJvLMMG$YaJSh;bQO4_{;3LJXk63oAgG67#6w=%4JXTMlC`Cavk@|(zYC-bbs z#1qR+%6_ft==+soc$tq9@RJ0O0n z?E>toR;Aq#&oBQT*HOW zfzn%8QxhQA?)k><;@w`MR9HTs?P@i&?P9|7*SxCZVfY}_A!-1#w7kqJmpHD|U_WYb z)?Z@o?k#Jqlx2kZXg{LVu6Y@%fc7nJWCX1YSrO=oLde9O9H_t-1~j;G%_ebX2e#ZW z$*<@ssHoX~<{Cu2<4j-k4hF7y0)Y3cuUqlG3p2VZW4pK9f^x(1{Z;o$pC|WXJ0CGM z^zEr2Ks%13WWgwa*5u^t9c6iB4^hQ;vvjp?aq6&Wa!P-woARWH#_=$?AGz|+z_@FN ztSKnpqe$W(*cwbBsSRH@R~ntfE& z5n#vy-8vvbr0c8%Ky>nA4nweML`uYdIA2&81(}%Oj{JA?_+jIsa{>CgcJE zDlR2FlHrwD_suFzWxa9R>5SX%hMe01Fv;`n6BGGjD0`vs2udacQMFRS&Olnx)$-e*1~Z z)=K@4U%N%$M1&_t21#_;O9Z!v!4vGX|8j3D1Xj<}q7B!vRU%dYbm zx1OYIMt^(&h^raT=;IZPX4zZ8|JY#Ne~h16n&x*lw044-rR`o7L~v;B^@iL08OCWg zx49X+b8>J3>V45$c`-y?YJsO!Sk~lgUr}Za>{YBovT+J>+Nm|Y9z{W z9;iyJ&Jr!}VztyaqGqYt;ebNFV3Q~A`b>Ee9nIm|cRRdIWUfCX;OiCkZrs!HLdnH? zX(;_>`S;wCgkvw$e5L+qM6#u3g9GNc-o@+U9*(uG@z#>FSB){sQNw5I5vSAjyqxFw zy?LkGeN71`{Kn@ym)$y^99PpT9Kri9oaGI5Xp^8SN(w9O+L)d4`5Lc&x_K@aBOh~Z zTTIBywnEzifzg2@>g8Uiw@~@kGmd^UzuO99TZ7!%?1V*h z&O{T}f!kdV#fgcrioBv9jJlGcBWhx$`?(^Fw(Hn#qXxe}&sShs7@5d3_Yog1O9#hQ zBI|0)-WwMXFjzK*sDBk697xdd3ZU7hDNdAfklR$M;c_&(y2ijCk+(IemR z?c?zW+v+=gHj#Z@@G9G6a63JFx@l&-UaZ1(q8)o0h~+jZ6yYbJvbjy-O&6n3a#~)< z*TK2y>Yc3dhiTOqy)E(L0tTfVa*MgG1$y*($kta6oGf z(l+he5<{T~v`Tfn+yTN;TCPT-N56}cGFCDryg83*vmbosAo766og@g^+u7Urpa4oh zXD>s0%Q;*;ul!PN_g;@xx=#@?G_pPA0k(?{`>wOd?0|KjZx?3bxt|JIuH$!gphk{? z*iKMy+Gm!o`L9)1*EH5vT8-IRD3fG!j&~DAaAx{~se=ZOe$Y6#Oz(?fo?1%Xz$+Rg%j7RF{SZv0qQyv%gPM z(R$dW;J-Y?n84#fR4eo}v%2yk@pS)uv>b`ge&RNfp8N@iZQ^o)WTRBPA}K~7;Oe8= zMd|x8(%-zHq58k2mTytb(jVAu1d2j-V@b9~B=z^gN^#kw%y;@9Nq6O_uL@)>+%KBv zlGGPw%D?+_Ww)TVLln5(g);lACaKg34JUNU5BRR!L^fblvE8kYD}e2G??EO=zTOV3qNXJM=CuQg$Wskj z3kGiKs0~PT2$P$wrZN4JNndRz^UC>$@*zO#d0(JB@LuuZyWeVmj|R!cy@K&|I&0GR z>pVKY%>vES&E~M7-`#$4@|5Jp^8ya* zWs)PeJBX2Ps>Om#q2uynYk=teQezBF#~r7>PJ2vDgK6Amxz|(A-7L{t8<;n2 zUv+zP@hR|?)#TTNDbo1MP>;1oh!r{_KD+U%Sf;xjSF8CAm$~L_y{@!}p(lpSJgr(j zZB?9fsb_l|(mtDxZx5xJ;A`Sg&eUYTcAS&7Vi~SjK3xpoAg9>_W@V0=Ukzewt3M$t)##vOs9h})sM$_3MPoJlG9j7|$RW3m}mFbvaKy#KFqaoDc z5Pb1Q*K5fz`|0W`ObO2XVgG9i0ma?!LGRsp@Q&Z`Wn<39ZYwUU;o)0qVcIO~V zNr%lJ)qS{a{cyIw(9xFNH@%O-UA);cQgIk)2-f-we7%GAQXhF7GIJzf9X@b%V(-x- zTz?%_nYBu|L(<`Zj0Zs9tVq1;6+_*=+L8a!r@KT1R=Z#piXH$9cD1BP6sF0wq@|S zU1m$Vd39_L4IAmVLCklZVdTo2AH(;;ZgM8Zd@A@ahiH;whz5S9J3OG^_umQctd8t$ zj23_q$_PZS3x|0=jR8W1``N2E}d3{@yT1gFes~~jM5M_;;sO-zU^q|A` z4`HkY>+Sj-OEX?$7V8VV-qBDNcdIbNDFx3GnWm;7V`P1Ihc~^kz?@lBqA>2Cq}E&l z-2vEq+&>ij{2vw8>1l|&?i6{>o*+o`Cn0&9!80!y7T0*h1F2x{GM^st?w|t@l`6&n z&0GJUhTTBYb-t^dyy916rq-IbW^iv`41?-PI~2SPG1dej0FMF{?5eFIE*wmJ_6Uva z)jsr8yC&Pd|W^oSNjnY(8_Lr_I`_pY|8_$y9^pQGsJXIlVYCs|c^gwnwXlS43V^4BfLs(M-uKNZmDs(cKzK43$3rYSUgNht)Z^u;m-914 zU?6{XX>9wL_Qyg?Q9p{0_=7)}0CRy7j(4;O?DY6e!2unpRT%h2+feBZ#9vYEi*!|2=m(VR~8hO|3M1=U36 z>=}GJAYipJJyskder$6x8edC2+o^Tg-EOM_xuM5jC<$SFJemCEpACDuF)9Q~kbosq zhKHMcUhXyZccYY_JIB|32(@J!>DCNkDLw@Lsi_WeyhVi}2JiQo3`6qV$H_^WOmJmP zlgf-{OS`&Qup?x>)c4fYyduI!K6N;sO#gA-vUTt9U`y3?6D;tS$={RQ-={M%TvHUG zW-d|4w!g6UAW!ISNi#qxb(zcN7zT27$EG>3?~ zgGIm#+78(fzy})du-Ou$P@ZSdBUl1Yha{%17#k2EqEz!rOXnjlj3Lftf%k`|q8OW2 zFenKcPKSLz1)~SJn-eR&g$+_d`kpTF{damlTzUjKm2%+x&8XXcWoNFlI4vPtnvAhk zmr$%{HwsC|oniv9uF~5GwE0f`R=2w!ID&7>sM(a!M7?&7+8Sy}OQOOqr)HNc7L2L2 zyF5BI8S^bJojP1kIG+w6z&+D7!4wPfJ|a#4<5eNj9sPjA4ynz?W(_evWCnpFT^P&A zP*JRNiTCC4fo>D#gkEcg34f*&SJ;UBYeIpnYb8_Q+b38QBxN*28tGwpl8zmvrH|=7 z>&zEd7nX1GJwCLOciry%h!z(@EX2Bloqs4zd55l-)u)Ii1;Q`Zs2?fY`Jg$AIMtng zW2uOMS`tDxBC~LL_~#o;I$?p6b6+VQM?~UBx{cvw5@UT)U~yE;`G!^bi|dyStIxMb zat5%-q`Rhb39;s9&Y!TaUWN@wy`nwZv&0>;RG+iy1`kcH*J(dIl4yyHLrMp&YI z$8K}Kqo(U*#yK5EWr8B$_I{MaGmxp2)vYiBpMAF6XOoonq+MDOtBic6!w-_8#n5bX zuY2eb`;CK_b@tvp++T!|O1#|7yW{Jgr2$WVz7%=4h!;bI8Z@x3*DY2F;nEQ@xH{X7O?{2pTw)6WJ-mlXJcQDt{n9p6_z)&P50dr+;obUrO#0K&1Jme|DDgfM z`xX%RqTaSx#; zNIrGG=g9XC?o8vInXP|3`{ZUzqJ&Rrj)MCdE9mf*j!WMiPNg^nJ(l(pmX~l=Y_?la z{Rac#aI>+8c^=gnDGg9b`E0Js18rvWA=Byei2_T#F#vx8dm##bJxEr5GeyT{SCW|? z>*N)iiLWTgtVBLXYmkNd<&$sI0X#L4&-)Em+s%mJ`nrQ6-Rp4`#**3LlB?t*-;IvP zJ-ej?glX(@iCH-8*oW8JHMpc2cGO|;({ zeiG4Ln8wV4`T$yNJ|SHsN5(=8q?NANY}yhJGpZ0|Ey{_hY0SLO$^`rN^df_YmTdOO zm~nXan4D%cKC3!yO_pp0)VG6Cgy8Ta_G|8GrtfKPpHu`}5`hLT0$;sH_kpKxD|tN` z5J(h9ZF4$eTjpi&4y1eAh6j6baiB5x(s~+t&T8i+z-L;h`))rZ98qJ+c8UdA6r#N! zdHvImhO{MeCczkV6^Y$L96N{vA1E*pNHGqGZcR6f7Gp(66fbDYho!(F)72M_x0snz zR>)8muS&q+}_UoI#~%fWXdxI|)z)N+T|ZBB`ytjkS$ckk{C zex1arVn7o;D0&Qi1Ad)dl+;5|A-E z8;*s!73P2}7yXAFq9T8!vRkVzEod4NcDz5I($FysGRvFQW_AUK`3ww@QReW1`KZQ9 z#(0vvW$CC^0+qcBUH%*mTfjsVyrIhi5V2_5QXyDJk^G2&kpU>?8z^26-vIBxMwY^g!FET4=QbHcKYN5RCmFp@OVapV*y_Z#h2W7+q2o$wdU0Q(htw;!3PhQX$2oa zhC7jvogQH3D1waq*IpTEFb#l0B|f50tpS-g@MelTbT^+Akt}OM1TM&0*1-FQFdMj| zVN%Ckelqy^|8r4UWagkVOzJ&<4DQO~bqjTO-G_TG#Dnzx1XX2;d~RhTqaweM2^7oF zWA#sbAykEf@}qVr0eog7qOy_x4kXSN{y!3`Ur+=%0Wwiyp$+MZt0|ZX-Muxu4{wUV zIwOz6mR>&gg_rmDpZV9K75Vm*-%I$9{R{p`xIt1%QW5#H6~hNGZFsh#y*zh1IpvoM#upNV7*@2; z3UkVszaT9Ld!6UP$%?)!skycf516XhgkMbKN+}j{e`W3@c=^u-)sKx{ro$sjZhLS> z$dI5_*7GvIh;{oU*u;_a>sNiJ1NKIdpR)R|>SW4I{}%?ge(_VTpYK%_-uF#yA;A#e zA&5m)l-Z%7>3Wl^nsbL zDaV5I>rERPn)Lq-=24gBSNuO_vEO~IpFAqHXdMPXLZ)k-436ZFd$1MzSi~^FOaX|< z^|2QNJ2XPFz}KCPb+b2fB?@g%@vy#zu82mz`G|Ob;!XqH zaH)t~z2ds~jL+U*cZW5ZO;5=4>mG?VBO~%JhL^gWv4)Wu@*M6cIh!PzA^J@e|N06M5)jJl)qA#q&KEGI`LjU*d+Nx@w%Ngz|2L%GXn;>ayUa(o121euadRb} zOw~{CEj&-H1#pjV0$uUJ$f;vW0d6#El+h&U$89d83V^NByl6(2$IH4BZ;KsTQhgYk zdSI9}I(2pN2#UVF^ZqvNGx9eped6Iu{4>2t1}{+ z6PM|IU_UDAY;>*b5hLE3iDBteZc$tI`R~<7ddrY%#^o6c`+OwAMJ^H3+Yg5=X{m$4 zzEDgbyp#fbN)C-*h`9VtHH^jO_22V?VXt;NLZRT@ma48`zlY@OkREjQoY~|ml$q}b z^;@%qIbDuGB#p&TtL9sMd7p*I^gg3D$Sz^Ecx5lg*L3m(d-surA^?p=uMdf`k!JX| zC(S;^nbS}zoQwuj%|B!{wjiQ$ltnBk@#m~e$J;Gv!%%W>)nt&@#~NDJMNW;eT}CV4 z%d(j!k((>+bKU+5j{&UVVzk(FIo(zH@=*x!xd2Qcg`8_Mp_n?;4P=5R}r$% z1*m=%ud9g$lJ(o^*2Y>4MwZUK4ko2&u=%+W>z!`PX1U)8T8K$ORr!2XyT_N0NM7(> zZge8D<#h{Dot!TtqrtkPe|17)D8Jz+lYAgqu8l>}bSPoKGTV+W=24uSyZeigz)U1?83S>iB$ z^ks3Fu(FZU)xPg_@xVnVp|HvQu`A5ePl-(15vw#zDX7;N>M@2Z;KL4C&d!X)$(T95 ziVP`HW_-QBlN4@WQ0Y%6*D~~1$c`FQ@aT25-c&#?*^%mSNf`sWTSp!w@`k%w5?!qj z_2^`Zud2@M@Jekn?w{*f>ph76Z5|&(Gj6x1j)TUqGiyAhuD%+rp!BE8OI%R^i=F?I zBBMX&)XGuz_!2TPoHXz0VtsRGNJ7640BS;uitdQP#CQGcvLzI3^hpf5wb9e=-C68V z0$iVlSSn{Rm(HU1(4THC<%iK>Kh>=u5gOB>*kVVG>?ZR)zSnL(gZ#34aqxi?Gp(MW z>K5EM?@kX8b>uHh%w#R=XEmR>^Dh>|WA2v&V5q)R`>McgjJXa(*JCcM1xe-C)}g`N zhUG`wuByV;!@*#c80vNtMpoo$g?sB7r9gzichYYE0p@X)2jx-#aBg#WqF)1_ z!LsIPC8ePeU0ikc1E#F}Sn9)w&NZdd+;W4ld7cApj(yeB&djy&XWrYG3Ln?yS%%#5 z0=gL6o4N){ZUE>j(y7qlFKC5t1}RL-I$r}Dl=vcqdkildo+j>biz62I+NIDAg$$9zoK;2 z|5}XAnopyMCgKd-jYi>Q42ZJa)CE(BEf%MNaVUJE(L~g#A14IgE}FASYy%Yez77<8 zctt~>p00EnGk~g>MbGymZog@|oc=y+Vlz;*2Hi=V=<+s`H^IIc-8%pv7(Ew-EBlv!(?l|EAo<83Cy6{YFahgcmc8g z78n?)gG4uD>Wd2a0Ccz6a*DGPO?45h2)PqBz+Z8Ijudj}*@Lj0c%9}4! zV6)9FeKTWRh4$Z&h31BkO(u1fE*~_p=Fp;8UYc4;K@G$JAM85U(VO+RX>U7whx}@> zlIiW4TN<0g06 zuiC1AsSh9%heDfI!pWEVU)B>_kVxT;#krd@-H_^!+;WlSnh~jTFQW%0 z-$RHo|3}M_R--SVBH)8sQ_qQa4yI@AVPiDln^daPgp8ikEqBtQM#t6qm)!+ti)od| zRnMWiw{E&WFQpw1v;6l$N4}XtO2qpk?})YYZ?15sVWBs{R)vZd4^{%>fJ zamp%in3v&wP<|fpQoY28syb|eDhKN1AT~HarjIAm+MvvFx0sp@nSzHeDFVGI5IgFH$Dh=`K*M_cifPJ+!eRODq@RR z+k=EQE~%NOv!|daV}fDf3ueA4+dsHP}^i{>~etmn|M?oX8HnAO-r?*H@K}hS~b8B{5 zTVu6v-|4;IST1~B>GF&M$r!t$AqVw{0`5!~Q|$5*SRJ_iqhD6{g0+FIK%x%gsGH?3 z^moEwGTI*HKzpaDmp=r-EdAR@u%fwu>~zQkX8vxx*fjVQNulMH#Tr3hH()0D$ax@VhCXxr8d+ z$CvJGary3eL&VJ<|G3Twf;I70Gt~a)&yP5Q?ofkD)uwc8a2+>X7rN@BEldLGLxhxF z(wRyIzJXLNF}wA|(I(@RnE8}eU+gj_Pu-2DxE-iH{2O;VEw$Bws9X3(ZyOz#@D9Fe zM-?fV;f6!nSNpc}@Z8L>({@>AoVd zy;0*&eWTsA+gOaQ%P}8IqBGp7T2=<~j*Vp##<~63MC(^qAET9Bsq>>Mf<)dQ9)2+I zkBYm#6f!*cgl2U17l=V8TuPi6mcs0K(+ovS)%yr+Hv$rt~JK5Bvj>3yY#*wLX(0i^UtV4Pj)a{uk0Xs0fei=&oI&H zQ$OCFH)rMkY9?wuN`j{2A747Ii%|@%fz z$VB?c_*;8jlW#mABVwgDS1P>AtJ4hJ)(>%_mn-)PTk73MIi`JEHCSammFCdhSO34Uvf%)Rn9&5PXZSkpe4$=n?LFB#Sp8KZDYjSSE-r$Q2l*D1t zBa3nGn+=Z3tbQXqMBpnr{~wetHRu3;grOX`fK0ffE(j^a@OECWZp3-A{h4Z4vcpZ>5MStY%sqK#$9vGZ+{mbwz!3iuu-L%u`O5GS5Jff??;~ zvN>F=K&uSd^X(Y|?`!gB%m<754?#}HXy=~4#?d$SMlbgpZW{Obb`LtuuGANyRTRbQ z%Au~l8dtxsF+nyI=1S=afh zk*X&}qQdZ~xuKc{%abfyzrRO7_A{dzQN(o+?L=?+h0Yu>uTnzzu{!buMdl$A8I@3+ zcRU?pQ4+XYd}rpoI&sBM^>|+5@e+5;jcHfL2MIJsR9rkkr!+AgJ_Purm-s&HRI>bj zTm!ui)@xyt#kGadDXqsX)V#%jy=%d{BmnNWeYB)U)+yIp?M3eiR>^3ly?4uty#=pS z7T7F#VkFcT=gEx#@p9VVheEwbo*%)+T<<^fkch8RbPbJtg%9EpfIYn?f-yr{U3@;w zC=&8xqElUs*BeLPj;@&4`rN_7R?yvEPZE-_$i2k6{jW&wh^Yrk)K-+B?%$DJWU+b0 z>YsQkguD{E1z2)oBfluN?(-_9aicHV=K(bVS7Wk~$u(xWtz2(m*hLct<;qudw6wMR zzhGP6y7_2`coWzZi6mIiu>4x%>o@0k%(Q+`v=0zBPS_E@9-(EwS`n`HsAPUrIXVk- zq}rdR{iYt9unnVX9Qc^t^dFYdFo+}mSU+m>9P?;qlEY5kgc1=!rNI)19Qvu1KeQZE zM-H5ek?ekwj2UHOsgnQ%)D0M1#|*)d(n>%V2KT6Xtn^*y3kp!zt~@Nk8M9~y{Erq|D9wwx}y+cNEC#8PQWicOw;sm9xH30G2=+KMkg2b zmVm6F!+YA)7uwV1+uHv9AUOE?T9Kyh!TP|@38|D(>GQ1k?zE&fk%4-&QPS*m*tvBW zM7Q&_^%e%3{dbh%D5mg!!?Nw|DaNbqjoW%E?RE-Efd&v8(@>NjcAsf-ov}E(eWtiv?|2-jf4sg z(lw76t{|#+6|}zlOyCqdC+H;@^10TAPVX6`k+Y|6xR-3$?LA$Jn|YK^z5qX9fCE;(i5r+WnSMpE(L(0JK<=p3K5py1Ltowo){3e?vr zOkitg1qCY=&sIh^zq7)8WSIR$JO?;dAH7M`G_Vj+xlTAE9;2B)9opap(fgS=e4?X@ z^V=oQM7(xs&k@t}6N*~Td>amLZm{!5f*zhOXnlFp#k#a8WWq+7JZ}{o^q3u;rFKI z5*WoaXNZlI`y59)>IUcs=045c!dr|@W2WO6~ zpgua5_ghP%fGe?QM7rXybNS>1<^#vWF0U%1jo=-lfF{6`4{6^RN6-T9p3yriWy#(| z{u>OwE@ypSe#FyhSR&lM(`+b}GluY11OYZUgxFU%*AQ=vU8N^=ZrbFDfeB1u2y}Lh z<1^xGiY_!88+`Tn62IKDA>MYD^O1U`LliIYuEt0!~SDn`w`9Q6c<$= zKBY3WMJf@`N6G+-$~2jcd178h3%8FXihf7mpGvm zV&F^0y337urh0Oe3n6kT^u>Eq9vmf}R=XR+VSJ7Anu6v{Rif`MaDo+%_D^_k(PYQ{ zZrD^w(?OMIDTphn3nv=qS8t?dvT6cvkho^&q-;f?%9HhDc0?L4JT6Yz5%PQW;QCF* z(|(R%L}fr?CxA0*gjjuG-j(SHmMb9fbSkGmy0^2Ij8D5|1$x&`zmq@`Nm5OE`lsxB zd+C?J=Vz?^1kx`z&6i{OoqS}<47uA$NGWsvc_Sry<5G>Wv%3qgt;rf`@(FY0YZ&MC+PG3~ zd3Bb6QBEJlR~VtTE1PQWJlLx9m1w+#;YD}i+4xWQNey*vK^+kO5e_S&F)ds8bOott zR5_zbstSF|)IY_ZU~6=1j*de)(i?i}w%dlHXz!D2AQx|C)G!&XyJN51KHw`Xv)}HAbtY z8*gxgY3S|7G#QKeO&LA?j%pqqy{GX--2{t#1&^dT?ssv{(J? zP&V7Wyk1t|pdIvyvG3m=der8q>>Z?eZ_i-krhB2O>iAoG}fGf|1Mx>3FWH^yPU=Sm1QHO-qA8#GZqg+fiSD8Wd+=6GIeZU(zu=BK>S`*DGa9~alj`GsJSbMq6gx7 z2x-%2@09wTY(tkBg(9;jWRIGN*ZoNNPf6K+6eTs?p~Rbw=>!LJsAt2!H2r^NpYwTN zEkI9f&E)Kq92u!ig92X3vJt!*SD-V2y>}D1DL0M{;eAE@Y5sjK7oAry1}AAE-?|f9 z?^bF2?7u;Gw>|J?e|y4+O`WQ0_?Z@-Slt>wDb$%Wjxw&Ty4BFcijc;F!iLMgzj!TxD9B5$N&#bq9y?%dEZ+YCmCmw}f%IqJZ z&u#koMAxk9(T8;VUP_4mcQOLt;|xk{aUJ}wS07nF`hbo>96)sB@P^ys|3bN{PNa5} zIavm&ptIz-GX>(8?Yp#&!*&|tnzB4pk#L$1oTu9Jz)N9gIV_AwA}}k~+E`<{F)(8H zOm>HoUGX~}YFocc+;Y03i?r&T{_EN`##7+(v>oc(`Y_q4g@c&E6PKY#N0}Sh=HvqX zu;oq|=f#78oYmJ-eT-l?%#2xGHF7MFl;}%^kaNmqIjgQVdPR0~%=PF(`ElLdwmX#K zY^p8)vg#du@=IYdUH08;7=eGiKUct#eCxLbX_|oiR8C_sY`gu@bIm=4@*88o;}fXN zrXgZzHjVwk?vQ9BQELM(+0SqtT)gx3~hw+-0KqLs^aGG=c!al}W^ zoRJ5_`YSd4^;ZGHcT4i5P~+6^fDfnuAxKHL3{`bbT*mV6JSbw>-#3t7{g5#r*JAv` zfnEGCSo}zyn%`@7hNt@kDEE_k#MtuonHL6e!6`XoHhoU3^7udR?KYd zf~pNN3}nC`7)5r`-+Q~JKa;VBW(7U^Bw#D|F>64^YlMa`-0-mU2!IqXcG-z5mVWDy zOBQ;-R`Zp+%kLLMe4Yr8RZ}9ITru22&y22ZUlvj{z7+~?R7x_lJpL3d`q-#GL>=lS zl5A=6ZmIB5INcB6DRUd+j1?a|N)j$P8AIR>pLl@^I-}Okg#VZEPOXr|kSJWlM6AZ2 zbly^AjVnaG%6NH!5rlEZP@*prFjxBFt*3y$%W)eI;`v#NsloN%3qymcnIvt=gDkbc z5sIH-@kQ_TN$t;DA9KYD!y&Eq3R?CCO~ujS`PqAo@bc7?GJiCpxeFlDiThAH#eenq zFdgcxrB6CSZL!x|>c7+TGc*qE3uzSdWsg0@h5Ag=SJuVZb(BzR@5VebY*6ZhTxXTk z3j2*aCO3ya_7`>u1NyKA<&F~`g!{H_JR0(u=d1TJJhr(u>|3WEU#xv<$o+4OmIAc= z*eFLRX_Rngj^!)3b9fX#2_H$FrI*nbYsWZaUzi{xn4O-k8nuV>XP}FOmpw(ejbBOD zq6e%YtPBb)3+8s4I2jr`@LC`ZO_{iXFwUxwaP96=Be2m4P7bmw4iJS}C*VdMgPQx9 zlAE(SudeaAwFT0k1?4s*7 zA}-1rguRD`#4@~w4T;m*FMlq`KMX7OO_Ar?=q#cM`8a*n>{~)F+D{qlS=s9JQ;JhXB;)wu z<;j_!uwf}h;YbF$f@Cbm(aGG^uJhqYLQr?%SRj&At*T~p_8`XM_L6^YQl3O~da zIOr^Mnq2<9ktEj0DE~Js4Ivm)1I^#U=$(%^$%W0}fqpWeSFXtEkyesWL_ z3E5XAiuX|xAhYa+j3yCs1d8_!J^1flLG_0rn(VgDQ1|zE5crkZ{_80eY{stwzvuub z=3x(l%D_>Ll+5Yll8M5yw$Pl-H~dZguE>bJ;miJv>LMvcPL$Ux_-x=+jkqbx=j6~u zo%lFl0Poc+~rNf&~i$K%}GBc^NgO62SjhGM-_oPCsw~OE=6-iqI5uSNzzJ zkkdC>my4?D>AK5x4L|e0`{^xFV0>Y9e#QAjO9ws(drA>vVP=Uo6CB>CkzQg(bKdho_ z%9=`H_=ew)m|*y@ONf6;uBIdQ$a~#+8r1sKKAy(!%wK)F%Z*&T2+opVViN;;A=WCbGU z!*oZzk$)X@*Z*C}z}ars8HJ8P{8OA4eb_k_8>a=c z{K%~gIXZWC5UAZqCqy2SFT3a753vXyMoeogMX{Y2+%Io5up|?tvK#|nD#dufmqEw? zhTIpEa9{>Z;7QL_z<2!~9G+HhTXwg{Rjqlj9_{1mJ>4Pv(NWXYRB|?kh}|>7N#~)O zHrnBnD_hZzGf#(&kjH4J5gnhRPV0}VT|6g8oyrgBW}ZZ1fI@irgv9;CW0qod-<9!| z$o-PdhxsZ5fE!=N%%72^%XzgJhSwLQHxx}QUA&=q*h5MR0#V|~Z9fY}q~^Qzz)=!p zDIL6;S9;J7O{Wg!+Qs188uyQxSC*r&nf;ZPg@mu1C1v#hZO5Qw;BdIp2eT=dC@fU! zb;gcy0@P$J|1DpoLZhu+&8j=gY*qq9sO8HYtmLj1^eT=n6cqkv@|KTX0~?Pe7MEqz zuA9m6w*8KV*7wLL8HDi1IW;Dy@oC^_^7VO^fa3Ly3l2+Rw0NK3V;Evg+H(KY*m-N3 z{~wFMO67Qn9d3jc5P5V>X3mHi}k%7B{sE3<%YQT)ThIV zROu~`;J$Y)VBIS$UcH*~pHb$ByR6*w{Ww zoKSy305Eppl*@Tdzx(jK2sB3&laDAN>GM2{C8kq696KcGk-EG;yVo3bS<)Ul)Q6n{+n^?mKtJZgBpe)IMkeE?mhoQ~`I z_Eo{o-iE>$$87&@_pHGpUh5qu;CajZY>Gd9?-_cfeaC-siKE_j1(}+`^siIO{SSr4 zx=hQ%n!VsLELH^8E6@2l=fRiPyQe35TR2qC17QGIiwbJU&*0`2KBwY@FAopY%ctwE zJ`RG2hQ4YWqQhxbYIjFy*m5fC=!ICPu{Sl=I?P$DlAfDc6gE_}CxfL%C%P9Ie8d%Vgdan@l)FJ^m}HT?V0EY0S~+K;sqNM1yi~slyu={(^~L7 zLs&)9QFx{DF|wXconLi=Qf!Tz+qlulo_^y+RvWIEDlPD4b_B_%H^!b|x_dQ8Y^e8E zCMlc#d*JRpWdyZVbA6UAaI z6~e5!$uz`=#aEauyoMZ9^d5c%cism4*iSD@QB z)qGq?8kx+0EMK>uJ;H8NM56zzPxD1y{a9ZkhUA+~GZ$ik(gu-EIbo&IkCAF5{;T{^ zYc-{v^qDGdTH%{!3jXE}bfI+sSHjnw_-B28yS1Ua&vu5*f!!g9hknNuS|Gu(8>Wul z4s9ye!Fc#(UUA=rmyVr&VJZ>+ot+oK*uBIx-_Iqngi5}8Gqo4`Sd~hs$kGY_46my) z!9A%sB0~SmURW_D{wt{C(S?NH0z_hYO+hnlguwyd zayTKq?q^;`#wH%u-Q}A8hj5g1p;W=vU_jwAM1xB^D|Wa}m36%IGIwl0z9ZAY)E2+6 zoULtrLb5R`B9xcoAT97=#FU+b3lKBp1SX*nK)d_K>Z2$$C4wF;PXvoFyoh4=cDYCG z%jSdq0=5noWN2oY`dZ&>oVB!LYY)SN|#s7LRz( zNUEHGG?c|^%hTp8cCHrmFVI)NF=Mro2kB~<3hT?m#QQ9y2CL(8BFO$NhL8Q8{XbEL zNMNjrXL|fX2d}jVAtE#U0M_BKwo9f)sE9CTaKiue0PH=>6TL(!u>_rj4mYBcu=1<` zH+;BgJuJ8xxH?B8m)bl6@MEGs`WbjEOmRvb25V$-M_gLLN-~6-G$=xLQuSCz|DW7~ zZEa}EFk_<&HhrztlBj8>Ejd*CxEae`0r2A4m6;l2L3BGgq+xKU+^xOx501{?j80=s z$o`bjMXy~O@*qTSv^e5-nXcV*N!ZNw8=S#yI)p?(MHawJYNy+jw1D|r1-BDN$d(_v zvB7+hmNc{gcaATn{hV%PQFSDBrW2lGRr|M>;K8JzwSe!>l?xSqAn6;M88KK;j$~L( z^D)8}adZlj5^S0o2aLZc>Ro2eV;>hG5~xU@PMxzu97JK)iJ_QXjGA82an&~oey>MN zw|UrwiR6CYPrF^f>}aq82ns4R{VsJ>{3MuAtW$ofa~Wtqe%P?UaPX+6XzZ06figZW zL_!Ci>D?dDl)^_kJYlM;I;62@BGyoU!eH*}D>!9+JOVeWkb%CCm`zm!_Q8#Pn}~S4 zfoF|~vFXfE4PB8o>_LGMi=&WQ)&Mo#Rs#xM8;<@sVkscC^l>VyEbClC!dLKUzVcWF za}+h+vY<)*P$;a6X(TGzH`;q7s&dElTRsz0bcDH`kbL5xHqTW}2;C_`LrzV7d?YG+ zK|*w+9r6&-g%Z;b?}VZN&m>PLw}L?)o>dXAqpArhGF47BWf-k{!)hial@W|1!b|Q6cA4XxDdS%*lv1fiOZw^h#FNjDqbN`jssSN(#RDkhO z@)B4aC|n_XLr5| zq?Xf}z*)p@-`<4n`Vfs;_fd}F4AB_khMl&xX2&g3^4{STJa8XovB4}UEh^v^?#6ZG zO}vkRNeLRD>)9#PC!XtP1h7!CGP59(@vup?cSZJ3_58t8JB@oqF5&%>V09)oNcLrm8{3}=oee@KXO6*Mah?5Q0{I}xg z-*EwHW#Iq7co!@6EQjSd^B0-KKjlbVhqB@1c~9lYP5(pBgsH-s51Qs9q`?0*)&~aiPNXXTL+r6;MzbvX zTAu;`G!cOeW&FuwdOG77MG1o3amByZkz4%1ujbJGXS;=Pugib6Ab$d*Z>D4P|J5*n eL4E0l_>^p;+V4f%JpKv%laWvquNF1>{{H}Gx%-g- literal 0 HcmV?d00001 diff --git a/wikipiki/exceptions02.png b/wikipiki/exceptions02.png new file mode 100644 index 0000000000000000000000000000000000000000..c6c56869dce078f4fd5d76d6366df576fffbb6d4 GIT binary patch literal 87107 zcmd421Cu7f(gr#^wryj_-mz`lw%)OJY}?wgZN9@D+qP}pJ?A_3{)U?o71dE4U7ej( zm6iF_(-DgD5(u!kupl5H2vU-w${--1lpr8Kf}tV*wSeB8^Z%=093{0}KtSNo{!@N{ zWM*T7fWRtPiHImFS~>t6Tr3?NiKRqDh#j3B%&lzAKtMd!a#So-RZcPap0^%^Wx{_a z%Qz@wKoctqNBu@mp!`V!gDf3RQm~4l)Q=)2297tH9}X59`#Ty#i4Hyzb_MEyq%bz9 zC_M7-`>uD9%~IF%(d1Y2GXHVaeNN*vR39{aswArt`)~MiVM3Ihppn7h-2(=}09bNI z5M<~^Qxca?vL7HXe!RT2qHm`j4xwSx3bA;UF*K*NJDDTRm7fPj00 z7><&Wd4L3GfS`-tY4G0C)*v7M{Aa0*2HtjZF0lX|XnH3o4GjiD>M1EKT67L0P@_yi zh5^qE9F_n!q@DW-5Rm)?jDKHy|LHM>STi-n5!-@jK!4T?`AuqUy#IALUFj$Y0&wZNxDJ_X2cbE!lp5DG~k?`yn>^;XVvGf`!Qk2ZWJ@VNHMII~&qe1qxG#PSz3pG-O;5Bw*`P zvJ6dfL}VCHYeVF7M0zuV&h4k}3V;C@8ihtPB3TRnVH~MR77LA)5%NOPFA0tsMNT{x zj;=&1lfW*?tQ@IItR_it$L9>n6{aiRk-#$w!V>rq+9ko99MGV|w*cQP(q6`i8!TQ3 zH)9H5&Wyv%&zf;=!sUzRC^(*}v_x8q;};oW>N~-PVjZ+)Vi*Pr*Z-n}NirF)C#{07 z9LB9vuLA3gcr=-=cLzre5bJ~C0CyKAHX;;~)RfhfUy&>$#wTY(S%cw(0Si_dpdw8w zlWC&tKzSX+HfCWC)0CtmTSARPV?_227a8OvM~x6+p=yr@m8$=vI)^$ZK4-5?c1l;C z#U_bMmNd3zYSRG4l}txWI~sD3a{xSGJ-|C4xzmBoF&1?C^P;jxt^C(o8s`xCknIrC zES*J2tteA@v#dZBg*{GNxVoT4xmGEx42{h-lWQ^vQ%a_|x-exP*AmO}*{b#g(1Eg< zLMWd$qcJyrDshr_0`}kzj}VFxG!kw>jgy59g>8Z3j$NBBTY@tmg)^ec#L0Y~ew=}n z;h?7Zv*o7`M#5j%6zLSo6uh5|s^t|W6YWHg6s&VD|D!w)1YOE^z7xTcmQjc{)!w%PhxP$63o++pUJ$9@=y*Wi4%H zQVj>%C0bW4UG^c`Tw2ANYT9~@;?+6T6ic1eouw$H?eatM$=2Z5TfbY;l z>M5gz<}~v33hRCg+BnUiRgOy5yo3doMY~JTeRx!aOyD>}8b3o8-tgvV_klFv(MfOD zYwj^8t1)ZfvTVKfisQ=aDr_Tff-R3GSBuqU1~@9RqjWec0GF4-WV2o6ry!ybV9|U` z#%RKrpi#YC*IMje@oaRB#s9?boVU-v&&#>RvZZA(!P(b3+B&WPbjURb*%t99`!@ad z`kny(v`X-txx|LQs1v*9Zu zx<3i!?<9Z9c_m&Xbg_Gq53v^09kvHkmB)9?Gy6L4`x12kbvLo4I8;W1oH=HO@My?-@yLnA2#Q3YOsePzULdumwF1Cj9S~xMsJ}xc>EX< zku~V+SZNskE7Thvhj?KQe|s}FlAFpa2ir}j&F9QdkGAM@br4f4(vH#)?GaYjnh>_t zn=T)p#MT+pCaKpugIYw|i+Xw6y39()rY3m=RR5?xsJ^LkT+MAZ8!f-s&tBnqcRjIP zEUxQxJ%93#^{lJ?P?K9UUo?A{dT)FdsEMdJeMx<{)2o)ZbGjS>n*;lVB13FhZeLg= znB!Abj$5KVmp~jL>iNpKcBe<+Kv0Xx9^NB!6!knfeTLb7CPd&~bBp$_+J%}YawD)H zV6+y_yvr2NQptSRG1lo&nBbpXI@|L4kXR=|%4Xx$@|3<;9kW_H4V+K1xSNj7Ny+i` zV|d*#TrX_#J~o-!wnlQe?m!0Y&WU|T9rJYYOzGaW0qz>s579K*G%{i&`S-IM63>t!LDOFek8wyM5OEoC zz6!s_Yp^gG{azN&m#1daXA9Eq(vo`Ze2PEM z`p$7`*M|p&346voSef-7)ZZ`r-8b9`u8X#j6b^id{i(k#U+W)LW=h|aaFUX~!NJn+ zKTKHZ*Z;+v#3qu;av&gH6d)kKgFrxDzyH;zARw+xARuRkARyf7ARt%{i3UUBAU~w+ zr9_2PJ=QLAT+{JKZtJ#lGY(D67jopO%u~&@8qCbYGjK#=_kWX|{4zI}p&UzuNVR2_ z!DJ zPrmJgk=r)yJ1uQ(+2}B%PLtFBPd-Kxf{{y9jQ>yWws+IhNtu}cPYBTdCrL>JXkf?# z=)n>Hl`(%pF;;L)aKodF^z;t}6Ul!oThr{Oljr0P=Nn3&8(nxHTQW4XwGu6E?Y__q z8?)(UE_x$

K7dCX+(^I8n+(ZWuZF)$57CwSz$4a z7L7gXOg?`@WXGF#Z}Gm_2a?d?II8~3?Yo_ph4WMtD{< zFb9XGKkB@{jWTuCusNNX8tC#GSXch5b&ZrFF-%ZRDlXy`qhMqN3HL(i?)kvd)o{Ei zojjHB;!P*tOMLxmm8NOH(f!`jDK#dodSzgrpyAH*>&+WGc@#pYnm93XXz23!P;JoS zQQuFz7oVTP>Wb(v0EE1eAj(ch%k`H-Uk9aB?o2XB5N~H(bvNjCrb>rY5W{mYE4YDa-n{(KMSu1+`ldGHwcTB zck}ze?0xZJ%&bF2!HJ!`Q9gcF(mNI(1vQ03%t8(S1ru=fy!TlCLkcHfvwDRN7Tm1# z&BsFxEI68MP^@e`Rt!=^-SJno|6b2FInS8NF!^Jb$eB*)*q%6!zPu+cPdyRGa*-Nm1Yh zM`07MD9*DxJ-()9MaMw=em-3qt`=~hYk;qU-AOTP)BJLbzY9gQz5T?_BNEZ@k1A#V z9ngjw^=keq?Z(k+;-p&d`>8Js70m2-CPwZ}%&{6Pk>V60yn3~XZ+B0|G;;tQ3O`OV zuvb*y6P*Lmd~)lHvtw(jqsFQalybAD98;1f2g=PpZ7#fl%4gJx&(#{hGTc5}{DE1O zpKOVH*{s?uOQkN^^84q*d4es=g9?kFemO5hQgT7x;+p}dtW`zwZTtr2AX$DbhAi)o zpjej{H3Sn##O`9TR2Y%aQ-y83AaiTSne)Zj}Ki8LjzAj;-rqY8gR?x?tMT7uGH~gF7A}=3)b1G;V z{GPlv9QONBL$n~!_3IgKN1A&kMYrz?F{zoc5fNk0qAhDyTwMuq7V3uc?0auVNjU0L zBaB_+v9Xr+FZ+!jbkePA{CKfFtt=nrn6 zH3}ri3)C+66rQgN_8x6+re7n)!~$*n-z@w*Tf*24Y7c^1kLud1AbOECg<0Dl{#Ld< zf8Da7GaR?ZO$ZVBGZb~bYc};_R_#Xjz7hJluUks@d?g=my(I?G>-+E%r5>D4eBAuF zvzyz-k&0KWLZH*>it<_<9)+vfEr1K%Ik7EP!y>0ZBqdvyzx=AM$`D98?%|h|NsAKhe2;}4A{+mM*m$h(=> zP~RO-pQ=QX@%bEr>S}6Ag!5w$>Xp4b*je-BeO*hl6_|^**ObBoPzt?FBb4GsEDv(zwu%~Pd9uN&)Yv6DJKqSU#sp)9MmR+6S4_KH4(pp+# z=Owgd>od}Q3`Pcp?swU{x~rq6+#6*JB6QYU9yei?hZuebJ2~3PQ zRGBV!RA1y;n{8$`|>o!3akQRQ49C(g-?O zE8);cWD^v#sy$K523g}j-obPIop4EVNw?naODD9G1>X|D@GqR1Uqj#9oK&f+^?7{v z@cR#${<9OJR}Kxd=y`K#s|VEB820TJ8qcYqo+hQ(i~rjZ{o*-6-0`H2w}uQD@#KRq zgjzbGPaV;?A1Up(Jk#AIbaZe)HwLM@ysR0tpPXXmhvUw~aL^%TJFh4-+zJc(ChyP?%a1P6>y^UK;I&0A$BR$w;RjM(JMlUnvfY5{fVW$vEr!11_@Bot@v}Q}Cnou(2~E4LE1m_~I?g%Pp}jy=X7(Va8@) zu2Mx3^SjG~TAt+NAsQBAH*v(B#R-cfN_GKofJqSW22!XkVqU_o&>x^|i%9m2+I7Nv z5$kpk!X76NfW1c*IouOXtB%@m+y zY}1T#N2&q;hmJY^jd6nartIhnz8gLw4`LWt)?8(JQ-Lvcx#`Gi{DvL+8kr3af)x`0*8gnx7O2cJ;gGRa)GAso7y! zBE-CSX8MOoS*EzIEL+gqp>sc1(%6)2k-t9T{B&mD&X=cXa9Dv=sW=6O7WNT|A0_2B zm{k3oQcoC#K_?7`z0Z=Sc-(bdhchJ6r6q~)D9!^CqtRDjdl%2oFacSdsbD1~TdkHf z1uVv47rKu|EoX7c9ZDO+nYIiS!!1NN4^kGw^e>$$`3 zU&c*>WVk>#ulx6(QJ84BD{!a&SgC0GSwiw?&>xAF=G{{rpspM(KrVaRaf-N zXPFSx{*mc~PUn-@q!q?uw?=NPx1&yQ05936 z(i7F~g{Yw)KhV+~MZ>F$Sr%sOML|jV&D2q2Qcs=jK7|g@8##s(B@RP8i$ezOHQ=lM zHexvZ7h>c<3qE^0dLu}4P92tG@T=xw(b#}5qa&0!k7;Kv(AoRHAeN*snr>%uX57!= znXda!q_}TOSuKyyW#98>2`t}m&$XR%`XB6`vy@l7(h~XKvC#@BGWlGtNNf*XZ0m=R z!UHrwo$M$kKE_Frj`8tn30bweH`(%%bFcPnJ zU5gX;xS=OJbvL!T&Ka}qDc}xQ3uI1|Y)_euy)(`U-17P)N=tY{*%1W3pjh0U_^R>V zezEv{y};557cb@wE97WME9In*JLFILtJ{>$8j(-bK!hTJti;o zCUjC{W@f@`rOJ(Eq<>UPMlhXNRunXK1YPYBh6Wrok$JN7+9RdLTQ=OOIJ!0|>uU*# zgb~sF%u4VDTGdwPpID-GkOtUNP%`I42P<+{M$uH+i=m+kFC!N?JxIYHpIZE23MtTv7>gFIbSPXU3zw3npqUE*?(UCn zk+FHOgL7x{rIL8kXu2ZFO^#6Wto=sG5S4dEk31@=xPV6JQJiZWu&k{roh&5_4yaj` zB1#rZF4+Ccc`6+64I7hW6 zou)H{LOQRjG?h@n0gt0PCgi1#X;l!|QbQ>XS9z+aOHNUmfVwoc3shrsJq?x!-B;~e z;PeWY9HV4k6N0vnl!X)ix(ScIPDygNcMsOyul9GNph!OS+2nxNDxKSVWJr&3Rd+mBvk z*jyz(B%tC9TUb~LRP5>_GXUixZKpUefQl*2Syr|Os^e&6 z|10auukXi=mp2r`jH*DUmot-4{`+Tk*Q*Fi-}a)A4PIL}zfUL<@RH9=OGw3+N`Jm| z_u2}=(U`}pRbp9bq=xMKLlm|zi3LZXfG?n-jgjYu%U=)f&$`S9QI9? zF2nWDqZO~{8m*Xu^_If5Y8(>r1}+Z{{sT#1#h_>Pf=B;d_CgtG@bv6EASar_{^!fGvT1Q!2T-^AHR_6Z$Y?8h~gDWb`|K(Bt!)qY^-U3}F8Xo>%Fvx0x z9shsW&i`rm->&{YyyyQ^1Nyb_HuNOne$;Q7;q)EUVY~Sv_A5NgpB9Kw%dZluO z6ThAxF7x8AX@I(;)RECIKSYU5A;h>&x7}BAh}NdEpI*O?VOCP-`P1UR;4WgJCycg% z!`~XeD21T`3RsKmt^jM)254y2gb%ibg}Ie-(l162Dq&%D9%@GVea+6uc#PoMq`!qg zbbK3;Z>ml;Nyw`s%C(MBs= zCcy%yCzCt@_Gn}v^0)s(88Re6OiYvaBO1PScTwy>(ITK?FE4W;Vh{f(V{R5+XIU1m-&Gj->>?)gA9u&sgfSZokI?~mbq9~iN9xFM7I zhT7sVgW0VyKK&50tpJe0A+4wSPZ@mOLFU=fk5tNhiIotc6s?VW%9{!iM#)U)cY&k5yNDHayW@AzCv*NNA8x|XIUrFsj5>+bG|7XNx) z3>@p{+MU|#OVLYTMv{UT9U5wyq5_ro+NIv!b^cNPrS4Zu1FTjuh|6kZ7V9B-{*2aG z*t`z~Zc0=NJgl29Dx&+5(ys}|?-xu5AKox6+Q{2axI#+MpjZ=$RfE+4Qd(+fo^gG@ zphfnd-|W{c!aEMsCJI{P0wp4e(V`Tr+xmTPh3d&$ZhFcmKMkhy3^qkeKl18%8o-;w zH102m^!GN+c*@*lB)|7gitd8C<&)K#>bMawVG_f>e1}?H>wl? zY7$Cb_T@IX9Y(~#fph>iy%CV$LSh`q%#xflEotRx=ir(mFiGVZAPW;4!Xh#sN$LLG zJR2Ku=iu2>O3AB>RZnC-h{S-PqgilS(Ur{OJC_0%s0hQx+!pQhp`Y;CcAwxE@V%`( z+Oy^+{`mq?GYvMQ6bJQh1!_UVtBGBINs2>*sV#!-T1X8*x9Cx$5|hxdG*sn>3%<{S zHNX+M(kR5R%&=qh5+(Bo(nXL_2>3#Oz$hD<%FfTg!?eG@;bxjUO6MQ{vBANHCMnVk z92QDIsR(t_6&KPfq#g|os5lQe?8?_a%Y-D&@60TLxS|3zvMR8`P7DTo_?0fI1r$D{ zQ|!Nd%HR9&IiFHI+dC0ny96M!@Np=L&4X?)yCUdu1|n)HDzL>XoVZ};?YB+QMg|&LmQ|qWqGDQBM51)H)L3DM%EtZ67@iO6t?U14 z(#@4)wpIozq+Xcqt!l8)%Yy2`eO-BMLtVr>MG_8*@>xu;?1(OvV3O*}j%a7x`K@c#J`~Br0nVwDG@&X%Th(qtS zo{KBv925=yiE!F(+w}VQyBnXHjyC^i(Lx!}zz(!{DMe#(MsI8IT07*r&$}_-<@XT5 z!lOQC{mQK2a{*X5-qxW&IvQdcYGsF%V580Vx|M$K()|a^k6?j3oV3B7hz&k8vYCCo+%90&%oI+KxP0vn9tAN>5;v~L3tQkN+Ag}9| z!(l>uYAMisF7%OV>C9~TV+fx`TkCF*r>oP0NZc8cE5ayTAD3(lcBIAUuZqKjS%0A( zK)hs*vpUF(wPhYte{7<3`>1izJH7!j9_>;vRqcr}YaFiD@9&=7yJEx0EEPVvmdWvj zyXS5a#Dqat)RSXKrkxlY&xh^ji3#RadHzEmVJy1CPX25d3Qd7!Vsx=R6r;ai`e2tT zDcuh;XTW9Y1bs6r8!cwLAJMg63#Pvhht;m1n}a40(E)o_Eo5PY+V=ZKWlO&o6tmxUr@!;m^m{;9BNN zdqZN~4?oPWT|0BS^-xZdG`|R=(Oj=ozc=n_->&RMyto9ecBCAhmb%@1>9(dQ4FOI0 z{s6vYwpXdKONpwYOf7%EB+g@cbBQ2f`(C;MdTue=t;6!xUent|Fi9;f(~;1phtewI z*s9%DM*l%9gPOxK#%RCK#Ck95SMx1YH&vpe>f=9k2J_K?`<(hEE zH-qN}b&j`$J}~76DFRWj{ zE$8|q;mBwxnva<~swCCC!g2bFG!q6)qYVeomQ!~SrZ4cyRps3Oa9P51 zKA2(Py#-aMDA*y3?Rle6ITiK1-WIarG@5MXu;Ccw19-pVJFP5v)f2(}46LCU>;~JOS zd>N+wpAaOFuKsLXl9w7l#;mu_64KV66}P?^YB7_1I!nd@3MIKEI2eyYjs=XrhA&^{ zhi4eY&ko5YsbN(wbcgS!{YJ6QIrpWq1pRGj@_d@YwKXugoYdVIzk_SfRIpL>#m1A=itnlO zd~OJ9eOsa@-_NCRIO2ba5z~yk?6tRgd`1=HS5y^OP(*fpu(6orun}lYNA>!rO)uN! zOS{glp$==Iu~O@F2X2}{Ok}plyFzdS#fzOCzeae!pN{EP)q-i=(KC!tuLcf34j(go zT6XZHJB4wWh;dxMN&TMRN_~19;n+oI1vr1$xPL>Mx>(Li@ILqBAJuHgM6t(^Xpz{y zKiF+)ImI^sd1$Os#{N!H&aKI~e`lpRgEFK>%0oWuFXg#rr82!YHXq3KW~=@PT^QIn z);BB1{;P1+o3$?9=K0*bivI2kSkO>X)C?1N;h0s{o5=k;rC;j_Du$wJn?7`XOl0&x z!FjXOjK#$E7x*;C;4Ch8G#ln%EUZaE4$m@(BfNZv? zR#uMBY`H&+mLA@8!|QF^gP$8H2*Tv>y`{OHDz`YBCfq5t7-70ToL;Fu#b5uzAo86b zP1d&WneH(^Hgp2sc2|5_sgw@yvz`5%)1*mF}dAnmMog)~1c+O+z=KWoXs@Y%r zkx-TW$_|A96E(B?b*Q0=Cf&9eX#^g~7D4h8&rO5m2ZmU&tyW!vu{)Ku1?_vQ!%(=S zV5*Mh?JnY6O=m)931yx2EY?MZQbLnC;$@8})YG(A5SBZwuFF0BhUeEW)G9qdB!~Lc zirAA}tK)Jqb}D`LNG>js^3414??I**hbQ$ym|yDZ!<_dViVL%mXV=EtM-FwA;woK^ zkOr+(F3)k-N7>2pJwE;z2*HId*GEaMQ8=$Vn;&-#bW2_LIOllUTy5rDw11V`_v@kB z+;wsFrHYC>5(9y1nk*yEV=sQ>hIdWm$_3zN1s=PP|{^>)0#paqaid$_70t z?wA0le&F+66r4Ef)r{jaOGd-*K-ir7+TMWeEiR1dF9*%8MwHbv^Z8{NEd$IEJ%Qd# zl=_?r-&?e^Q2oF2y&bV--7@K&J@~zU9_BcL_Ov5t?R#^!w^&jmW6m{o=0fX6Pq@j0 z`@aIMak)*ug~L-F;cyYum&Vo!GK?*U4JWlO2jsW_=xiGc#2v(S)o4U!V8C&I4)F zw*-=x5?wz|Cl^KKIx-D5ToKx_PmxqqCnrKYLqt_4FHzLe859vS8!t_kV; z_6GMaZw)fm6sIVTO(_eK)v_WT94?U^5uEZ1_f8XbLYxc;<>&()Lx!IL9PNGNBg1ocUkJ86QXH*NR|O~gPA zx;iqap>OP_!+^Bmi^mx|Nlwm}*EsS><}|vx;nk0gS}oqn`UkqK`h?tW)Wh%Vrdl?J zXZXGGDF8le%R6q-S>USsnxVu@d`8y~q;@g3*HwV1s}+BFb@}$*+n(}YMEvMS1UsYE zoz!YhXt)!S<~V-{R<_ENrGQwb>%82(;bTr`vz;lE(wdraeM#!|_mJ1?+$>t&W!4OT zchVg(-uJfoV=ojA8=Yzv5Ez4k?)Uj)y2|SK!^Yu|N&~6X>rvL+zMR7UEhL+jG-6{c z&E>vHNR(zc0;S;FYXp2ojlgP#t)wz+B?*AIjEHUt8J_8DTP3^O(pi#_nmrotQfru5 zoe6e$If_ZkVKY5QtYf?49i~Tt)0I-CuO_&6aG%cqGp$Diip6scd-%XKi4adp$A+hZ z72ZaRt9n$k$|>7_{7_ap!s2DfVs85=zoQWV)s6D|1T^${()1>y z2wT9B$*CjY&#!Pf84`Y$;K2g`>U3KqTp?1Ovp_ypLkC?V^L_(#EBL@uC~Pc>368pU z-&U%%TeB863wQ3*UlY}(RF!$A-?vUPtA~bnk7MSBtS)(`U)DLSY1 z;!<6$RMB)9{DTSmzqdFy*;CIa!DTcS$0SeuQjLqmpsv{J-}OS0*FeSE_QTm%MwP^ApXaYs=^F_pvs6qX)~UelnWnLuaDpgql5qJG`CQN zY<+5|b4z%}Lm@2UyMW12czDdj!v4de7P-@0u$NUFFu&4l@!A#K4b*MnR{X=6Q(gC=U%Ka%?6m^BP|x!RT%)NoySf{#A>9}`_;gE>@}m?DZUi!Ti8u-6 z%6eGRZPm$Yok+@Eo#5^p9t?TOa@yiVC9(t(gSW-ohS(eN6c@KJqGDo+iL+tQQE>x$ z5R$$nj+3ikQj;e@E-ZP90svlE_Y6-RoerI5^+*~OMC4GY9LjHD%iz2>vPl5NAhU-c z=4_Y-b1!LTf-kxCd5-8xT>X*Y54|lx7Me)#Av{e@^r0B{96534pG6FL!{Eia1S#bk zZp&JKC@GjO0%^Ha7>e?nQa^cQB5<8K(sF0xnl5~%viNgn_Ac><0_AQSF2`}Y+=(;8 z{5@Is(W;@z=|~uaKPc!{^%Vfxq={!DmarJE>nkcXsA!e5j!hX;>6VZPQxrlPubpI1 zPac%HT+lj)^03@}I_+t|rCC{p`n|_cr=^%QXL~=&u}><;+ZXCHMEs-C;g~8b88g$j z+a8{QJHBFU@oCfw3f|m@7ii%^Rfkw~I3%#l}4gW=H^&0z!P6hN!IhzcK6>t(@k zik!Iz)g=8c_L;o;l?@^w8yUJfYR_(+%X*xWsv>H*1e)9z%iz+U;yF-e^rGVEe#krB zYyZ_$hs5aLpDRES%gYncFu39lLWgq>%nNs?%bfW!c{#JekR&df6UDniVaLIe#8m7k zm8Fg%n2M65_&f=DW4g=9>KEaG`ZSGsDHxll5XYOz;suEM!gh;%yUw+$&wL)XKuR1r2z4BT_2s>Ks^}5i(4c z<+jC(SL6<&4E25l-pSG?TC4=SDDc=zaewwdX{GYj>fCgAOc=QHV8B>USxrf?;$#ah zZ;X7DXiNt~kW&)nly%wM3O;3uCl z%C>FfLE?PKsEJ}sj6YyjD}Emb7c(lV`Ak7478WLe$U$j&(0rS-vn~@As?6WAx$cF_ zocc8;V89T>vk^!o%1?AHt2LF8@ZP~?EE{A@+vw;k#obt zu5Fm^6*o9y!F7e*c6^R<^~Uv8w|m$vHbC)okJt*3>4$@23qHb0L3r6*nD6lfx2BLLcB^gM*Vu zbtmdUK<6PDn1Y^?O!axSkdQ^qWM*Ri0ssfp%HoVmX+>aRv7{B%&_?p zq@;~5X6S4a2`!_^$y!tEomaKh(UPlae<`r)bBzTOAJRCQ(XTEHn>`hY)@aKjfeRZc~uO~$!s_<5al8ya0aBrmRI|X^~ zp8JbjT@5sexAQf}g$c9NWhbDPRYmF=;Z5tz(SkKmDv7h~7-|~OuHt9}gfpjT_n6T; ze`s9KBjZ8aArf~>+iSv$qt0&H)c%yAM9apK{wycDOGH3VRo~NB65eVS2%O@x)c%*B zRh1g`1|MmhvU-5hFyv^Xh$+kNY;8Iy2@5lKP_K98#w`>4(ObN21{lXkb3G#HrY4-( zl&9c}>R*5wV5H@La zL)WwMbiNrgRD=rsm|X=yFfd2q1(hE1SU+ai;pHUeRRv3n>S6pX(QEQQ$XEZ7gLmh> zzgGk~!7*u0Oe69q=X{8d?`9Yok0&*bZin463RJERBv4o?N>k-%Q|rfS$s)jqqpyPW z&YETS?o9?u6O0mO0{10qYKymU#iQXn3`81MoTMQATCVZ8u?h+~`7)h<@)L zSr&)Ablqyk7+&??*31fF=b&G`g|?eve((!KycS8yod6dMbjNfUefrls0dH}gxi%#w zd&+$?YE8Yjp|;rZOqR&?=jux8x>Dn*!Yqtl;flO30IYiE8v9$ZVD8&;f)_r&4ZFiC zt-09gA`%+U=xI682Wto7Ua66pW;9gCP8VJP7)?5W7KcAJ<dC_B>^JP8R{M+uajW^D@`%+QTuy&V`)HJ4zP0dV^t7da(zPF;ZjQ@C2%Fu4Mk zAHW9e(=br*J|P|e?ZFY&aDuXs&_g1lnL3s&QpD9ruhd~B3CB}x1j#PwS`H>))*;CTD5oyDNa!#_$* z^YJx$R+Zq8TZ`1E$4OdmiE00NSDPseFf6*L`x9B_AK}!}nQfuU+)0WqO*bLbUksXt zi>&RqUuqCwP!`Re=Rdi|rBMh;tMAf&6bSrksS!a8gBDqniRoQsWzG zYm*{XrllI4KUw9vAge8W#;^EiiyE>91%ndAQ-wzj*4Hyb7+;5OMBNlo9fEKtjoTBh z)9xDg;FcOt%$f?Li6N_*h8T!2eAzCN#I-~|OEAVg_x-8;`@D^jz|W$#y5;rK0xL`D znL)~-L}DJP?gM#yf*Dpx-eR4VQ~drSg=q6-9fiC83cKhDfhf(0zCP}j5G<^gyFoYs z5`m^jE&rGJj-6B~;EXrrxs%F$;lxvC#CugXueS$(^o^DvIjp!N{W96Uo}Bq}8dGjuu6NQbD3lux*!8#l zGV9CVl=k146?KM>vuHhyts$E(jH}oC+sYh;(dZwf)~7CNE889u>dD19c6{$ep5$@* zU44P^I>wSs&5lPoNK7#MbhM!)yWmK&;@f(^W^!!?&@gQNdw{>WH( z_=THVWudb!C>{z^5#{E{MwwSh0G{NI&?lbW9ksV7orx{our}4NXGX1pKhqUANno|{ zes7>$Zw%?L$CkH?6ivM8l|IYKI}j2R@&30n{C-9uw+T~>Se45f1N2xU|L6VH{YgQuQMQ+ zb=pWW8C`be12boiEtoaVDr0@6?Gf!r_3^O$T=+MK?UM9S^-trsbhavS1lpD~lr&#< zn$L>xRyLO-y=PYD1JU+}7OBvhBH9+TjmxBN(oO4r6bvC{Wn9kh10Q8C`c(pjP;sTY z5z$0^qVY$8_T*^&G)tbQbS??w^u(FI5rfp*llDs=CU2xy&MlxT8E}>77=yoDdDbLJ z(o%o20XW}g<3aAFMp2AN#bQYPWaw-K`q%pXKWb`X4453Im z%bl$FjFFXf+~e2n>jyJC&^M=Iqd?up(pjBjPKY3Zd{4D2*b?ZWO8D|<8#pE1zz|;R zYxFo+LIG6z14&x&5svTP36BbcXkYfvT~_9gy-3MO+YS@*W}963{ogz|-iJS;>rsS0 zqa@87Rk7|lF82yi=EG;sSG3fE64}y!jpaXV@5X%a;G@A8QEe1eo+N;^zZW?1zCPr6 zI0{h{*dbDG0>D0t2qZ;9lUiTFa@)?Cm5oJUBA{Vf2*S9!gjmFu|1 za5!?|O37KjlLTD0@1UzWn4F%s7Kx!v8}gDN8RsYdAJ*Qnv63g+9-f(GV%t2i zZQGjIw(W^++qP{d6DJefw)H>ryZ3&A=h?4LS65f9RBBR5E@6N=#zwgA{g~q6u!{+?C3J#iUB(<{zu{$u)^F2ew zv(6a4Xwm5>j#;?v;CqjL>o@Mqij(d+1Dk@bIRbv8(o2>qnhHHS%m70)h2(U`iseX; zsNdWV(&Y`NqQPnU+h<17Dr|z$x9|#G6U?H2vYaf_79rbY0xEyeNgw%UF9I6t4ynu*ljATKKnt}-$Jjw9s^ns2A3 zg*%+MFWlf_TDzy)pSz-ekRt8R#|9CjO_!hi27gL@>w#Z`+a-LB!`2Uw9=1S+6z#Dn zrM);=^!Y^?h)JXIRwLfj2bia-@Lnt=*+vw%9Om|isoohcH;J9*9GQa~-L6rP387=F z7RK9hdGt_bHQyO1?o(74_r^v_-Hst`GJPOblX`}zo<0*} zg~?hS+8*M@0x>8pYA3OvK*(YUZJtKn->WAJhuLR@`X!h_M=z+oPHO)AQeL&U|NC=k zhL0no!-jUdCWdFc9u&HJ3bguptVwz-bWomUhULCipW98BW}5ejd2J76RnwsDa2DI` zI1Vk_W7m~C6;smG6GF+RBQBF1eYak!E%zKZyY0x7-4KVI;ol#cLELFq^}{WSxw`w! zL?g#L$kSJA#MUQ0jQZDV*g<*6^j;gE&!2#bUrqykzs*&zdsir>ay;VTH+(pQ0w9kz zdga9+pJ>zu3ianPu#P*Gth{1uFwJ^@*PVF1-y`A7`v_}@+m*nU!8Bj(wa8f&cGU-5 z`uPs>EQKYN6%3P-GIVAeLQieQ{2c0eDqGt z^k*7)zR~Jxe(QZVHoGT3>*JE{&e4TZ+r_KY33hq@DQ94zSw0Zv{ z))n=*n|6H}qE3=$hImH&v$8`t#Yxd59BYJsLEHXQuDazK{IP) zZJIez>O&KhHey%trmK1PVl#ceA=<^_nl(nRtJ@(L6ccCEFr|X6!hMdbRm&0<4Khgi zsVx)5+}3p*pLBgqPo0im$yym7y>td1fm(AP7u8+0sP3)foRKeEd`LA(6Sa|RA&&!!mW+<7XiFkX%!`U<2rBruab{x zQ)ohDv|mjF^dzFc6xy)`x^>?h@_P5NxkcgFg%A?}Cr@8EQ2n~;C5}etG^2x`Jv1z8 zkoN4ETbsG1agVJR2}{PS)PL!suSRMaR|Swar?4d*Vnocy{i9?tx2roFtp}_n7RAFjcml~oj0)CT`&fmGHUqgsM6eFROIyb%1UZ79-k(KV;|$Ae z36`EZP$Xop{+_Y3K5+G~v``4RzU!`{)$#>Y{LD=|ixr`ZQSa7@-}EWWyUN|%;rEh( za3ZN(4|5xfJSlKbaZp;P$~;+W!I{=uSiI%bVeB4`7N4ujAlACg#X%d8$u1wq;y3IXDqa^KZSZe1CyvRYUu)K5P4%yGzeS|h*J6#*qnvgB)w zd@VE>TXa~NDmPfaNmLQ9z=OgTw^(CHIWa03YnwnTV!)p;1V&n_Mpl;j6J>@<*?i&w z`%ymz+!+pBn4sEH2(675{t?UAGM-!yX@ zxXg`>d%z_^s4y5zRazcAebHCDYOjInb*X}-!Q5YviJ^mAF%c~jciqT5zkDLV1nQ!S z5r?SKj+J5l^vZw&uAmUt3ZSdH;H8#5qWGW+^qbxjLS|&mAgPt6o{(<}e$!nZL51HO z-bWz|6+QfLCzQq-DeWY`rwy37Chynw+hA0z=|)zAjDZ}P_4HN;C7pVFHEE{?jz^Gw zT^oZHTt$LF{^VS-Zq-_i2CBUyVE9m_Q=B|JU^G>}vP)+lpgw%r;-cp+mdIC~d%H}A*YQ(%0bA5sl6N`=^cOVI6 zL(@SWOkrS%5kz5x&17wqYF&oReV;xqeQ)ouf}?%jH^DZV5F#&)gk~$Q<@rqnAwWmE zuJ@L>XwPgrJ|(6NGgnQ@$iA)P(y*(ecT2(dJZNlOS5p3_HuzIAtA+Fc)AOusr$z?xva&s`H}Fz zGuPXb?OEfdp%KFI7h1`_Zf9aa4k^-%rvn!UWvTBG)}gESl@nZ~{hUwnJeN+1c?`

{ZVKL!_sDdTA4#`=t@ht9G^n+a0{Q*wC~gA zuyZ?W7Q0^e1m;Keo9|jv%$G2e?8n;J@CLg+$Lao=_u4~LPo4wk>Xt{c@2LivO#;`f zUQT0B^;0ff_w&n|#Y)EqeVpmmAWeax$HUi_&9rND*41*yllEROedPT8Vwv?9u;HaH zIp3__{n4?Bsx1wVXZti@hsbCeJ5{t1FDxt=fVu z$4ngj0YRi(5Av0|sMF`0b^8@zB5FUucqo@w863Z4lwiC+=r1J)4!itZ_R^oY-maWo z$2_zi``6a5cRUyKEs+5|57-xhb*~q!Z%)%diL$Gw)Q~7&xw*3*UV~e{h)5!67#Web zyc+6>jkpY@iq-V@FWFoRdjhzE&k89rAV-mlEPf9)mQZb_)ig{po&@m0oRlsjEj2(`+#C8FBH%QJAzZd>j}1Q1KO z2p^4jU^6K<9Q}`bT$U;75yeFlj0^Wl=)VH2PrVJ;e&>~!_9Y1Re69Li-z(d{vU9MRIDoq+HJw| zj=wS$6j2flxt`A|?#$$H#bpCg3B!=3FuuM55&DF{dyG5s0mRVs^8wu(D|V{3riZ&4 zw_s$3Jo?x<5Xtqd{K?0hDx={dnhLkKp>bc%WTsGrJ7<)7pMM4l;p%FiAD&kBtZ1T^HwA(8_LU8dFfytH7N6Z+jc zzhwJknYCWwZ{msMQSdWNJExd*tp;)VLcc>c_ZWtZKpw)2+%z1Wt#Ch$n|jrGK!<1& zVRFzT9^hLQ#G-V9_w1fvYKGx*2MT9=+R{irR23_sE#Rv4LpMAkr0~VMbwmTOf8no= z-?Bs*!8z2PRw+9j7RKqR(#wR8`QCdgzUQvikG(@31YSU*t=LKw9z^%(*wF#AfYKz2?zkw-pfmn?CT5y`da-wx~g z1;=lx)CKq5Pxk6AsMm93x^-8nvyQC7EqSvPT6`I%s(*n_OgBaA>MD3#Eb@)zg1-@7 z^H8`w3SV#LAI;zrK511P%@*=&#(e1{ds5~}bs29pn0^NGD(vg@K#o2>AC)MJ5@ucF za;QPe@=BPLbmUM=ZC4xm>ht(`oWc=Mk!!#<9QpLA{?sud%yVIJytkvk9VwvR_;7u7 z!Rl*q7U9e~mvs>x4D&d!Ew+17I86dA*0x7Qhl><4)7Z9(y6jGv>Cj-;keAHZBwj;y zQWeL@W(}u|iQ_!b!1H~!8SZGlSwjDtZz!*;B`PAM>beoW=}jOzt4+clY@{(Bt>{q+ zD}%7`9h0!zaxS3Qn~R)gc_P2+!0EM7uj?mW61Wt{-;;q29kJOw4X^K$oK@K_F*1A4 zt?b|3C{U93C=E?Y`qx&C8Vxw5z&!!)?}`l9NA)J=**MFGq!rb16BxGl;=%LRo%L! z^mrHC=qXRJTvs&zohN&v)pxG)^c9~{$iN>MPOOWHTFbwKQ|7vgn4g=r+4;uMutfFF z@mquhL9Mi|bp$yj*kq(XF;)AY^R$o&3Cna&;qdpb^RRaF4MQ^-f2h|Xp_R?s75bO2 zYGm540MV^KdV=%Kew}Yj#IeHbkDc64NDmg5@$AS+2waw%JmpbpbTKkeq}|K7>YHB^ z?G-dVBfP<*%~BhTM&gKwHsb2uF+AeZ7RjiMVz7rYhwv|YvfeHwrwBNahPi;CLKaj+ z3yl!4alut}$7_pGnzLB}08b=zi(%Eyir$5=sunPL^^yD5J7x{Cg3_R@9B$I-fZ1Qp zfi7Y{%Hn7PTjJt1=oldFh1EV57MJ#vh{Wxg>-P9LE_4J0JxJRq6fnAFu})We3CXv7 zL0hQ8`T`j3%z3e(;2f^?F!Oe1g*k&0kVwJd?Gx;l(CQs^8G?Ahf4UorON0)PRQ$qU z7qPEEAIlz`dHn*t|JV~7%-a#=ng!Gu= za-_#37Gm{*QT#-yM%YzsteZ8!Dpica=7NZ{1DrQgKf^EBS%raQA!Rq_v_xL-(MV_^ zMwrHGw8tyDdPUi8mn0e0{15a~54XtoEhBtXwO#`LdB*V4+zuQ%L;i*zo5UoijFq0f>k` zI>~olAt>8`n2P_nkp;3&k?brU&>qjJ2C#C3bTWD5(Mi?jx3I88eyOn5-O$_cGwPlr zi9?`N{EWaMME87Np0zsvxWOy7URAgcHPL9b{zW- zx6o8Tp>Th-7LqDoN<$?YAx%ax82(pbU ztiIIJijY5+*jb81>30iD3Qg!!J4+YEdZw{ZcoADleM

    F zmPK?Zob?qQmEP`jlXpc7@7Mi!9Fn~!m!BhzDa1h+g|K6U6boQo;n6Q^k9BQ^jIKF* z+t<|>%#pkq7@+Z1eHO~!AS*WfBl+Wv8xIZ7DQJt-l|yAmjrB~(ah*{Y%;Dk<3+hg_ ze<`yO1OZ|(^0sYwM3dG8Wc|ve{WwHjS-EQXnU%w3O!w7%?cUcI3-GE>}T5ouGWDS|abxwVB-8^aKtck%% zfNZMDWZ9EBv>V{OV5L1mD#w`cI;7Ng39aLEWeLaDsL<#MKf!uQY;sS|n8{dVd3ZZ} zNM!MNspqT@PVw=Uux(~Mx&GvSH9_3ylw5E4A$sUr!1Qq5t!BY?vp#XRqNy^lli#)A zRLDe62gQLQnu3CPHOu4mxv1!Z_RC&x!lgVvgr0h(|8*&6ugg}ltg6gpE!^44YypFp zIt5|2w_g2<$#6_TW7UG3Q&Auw`_Dp{`mz(Q5QNc&)J?N7^|Fe9rxa85y?{}OORf8g z#^c{+c^$36@E|Jl3${T08$ze#nteJtUlDy7)HisXT=fZkyX5|*>GwD}cxHK3^(i*p z8iNkR@#S}?$}ZXMMAWE{3EsVf7}nWibN#3Kfa8FE^R)^_D-Em+ozKXRWH&IA)@AlL zkWKB@jNxd~$4ZKRPUh%pf3(+3hD5^#-J`Svl0aiP6TN&Idf`COZrR7muXNl4ywwVq z>#=&ysg65~TOw~1E8ajhh5$cIS=Py{zK%QBx#gAqDH*O(`(k4N70uSg|}_S?DRu}ls(=eom8H9ivVj?f{l7bdP*0y;X3Z-?B|CAdPV z$;g5yDYmzF@Zp%wW90c%Jv%S%nxW$Oq8f$#1hc>DLyRZb9In;KbaF(c1p$_P9yugj zl4WIOMiY;M)M+21;S1_F@47E;wyf zKL{tBaMZ_hbk)b>+MyoL`J_V@Qv5J=(7HZ(p`%rlnu=1BkA)rP^=GNB?wk)8%6lk^ ziAka&TP-$U4m9Fvv1HvQWp&(cm|Rj86*PX0{vB`z>_3pqF7}r6cn1d=XDuY*8*lg@ z;6zIs3aYG|FPRvN_ij1U_uloMJD8ekbjgc+!)>6?G|;RuW+dI#3CYirL$)9}t$q6Xb02x*rDj z>Uw}^8Yy3Czd(@O+A&I;+L<+mmByKcR~^v#yk9;`EQZs!@&M&J>ghcn7LY!{zU4`o zmzI`AW{C62T@)5ln$@z;bRToCyj690c|oTKC=}N#4jn-rty9?=c;yej%IO-9%`r~3 z$?jdqQE{Bj=Gd9HC)A5Dxf?Dby*{+XGh>$u{w_%s!N%g)I|1&rfVi;1M>~zZfa*u< z%XOsNjcm3yifRwMyQ4;-&KhZ-65zhs4Fcrfywuj^`&TM$&jiDue^RhZHl zKP9!n%tEQxD%edrrk#JB(>$&Q-<@q~@e}brQoH56-2G*^{`6_p`g=(NN=V_ycCFK$ zSuF6FNCD{9kVQAQ;y@GF8ihN>&L}O$a@G8y1O~;OWO_XqW2lhGiq^>&(v<;?;cgEq z$UZvCm(VdSIpk`G_T=3j@oJyKu#v{9@G(Oqv_y5-haw2v^SzotTo_ z&RB)`@p_+a_SR${@c?EP((sIBTwdD(6F-T@z# zXKwGATAd^v?mHhbYJ9i$Q{m{x<==y4#ms2gHs^9?Akf90==Lu-GEQ)O;8ZG-5Ttx< zdVCoXC)b`QBQ!bW=Yn^)hUc;f*Kg){B4cyChR(Pf+Ef|12KbdSVc6dcikoc-D!)jy z7?wpeMIf_jsRE{21F67*mFf;rM1Pz0Ye}tqJHR*i| zpA4U*oUip{u&p`SP440DOWWaB!X274ZdB*7%HfLu5kq!AS5=L}C(0@|u&Zrsf-qf} zVWw=p8p%oukk*sPFLHoxNNKU((aqjJ7ni3}xm}>rbu@Zj#BuXv6~Q#U`;&zXdG~US zJz1I26{=E{`lLhA%XaCq*=qNVwaZn}^2#kt^rVj{x(ygP#m+|}OQ%gyMbP5UX6y7#oB%tu@b# zGn)B<*cAAEuk9M=Vs0d5Pp&DUOn25ON*f&T@pzkBy>-&ZN~|m84AagVo&y@mD^;E zmS0tSnd+ccuaEcxls+~Fr{G9%+g_Kx?{8cG*zvI#If&Qeps0{0hd5Qg--KF_;M)z8 z0@us)bD!=RiEmP0=N^jIrlYd|B973&ZG$ zkpGkgunLa>nMkRtBT2~ld=c9h2NP4B-rq=zz<43*(90ZZyT~#n; zABm<)OYxhfFxfQQD@w5^x+1 z4fFa%OeLLE5@(Yc6A>l10TcUq-jG`bgr2MBr=o& zF6uEg-9Q#c_*h(S1(xDF0a(y^-isOtss`|_=l~JStRDEHCl@(1`A3dV5Z95;R-64> zM)mFzNZ7LI)rPa+@58+FUXA3cJ0%6jZ#!4{jh(m?=^9`;6`AP)f0d>ENFprX$n=iE z1SO5-y&ya{bTTRG0$Xg1KV*|mYwe0<{s6O96tJ)TO1x$^$SvvQoY`5tcIVl)DQx^J zvzn`K6#83dxcHvLSq@R=H}wd;i6G_iD&$0ZZr%ywiMQDGG5(%<&%5KM#~zP^Ew)s~ z6Naa0=lCZF+Iv;gf-wA!!IGViy)KE|))Vp}T-u;Eo3^0rxSNlcBM9B*BR#|3)Is;z z6rnmJJpePJC)~dpK@@HZ7Ec0S)WrcxWJJU42|9D9?mjIRbJSK!oNQAun#-*^UjLp_ zl@>(C7-w#m!%)xTT5kyBHr}A@sd4ti83{Q<@-h}-#*-!pOflh@vo}-D336!qS!bqHG~wjz9ehh5ElTKDISed%c4N>F}mEDVljtl;F$u;6%xOxB7Avo z|Ga@`5dm-i>tsYkwl_8o_Cs?Tosr?C0|$8!UTa)<2}BblY40c=tCSZt2TmNUTo)FD zIpb#qP1>DJPj=Y};W0#@d@UtqIT{9_eOgZV%hB!dg#yJkZ8F2xBPNzl+h6I#nNElx zu~#^E3~uffZnuOlLo#qHgp^`bQ1mRC*$g3haPW`C)0*&f2HxU<{@3$MI z!haUj1^Uxwxuw7?C{&CKYsf~0owNsUK`-}R&Chgh_Ueav=uwr(C{m<4WrV)4Fzq+sa43W4R+B+wEF z21g48{d$}4CE^#Re|?W=^Yvhj*ByvOp{|cE4(InT??`<5yoGEcrrQbPs;5xr2;snf zxCE*3vVnz_{{<_v1Qf)ydNwbsC`1!a{%IWoT{>GYOS5c<@qL4XR`Ywi?!Xa<)sMv* z1BmZvkc1*kC-qdV#)43#oPzbcc22c3C4}o1*916CZ}hdB+3j|#3h!BsrwICWzo(^2 ze98*|TvppBxwxS)+3#zI3SrpX(G`Xlf4L`Ey2{?~T!!Ng7M^UEbGI2_Ys}(;ofwlVU#@Ldc4(cP z3}wfj>0`(Vr`8M$7bl{@SD~geU2gRO6a~+{pE^9kAQ{0F=?HTf3xWn2fB+O_JEUgh?c6*gsE|#C{u-7}>#tvIV4vZH>0pUws%eiu6D2h; z;}mSxo9#R%uHKJQII4HP)a?A+P2qm-4cgCf2D!>~COk9g9G9wDbK6dKqej9AM-A!l zi!U}|Hi%U)e{{;F3|lVjb+NBm`z`<7$M<@M9YoHODl0gs)((8`22!VP=eV?}wk@jx z@@FTr$2vp^Yy{|!17?vj0N_`14He)j+_UxK4>dr7Fy9%w=XqX~bumX^Q-X^TR-&)k zML|hbgsLqN1kaV&Ivy9B-c9QVG+ZJg31%cv%M5#SqxWyYTkOb|Bn+iBkWhmPu3wFu zWs96}h0gFom^AWDPzd6p)MUPVF;Lq9E&g!ef^{Z9RPn*{*y_qZmQagbkH*oork{ZV zF=s^d?~IoNQa?g@FyRDwl%|`H1o26k1ja}^ghVKrqQZ&U)AkY!gfmicQ?2O(W4+-N zso}bvB3spNfx3%mF@>2Tj?l=F-q|Lpg`OUCWUdk+Bv zQ99vxN2e!!R*7v~-el0kWr@KN?cb!v+5>(H25(R#&g?1L_YpF*0Wq->w%8W5U7`i= zNE#|tM32j~eGw|25CI7!mlWx}bY-i_EXl8KQ^$)?zPqV;CI;H^0-r6?$HJI{uzQ4i zWZA2^Yp3>r=$~djY`DBtZ?N?h^8u>hQbz2GjwBsywn9`}Q#)WYu`^ye>v+0$Yb}0T zM|tySA+dIu4rF4@7rk_<^;M-?=EM2sXEeJ^2tpKRYEU`+#~9(M!08p`|zG#`}?Fe5;pJKC?E(CcUIT-~qD z{0Hp|#x&nKfY^qy`);H+)}-x+lI&KQjc+(`g62oPrw2IVsj~jndzTKbOLp|kbhy@8 zZU?i{_}EiaQmS=YlLIEBgQiCe%p>774GG!M6;3W5*Whv)U?9x6XTKGsp+0`2>%PZF zh>0k6RYaGT$*$Y*ac(<$+P^s)j6?x^cTBmTiuEkI6HY;*24x}(3s(A8__`Bzu6QSF zzV5$2>2PJ$1?(yO;@RFNzGhWcXw^qGe_#z?qRnIUq;wT|R$n>nyI2fOb7M8FcJoX5 zqED$HC37@7(>M**73_IN8C*8Y)?`nSYY#@6TMR=)jz;h?dgI6QvO=KadF14)?#M1F zX};Nq7FmBDgoS~x%f<9dkd+^$D&_S`k1l>W zvACHr=ZV0c)*P6p`vW+8>)M)luFlZSb8CW>)2HpD~Q#qra^DZg6AT-6>Mp5TDejloV3)?(>tA_~$U+TawY($%=liPKBTacRdT6;i|eBO99%AxM48 z5mS0MIX(MPuAPzNzn1F^@#B+Ohc=uOa7|d2R$mek5og_}A_P_k5XK7j-z1|u)?PzADE=_jarzEI z1mwR6NV@!pi?%bMp)?MG+l!tyHOuLS8Fx@cMy z7%84PYyS~JlUbN*=O6|{)K`XpXgZX{?SG>lHyRCEpH+pkt}9%$W3WBSgt3op53{F0_hjLk!M-Bw3Bj zti$*LoJwH?t@EPq2AjSG?gB%E7u0a3JwW zW8w0`Y=A8jX~ z^+ZrtB=&?yQ#@f6KVeJElh6+w1jHsM4*h{3NG6NeQRE*K-n;SJf6e z53Pfda>}>xOUFfvKo)Do&0z8e3R)V>A%(f9*$0ZmWui)1=U91Dfh<`RF%X6N0KX^fHz1_u4SbG7gpqQ|YUL)7(1Wl-3^Ni9*^87V=Gzn;%Nsyp zbBg1=7p%rdkMRpfKr@)153|p1Z3IZDoVRDpeSlMxTNcj8_ZqWlN#bJz?y-dpEHSyH z#!D-02C%Zkr+&k5!e1QlD{xpNzGyl1VH%OHnlJaH1dt>-4Z`k)-;KndDl!1!zHg*R zDVb9EK=>qdIK@RR!_J=wb}BlQ#Tr5?I3&jT&}J}~-O(vC#VnmiG_(Yc7q3^5$8-NV zX8~y!zPXQwb4pIZHZuRaV%^?SCvaZn0Rw0f3gRe;vJ#a9+7 zFV{noZ_hA;wA`+EGUF(JCP)S(QF$u=KCf1!m>?%3NzS}kALYGGY|&i{_ZXSd#@?4svyUc)LxR)9-sm-#;@uu?@`{6{mKJE7*Jhy zEGQ5+Xr6O$Rrc;N-qf+S!lVN-?eb3UiK~1OXDnq7c{%E4Aeb4dgFI!wW`AqG5}pt0 zavj=>q%U`%iu%Dd{Bd)G&7PNh$>7v(Q5la@N{1wV&)wvI2Dul#jdUZyX&2r_@Bbl@ zTRaZwjhA`e!8gb3L^$iIYM8r$6pl0cr65BsaG* z-&nTPc@IQE56YkZn#m-Llebo%l+_-!D zW&HqC%aXN<*EhKU=2QY&w8XS#n0xmhU%^AY@s0oBVI2yebi9om9O;Z~|8#y|u7nvy z^!_*F(?5;q|FL4j|1C23|EKJWDLO1x0p(?I??~BM&Jlvn? z3*iD`w7!4qO&pka$Y|^y2MB2c+Q@!LY9L8hKzzQU#`_j4CiHcag2H0tS7DEoU_n!z z->M1xF5iBpc)0)O=BOX;+KTdKu;261KH*y_6`yE@+>x!eq+m%^eQcHpOKV&l3Z}Y( zv^C5B2plK)nqjFJrMr0j*^}%36Y|C*UJ}7B&gk*s^7*>TnO>w5_nnYfBFjprJylLM znONeshsS~d@KeIlV8vg~-SSY7703LO3>O(wV&P_}ps>0>uF?P%xVb!Ld6Les(rF2)M##)@W#$sWTsxMNHTm?@&6Q~f1>Rd;I{8ld{yeH=D>O-zEVNl!0V23A~?QMLQM2Wd%Q zL4^iABaxvS<;%XDZA0@|h{eR-Wk|KYnj0#UPTJTj6n@9kXZ-jX-tHm8jT(Tx`30J{ zEP7`cniTPZ<{%*^#Q@VCQxz^I&tT$5w;6Vy(0sqz=Vi#BEuHYh%*n-;je)?y-%5Mt zD`U{pbcVJidiMuxcJu0O%REt)@B1{otDC{vMh+87OYw?LDG#24sa~SsS3qT~*ISwQ zW$oUFmd(-HQc9B#chZXSGsp|B;5D1Jc%N0;&(~9z;Z1w!Jp+CgV0JQ~C433^Tq`5} zWN*A7FduLfpO7SG<4OF;i1-HS>-e2X=Pf;y>gwR71kbooK_H+5B;)sPjmeEjT7;(W z4F=!KY}@ig%N)_#H@=|`*1B_k6h7ZaA6jgyg9&sKMV@m?9p3|cQtXh_4m7vcbSAxJB(-N0#&0DKlSO(slS5_?uTQ#Hx+l* zUiY_TIM<{OC(bGKF2a1Y9UlVKxM*QO7$^a6-%#AH2j>S?l{3q^Msvz|vj(@>`I`w> zo%#*V%PDelW6|wAAMen>JhJ-J<541Vc#@FUs|KMV{u>7!A7fH^kmGZGZT4IiRhlnB zl5Xd-XLg$lifo6hm?d%1ka8@0^x71@#A#}T+kLVW2F`)WMF)NZl?{@w`)7+*+Gd}B zT1A=CPa0SmCyQdm|GN@?Q~z%J9s2L$jJ!*z^O~#D?9AZoMn~yPucpgy19O0CcATi0 z8HQo8EYZ+OKQO7zQ^yIH3AfN3QRu|D$^G&Ud#BE~%pC>kbRV!21w?jB*Bj-sC}vZT zjOJf6o9>Y`BtM;w^8iCmwHIgBC?kWje5~o>st^o>G*&Mb*hOPwFyYa{vjKUa>i(x) zR@PHHj~T;=mr#U`{X^35RVCZ0IWwgYf|)Kv21s@*sJ*@Nevx^R<`ky7?kpje*kPDF zp|yWCC{H6e8}KYclg9gn5)+%0R_lS>*(^002`!f|)W~S4fh0$;6qxzt zo(d!mKsInFac3QK`91E1uM#!mSO{2J<^glY z{lwse&_%!aQCLl@!PU`g0?jP0dh@p48la9|k0YTaY}dR91Je{m{1bfTebOZS0c8q{ zCo!>8VcqfTSLAM!7qcNNbPF3|x+B`t2Fv%S9aOL9Pn_fnOP~Iw?>HUN%AD~p(%0!*0CFhio&1A z3$A75P1&!yc}x_;?M17=cBA`TM-+>c6Fbi^eCDVQ8w}aIO_I*1N3FjpZF0*|M#r4P zH|rR%GhAil6nYbfRXAqOj6UmtIiY|U|~?1+yMafM~EqXN;nPIJ&|bKmil8Y5B1v)376I$06IisEE5i)Wpd zhl-ua-gUeQTgBk8x7IN#;h|tRGYE4?x!8c+-t3;9L!@ito zlMP*;;S{cD2hmTxbAgf2KYcLwT_YoBWOvW|D5bBy=Nry$%3_T0FO(_5t(WROiV-FWm6(vHN&wX@6d_W*4a$ z3|dJkzjcxx+OwJGr_H$A+46pPV0H|w+KX9m{aMUVYqg=WzU+p1Ul#^n4THiTwq9~2 z+@3L&vh%1$CZ|vKjxxMdyRD74}v@N69aF!etA=?cO+jLqO`k)f&me- znJQm4L#jf{?4sMri>nI(`-8>u_Wby^;nZ=CF7sAv zVBy#QX338bWqW&oA%k@O0(aWKq0&Sqz&2~YQWLc!v+*@T*~{^XSTkL*ZzXQKZuX7E zq7bMHETC4AfQ}mcs(v_5Wqk`<0+`>cik-ZxHEsTvYO5&<5dr*b~l@B_;!^E|9UzN3(pimsOAlv?Y`W2Z8%Ff$2Y8oMI4mWp8%r& zi(u@)A+5X|?~?KvT3TqN0$Yt*#R#sMU0fW)%{ifR-3z7$I%FVdDYo`)je#YgwiaQv zQF{2yWoG}Lh=S6k0~Q8ZNf}U8Cz>+htBOM{Zx)(&F zgjpxtjb64O4X}-qesl5V3!h~gB)kxi5Y+)@5^7d#mx##XlTlwiXLSJtPyzNTkc0sJ z(VHxS?!O^RTW^u&r&uV9EhZu6{%d=Ajv>wKw=q<+4+DD~((}UcUVM(v_+rCga|(Q( z3rl|nRPFL>a9t-uqK)yK(~-9(cD98XV<5T<4S78m^x(Ii;5LW*u5i;1$+{m0TD;Gn ze9u1RRCuBO&AT}wkhpPbOI=};eyAW2MgUyS5T?anr(o3Js&c5H|M`Yk=U(;Sj*`fP zO@rMvDbYbLU^RccV)is1A~F{GI6&Cz>%YvdBD9eI8pY&SRyHs+l+!2}9Mc>TPBu3) z%WZ8<&CMl6V_l+pCB$ltE~zx4wANkotMpL_q`w~2tc>;Iht;~xnLb;!B@4YgkaQd$`4 zf4Uq8B{g8v`&R`)Hmz3};P+pR|LY&Y?|)|P|F)lP!AT8X>;9`#BCSVc^73CR*QRA; zXZ*$HNGK@6+S<5pj~B=kRR8vraH#*AAoj8-r1*&gMrCCl3T^s$z>Y(k9Xk$D%Rkq4 zU~A2lzF1jfDJc3E)u22W)yeXJOJlqEda%!>r zag2D(Jn?kzQj>l0L7F}W*@Ig-`7Q8*1;s2=P*-G^2?4>c?E9A0T~-E}GT|)RB@YS;s#m8byUD;~lR`mNo_a_H(Z5yR-j1cL zJe}GiBQr0L5;QY2v**vCo?KR5E*K9$5kU;vL(xws)u~CjzP{cYF9S%hXUPJSE7fXL znQEm61_fm`>f@B_hb#XD6?lH5VryBGF*4f6yh}cD;siqS2&t*h1OFdq?-(7~^G1y( zlZiD+$DY{sBoo`VZEIrN?r4(C#I|kQwr##WzyEsIz4zFIgA|iqjVYkUoA%T>K068M>8wQ5!K;0XD202B3SxH_IENGA@ z+kfhPz8^bRif!C>N+C0uUd~;6YJMe^=wXavA!mG+iz-HmCi^#_h%&jmW5mDwcXx&L ziT`)U5ts&qzXi=+MoTHgBfEHJ906m7yP3X_hg=U1REyUH1YL*nJ#My}L1F`RI5^#t zLoYGWM0z-PJShVIP*NrYSsWetGTV?!h$3NHCYs8h{q^ zZDFB!GUsuARdhy#s9AIC6c}mH7#vSyRYjAZKN6jlL6gD?AC50_cbHqqEoFa$uo3UP zEhZaAy?DXlsfqRj`!PfH1QusvKc_PDM*{{PUVzCZP6p4#;h4`KZso8OF`VZUO#KVK3!6Uugm^m=#x zmP*jf$}7W4q+GFLfT}Zs*|It=T#`1np(M>7I?!wW>-hE+DQO5Uq5#=;(OC{89xkc$ zruw*__&xH<_x6qcq`3r|kvsNolieI1&tZkYGQ5w>KSh)Y$5xtrkh=0F{eLRz@KUkG z6n_iLsL-K==MMRmQBy{IEeNtyiSJtc>(ck09^zkdI#dz?D#?{GwbpKUf)hgZodz!L zCAWfB1L_2>xNdOPj33$X-Pu`3P$gDQPU9NVDS=er_RdVN5h!8egTa-Yo9WU|lm}K` zk)(+rJ?rM9S7l^)!rd{dC=blXm}O;RMMS&5T10@LV~htEN{n|#Ja3xBI%;vCj3t|0 zB!*(m*;Tf5h>P13y?JmqU#=&+fM_-kw~3bl<>OPJ>u^?4hE#g^J3GB@*ule};=TT} zCB|ZB)U21E10fC_ZI~yC{NIFzae?x6yUysyT}PImxbt`XP)b&nLleBvm%0$cg-Ug) zTrt51yWy(s_3%5Tc$35(e5<9lPOwm0iUJu-%_j}{xN33o)z#mg|!^pi!_G&k z%k*lK;e`4z7UJW3xdGNpRG{6G)bqcI+OfFucmpR+{5lH^h(Va)yT!ip;)!tZ2<7+c zpi`)t9dfH)?iuD$#z3KCW^;sd664I^RrLn4z!q}&YMU08Dm|L0wP@On6sg2sNyWpT zcb6zV+5ONkgmb~}zVPVB8Ov!Y0uZh}2`wyM`c~HNL+efP1!?xw9GAbl@Wl_mLmVZb z#yAW6y>N(S4$UtcL)DuYC-D6kbxly14T&+Ju!Ty9cStI%btq>*F3ZKoVk@Cpm}xI# zaGt7gvdg23{$sbsFCxzYm(55xYX7jL+vHklVv>^TPr^W|=%}rE2yO{o25n4MU4M=R0C$R zs#;SqHgPqb`prTyrkvP%QKi2?D zA66>Qt&^Vf29ew4L^3FSFk-(I_LLXs5dM*LrZaw%40o8d4%@3S_OJ#PlEo4L(+U|` z@eJjF^9^+~yh8_9o!tS>MCf&@T*yjLIdO(pOTrFryUd}tngdUN^uY}d$@oyg@ zXQ-1P?HotTR5a>BWo6#{^5OKfrTp%U{cdh`NxZ&D-cPq5G_I;MCP$EUa0^^jHuy9g znppD;C}u9;Kj5W9^qjGEoH%OSC+Q7)p#Zp)@5laa6!+V-LJqDd)pReYc-wOBMST0u z`_2fFTt6w}$$0KP%5>`^r*sb)L9V?SZ!7f%o-BAMsBOv0{O)aX=HKBx@90=rG!7^t zBBtd266LbZ4xENjAZSsDK0C#9mg|ho6f;`U6j2%?Qfst~6A`aKs+StjSP+I&Pv@<) zE03NW*1&5)r>3BzC1WeVJAJMw5rNRhz#7%GhY^&glw2Q<{v-1anSeB$^^(Nxqo8Q994&P*ynfWg9a^__fcxh;9I|9MN~< zC5fMmcIv8G2lqR-Ap7M7Ds#ekCtz#Kupoifpmw>cNcHW^b!~p%JU8oTn)}PVAxVRd z8!At55;!Ux75?fsbey1ZQ!bvWdDdwJc!}cPCP!_Ky0YXkt$JKDC0-Ge`X>L99_br+ ztDI+#tAw~a{SU?{jq*i7KH?YR;V7umMM06 zEGvFWI?YCsrfNS+V`V8yorx2HIuWum8C*j;kjvY4Olez3N3~mN=pstgGSW$6a;%`G zBqSp5%SqI3Xrg$5fRG8*Mx5-OIlzMw8CAz4X=&G@_(yShSwTqy0$nrWv?JpDgl5Eu zkwi>Gwqx!1KeW(eftB?%;OFO$y%EtMkesA~Up7S+HSi0^1f6DFt6>xlF2s(zd_5M7 z?+5ci?r}OQl&p@JiZl=pYKE$&GMn^R`C#8j4yIQ{Q_`V0vdSGE`^W7S5k9ZHT0&eK zJ&;FNUKwdZEuIWk8vl=e&+f_aP>~QDFzj?LeqhJa@`Pq;H~*TCm=~#_nkro%#~l~f zo*IMJ&myfum1g$pz3o`ePw)2kwowQY==rxWSI^^S-pPv$FI^c~_(Flv-!-o+C89yK ze@~yM=}g8>n$!UCl4$NGAD2F`5WPGHkeEby4_7%Emf4(Wun}phA{r&K&|Q;-*6k0N z!4sCOiJJ4$K`mhDl<6|h&hv_JCK_U9#lYA?to!{-2b7UH|78_4a40&V{D*|-Bx=44HAT8Q z{-)1NgPC#x%(7OAk^vUdCK`Ik(IO)X-I3E5I1PIPVCq{aM@9;#ljPYL?p4Uf>+& z$s#avb(xWjcNs~q7UGnYBGGWfstmuAlSQnxYhX#zPES_{C7C7Ys>=zMQZn8F`h3Yl z{(Qs3kJPRX^;Xd}R>{pZXAlvf>Vp7!?69$uBH&ov4AFCVf#(kfn|?(_MHl})F3E4t z%nOZdvQ)K=aIqY(&YKg3id_DRU|{~}+64C?uc9kz8!SEeVa8Nsgo@bQT6Cuw$23*$ z-zN&GnAMm{Od)Qbl)NWTxDY@YqvzJogAVKh5{@z>-8kaHNFEPg83bZ+JHxz(MjObt z$$D5o%Ia`ASCi{Y!U;@Q7bSZxuVz9=i+EDONPbrh_>ED{XjL;ria1CM z0klVs2=Af@U2+YxuKd1uQj08ygIPxrSx+(T7FKHJcO!kS7o+@xs0ZVkex7^Z6cYoy zSO`C222+U@vN}>vhDbw-pnwZ&U-Cp}N`j;B0;su{X*-tbK>5^zFyYHX?g|Yrs7>Y8 z0_j)7Z5I=B&xyNPuizs{Rx~5f()|J?9U}y7MNsJi1Quf=-@Iyp(pOSPU0oIRWf{*b zt$}4jK2!)?t@zX-c9z$$?45~dknpldwCUXsU^EGf63UBC$7m=~cnhH~Ca3B5y`~7u zlERV#aPr==4NcVpefOY3YfD`D*`WI(%i{J`i!I|)}mfC^!EWW04ap=Pg>EB6K4LF=(#K|>QWL2%H{VAUYSC%la zq_p*kBCNA158gayyZ$3gB5dj*1)f&Z3M4c%upJy6e2eK5NW&8nP+2Q6^P4?%6VT99 zdL~UNn5j>uDk>Ach7{yxbSyweir8L+#C1-z=<2pR$9w4+H$N#9UV{7Xtc$=4C2B}BO{JS+`?c=Zio7C`ZYz18}qscB~j z0IZ5iJlU;1L!^bFWQV?J&z%fritJq*JCn?CqiWdRDdcqh!Mv&odMUL5)_ALk)Qm$r zX@P~JqW0OVv{MME9AwVCsI)dh$N_IAbV5MhO98`a$fbKk345jUDo^zD)}k~Z|5-Pl zlysKgD%*mDiW)J+D07Nnr6;Yyza9wzUt{&7U>gr258#?MKCU`OA zBO^5O==VjL$&Ay8iBC^YLWg|L>!0Mv`~e3wj>a9?QOyiuDJqfuj*5n`(}w@%cA*4P zW@cu4?kq80V^$dwcJ`E`v@{`PgxNdZA|%xSQ>WPu3oO5=Jc8#G-z#ua!?fQ;CsdA| z%oIMud>^?^jJ#gR#@H&!v2cblPu)Vha$^U(nNJE%eOzOKr};&p1JHPQ^3Phxp0ljW zjlQ1>$o4vm;bCD!?DQD7OFWF;MrufU4a;o=5tZm?LzVd4g~#xev165i>ym@Ii^a@B zDk&yFAl}(VJ$&i>uO8>fn3x0oz@BZ-_j4Yw+o0!PBMrYIN~A$?Y_I_q0^!d$4#FT{ zLAWrt$WYDL(R9AZPkfy8=A*pGkMqgQiFUkyB*u1K=@MkT+UMxR-Iny&$p4FF z8RSk>&HLbeq*gruxk;qk)TaN<5>(yR*;Ec^)}gcY%%8kQUqJ-8X>GVhVxc_tJ1-xJ z#0<7V%%^zETka+@laBhgASD5BZ(iHR*Ql05KR>W9U%teY`jScHRac`F&QhHmDAE3| zQ>Xn34V`1J8aud~+tERwvpAWi3Y!0`HOqs7f->toG5&Ebh0>6R*X|Q(ugNCZk^MJz zz5~10VJ**S2+}^M;ItB`pem9M5NhSBrxJ*L|E<+jD%Uv{-D%>;@n(gdz&C~e!7Cd` ziW#AA9uJ*j|DU#kxPd{%=g4u{8rn!7`Tytvuuay-&Y8b|4RL&5dO-}0Gq(eG7BR(t zYZ>q+hw!t65)Kj)Qdv!H_wtef>ir+5(1R_RKzed|YB67e4oZRI`)j4H zM4a50Ei)`OmV$@pt?0ZI@;^eysi;I!K%iUC_K!R`>6274u?-UgS z7EjTocwq`b+c_iu1?@pBAr`LqG(bY3T60dwj9CU& zrQT2lS@fKIh+4HYc+*lN$pk%8MC8S{@OwHDm3kSwGKw>Z^?QSaQ_Vok7!Mh@6=@rS z`$YV_UJo{z7gRF&z7ML|kz%Wl%@?Z0>d&+7KCe zLe0}N6tG1toGZfAYsI0%M;!N`v-#A@vXNnz_J3)CjxF*G=0oLpJA|->x0GSGQnk&S z`%6-c@z$ntrp=Yeg$q9=136EvlvNv?j9Y6lqa1@YLWTwk=bbrl8%=krwB$d|VaZ5^ zde2?AnM}&ExtU#UDJpw{MbO_%K>gKuI89W_cBWpN#mtBYxlX7Oo*A1S3iO z@;e<<8;+zm)id_-lU9N`{%LGMAnkBkfq!_=-Vc!Pstz>%x|@VWY=_JyC&;<=yqScI zAnfOp6t)!<*eFz*UxyK5ev6&Tw*ei5@y|+?WQ>*D!}G@8vHE6ze*ac!OQ5q!pcQKL z@{p8FN~$zBOw9N^DN61h00@hW8>V;5ceYnj(TcA3HcNoF8lqja5I{`c*CqZDf_he{ zlw2Dxayv79ru&v4=6Dg8G6X^oD%IZic#^KEhD$<6UJuWAF^%#qE|8-Sdppk5L5;@~ zSGTB3JQe_dh*!h)<{0n(dG%6L`NNhV1>P@IOSMrdrEuT7h|1odqfW4c)7U{0jD6Jx zJL9_$EaF{UBT1-bC)yc!uJE$U4abCmw=0>g6Mf>nLe$wh&SHgLdVM89~_=< zP<-QH{*1arkm?gX^zq9Jc~Z555Cks+wse$OA(b~5ywq;9m$I4VgN^ZWiq2e=H4I%ZmxhSJe!tQcAA4FlVq=p5X0M)w0oh?yeTR68Aq6z&E9g>~j zj)XL77&8WEhzOT^2G@@)>aCMG1mAH)EFkOf-N4n>FvQje^qyVrMHT7IyHm=!`l8z- z6yh;PMyRLRkm*AqB6q|peS|38Y`ZJpH4x6eNqQ`ZF8poAa-O$wj%3(hti-Hhx*?vB ztlmaHMFc&IU^v{vQF!a2Tuuv&#pam2lU$*;+aGmD9vFdmQp1QRgTe2+7M6}m7n}Z8 zwx=S}HaL9aOQNQuSic?#WrLmYO-FMx=gBf7^0YH$IYLOkfA?REo`qnyLs@0N?3=mu zvOPzYGm^!a*VU;@%k2K3!S^jF0IX4`@QZQ%kfNb1en3T=OF$Z)ZjyXd(9jCHAe6BG zL%6XfP0ceU-{kLc>!zrwB_bg}29zSEuE*u&{-b|?^0n?*wyrR(Esvku6{*nt-7>}c zhabjr$X8aqZ9dbgWaFcz8>eCx1WBYacN2ZSge8oUbAjRLvkV%MRoZ9=Q zSs(e=U=t&yY)#t5{fDMxi#Z*N|FAC)bN7{*cfYE4 z2OEO>_2G&^yDq5X#|Q386G8hqP*GK2ryWiUo?ypbP`n!-V6kdPD)eK}Xu4LTULO+M zMYSwq=nF{MF(Uy;lZ44i_@JGQ3nPaUubl`sHju93uxaTmD9bAwe9kQ(?P#kSEha4zmKG z6~VF0bs2O?%c!Q+K|H#{Iu_?|Lf#hF0+A@fkR=xJZ(nnthxG+)mj+kpxHxqPfF&bE z6{%rih+-<;))h)@5OpVBjwfG^dEFV;cZj=oIrHj!`EP$su~w;nnZ}76Ue^mHU5ran z2v}6EUNoz=uwqv<)PuS^iBe1yut*FbF2KyGp8H%$m&W&$=DD6GhlLIQ>dwYf5Pj67 z-eXA|CIvIFd#?|B-qU<|LYu`A3}J;XO_J1+ib$ay{YT3R`7gHAQpcJ<9c8w_?k|*+ ziGlRa?Bi9{JQ|<6W2T@96mIknfh95kFK1@Z9??PtP$JqBFW(c32oTMi)LYtv1B{^>?r;EUjr?80i!KOCf+|Tu-q{7k`Bp?) z##1f`fXyfZjUHBK=U$$>Pm)-M08|i+_!^NHmz*r3t&Qi}`o1~$jyi(kLQ~*hL3k#q z=H*gXoO?=C8d2%6!Yc4U2XH95P$89GS9_GKaWubIpZz*Kca76wm4H0I-Ej-^nPE~2 z!s=UF`UwdMQ+0fpIwha;rR*-Om(_YRF}QoiKq#QAbT=!a^EhXBWlVU5)u0cG&<~#X zMMmeCsPvfkPLOhAuN~~|wLY?q$$uWkt;%-;{^!$G#|npgP<0peNmo@Q0Dinr8SNj? zq1$8ZPvhR6`x`;}Pv>(wYLQh`M2*M`0~6sS8xA>|{r7FYI&I2<$rj``2tW$=(Spuz zigMp!Ppw3UG0(yCQYp+)v&QpFOLz;k><8G3LZOxX0zt8PR%!XaeE69|HPQ+SD9Opm z#A^Rj?8qcgkwODOdRQk$+S@$*v`f}PxfTE&J-8wg|JOgLx9yu{0sMy%?|)UVo{QB7 ziGy?_;GnlmiU}MX+*7HMn%qbkUSxkjNl8&j+8)V2#8(IbLi$H`8Y#YN`i{(|p5fwx z|5VAKe2~~j*~NLYDdzLJ>3vWc*S}=_A7qt9H{4hI@8}~gaGj^nOMl0rBsZ@PIjS58viMJXm_y}iB7ud7S)^Yi;00&-GNFFqwr3%8#j>o{-T@9xIh4e<=_iZ+G6`mSRk}j5q#oS`dgm!bD>$*Fh z^=>y-Ym2yt7x!%`jUNZR=OQ=BK(Md3fa=ozwR3~0@^~vl1(7Ak+rM}`?ufL)>a}xX676QK%-i}Rx5_9NMJ<{kY4)>8A`s{ zjjq#+J29fuo}k=Z*c0IX6u|ClltQ)iW=%Pg^HyisZ>qwzEHyWO zXlFFj%0~#G1u5vPr8?a^A+DK(S_5V6=%KpobnLjQBBCiO)~=;TkC+0m1_lPw8SK#% z+3o>LOX?lZ2e=WDk=Kupd@c|GV|af>uG$Xw(AA1h3cW%VrFJ)Vmefkq?xfhJ%i5gh z{n_HORle9zJ)oeh3&!onN0c6>>|V#{;PqBxX%WO2(7D6&j=ZAz0cS%iPImZVx$S2C zKxox)(M}Jnm;U>WereZ&$C1zgs!C38Kygk@D+*EUFoTaI5P~SjBC@gOX!I~W=NPKZ z`uX@r0mE`A?B1cRNe?L9o&K}nh>U%T?au3>4>59AZHAqxZSOfRF|qUc&iU)*R?K1c zetWF1{zE1{XW7S-7HduFXWx6O-atNISt0oETt7YCj_gyrrtlv>btR3Q_|*CjG>kep920Q&S^Kd+ji7s3*n#@P@5i^PpSYbi@U?5iAcV_pB}cG+vn`bbOyz zbNmdgrF4GoP|9Qv_SNyl=U96px4La)dEb?=9@3dGlJoApP@GmEh3T1&STI9DOXz}h zi~VaafOFyd*n5HB_TII=W6gh>$!ygLxTc|SNd7E@0JN?Tzo@)c)wTN#R@(Gu zHu`oiAJa}?&qVt7RvvVpGVEp2h)uPR+h4SMpUKQJ9Ak;UZJdcV9(3;4$uz}4uH=4= z`)_E2SEYnI*{}3O#>=cJ2S187IYQlh)rB5^Y;4_|5gG~SL9Q#y&xxk^+(VJAS8QEu zkSnE@cTYdsZg}3Z(VP1k3$OIW%-^PIEJRQ0bzrX!K#px_MwJ@iZ?@HkT)6QJ3myJS zYbi+CNR25FixgP%UQ}_8QtY!!C4vzv(wAx$kanh~q7$2%tOv5OQM_=$`?#k+^kvN5 zw*@zD_(UL~TRoi&+NhI2q_^zYx4(!uwF6sykeVfn#CK+cW{>}Pzdm@q92fH3O$kL| zvxGQJ@}~MjK$k>?B9)Y3Y=1Hn5;?#V41)$&x zi0gAwO*4z5Zo{rOJv3|wi6QTmbjz!%h?z^nZJT6h)Uo9J3e8wT`P_Lmo4nRJJ0L?t z!j)W{I)J|4P}y@i7aR;?lqWGq!3(UX4JPAfXE%#N@~FOB>iYwtA#x= zpWpIrwT6!bDmE{9yFXe$T-kF#ha)VmfdreNTtRCEOeUE2bstyv(-_GEu^!720(ypd zN=VF6_mXr6HStPp0Ox4ZUxMLUL4%>9^$#Za_HjB9p$Lj6Hppoav?D#^W=C4v z5O%)m#6RBCJ`WdVM1Ne| zT0C&YCuMiLI_yOe?=UUAKWC^mbhR~iX$y<=FcD+9Wr-s zarCneYbw<#?VP=e+BOm+n-S!MYf;IB zX8Q)BNo#F93qNwH-HGiLF!?>5F{Ht@*66)(Y?^+zMYlYh;WK?WTUjx2XZoaOxsDls z9aVsTT(<^Co1bm}FLaSI-8jv>ggCPwcukOuV~xiKLzzWefQ6p#aIg+4e=00&!;bk_ z?opWY?0UU0C=D3J<q)Xk0vc zWkGdkxr^5;rH-cyv5qz;PSxRXQ#@Ha5D+*JL-c&KGh3wxm>mcfOy~;7kVJIpI8k*Y zpT^5U&-RgmWpJb>kZ-S=dqfOXkg1B$ z%MZeay_|JvE53%R6B0Vl^H(hnT+*BB-;{dS=YrtjZC0SKdiT^kW^TCUT&#jM?l_U# z<|Eubv14<#_0NM+mvrhAnLpt@e(`&jG`@97B|dJeB@1@a>^fYe_l-(HG3EtIYG}iY z)>&@(nYStTU}Y^R?EfRr2&QSEGhXI9Jxi8 z$q~o}s3(};tj)R39bX>G+;VA{-FfqqyI^SQ9w!@X8tQYP(c@_!O}Ets?_9(!h6o01 zg1VtxLu}C3yT{2Wz+10$d}o$J&&2i@*K`49qpALpt~RLr0m`6Dqsv};s-C`86>eiW zKyA~BU^_uru@I}qcZlevLtHaStZF~IPUyab=xv)EDRtDOq~xVAk3dCbxzUbLK|w)S zRCLF-=uZg-aUyXwP$p?_?%Nu5JeV67_A5&YFGa+eIi&9kw4^DrWt0$)5QXB2!5JCh?W+$H=oiry#a6IMxK1VQ0;%TM0ut9> zHH=FlBCl5h!lGdYPRk1N)}(|b5!mtYmJ-7a+^RkX|IU%-jPr8b|7CB5`NRnSI)bC} zO!f^$EJ!BbeABgN&ESvl695>;4=M!s2&!BoKNM1DPqcr z(tv}sw`h1PS0EN^92Ejra)O=*2rM3^>Q0CgFPi^T@#kwQT~wOAFON*}pG$83K!ZHt zhQD?hjFvYuOG*Gi%fW`A=kN;;yr>@+MVL@K?LF>NcicjOGbmGX!h)~AU`$oGX=mmp_ zNJd2kEA#3EpqI7OzZuj*ZM^Og(POsXDU5>q@Le^!YI2FAeZt6Ox&Fn5pwn;qX@}vH zI1qt)(#D+qCgXLr&EVYr2w{6d_+7FF6sQn=N$kW*duz{llE`%?Sc^>CoNpyEs>fe8 zpfaddf4W4@jvLZ`1KIF5g|cWeKQMVm?ujY?QT{=Rw@L3>S|DrGzu;*9EsKuaa12Bw z{)<8oP}2Ur2iRLel7EJK4E;MMg7M{KoOanQ@*(~&-U#ZXV?<&4pEVNX8p@+){?94~ zI-P8AS05|*wDo^pyPo22X<`4OGEhLIoXc~2H#e>LRW5mwWb;Rt+T(s{IwlUm%sz z?oOFq&nAhRgw%-Tno7ze@Aj>z6nev9tMT8nM#jA!#=lt7!PdpVzpbk+t5=2VEn=cB zlB0C)%BGH%6(^?G>yy1kmWG`##Sj(y>%cE6;9|)A`P}Xgj2@6akk0N-*r!pi&ks0C zDTiUHP2+Ol9#yR{9>3t;(JK6A$v3UoDf?ifJ&?kjoN}Fegve#B>jUPQAsj=ifymXG z{(SC6yQV4beAp1ADBFB=F(7+Mc^`H}8Be^wfcJWr<)RP!~ zt>!Q4S`Hi>ONUo)b{O2Yx-kW1ModiW^rE;=;anMj_BZ0&lueU8u+vq-zAgOhscA<& z-*Hy`xPqKjwHp*S7m^Gk%$`9wc)wz+UAPpKv5+&|n%*B?j~h+df32>Uc#G_W?kS$g zsLj+kCeZ8?F^u=_j6EJ*RJg$O&tZuz$Gw5IL=V*=oyYFqw%5mk0$IEp(^ler3Evt? zCFT|u3>#NrVPU%&5vC0l6Kk_AHfevKRkD*5`+S9d{k*?_$wDvtd=RVo8yKq!z3TfE zUyhxTezy(p^)!QNEnR7e1lE>TBrGOIVnVyM-{06`Y8z)xEX-^^SSPn`@6LU5PD|y3R54mraCj8{-q}_;yw^zB)9~oq!Wu#Y`vH!GCS8c9b1y#WwK~Kdymy<>x{2TGY@$4wek%lPwBj+ zhG!uagz)v9*KTn@())Q!o-xwCHO(j;T$F}I+Z^e!8@Rt`Qn{V~sJlIStyfcDb-Y!W z_S!G)x*#q*AdGr+i9E-08I7!=WBv^rU*PvTRFnG0L@Dh^lJ6~$+2g2Zw{B`+E`#{2x^y~vkm*2TUyjoYVR zZ?At;JdqYzHoYfL#;8kfIhgK8pM9Hk(StUnc+-1z#}AIgZ+~4KZC%>+UU54#bzj&G z&a5#To#4=?!s{qrJw6JtBl6f%5XcDDQ;QcZl?`^P-~usIM}v!>w(Sz9+jNaH5Fr8h z(I;;@Wg3d28K;Ba^1l>>uTBSHqPMQcl%!z+{li0g{}OhP&+JPFE=iRU5WqUIUZR^r{88tUgA(5>+m%@oh`LT4cNP$ot-xGMqx9q%)yXn#krPM_ z8Z{Z$g3q|V^{D8@J+_$Nn2Xm$jN6LEcin*+?Ls;qFm5X}oHnd21^p5_lvza^ z)VP}&x%yoS>NTPKjn#_7HUxl$8r5mI?HbqxDPLs}t2gwG4uPd~inI6qiNq)Lg60HhvExlS|!U zBvOZR231ah7D}jIdC%B=1W^|F;?yhz+4BV#)epc`IY6w_D*VE z5=P`kH;dP{|h|CscT*Hev zz{3`!!0V+qw`RMhi@1#Hms6gCzglXs`1z}Xrx8#>l6~qKx+7W~8gMLKcuG$06llfI_Vav;c~DYysmVWnke z_CCSseuPN8J@wMp3ByCPTYtY_IJC&%_0Pe$5V~;VApGfqeZ9bp;d70YGdbLkF(saQ z+PPDVVq4Ju_(jRJ)ncr)V13>0dYY|xQ2EV-HtPx!pk{1T+hDe4)Vp-sPrCDQ{ZkFt zX@8kS-1A6l=4pZWnk~DRKUhIRYsJjqRTK3BsWeX!<1Lkvd*7NP zmxCQj=gDOk`x$jd9^KK{Ievfc^nCM|PWxs*-T3Pc}NODZer^e zcQdy}46iknelYn3dBgJo;}3e}^<9j>+tVB)7+h*O`Slql(z;-G&wd|52WF=qSi+YT zzzKzd(G!7q&DV+(Lr2Nd(QqMPBCkq;nnb z3qN!OQDir#XDO9pvDNUdx|(G+`H4@-CrCMHP~jpcO`X(8Rc-gh@fy>9#zW_1iOG&> z@Lcx+5Mp2kV~f}LOuy5Kt#{=k>xjA=V=2x)t}*?>z^8A{2))1(nyW^XVp}fLDR$gW zOEErtc~Ff*M_<+%%aq&LYVW_D4&j>&g7%!{a;55QdnCA>ofU6CK{qt|bfWpOKj; zj>!nHtWBm{cb9RzQDWDpV%twCYTCRgA9XTGQ8k{7+A$~|^%1RCHKZ?Je9C2$KQiY`5DgJiI!)b8stKf?l2{Z|+z*+&)j~FFdwQ zMekYy+`V zgT6QGbJ#qrCFmswUHi<}z1^`4vZN;?hw02t^sxxnMjNqw3bI6O_voD5YyAwj9mf13 zI8v^A`cfx?n@HoaI!+Kujn2l#t%22>^gbI&W4}|N2Yv81e=0PakpX_X2SSq3akZLI z$`2+rc9Kh-cd0C9Mvu2=>$$3->}?KZ2Yl82wBWAH#2qVi#P4dzcEdyW{lTCMrE;0cN7%>+Xy zqtn7@pUr1-I6RWROtW8Xp^U-7U11e{c3%`?aMKA(+UqDO`A41K`#vICxd#7q*r@nC z8tq4iAeEG^TLi3cb>Sho1)*kxK%q5siB{8BBF{6$!w^P(Zx4`27#;(i-!J{JrC zpKq*F!rI=2`fySXIkU}yDNcMovVsDw~RG#JLVA|8V8=R*Zky z+X;!Je=|dypy{Vr`ps!&oA>0pw&$x#)G>S5YL0IpuII|oW^)7;pN#QIRP-DKHVfZ= zA@4TN!ziuK#{*y@-nF{ACMHhT3~o9ryVpUnJ+U z{`#JTvHFB*Pi5zoxF5RH>pBF;Q)l`6!8gt^neU15~R29WG6Lz=oX*z=L^G8@((jDuT<86mD9RK8K+EQK#iR zp&1?>{?1W}P`Dac+8sD+n9FTO106*lWrHcCe%YXGI<>PHB_(7U#?X45_sG(*U$& zLo4^9z?J%fJ@psh08YMbK!?4&NhqFYg~hrs?2P9Oi}`f9b;H;`;qD`V@ixdQz%78dthzJhhL_ zNmU=|RCLt5b5pvr@4MRVjM*m3hha2w&Rdih538k5S~lE+DY`-I<>VCxIbw`BeMc^z z>TeT8ylqRedRYhvh)vU&<+Gt!Bl$uMF$C37qVg)TUZvd(mi5t@=2I#luYYCdXMFOp zR@x6YWFWDEPNtl!D*+k$eUtx$+Rr}d9G|gy*dHG6e~0I`Vr68uW^g^fpk`?X8_Zgo z-w>4bw#>A;!0(OVXhX{pPKEkVO&_V;H)Y4*k$L}~z1lsFFo9qMhF=#iMU z)U5=m2Kg?9wo!O^NPSGd^8fFHb$nvFdjoflN~wmb%XhM-(s+jAU7`2}CtQy`7FXpsa$2*jG82KK zvlCkcWJ5r3uKaq$y1+`<`Wq)2r^a!;Z}2`(=k{B2-Wk62hXc7(=WCqCa%=kQxO5Hg zH;yf4-KR6pjV8tI*+D+T$1xvt$nvY2&3_jvuiklK}e^E3EmS zg}-?j(Z*)@UDyk;w<`jP2O_rwZIL(_pI2n92^9yx?Q<^^eg>lfj?K8uXVnTUENEpV z3An75JCd(3=MLZ7WdN~76mnV@W!~1AKZA>Fe{P>I>TVy(tfsy0{_1kQ>lILqEB-Tb zCYoyegJ`-?3oYIUom0qjy3>>-(sdCv&Wiw3%W65NF{Lg5De8h~M*V5E#Sw`;4cC2* zTo-IOP-*eX+)t+0=!mi;`ZtVyk~LZAw6pojM9+8@*Qe}IHfzQ}*lja08@S(Iwvk8G z;gZnc#DfwnjKwh5XIoCicqdc86(-8`f#S>Jd{t*#IOTHVW$f2)7_vdeGdFM0%^fDU zyZzPRjf0V+h(#S%%m^?Mm;HPfr+p80m)rUCtw%hlQ!dVV;q~W6Zm#%7Kg8l1YJoUv zo~RH!?!3TDPIGr@2oWZ#73RR= z$|W^gC=!{xjevZM+1XS%Rn}%ddsjn=NoG%9TB`~Vm2^9@0-|MiP)Xv#49~_NnID=; zXRd%4f|?CP2>6w%T`P3anW;rJ1{nZ0s^F_YBQYtpDn^>viF_rb@tbL1}^?Jo*SprzMrI<$#A8V=HExN@sihtOFXo zl4K&bZ~X*9gQ}=fvyBOrE@T>zS0pY^=zoy-?li@#HN{pozKpQSQ#V#o8F8j+TbqpR zu!?d{3^e#6;sRG3M8s)YNcXCo#Xv1`?u*}8XuF?v z|D$xlgtoz_DYJzsS!fP2?vZiTSCT-*la=APhFu=hcV_r~-dI{1`fG>E`*U zoDPxzLt>Zv^q;>`&u;U8=@8A*&)f4_xLD#p?@v`|H6h29`2-|EZr^PgimkYg7}4*A zRNGv$TGmOzn2ok9pXDL5FL&9zXx>Td^b!Hh$)fSO=tKInG&+}qF*2nMwP{{NEB5|s z=-Rd&=&fPBu;)}17qktYkDF+J`xxjFZdkg$<;Wnhf%ozMP$$*fw?c&JVx_Iaa)-pc z^oXRGzzt<1%7oAUm6JXH!^3DBnYK90WK?3enE+3<8*)QZu`~_(Nz%kl0pD#NWI8A-U09 zh~J$n5Lz*effdwm8CU;=Pw-|)^0DDgPq679*Y&;xp{%{se9(;ReiMG!v==FA*pfN= zE|)FEcwFQUJ`O=^QuYDN zOSms~j_hv|5LKNf^SC^NHMF_$<&@FN5>%dIx#lhe@^pX2I#hRBbZE4BILGx_||Giz_ zs0-mNVq9f&a(rb+ckiKI7;q*5H`^y?TCAQZV+eehlxyK;#G7MA{(QSF)W=wukVA1G zlE-sjJt~ZTjq$@Izz;sVGt#@Uv)cqv5`N*vCHK=C5@h-dg<>NtJrCxv_qo93ar+R7 z!x~kQ^PcF>2lzXV6qtVVwDo;+QoEUfx2qlB5A9qFZte8M>CC!yKNyc)QqLpdeI?RR z;~k^JuXTT{x8vMGB&yqQj`B768lJKdwR%hYsQc?@%G1v^ZXY~XNrf*E)l}TyhKf9G zO&4b`9ZsKfeuq*x4GTRc;t&LMu19Fm7(6HGEo)%+Ct4)h<5K6_HHV(0--=r;4G5if z_5@}*O!|(SU}|@*q;70SL>A6?m?O7@P#SKX9*-!1R&x4xyN|S5PYymfykO2!KGWL^ z!GvBRhf=r%!`@B3ZW)-yc4szZ9tVchjsw!_PjsHA$=oIXBZ9#2waV!V+^=3ZNy^Qh3 zkSg)MyG|{Y3j8SwU>XWwpl##v=-3GO<6tTZaiolFh~umRit_USTS}lLG}& z${)=C#E7Kt|MT2``@cy6i2i?mmc<>JmE(JFqy21t0{u1Uia@Cqx;8gI>m-s++H0S; zZlg&N&qa^)xDztGPYamXXaauH1%Oe?WQO~aaSli1xkxne#9%r< zTq!Uo%8jets~mE3U>P|4yjVf&`# zoNptI4*0movh(7|vZl+dD5hG9krlycyJr)DJ+HznGhUf{C%v-~>-tPJX3KDYPqs5R zpU-H>Rkbg;-Cy1HcuyR*W{5Nt&LNdleH)TuXd9c`M{3DleU~RV#;$e0X%FtZyA+Gs zf83KJDgF5h)G@`gK@EsqLLMA1K_=M!KRmrA$$Z>Xe@qLI4VXw1%T_&$pLjHFjbw<(kyDo3B$Z z*ZQhi9S^XJt4jZvbmfR1YkA-F!?j$^lTTOz}XqrsAx+Z75H)I$g-KFq>~(6pfQCV~gn9?q){W>@*#s7xLTNM0jVA!h}Li(ElnyPb)Ts_fqfK$QxG`8Wp4?3vW|-Hw)e<(}P1h^3>%I0y4ysja zJd8y=R+dki5V4{@M+JQXNy|Z?p!<>%p90&Y* zIq4%Fh2NyQdbNR+d53gZ?pJ&Vu)W#-j2QhoD3YAUKg!_ehlm3IJ7nBCmb#Bje&1;}&Rx|YC~B4R>&61p3Kf_gz(R2h&e3t&s;!rAWk@v&|K%ET@czBI>M z{Fw~>J_KXE_TT*eGj&v_E%X;Z-1}Z zeKt`^M6}}YCpk;3Nx3kd?*+g|;fZTrcodNYwHHVarsEtX0N@ zKa2&3_>8+{oMDoZZC((U&h}oRB-z*za27FzJphjPbYs z^ywj?&FUOqIle~zTUv2H?-!#TF-lAx5G=G|?Bs+-!O^5CyITZa{K8j^e*GpUtLcXb z7fAbKsUiNZ3kCdoe^F2eT^?;dC!xC5^e;m$Pt>DR?d%m68o$!hm0B#$=@oW9VF+jk zlf2sL)FgU9C-IEInCe~0`TliQY1|kmVI|y~EP?iH*xGw$D%vW;#|>?G)6`+NTAM5s zxa0)o%V5=qArpUg$*Ame{1|n zNtfu@h=RvSo31cLhbl*Rw~hWmF%;DHxEH}jBbFCl_EdkLi%#8e4+5!OI8PR1(0iWf zc8jg_cer#t9*f+A_CvD^V~8CO--iZ+ICMI}>k3@tL*hn`sWX;m(O*l)H^HE*(Mp_!tlQs0xD7hVEul4NG80RFS3;?pd}&Qd#r(S6m2q?DtIEP>RhYvwBN zw_m~{$V)nZr@2-{D$|DpLe4FY)(p9ot# zs1unB)w`=U;H^)mX1>dRbLIQ0R{ZEjeYB~@qGCsVM63Zp@c2sqV9U)9Xz#g#FIJm< zNBEy7w0Z@U52rz)-xZak;h@a>Vt@<5JXVp4vtdHwV9u?y+l9f;1COSgN#qq`zy!sp zEk%PLG8#QVtb`KrGa2WUh`1UBBxjx5Mw5h42ye3eu+IH*xlPK}j%yLfRQ#=mj;lW0 zMo@!A z_XKCJy?5iD0^6Wx_F)F*Mce97in)>1wUQLL;lsD_^?j$t7K7hsvr_kFaujdIm3?x} zizNIQt@FWK&`cjrY{FzA;SM|1vnFV0`Xv9^<6!oldnj=NQXyQ11dPXD%G5FNj68Xw zGK}vg!IS+mFZ<@n)p73azqs)dM#FR_x{x8YhY`fUorPv{zMUQ`xR>z9squ7#;;BN% z<2;09e4SJ#jVad99pF3^=1k>Wzkw2l{vJI?XR&Y!SKskqx8eIJW_OAkxM=eSjzyrA z><6ur7{+7zb7^mcsdT?RGpg4|X?QKb=on`xLt448+%RaRml;c|C zz{Qv;EYL;;P_jZoM)4PRbB6u}#JODD#TnZS_O&G;X@1=Gmk-t6FDxRN#h|LW(W+(An{Hy@O@E{cPh4GS@3p70IBMVKU!xkCe<27G znqF1S&q^Cl4?MpY{r=S|e=RqC&~A-Wd{IS8t^UJF9kUlhTyqSMBjnF&?)OG}zu`;D z)WMc3{jJ`_>qSIl`uMnXy(=AsUURBu5Pc^cx*5OI37G=f@IDis{*w^pqE2ACbyIiv zW&@S!pbn8vm2+N0Owb*`XOqlUVmQ=OwHCm3g6~vXME}N%dT`a)9@{2MB@c(f)brd0 zNL*eoYf$^TNfwg%Nc=LmXxe2{XDTa}64rHN8gHH!k*#=KKG>p*J0UD2;^RrSHU22I zmKfA`#ppxOAL&SSD>6OM{mscvHHwIFZ0bDAd0KKsssIl^MRXK|0%-i)S`Yu3dfH%cU-8Ion$4T2 zDbAj>ooGKxqq!jwRVpRUVJBrb{Jsh93o(YQsw4v=?!z*-SgFq-<--}osH1;> z@C>v8ua0b$5}UG?H*^PY!76W_7!EnXR?mu5jpIjNK*gcNBZy{gx0^^EsSBn z|40X;5wqR?Q>alRARxdPv1HX>^uzB8%wnA(W^_*dfw(XD^5Jx$uE-0{-_Fd}JX+>5 zdFqK)l5@(CLq|nz1f50ZeOV#m4(EZLy792uP7_5MGn2atiw13S9QmG-J&!@^H(g2MF79IdJHxF|%nx zR%HvDV1j(XUl#?rHxSjCrDXf}6V`3w?YHap`__IYJnX#a(45Lifqlc56BSe#9DeE{VC{ z>*A<{){Bd-^C@^H>1<57Llx(%@uWVCh(um*9xv>$2B{~#l<4ClZDml}H(`SHFB_3Y z=fFqmGkQ!c`z;&=K?Ela&^%8Vjj<@fI}-vG6r;Pnb+NXwi6uO=&N#@cPA`^naA3Aw zZ4^^V>heB^QXOd-nS;D_9)OU@r$K66{qEvz2kv+f<}5Xl$1&}J{fPqlz3_oW^g#~9 zbLQNm~f> zHVa+koSkkw(S_FqGXx|WTVg+o*2!g?8ko_#zL%6b6PGS!ULv|OKs_U1NGdeel=y|m z-{+>drmy{jmmUUR#@5V~VSAM{5-oWgjD#LM@@rD2HbLT-RR!TD%Fa`uW%hJ zuAmd(|GQxWv-U5^NBLHvsy_W z{&i+_I4uF|tH2uTRgYWijPa+8Iu8))!)*8);<(w6Y#(IY% z!0vL!*BxC|mQ&$5V2rbA25iW?94k*#Teo!7$i_J~m=hvBa>}}2F0?(Iju|VEEPV7P zpjogwWuuBx{mLJz|9Z0Ym0*B_IMFf1RQa%8sm%xJ<^-^|%<=n7C<@%>L+tJY_@MQC zkC8SPuc<)bym(4|*n7h5ZoYmpc$DOTH73-R-j8Zcankt~xBQ&IU1DHQR8;3-vqRnr zp*Q!_B?mUi_iHyGS|koF<|wBtxHTXH#ds4_ZHv}zNuB>Tggje}m1y{USanGb=ulCx zGb4L>9rJ9g&<(x2Zc1}gz+H>xtx90vQ~l!Bgbyzl(!p&vPoSFX<+of4%VWznS11FQv*e7brd$C@U)dba7$#dAjXk zmm53y)_>+yZ~|X!^@kANE;TbFgP^vqPD)nxWfZKI<8yEXE=pwATUu2OO#I9X0YrBl z71nAN?01uh{v~jw;s|m%l(!xtp$x)dyQ{0#YCx~@+=o#nbk=IJ#qhd`TyD2U)r!7C zIZk$&`!?vm6jKPjaJQUPv)zh~Zxs6_E4dyI$cEd%V0us{{)B!Wti+s{%jtQz?EKMW zBHVnuX_MLFku?QZ`)HBl(=kfIGmu7l{x98Ms#Y0`B)D0Rw?NWmrKDaCE`7;NW~K%; zRtAK^852v3>x1{P{-g3guUaoR2YDZ-B+c>?3*S1z>Im7B)UcKsu@GVG2m&#~7&b&( z8a{P+HFcvU*=mZr`F!Y@kfxG^)sQ0C?0Un01{gI*%np}E8!BF4Yr9C1`K`kG>a}8c z#UkUA;LBfk*B#D*axO|33WC&8gvu!@wTE^Y+)T{)HhsFHrs8)WhL+AxpN_wFrU`~N zJYuZfb_b%^Vg*5Mq7QlV3){If;dAOrcoVz?0zEE=vpGMHm%BJJaSDdwp9q}+6uhWZ z=9}yr&t`B&fsEizy4ISj0^q|A7$0C2wlm^I`p1v`&)_um-<*QwYZ`b(9*T&5! zMXQ#CL<)p02_8azqvzeD?)wm5&A6Hs+lS@6D%FxR(1s|f7o9YA<*8Xk8cVpE*%b=u zR79iRsz_1lPo6}pF2+LIe75&yR}`t5zoO^az0Wtbhn&Z5RfO1|%o(1W%x16G99?4G zqT_LlY{M9`M!{^eQ?RSd-l}{AXr{_~>2fO}cNMxdQMKJ@QAEyyZ*-fxl^hPs9Pg%@ zUdhP@ojn?C2Q^j95jrH^aWD)<&rmpE5vRuE&U&FjFLJ{Z&z9lqo+>R0H<0^kTn;a1 zkU-Z7o7k(q*P!9g$lDe`6iL2VCe?ID$4yx0MeqV}z57IHpKo7F99tgq1TVyUe<8a3 z`{Kd0*EHp{qIj`cqQ%UezVV?d2=JN%#7Sj&_`TX(4{RMXQhxHZa(bF>wU_Wjx0yU2-ej?YPz%FH?GHNofM5~~K7_FS zRsy?FGSdc~63a!kyL@(ZlPbJ<2d%dOu}Dc3pf~0>GBPq5R+3oU>f$^bc(jtpl~!I; zsr>x>tTbqh9B0%ZgOQ#`k8u|2&^aKzkWyDmhH{b^U%!f(nil>O`#^NMo*?p56X{1K z91QxhSKXy$jmsecb%F$x%Xr9T_IvYQskahwa$>b>LeN`eaS2>`f?s3AZLQjM^Mcy3 z{;?*de4V9gK=$?ZrKF)O7G*MZs$N^zP!*6y?gw<6h zN~&vi=*36fXKs<*qW`_*9W8P|`j@Yu4yQdeIV&c#f<`v*PxnvZzFx;R2FnbI|JlJ` zz&|2n&CRKE{jPW{a(y6q19LmOyPr{zgw<642eVvmZr^zxEp$M0J`f(LY#VBfbkT#O zbXosXQ*&LIqws&)QM`}X?mexKcRwBE*5oBvG;6A|&sMgA;ez_{mZL4M`&eJuE6hSP8p6aWRnsHW6zuBm*IJ zsQ#24Mo^jc&O97OQdj$x(!J|sBB^|{sH$52N$Y;g!Q%f#9D5Qoxj*?G%=MN9Mr`9v8zmw$`x+yS{>$e}p(_t)(t+6wTTSp>uKUboYg$&d zoYa@|6FZk2BU9}FsZb_Lnk6(3-h@kx7&(sKCMF2^$eqo|zAjp$dDW!j*Cxvj4j3@+ zv%BlCJ(Nd4TL(4FXDMeK`rSE5BMbH$5#f}ab@3T#eR7?Esbzl zdp*)8mQss<&qZNIB^E(g&L>I?q0Sf$9xXSLzRt6qQd9d?LFCh_>Z#9P{97y~^JWgJ zZ;Ja$Iov%ZugVz277VqN$)qy2ze4ylZ8@``H%75Z2E1KUYHO?bwDEN&I){cp0|zge zqtQ$9VA1hw-Q!^@!Q0hLW&IN!ZXw?i_oEMv#9DtHxF1##bV!`Df+zYcAhY~;MUj|; zJ@|I7QOC3Pdi-J-`8xE8mI#C5ac?#BM+S3Ftc9HjI)1N-5dZJ@UVHbONGkTA6~`1c zjHzAP4c}MlO}kbJsolWmO$(@A>dhAZYKt&-dc8HB%kJI3QY|_NNIL#Hx%sPPZJGb& z7{!`)RB0t3ICR?r>7DqlaY zBQor?;pZfP>;25W{??^kX~$Q+!A4T$lN}1rb^TTetv=BPo!sqdP+z_zafR#N<5zdJ z!2=Dyh>&_Dw;@o2{H`?GpO>puE&s0F?%(KsA#?zUgG`Qx#wKlhY-9CA`!O~hZL|B= zFDCzt;rITLA=wMJSz*5K7fHVy@m7PujU@SEYH#hRGJiuC4tj# z84?~lA!Hv(U3*`>-DkO6e8H&VV(-r=-!}x4tGmkgTG1~Ai`V!xZ|*X^+f2E{|457J zqng5$@mf59^!WQigLf&znF{bd?s=K((t7C zuoMuT(GD$DiPvpUm@Z=m+x3pNsSQt^jy7@CgVb-ze`Lf;a&~^I6((l}1Q~@0zh# ze-&Yb zu&M8`7h^h1ddcFOLQj4-S%C65@9me;op0v^f6|!Fy>hAO?y)e1Vso85*=!HII=A{t z4@!n`rg!^(c;hww9y-q%h|vG5o94M^9*?Qt6uMbARAQB8NpgXRlZIxvv_8ppYS*pP zousfyQzusTSy~?VymE{-EMKP2?ZAA|L59ZQak`y^y|14=!!J}!I(z!R{I+agx8<8j z#-QJx?tkPg0r)<46pO#=KARe z&I$$9+54rD^?apIzh;oRKM4|r|1y83Y=@uYw5DS}xUejn-U`D2VCK@_3|Ob*!~ni= z+=9;cGOd=I7skzP)KT{h3a|G#z+XzvcW$_R$%ej8ep=KU-;&qol+#vFF~veoJxGQMeS#J7GW%ff?u%hTffXxdLHLx1ImF+$QR-V3a;(a9cG_bh3 zm3`88W(wsKKGx)bsVkpKK>#qx#+J>A}shT~X>{f1@0}JtlgvWo<)|N|7 z%9Z$ld)RR-cK;%m=;(BFgf$*HFCBEGy$!Lar`INbD@yo;)kQ{A9glIpCUM&}8j4YJ+H---bbAI2WVm-kPIwNs~Qo?#_xi%ci?n~iczyxFP95d2A z!_JU>3MO+gI`4vrp3m14@a1mr{2T(c(+2AO3{6?Q+AMV~ZATVp5AP*8P$+$<5a?$r zk)G@e)*Ymx@HT5@5y~8MiH6}CjLdjqS8DUcRhC53*dQLkMTQu=5CqBIP~RgMe5d^T z2&|18CVlxgk>H7m5VZq6M%>lB#}Z>;EKq0;E3u*5`RKq1IR~>9MkkUQ zJVbR={nU0l9M$UE8O~|Nq8RgCt0{*-_pJ(iQbdkqaKdiaqXC{#Gv1sN`hC|->eH6U zd1lr~@jZwxGPV+7RH;8E--GDx0F0-5W@6d|Ee$QQPg^3?7QxP13UqaXFFE5yuBRLP znJx1_vbda}t;vB7>gVR${rhvUIzq&g`M;Ur(NBUchG09hKycCU2i{LG28GMb_4eQC zIy1U!qpWEmO#7i?=?Izlnh$aUA_$>GNZbcLdSYEUd7<`Yo;=9MUd-*g7#H&cGFqnu z|9GSnXTL~`N@D)Z~9-7HMyYrtE+GY7H{9GA;H>tDSE4(n>WlZc5>D7AL zc&?xobPN8;W%ayRBSGBFGrh&{)Fgd@bAUTE(_xF50&2YFql;fg&mFp(v?~Fdoq-N< zUMkPRU=>e4{*C6&h+#VLeM3_pUlr}(2!I$3yxdNd0IF-0RLf>Moe9Zh7Oo(v$lv32 z;-GcesGt=!z=pN81dnNklw4m^+D$? z$AFRmPqoBnuls5X9b4x(?dD)xFC;4=YrJfx&MzmmS5a-}VyyF~Pe72r((oy+J@{Hj zux}Yigo_SJ%s!75xiV3WWlr&X6S#p08{SeMoP8RjUr4>k>#kHbXpXYq$O&0_Hs(#T zw_d z;(IOYVr||EZW@jmfQ;*w2>w&#$jz;9tv>W>ehZ+1UV$Fg1JY_kK(jZUhB#Zdvjey(HURBnpPz?YIhf*7l_m~l^bKdy4jKb}BA4cE=uKUyN9D71k#TQtu4A zg-D9Z+md)T$IO2FeQrXl+Ii&LFtRXXHaUO51?n&1xBSSh?s|gPxUj&>`GB0OEjxO1 zQ7GugB!?yhm8b7jT8L@G-pi8=^|)mXVlw49X5)FSYr@0F4y<``ctu!C2{LEnZlud3 zc97n8u%<+PYO{Ravn*SjpHb8Zh5HP1ylDI92U$c+W$z_+rN#V{an-vez5rb@+gtJl z3saQnViq?HCER#D*6D@uu7ds5M4_B!{t)w9=IV4d(iuY3*376lmdYaHZf59m5?`45 z-&cGNCv2zkpT}K~@s*ymmBz$)Py;TWB;HTsl1@suW09z$hznf%yyFN%U*9b)oRYRf zw{sznmyK-~Zm?$#vF7Ocfb+v?ouPg^Q^uXn>{7PAY?Zb|YbDL=>?~4$f+z{aj!GWU*khDUGgp@YT5Tr`lBE z1&!l=V!QAcf}7|{8WnFS{KlS}MT$y!t<~m=K)CPibS7t7ntjN-2Dc5ezroRtYJrO^ zEmuHK)-qK)*xh`?)OF=$sp0YF>hRCeAjR?+p;dR%?BGdq-XtEs?Ek{6Jjm5zbCtyw zaoC`hbRPMw&=zxA3)R&8lnPkVucZ(g4jn(zNI?atr0XKaB&UNczhK3b(3+~UodUwi zu<)?`yI?J8^B{)5D?T8-;ouK{kYZ)IJy^!!wgOz!Fr#pTvckpIn-3xwKe!OM(riYz z!^J771?r(^XFf4ghn@rK79XIObB#lKXk(PCsmIOr`JK` zb0<<0XOV4>;iWyX{rHgn!dn;i2F{MoMKJ^c>_~`tqsXtPn#W)dsv$G?*KQA_BR8@K zmFjp-K;)m~EM(aB>TnJIs##J>ntYo}_$GA7T%xQ`BZ1@4mO!p_I(^RoKNms%k9S#b z6g?F?i;J5S6znL@V!TRlSYdYf60s1%?@SZd+TYC7hDuMR%apNAt@{$%NnA8^e$cf(5}x?)l}%X2|jFixA|TuRVg+e(M1^Vk>3md4Wjw z<=gEBR4rck_d60qe_>;E<r;Eo`k~CzH9pt70Grip>1rm``VtnMuL$N=Su^dIVdS9k%-eb=q z^ZI`KQ})UiZF#q4#hL~ZA(8IWg802O?UdbBR%doL^MJ7k^eqh}nav9%CiywNW?5hC zB|(_J;Ykp1-OEoa%!dKIHs)_G8=bB+lI(W^m(MoOe~?PZZ z`g&1ba{#;5>`+BjJWk!f2`Naug#$cu)XDm;^N(g+Gue|Jy z5NY&nCOma(N&E^y!O@_FXK7{GfbEAvcGbn-i^5K+kbZBzOpOvv$@qIm%0p_B@Ueq+ ziH)7GB8tt`(It}U#2VcC9dLR!D?=NQ(sJ0M{Z^JD8?)kpvZ=St{D*YcVl&qTU9tD^ zsH;HVCCQ&oocnx_hAN>L@W!X}ACclhNl zSaU9hQtUgPIGk&;+8oA&7{!Z+>yrh0V~vVKea75&Q~bAN6+QjP@<;CI23O10P>N02 z?L1=K+LupE2qtaJjDp2Sw>Df(-@31Ic^IJ$+(^5EXohSQ3kCztDLYOT8j%$%yzAJzzD`=c1*pGpcj zHXH30?t8mPcFk{Ig6<_LAbF9N%ZqAeZK!jrV-$R%ItWqdw}NM`zgU#*05h~UsfC@p z;&%v}jl`T8Z;yGHLU*f)tWlvenY4Urwoe}iO5pCtvS8S+=htK7*tV=0!<44btIdbc zg`WhLP(OVRkEEWm|7zdy!eiAK4RA#>Q{J4YSi7gF%gyQKwZXTo>Im2TAjZ?-kjco( zMQ?I|!USoLPU_zr*t9P-yH+7(b5%yOp8i$Vx;Z(JI(Kzzl6&nofkvQ95NJ;ncE3f? zso54g@&pe#|7&!pbeNl)P14;F@{@Em=V_*>qZ;mqU=0o7o$9-~Z*C6g_wtMbA3Tu?ir^3jS3Z98i zIY#WfDtH{n-qPm2{du>mN0b>d6R0_?jTPD=F9M`29=bOo^2@*Up;P?G8}Z#s&Z)!s zX*I4pwR!e0lb}fY_V+!c5Xj9u#YEVc7(>&HddRY=hnfd zTZR9n5H2C%Xgr0)KmLT}Ij0$29jV$m?24Qj=^gN{j4Xg2+EF3&rn?^wb+>A#ym#zS zjIx@UnLRu`K}QFH12q0iI6wM_LX4A%g8HcwvM>X4D=@#{%Na|PV_^I!EDTY}OpP8| zPNB0W7Pi!*XjSRK$3bBv_HrP%8YV0GYR&O2-OZNbDhX#hfkD%oTuLg6?Cj;-#qvTy zFPh2fY!#E#NOAg5;UvZOi1iPfVDivk2*FlVzTPNKKMhs<967v@7TGt}l%xejO+qB@ zIJF?`ndll3PfX%d1$SLo$8e?o`V;ZElC&M`#Cl&ao6}ELB&43{E6S#*K7(Y(5Q+G- z3|UzKCNZzLa;1uaE$pL^B$`keY6>&xL(6Z#LM&hdR=s$yrZ{3s+^f_BM?Z?GSL zBB()>Y`0~I^)~^aTf2{(I7+%E2`hfg6bSW$uD2hS%{bVH*UU|GKqf zG(NGu6i*lCnxRZ1b{ZM=Q#E}f{}-SWc)1tja)K9|3mah%%dje{k_(Iymmn{&Ba+Wo z`1ZHv>L154J9W&#LSCifgmPBpTa62VI5=;S{8PR8X#?Enx}g~=#H4Sy`2ncMB)WKq2wY$gc#65=udNH%IKs4f1Hp2do}EwNc; zo&@uFjO~`(>xtfoQ5W(yJh>eWMo=x?kJm)+;bqsj1bB2KJtpI|OS_LF-*|Q5gSA*B4uhn;yx=3vj~{=JE~MoAc6N541I47|WFx2+42nrH zzjf5m{J&b<*QN{uRki)@061uEECvCsxIWjFvbt*I{CTY3A0$iFsff1iW=aMHrGc>b%xdohB= z68T@7%yukhS{VF)>s!9OF$aYIuWI(~yYFm=)5O=R5qh^XxHL?aRHPY5#Q(#4p7 zJ4$6nyGXEP-mfKj8xohq+(fBgfyrM=h!IPf_~ebGC6e3%2VL^1m=3rIuO8M?(C7 zgnT6dD7#vmnVRx9!YeKF9K60Md3*2Qgti!!l^qLh(1Ej%WRIoMYJ8xv1gZF?_rTpb zTvO0>$!maNjQgAz3ZLT=H+RIYXi;lH2o2Fw)RZZ?X|yg4YrnxVK3Xh44;=a zWS_Kskc$v`c(o%$Zvk>^gYo%i&&=@JTmK?uETK&89Uf^rgi*+rM{;n1xVa7O+qj1{ zM_J9|?xH4Wz0hV;^>jnI(|yZRko!x2Ft};=Awt3ZefNl7Pfe;xspB(jOqEyg@GL|z zw<&&K0!15WCvmxa{_}2Gwqw^5N41!_9*E4ED!+SnUsC5;Eqj5?yM>Teq>~0Yy&0R7 z`=cQYL)tEsTF`b6I?()a)zOCO*jU;JFx*Gxy6L@!pCDXL^!H=&aOUiqkhw5Z%|gOnrx)RXR%+lqDSHKCkly zIXIjNr&I{Zz7;>x^J4aO3rdwFuhs_2xLeFvd+Q+7+?@d3cL(f06FMSRW+~SDP#Ji0 zWTWdp$1l}TSUFzf3RGl!(<%7r4g0hBeC8eXI1(Feer|0VPJqUE@8Xsivq8u9ExS+X z-$8SUx%P1hIpWQ^wC7`f7&bya@id#8lJ}AD80LuqNC!ff^v?x+SbB9CO$JZlNit8I zXJrgw-Fsa`X;~`3oRNZ6Eq=Dt%U{Ir`y*!nSY>!el@a?d-_=gdyi9;3r&vq6@8{-L z`a0ACY$4wUKPXZGX^P7N}BG%zUD ze&c!e_PXj{)llp>_1JhYWH8CW_Z~T)#VlJ#2(|k4iS}B(W^nztoi8oHA8xpC+r>|t zD9CbR#SsjVXv}++TDl~)xe_G$gEbXM$}8}>)7nn-U>Y|ohNDBe0yt|$JSkgV46Th@ zwx7QiFd_)~t{2)&tlXb@%bo?tS9h_Ch3-k{Qc1{sPSX)r6+yoT8m?|{>vH%fy1oe3 zdb}~hcRu~l5FOV~% z?>Gk5TH}Fj3*6VY-uE$k)rAbZ{m0d=?Zn}WO9ZWH=KX;z*0=d?4_^ad5PY!}Ptz7i%f-;Q;CJ{#p+<~8 z%Rp|DWH<41Ly0{j#bnGSPya0aQKS8<)k zAZ~?b{pSIu_}e))F5+8t5{vg^TF+R^*txC2588JvK|Phie{YWEhGrnF;Q5w{&8CRd zV!!_1asjvY`v{`bwEqw^e&IA&gxCYJ62+<``AqICvr3#V~9sbH;D>--ZucbETPGpzR{tQyp700GSjLcI#g5otU)ygFmvVqfP-h_GUHsKs!4H5Z4qI+lE*(=x zO3CI^#`tRIPUan-*24yJdz)bHpE&phdf#}Nq0OEbpZ)KwOW4G*@WDEbI|NhNx5ZO2 z9!x_2l6PsC&CGD{;Cues;w@C;q9Nm%&pw8@;&q#WU4O;*@bB~0Zr2su;%(q(LfuwR zF$(AVPvNO-kn>cn%p#MkI%Sp4v=fO~@G?H#UwH3R#VoE=L=$Rej}38x44oIKBaWb| z^%{xs{TaNc9{Ix?oS!AP{E@o=&vW#%wEC&#$g_b;UA%=|OU~#}%wE-S-9L`4B@G2; z3n1KtVYcm*=$+K6J=dLCHDzX9=#> z?e0G5$XWGb9w_PL8sWKM}jHJVly)q)G8R@c<b8cIrF~oGu=v zrZi>c%@HwqBXd2YGbWm@uhwE)D0jGXW%Z;vXc2&RhM~6D2Hw}7f32!tp5=J+Cj^W- z@9?;i8u${AZB5WTiPk(C>;+4ln1l@ zk`KzKmODcow?(nG8C+ut(YIwh$RP~HGC`&2wz9GwP|D0ebYXWwKQoy;7r|B~wDjsa zSS{^Daey~0n;CXKbwBc1d+i=aVU7V=4{#pe!9tC6)Vhy2&K5pn#JKfTjW&G3XxmY__8AKI3~otYahv$vn6ZaE)cM21Gnwu-S;fXu=)&-R-VDZ+%=btvYD4T@IVt z(^ct@kq(PEmjs;te3By6(sOFO*SgGu&LX>_&6ak@a&BPY#!-s>YGJ&DVK-ls5Oe5} zkkoIMA-k%oiwRASUbJw+VwlKX_J%u-%SUc+9$A|VMDK1LJeyoOXh-s4r}DYXfvvqr z(l_gx1zxipL_~;vc&iMdW3Y(J<{+nST4VdREd5`C{~u-V_}|F?fB#oo+ithEwzjdg zZQI%!TW(WZTidp6+qSJ=_VxaL{(#?=T**vs&&(v5$vKa6?)&FjlU~Y&*NbbBT#M6! zBCcE#uyxOlpR8u~_GCIvv!}WIDi^Q*1&>s(jS+)ehJ9wP$on9rup{LqrdPMA-q#zx ztQ!Dj=I}puW5aiQ#O-)K!mc!<@Tgjiq@CUbKd>0~6fF6uFv}6~)Bw);?c^J+gL~F+ zhJstHyWY`G?Ly>atcf*P4IzI4_kbEjbq(ore{GKsK$h$U2(6j|-znIvjjU=#ry)iG z_^%kuQ{Gg)wyq6vo2EuG&TU}Y{KnXjHy)F5?=G49W&=+7*~%7Db*-tE(wMI;qIRX# zQviV-Nl%^)_pdc1;R+TM7yeCKjP$QTLnKRyD+UpZ@1{2c^Qz0EKQubofA@iL!?}%@Fl3hx1xJpoqF&xU1w+#~$B(=(1`swFeN@&Q~WoGut>d zN?^-siA0N3!`{1##y#NT3&?ckdadbgdk5PnTK!{CR(Pjie z1u0YQDH=eAY>F62RR1%iJ6sxFbh|o!V4}Ly8q1I|!Pi-y2b%nqo}Rz8F_8RAg=xc&i*Nu%ZHj%fUu!B4Phc0gdX?<3 z>`sT~MF|?ief?{b(Bos|=bk?WN-DSin|^0hK3XP-S0gI+N+u>-RKnu%Fg7uVfZ^-& zHsx>T=hPkP`lJ*OWtnBq@qRrM+tj_AYb!3bYR_5!W5+d@Z zTtw&tNjW~%huGlP<6}q*E#~x*j;1sy2K@XP;llgXl*kV>GrV*TIKS5ccg9Zf6vPhY<=$Xw`Whgg^Xk z8RS=4S@xv7p&)DqY&)bj-f$D>ZCwVzS#jCk^CIC+t|@*n!752eM?U5nfAp!*!G|*# zBGIhL&H%yaDdzc{Eas7W*8$8!+lp`X?5Vq26LxF$2`7hGW^GRHaMdSVv@&vh%eY;D zyYAb$>X&%zJDD^z-$a4WwcxA;h$so(CC>v?8x5ZL*m8WTsjcp;A*n?|W3wGo)-!}l z&rYe!TylOZ(lNshM&)6eT%K%TQY|`q6t#*paGPXLt$Q?GlqdLg(D)%6J_HDj;~;>j~fB!P~u3-*>FbEoF9&3#Y;? zII<}1PNE(XLNe=x`c7JJR4)m<_!OBtAsVja_j4K`0KV}>fUe28EANRsG^LuP%^rIB z-*=lISk7nk)*cq`Y~EO;GcmkrMO9HCx^FKT?YNlj`{f`0MP^q$RTLqeevt!)e1C>E z1PMT8+U=2%WIVI*3cYF|ikufVnotIPadoql0ejy>ia7W1%+5Q*m@6VnELQ-{$A@O) zfl(^Kzhf6!PL3ew55`u^qxa+XnLxOah=yA?h#cP%1$M2=@(03}xCGcB2`~Sg@O3B9 z&mFs3B593=*RMYFBI$QPdnpOnd6mO~s7J%^zfxZAht@0HdxwWvQ0hu#OnLq>+e#+7 zeXxTHS`Dc^`51aOcwlh4!&`RD&MYD%oG@*YxZUkvOFc>t<#FSU&M$h;y@dh(2R%Cp z9XUkOGp=aD@QL@Frq5q-1yguT-VeHxo91d6AT%el0sJa;~+_B3ed`MVdT*_zk07hKf0sg3^g z2hDjLfts%6zOrZ}38fFF=!(My3B(=x@w|uNC#f;Lk$v~V+mBD-1PP*}<74fXuZYL4 z=NM#$7Go+Tz6S~p#yUX@otVqlk0m&;G z=6za*MR(vxalu4VBEW0(eiKfYC1H&srZ9fbe&rXyvrfQdA=ap~B74wnQ%|Hh1PFlbapuc+Hxw7^(r$A2Kq^63!gcf)Gm^OYumE}~VE)H$^u;Nvg6DmmqDceQM~xUR*%>szZqcVz&i@MFXbNAxuK0j~8gM8?WK2wP z3k#~WGC(UNnt3(afQz!ORx}?ScDjjzy52Wm(B~C&odyhiMylR2PASRozC+u;?d366 zSQdl?WquGaGoa@8KU%D5Iept9n(_^95J&`XjH3VaP8E|>4U^H#Mi0*7-{QSX{)z1W z-o}-cC|#l6cMn5OJxb)R3f?$PY!fG^>&aG|E#PDfqbas9{F4|4CUzMeYXQT~yAQ0! zKp`nzR^KgnsWN7S~M`-LIyin21W zKot;97MyKC;~JZtC>>-&IgArrB{p#BLJYncqIJ5#@+s6gzfY7m{!J}iG;dAV#hX=b zLAqzg#)=gh5J|p1^`xF1vC**53{N`=f~VRtR6MOxUK%iVM$EvBn!YJ18x^8&F^7v= zxl31DO5RJd2lMdtPzf@jE3cag(7#*7tBkX8DwTbI&w%*G<+yAssfRScwW8wTnt=i% z`b~?9-|deTBg8;I^3Ij}pl5nv=xQ7;?t|87Sw}D>IkHha)yQa}TBD&*Uywj}xZ(7& zps_4MVpK!33!Ec8YR#g$LX3Xk&R)>Yqrpuy8UOlK`I3Teg1nR}ecCQDD>trR1!43; zc(!UDCuJy2bigj2tdb2#gqpme9U&X8qPnP}9VyXR&@%6I|@t$k|+2 zG9sun={`ofG{KUHJu$Xne)e_-g0E_960r2qz{`@NM)4tzddm$McT2<-RqoEtPl(Xh z-4d#T`cgt&S5y=N>6mCCRUvlr20M6Z5Jl!0h-FaaqDH33cSzbEIiif7fM*R+2d7Dw zJ#5?t)q`PBl;_Mp$F8T=WjCdr%Q^_h{Brnl>8q<~K;t;>oNg2k0j!TC9M)D#LFkTE zL3xjyi4_Eg@jz^WlT^4S;;=!${)I^v2rs(+uU}72S4}jIOlFSPxV4&Y%*50b1shuu zh>A@s{P+wApI&b;28o+*-|PxE1S<@tYd!v#`2qrp_m+jpzU()lA0k2Wxdc(<5&!uo z*Ye@!9{)07|G&HUKF0&Xml;+5ONI%^{4YNhcs)d{=F1m(YHa;-8j8!%?g*jyH51!z zLbNI=u8V8j%4)l)9$S}nb&J+gDnE{MRk_lUHib!_H+$uM*?t8E_Bk-c*=z&~r+(3M zU@gJ!BS|zLUtJ2uZnG{Mv=L&oYWZWEgaJ1NaHR=QNN$SYD6GnzoDHl|*Ohz9*FXQJ zT>G2DjG-vMHg?$#i^k8m zfO!SZ`@JLY_FXEsw#?6^^?~i+LLWhkVUx)~+j@NNkV=%tIRJ33C5X$Ofo!NWcbGje z5EaLF4FlrhC3eNRE3bbg0_I6igf>*TC*&%n=~?2mkDF=dl2%FylsupiOP5&u;snFBJBE}dEHCZi)D$? zYzElMpNkyJAE(W57A7`jcsb5E%(*HVxvB1S2Q84~&64g4MGNys&R`yaV`lJZsS^UH zo!|DGZ-s>8+(5;E><<2thXIT;FstgVVD7Ez56OaA(R;iejV?`?&Y?1Q5Z4(TmX9hL zIr1gHvO|>ma3~D>)wj0{W@M3`<-Pdx{i`4+ST@^N)<;m`4z9r_jVqgm=twg+sKdK? zp9eSh7qaplTYT5pE0%!hcdAYd-M2?W!Dts7QylM(lBD2!H5^lEU zOOBc2R}?pyl!?rIff^qRBx*;^ju=-)E43tAh&bc^4Ac`h4tT{~?|0Uk1WZlUzMUn@7^eFPg!B`budeAkG>=Bt>+zk;co7H1;cB*93Any? zO|w}p*1oo#lrOeA_#P7$dbcD&B2i6Rydq+YZVdxNUYE{@9JWNVn~xZD9v32RNxvrl zoD=NSpRB|ac0f+^vmU3^Ax6NDF)O2`Jn9YKiKpSGm)_*v75&nEDa(Gr& z#&b^scPdTLl`j33#*2^scv|T^!1c1sRZOy5yn7=dfK)y(w^)E)TtA< z59Lo?DMvhPeBm4_stUSSy(svL|*zo6$)Poi>}#{)A<04W|;UqA#jn{Duh? z@LiS%-kQxcVX-y#q7$OP?J#grQ1`p(S~4orG1xAe>Mq)vuo#6zQ$^vzU;c^2+VHa4 zlv{Cv>}u@VBR@&KR}Dgf*=XcYjIxJuk{z_U0HGR!nBu-f?U8^yjDEyRF(n=*7WL{v zW7v+iL8W&$dfh5~i7B;Io0T_$D2#_=cG}PH;Vzdy!qm9`W>jo94{x@ml`s3cGzLL( zYCrDWHg+zbbmsskty`?gE7>g9nf8QNrvu8<^$pHqnRWO~s0acg?A7KRpFQi5`0LgU zJW5Kaau(?gk;40{E}`2vh>E`Urhc%pq#f+3*E#F>{c^_AH~U>Q0dsa+_Au8Pa;Ecdpy?0T<&KpgBcf4P_3UW* zf}f8*w9k&fm|dcj4(H9!N$GmyI!%8aw+q*qUl!`WTqFEP!OQ9ChXe}wX57AYc<|7= znan=aj{G@24xO<2_LJ#`w9^&p_5MN{WV+fNcx|wTZ}|mwM7dVIQjSgGg2RcA!%3(< zmBZmw42A!Yh`z-7mlhGMFX-lbG9MIK>&8NqT!ol{)8yEDY#;wci{m}0n%$^*cQLx) z;N?-Mm7;)CqeTY@{n{h08{V%MLQiBG~X%|Mls^C5b z+{52nUISlr9`1~GzP)YR$u#I-ax3!@b>a__4W$ub|ufH~Z>_}jebduViaI-&D z!sm+qG{@TCoJ+!u@&C%ILTskm@X1(2Y9HZIujl(9)$uG(xnY)eOWqY>4Z7lrCY>`w z`!$fRQ!sU~V?P$oc~9yEM>FF4@I$ZbisihG|0t1><$7_nKGOpajd9xJYjh;xNvgo( zgJx7~tAGBes@HelOV9J=M+9r8+>*SRw-dz`UrVZEHos8W_zUmLIY)wLDRZEf(?SR1 zkM;%T&9+C+pREN7^(PV$MvOZTNA^RtujGX5%>GqbcZ`=354~au_`Xp-w{`9CNEsG}28qFM_Zf0*}s(n1|-o0&Q&W?3CuffwlI#*`f0? zHVY14&P6sM(WbS2V~$QC9}j^`&t2wUU%6jDV_5-LW80FG%x*Nk_XMj^h11gJOPwO~ zt#cMwG<)s`#FrkA_W0HX%J%oB!bJw&x5Cgjnmx*W3=~e&4ZI#xZMD8*52hf03q!Xu^B zI$!6Ixs>C(iL||vm)OG*->#hI0-vxSXUAN|OS_fMci*P6w#Ed0)F2-}!q($+uD z1=PAbgN7^|KM;b!zG-)D2MuU*s-6AayS8po_zaJdKveqLF*%=1ZfUH`ZdT6fbGx7- zUyl{OVy0ht-{&3`FF^j4vSJRxc+#ICR*+r%t(@TbR)#x>Gc7_ z{yTavHQlSueS=Od327&w#*rlU_m{c)q&+9KMC^tMQ8G5?&XxE3jV*r04d`X8{q;+n z`*B>??}-+2eC?)SRVbsB+G8~Smvh&5HU5d*2oDA?2V7^0XrukGwU;;33aa(C2uu6U zk+v&8kI4M&}WO=H9%Pe7UVfg5nJplmGI?-|YHeBT&~ajZ67lB(56ayzPc zfvl1CfhpupQ)X$7gIR@|bonixbdIeQX>lR)6>BvGj$Ib5X7uvTBGyuiZ{DAubQYO% zRgD{#Yd6r!pN|xEN8Xc%HUwWF+Rif7S-OiLz{$4&cyyxo*c1DX5g-YEV#kUx&X0A2 zu_MdZha1($gWlT7Dh8c$5sgC!hfK3aH+F20{7yp~ThhyqhfU0jOG8mgVJj!N#ntAM zWt-f2jsrOLsx9+jLH>=h6@XZ7AnyT7uou*=EFxGg(Bn$cGZT(ZL`70-&5|`+(Ehxx zQaGV0m9vyh+!m>0&HdE*j5(Lxma%cw6;L!KE5m7zj7H>>`I4sS@Y*}Epq(x{)&|$V|?@{RL3A+Kc)Wo&Yt;ewePJ8;t9pTW8?b6diuD>iB+vx zSFhgRon^$%uSe}#zLESD9S`7?H|dGMK1r*DH2#Yj+IP~g!RE@3mY0$vQ3a>UIe?=^ ze3;~gSd2baNdMKrm=CwPO(=urP0pWaz1J+e==Ra_7U|})y7a3~orsPx1%QnJ?199z z58O(Yw$#pz5x{;++C%~+0s2eafMld=g9)ukx> zs8hU$gD%qoq~seo4~K#pOw5FJ_Br{>D1R_D%`mK58Akd-V6JtumFs>CwD=w6blfxh546$RHL%O<;5h&ATN|72tRYW4{mLL$yqS6 zQ)`S>gjN9Fp0meANoY#P0cWd?Se&UzX)#%1LRevCvf2nr|8F&ARmPnoyuQD7pn}*X zJ?!^ZNIeykd#5?{pq%V)5`lv*l%uQn-xy!55FSBo!;qBye_3rHdJBKdup#x>GVCS! z^0VTaHiL9@0&uw!kZ(CPu%((XXE@~wo!CQvq8`VizDDZBDlPiyk9dl#eXJ{OQ=5#f z{(?lXMO3u{#OSWY_LNYz^0>ewv=)Ydb-LK4$|R`Bb`)`4*kYou^a~aoMaf@}!Xd?I zb!J#*R~CUfU>rG||NZ$Dup`L7)m{TgXv+d-us`J_+#$=B&U?ISZ5c8VYf!LNT`h_= zY}IVop)jQxwkAGfeTewR&ZLuSj82xym-RtCR$doe7T==xUu*ajtC^pZD6zL@koZ_L zu)Qc}chkY*gYW>`_tB(milFdhVgpvTr%AOMvQ~)Y`*lrS1quihB%|STOW{@e%&xNG z!oP=*LUo4-fmI25-l6J1D(Py|mQl~;hD|zKc9ouQnrG;b=hKTRuEWF{O%)qf>>>LDBS7!aOK_V2Nk)QJ#mPN6uuKc_6ioT(M;SU zt2!}N(4E8`hM0s4JIbmx5QOUNS=5c$l)KcJ1K1VrG0Ks^smp+mv zGBEt8K$1r<*?hCxvq5YZbJY5p_x57>cr>2%Kqt@p&O}tc*)uxj2WC^WrB8+v{O7b!o0552TzfcJ0})9DmQ)c@eNfAXMQzM=4WcoH@t2?+ zr^%_L2k5MsZI6g}f!S)HQxY(=M%Z=ACZ5hD3ZSkZ;zFup*6}sPiHZ$QuQ$sAN#K$V zh!U?Jm1ol`0hS2q4lV1ft)QxX6_(hL&k#)}%WOCOK2Ati=iGu4o#F_R(Z z^5juvzXReO{0QC>&8w2=;*2&ISL_M2gMUf?r*fGY}S|jhcC3dSM zHRvqw<-DS=*e{Fht?bL=!WVLtS_~m+@3Y!toqlpmuBMi&LS27`!w3ct9OJ)H>sL~5 z&j_LX?VqWXCMELe3RR?!(`ca%4bcOKeu^}C?#BZrD5u+-WpUCqrJ~N|U6e@pyB`b{c`&qoQx}B_dP5#- zG(nyAb5X92l<^qr)Y+)L3U^4oz`^6h=S;v!F1($5!mH*&y|%vrr(If_<2T@YQ(AQ} z_D9&*6OXqoZW)-TtS>NMg2TC1<8H8GxchPI@OUm9mWw=XO10$9Rj{sZXE3wLJzHrX zO~ACTH9C4)>>?tgOAv<|G2vgW=93z;7)hkx5`VBkxbv!Z=3%gB_J{>fdD89vu8=&5 z-Cpi;;<3REdgIgbv|({t{zA8!96DRTxS@?}!)#XVR+UUkC#|Ux(+dvczZPXyQ?nP@ zw1UEwLfMus^I`$lb|*e}c-&N8ZZ~w-BYQQ65&v2%j!)2rQf7Npz^7N~eTj<-i+R0T z^yQkIUL`MNrr_u1ICbYOk*#D7p@M==ec{ zgVSZ95^W$PLU&?7(BDaWnM`PFbO)VZrk7G&Ryc*Z@JhPsg6mG2uUG@QDgaNbcd_MDFU0n(>O4T&*5$x;dz0 zr^5<8nGn1hgXW}EM#D$k)Lu8;XhX9+qjDKZ{9{)jaioHvP315QF!0)ZRgMFh)s`WClZ~NyIq*_ zQtEfmp!r|4Akebfeka@g@@Kx9kNb7w!|Q!?rt`di@drm$V)O;A#oi|LN1@fl`~A1g zS36482j6-kH@+wRI7l;`&>wgwtnKo5@v5*K@~y!`gdG9Wx)`De?TJHBjYboZO-w%K zFb!s?XjeWND3+gHoUK8{Y8BzV-MlW)?y4j={J3SwU!o)Y@#c0qLdHSqn;cv4&WE*~ zt?1V2vAnO{Y-Gzh{6CVltjT=Znw}GtEJ-WA#PS)uLKK@^b35o`7Q>}nqVanYhQxo2 zyYb7*wT3Ft$Co?_Og>?-l$Mb%b$vkF24*7T!}dFHx>8OuR6uh|gB!o>(2W8?%Tc&gJK}QYc>vvA3+!g_Izt8T~b_W!0cJXm^ zcw@;~RsRm%xiS`t^|qX$CJ3XXb%m<87jlVou*1uqu%7y}3r89duB=B%?M1-&`C;0~ zzFGtH{C-O%$LxbQWhM`$`{9XI=yNx9{(#xK(7&BdNHzK84HM284Yh>_eJpc)M}M{D zN1!B$yD>MX5OW<3FVRT7i|8pgME-!Dq|UruN_!l$s8fw+Og%ETyWQ!%Yn;b)PE$G| zB`M0M_ul+iknV9G0EKhc7?~i1)@<)BPbcWHlv6+XI9n!HzKnv zTKYuDhMmAmon_i_D`04Er^#kN=6`ghE>{IrRW65Z5JN-5;E;%!w~44c8_gPUZBbkT z?qD#xN844o2Fk3>4`Z?0e?bku2*LdFa`>vH$PK%pp`p+qD5SX5)bQwNq!2@crZq?I z%>4ZPZ3j*!+4%BuIxukX@W@D!x%#cH0a1|ag0~poBEFiYixq9M$bU9OQ9&sU0s?|e z8f!SP;?l^-$YP_FjqlezF&7t(RGe>}8ruI=$002&F3#pjAYsyJbk|$XNlHuSSua)A z+pM4hmr`gs+%;o@TcZvDz9=zt*UvaI6V1ZL#-!zCjm!2sIbi0+VkY++VKh|q&|SK3 zmId>FG@_kybTOg0{CGcHJUkdg#6pQ^LSTZl@@%-)`*!R9y5aoTn7B|pG8|5UOtGpj zHKA~5nSb;mp=Z@vI?}OQOK@#d%|WI=KL!)RF#lf$g;vgGf+`{~m&$y+SrPp}-S5a9 zNd~^J`@m`E#$(!5cfau8GT%p13&Y0_a&vNa%7unks3LCD;e$V-fs+V+ei0E7RP^*1 zT-5*G&QX|O(L*28pZLg%kG1T#?DBV5fhPf&e?AWJaqB11H;OJPb$}r@3FZG57X6_P z*%g7AAOJwaqyHf7I(T>9nbL#=J~=tk4YZKj^%xnFrSs2;f^(@j@d19%Ss@{i%nmP% zdjD){-C$`NXz5|ayp?A$a$+T*KXMDhm}w6Aaagqx59Eotx;U-8fYh)d614?6)GBBL%MFi2KM} z+qe!x7-ju;fR*aU(A=g9MuQU^Bkw(@K2e28BCC~EX$i2xg%kLtf}r@4t}G=H_R=5F zc0R0jI7AaAe9KtsngkUS6BbfkI254Ng43=N}^^w+@)Cv3co#~SFZgu>%db51=yKv#D0`-qyvW^f=4Eap5l;ELN~s1d}E}H zUUFfoS`#zQ1Hem`MwHS}(h_QN9o!*+^X(XIdYoxO22*dZPDp3_$cif}!->tIJxmRK zVY%miA`qUkt*7-2$WItPX8e}v&^g$6I*eB@`!0Qpb7Yc+TI>Cbf4KJb?hXAQ0Yp|< zQSRmA@Z?Z-=#}e-iI|WoI@z7R6gZ4(AVFPM-wH*zF0C8bPiLGN%W~HoFBk<8Xhg*x72nt`iq<7rag7np(J+Ay zh>Cv6;kin42s(FQpEoW9(;@awZ~+kLG#U?^bnHnBvCDp(#*l7x{5#Jh3dtRjznzm}f}-@)H%GT2;3(L^-d)@n(uZ0nhM?uH z`kHG#9MiTZHG4w!ZHr2KvKd6gne*Ei*D#5`@4TA;{OW=`tnX%|Bd+!CI3}eX7218+ zB0IGu3hbGJsyY(wKq=C0x`tVB=B~kD!?Es3pF@2TTHE`%2+-}n0>ri|ie@=d?y5SX zDupOs)*6+L%Ifw)CrnaN;9E{vNZjbmdRjl8DUeKe`|Xz7xg*4OhBxz>Di^RjvuzO~nyrT+qTA|B=BjEJ-yxX~H#AMp$n)?an0y=G zpqsFk`YLNhOwAMm40dNYtczu^{x)g}jiEHBtG6A7|3Dr4I!8u<*aR(JBdJF?6|M z@4zb5#-`r+kyP~xTRlZKn^@qtC0|k$%j0g!Mrw3fQTlpGLpN+rie2=T@Fey0wrs^v zuATTSOk`jkAyw+A`E zm{tm8wgtzx81Qe|asw(^8|n?LQmkl#pde~3)%g`h0XlxG2pzFGJv__0@aHT2HU5ID zjZ(pbedDQ*h+dKfB6z7ph2th&6lll_lkPwGO+|8qewIN;_@<1N!LbO98XhK?&WrZP zpI-gVsf@sl(B!lI)}jFe1KTqt;6FW#-3xZne7khLQ_e^QCrQec8!^B*aTxX~a0(VL z*sux`PvD%4hCCPd%mh{0z992v;ycInTm9xiI$POa_+^pNVD{1ZERo(4Li58v;iE?z+uCtT_zI{vK3?>w-&&4}Jp2~WO%6_pfCGb`%0 zOq2`2)i+@aC-sDNC9QYCerj-9GH_*NK}Ntwr7!K+5y+G!Ox9oQ?xg>Q@@010Kc^R= zK*R?Da#v>t?SXG2_IO{p@f$?`z1w$MLYP$#ff=sURj zuI2rXw^DDyuw_I0y--(rxhdsnYYi;n$5+$4n~BEvJg3&&ASN~R2lCx)Nd5z zZFvI^c$5Hs4{Jo`x4x%k%A&X|ikjO*d9LN<;mIn@8s5CD=SF&%GFnnB<_|;uUx6xn4Uy=5yI_ij zqM=|%`0$YV+cu99D^3nM{4m)_qb)RTDw>jhR|^6OUOvzJa6Bmxt5vAmOP*|JoBceU zjYDm$~gT0_N6Kz{oZl8Uz<@r&&W0Q57ExKyoC?{KJ%P*@HRR z3ODwI5BrB9?+E5GCY(KkR)3BVR;==Fu5^{6PTYPZ7EEe~MkYI1dVI52}yn zJzRz9!Ti-oG|osu8$)jufAs7_Qw^Ch{*znN?UoIDEE&!^kfLx3tA?#-1O?cOg<_;g zu-3es8N!!0Jg9>7}ZJc3R}=n8n8^6iz!5W(4P3n#J)x$Yho^nEvB zORN~Y9kvasR>MDxl0~|?xRh?G$Xicz;T+{8`-`X8@K;5i-_!CB>RhB%-dwlaSz@QWA?}NgHfV?{{ce z+gG3LYLMP{<7!YzH*XBu+9k1<8?gFd6f%%PL!+BWN-bS6W+nqs?yD(*?wd&pFE>Jp zo5{8uE4+aMoc6D2+4i!aoyza`xl}f{Clx%6$0}MQ&YG>W(#34S`Iv}-Clb@+SDKi4 z$f#?vR2a3mw8QHSzbWl?q=Lo-lLL>h^0pr#W=eHwbLnJ5;gO;Tw$g;$jCu6DzfcL= z&#W**8q9VpfHu1<*Ua2ELWI5x;iV2)Mvt+T8YhY;{P&DONF=>3GI7nXH-zUx%fN+X z#c01#2vY`kKj4peFEbe#=q5{JRYngVlo>~6{EyVJ3hp$!@4VdACBKE$U@TFj!>Yii z1t0n(RR4ZLhnAzPBje0__xSd6`iwlW@8T__sa4R~tZ2#pdQfU7kU%~vi`k(z9UCoK zZ!w0f6zACNMrUX`rCftI`9{S(UXxql-9;MxK`S8cr0P^nk&%d3)>4vuK%`#|8r(p! z(HTs{F=UvaEoE;`I=vBHZ2v>!$YBTJRN9(o+Nx}1YO{a8t#QvOH6=~F3?S!Hg#<&t z8gstoq6vh=^h07*7cnJy@i+fYzVywY6>wuZO=GTGL)2Z>>ku+D&wIn9SHMApZ;5~SCH!~t2J)$PFTNSdsm(C} z_>gATnn8>?2(?-!X=tPJch~%=j$j=xdA%2JCay^Ry@Mq^lGn_$8fw-Du47!il|Y*s zP~2Mj6vPk4!v@Nb9bOz(R{54s#-rpF-o%BjJJHLlW?-5{Pxy$Mw0c?On9~5gir;N! z#2IXPcQO5O3zP`~enZfnUv`d(8G*nXO|m?Fpf+ge1Y-+q*jzpnF4P_wlRONuqD?V@ zIhsh$jv2e99AWZbPV2@St#ntDcWJqTHx^ zXRU+xd(yTak<0o%Fdg83dA$fit!7)en&Wy0JqSInluzC1_g{{#C@=5SZ@3(VLjV-i zDT{@)eT*qdmX^Fviw&Y#ob7FKxx3u2@3t&?Uv3#3gL3=v`Ks>~Kd^IGME@J1^n#Zs zMLi!IX-irea$>-c7I3I>$nqIY`E!B#p>hH zkyj&&dSJk1rOlL(H`oVs-OXaS$1gI()H-EuHt~zL=jTa>>#(aFMVx52*xafvGcy}O zIlqPJw)>6wlw0iumGP&cxc@0q7e+30Be@2(QQOT!9pSG>qW+Mg^9ROr{|=Mf*7DZ> zd;ph0eTz0)er@u2Uk#O#sSTWs)y~2W$aynlTFx_l;?tAEb*=0=L6M!j<3hDGPafD)Hfn5vsz(uG1f%a?Fm<+VF@Ozmr zJobFnK(?)!yB%xmS`?y(uAPqCm8Mo0agHlgM0S?Qhbqz@6fyZUNkvE#hq}{4W{!VA z-G@Wv#UpM!C9k9tEiIutELv7Oe%pRfN2`B9cKi5k@6Vskr6>2-W%V~(qi~FLh06zm z%vKKf1aer?d|qXEFtaY#aFnqun4K;}0EukF`M=UQtv3jSZI{G1;g}}c9Clq*XgtYs z#*b>WBRf&(g?jybHxu-H|0ErdkprjH($dc%ycX&RVJRsX3=E9?f`X6J%ida=J(`Jv zYB_QmeoUfo*GbM6@)S-g5?bOT_*x&N61aTWX#y2qt`yAE`NtODeMjhFRC01y<9SKr zl6K_K>q7E|N?{@Z#LH75ZDi2|Yi^2Gqt6oVh6Y7ph0d{L#f(NnJ65YMwm~9yMn5sp z>jJ>7eRora;5G$kUtLI;mjg<^yo-{_98?dSsiwqq&K83;UExLYSgi$qi(^|>7%8$L zXsX^M5K$V>x&0)^DI*WDJ8BBpOWdv?uj35OC1H%cAvl?#Mylqh#DKK{e2>`($=2|$JAIt<3kT2hXaXwW>Ova1tZbu+=qUcczXQ_}WItWQ(Jvb%3 zFNG>@3U&MR)m0#O`M+Nfi z2r1uMiFmWt+s$TEC^g@xVQ_lyz44d}YGm0NKG}x6SXSVbY;~r-&d(3nr&3cBJ3cPM z?RrY)_JR5D`qxzsjYPyhE)vZv?mq`rH8iJ!BS~ZDP8!YYA+X`~$p3ND;HfGj7R#Kb zE}Dq`O_ODs4J}3y9cRws)HgPNZmDs)A$zGrP*H&#=C0pmyAVshlEZ2D?!GQxY|b&g z6#;%vG^T)r!(ADha;qq#@iQdnB&F8rb+oZCJjWWlnCf)Ox|)?hTUgZuUROjyI2OYM zhl!1~!_o&?lmCJ9wThqai#O68h+PbtlO|uwHDCD)8l$KJ9B}da;0y(H(umuthIb*xyg3GCfLjZOe8ro0U1p&dO zG!vGdqYsi!&NwWwrfFdEnnHtuKPKY><04A^4J|0|w3Sp7^u0G3@7Cslr=S0#0qv-m zG%w4k0tjldq$n-*&&f$I(n&ALJ2~u9$dX~bSXvwVhbrmKp7^S#m6&6Vi;qtgu%E2j z6!p6pEID~S>FJwlvbtB+;z%3Rc^`#2e$_N%JbtHrI;|sEny&v52sXz%b_0Jw7jH%; zC?T*{C(HWLA9#Ogi9u@q{@&$ec2H!A3#9sur}7-B-@VR9XbKzvTT4Wj;$6f)KS-FT z;s(Fy5XS40zt0KUPX@<}jZFJ?K<(4L*jlaP92}Lu*k*OeNSU{&N#$}0^1L;CoE=F0 z?b3UWG5Ux!>}|rKLd1j_^OZx^IV=m-k&=Ta;Bcuelk! zX^kGJCz}FmtdNkfDpG)2Ffhg^rr0kNC4jBF(&73yuYx+j)Nn}z92?+{7=9iPxt!7a4`nnF#qo~%Z$c=dqIkCfr z90CyZO-)^K(AxiZv^j^s(5jZC4GgyR%_5p}sh*#o-}~6=flB`8=cf@@?RA8NARG$4=_tz{pF-x4v@G6&tWM?_Y4C*@}kH<)9 zMA132^H%DF(41ftes{%EhD3^PFO%;XvXGc+$9_fXC=@MR4K=qY;^C$?oEl82mBaB`$@*>6w-m>VlbJRm@c4Fo&i43oNCk|O{mT8K z$-vnB!tC@<+1>dUW~IBgf1ir9!0c@O_%!f%65q6rkiEkz6=o^eUww9k{2wel-m_fx zf__@_mj>E~7>AZev>f{B!E~9PnX{TzS2jXY{B=aXVz4k(XIu2;Tivc?C0yaQ2ptuZ zJECQ+8Iez~P7|c?RdN zyL;)45Q{7BX=zER>-RGLU@-{NmeZ0s*>gmFbY&nQ6kbz5)Ce4|+e#e#UqUL&MbOT2s_s z=GN!pR#EKWAxrwt0d^jCUE5++iWy1->mZRaPeV;`sY)Z%v}HYA=?krTmIR;&SgTj) zi&^HA5)>{Ls-YlI&X0mj(kv=}M$q6go8p1?fG*R+z9SWB{SQY4G;wm1=mjdpB5_Ad zgYvqkr{O_p<=PN5LyV=j_GVt*s#WGu_;)c0J0FDKVcnVUGBxK#$>X|Q@m|<~q_>;M zKVkPGRTCz!%2Rcn%VNgAqY(G(_A0GaHec4X&+q1q!Y%sx*Yvjo*=f4YX3Y!3No&8+ z|9^Fzc{J2tAIFnXvSi<8NSGm8mdHL7S%x8d%DyCP5o2Gn4`Z8<>{McetYJv@WM3ys zCR<_{zp~5ne5>Dc&hyXn{qK9u=iGDeId^;C`?{aEdaL6%JV~da8p3zu$v&kK@*+_` zyK{Y`ZXfRysIqhMojhS{blh~i#Ywuu*yPGg?|F&lCyIwivTJLMv*$t7SvQ`^O!%xf zL48}#L{f%_mCaHqv!;LGdr)@@=lz4mAU&GPYN;jfK8|OsJGZ5+C{+JCQ#Uy|yEj5y zU4C)9CID^_+JK#|K6f-tKVPBc`KqNns?h+hYh9LPQeoA1auynQ6M&BP*)t|j1oG+exv$IOY zeab3gJ-jHgYu}Hv2mg3QYBi8{%XuAyJ6LOcwl9oQ-VB2$Q`t24sjNWy{R80?a;if) z2ML)zUWyRFDBCWXvh3%tXu;xAhaaT&+{&ZGaM?}oA<8|eOR)}Yuov8+KV zDf*)ZM~0X#gq4@@j<>nsKwjT0$IL$+IleOXDN>}z*SWsba;s6y5Y4`puJD@@AnTM+P)MM3GeSKzjJUiYi|mjqVi*d+_SXY` zXA3pS_HfB)QN{DAVGp<-BB$bJhIG{}Xre(Jk=Z&-*q|{&|sXSeF&XThda1zeqHahB>7I$H^z`ka+0YBxmhx+Nf+ANIa4wZ zXOaw<&AhH^GK8}B|HtiS%*FXn^0_-?-qdDfIaf@@*q!qr3QvwEXyF5}r}Bec76?aR z$tOhw`W57gh#8SH&`Lf>gO@8U;YYIj4Sx+u4x2DlkHd%eC!CD~T1R7*Bs?M~Sgn3% z&1^qy=+(G(IdoY2DnfK|1aED-u}jIVkkwUHu4~bNQfidF6c09GW?@DfLFBD749bNg zOBcO@^e>WSkP;P5ns4iuj~b-e!|LOBVyi#n0|oARxA^F%E1+IJNr~g+?{GlV(sp`E zJtE-4p1HIS*M_3Y9ATS-mOZI2rk1$(GdxT$Y;S_qkydOwMrVX|(4cXr$F=qEOR@F7 z%UKj`!Kx0Ieg$D%!IF@%=WT`Q>ng5{JP>uqJ9Jfc`fu240**?O?jK4nyhn425|@(9 z*`Ef9J&lY_t`6G~3VuEn=Lq&!78)JXAha~J2y*%^nUFLzyO}v`3yYViyRxDp(1hi~ zfMX8ho-be9mocxLvm}18hjv$E+>9(9Rx4CU)K6C{^E? z*FWZ_5k=S;rq$PrKgVTrdrsd<=>{wSIg2x#nDT$`oJ8Xj63`gT(Yw1y$0;4xWIMXu zKBo~Z%zd`{d0lkq_9gk8i!Qw&XK|-)XPc_7MJ;?op3f>)J1$uVnW(S#3kA{@oa+`5 z0Uzm*GPPYR^W;&Xea<%GOR>k%pm*T53G=*Uza8%T!7Wjn&o(=GMkBV<)I_|&XwpQM zE&7x&)+p9DP9Q9LH&O$ThQsT7I@l{BBK-XP3k12tryth-;oBrBh|N_;BeNOCPGW)@ zn{}Dz=PA<4PolVNDhe)FNl-@G>yT%#XN>t}I@=~At-Gz{BIL85+y{-WwkM@YWVZD$ z_gORs^Jcu1x!Xgw;eGc1+ zS_MryN^Xu(aeo|pAXOreC7KqRYrHD`l3t;vSlVp@VJ5DMv6=BPvWEdy5?5_PYH}!< zIvQ7SZBYvQ6TX%J_ft|5my*H=cyc~ufi_uQH8wS^A{7DMzj2ssm$g3Ek_|XTp0tul z@kO^SEPBUFjSX4Z5|Vk}U#Dfh{M=gP)2GJuPh~m?jOsCmFAonug-H7FbbtUvLVCoP zo`vd`Le+b%Et=}UvGJv+QW16q5M8xy2l*ns_CedS8ZxBWXinnF5Pm^BCEXNiP(+3>b1}%>#mTI42SR!Gt4{C(OYj=eP{pp9diE{KsFFHzbIK_bD;xRNp zf64gP+CWZ=NX}fGxUEX@6t@DGZi}A_K%@a3JY9`26l%LM-g(W}2YJ)f6yYcCa2Weo zzWCrwUF~;YIX|CzyX(9w{cpxcFhn`tzkZ&!oaf+hIEGjC#GLqobQtEMb4biDcCqxI zk9PJjJa}wfgZ2dPclj+~vjrXiR+b5o4YejY#WB0*$xx<0LhB!)%BV0%Q$@Zp!C~#( zWVobJB)@*ZMlw&@zY1^AuGp@Ct2=)!r^|;MSW4y%46sls^ddLk@0BI$@rLk}%nyI% zR=Dggce6FXmf=nUg~G-98orQQ^|FpCBW_d@ekJfEghejKueJlT>WZ0@p|!PsXy}Q} zxA&e|f+Dr+ ze@i{}6>9Q?>a@Gojeht8rKO)BnzI)^^CZ?u_W@g>MkV%CC zlPRXStOeu<-Ko0)+78knJBmi5$tCH-O9_ zO%(~OEWZn$Z$%ig(sjryOllB(fx|-~p`Md4$}XseNw5M+M1ODEKH42;`Nt)O%$J1cn;?evX6yzL)18%7P!r4pLgq5XejH z=dTx#lpk*(5EMmAaq*8IE$m(Foh|GgNTtQaNgbT*%`9z9ArO!GG!=7Im0di+tL1Ys z+36WXl;m6t;q3x2hwCYjB4kXkBDRw2!0MtS;V$8q6{XKoF8_Xhs zD3lHm45aE$WX=y1FCf=`0s;)=9f)m^7akKYksuxNsU56@VNd9LV#&HM0zzJNxWw|v zA_d?;M7*G4c@U8gF9On%s8t|8;UI=XCdTWKk4z9l8vm^cNI=?kviA#!PCOazi=VL& zQf$-k_YezyNXe*rqy$8h6@p_X+rtZ)WrDCuYnVwvD(WE}BN#8MAV{bXR;BPzItZLM z#PAmdg$E=g8G`fSR72o|p$uc29;{Syl|UmUuSB2@5|bmMh6Xb+?TGYi1{^LU7^4&s z<}T0Vx9n1)%XGY2m!W_SyV@G7WyxLx?V+@RiTU2LVoVfYn(YeuZ=|J*T%WI&5ey&nI176 zqd^VdNAoU&4vhz!8$W^jtBb#FYm|ZS^a3T}uK#xZK9|cS9Q}qIV!XH&BY9u{^68#v zg1krCxKWcHXI%-)5&Aym%h|hJ@(8hSbiGvLPoLIS81G<(RyZLQRzfelW0?x{Okgi% zX)rWhI@Ycrkke-S&PiG%*Z_;*)lv7SW8nwMpHz?lGwE-R5QzSJN@mr;YT7+%g7eNdj2#Gso$!mDFYgVxLc}P0y2LQVP(B3^IvLWH1c}jp9!yz zviKb5fX3XV)_^AHfPQO)l-^0(5{L{Z`U?r$h-^Omg>j@N1r+IZa_BW#rxYAk6ea0E zIF1szY%He~n{uQoshSkgsh|@KZ^C#}=k3#Yi!Y6@$%!;T|LO0Sjx;NN22sX%0bx_ibMI3XkRn};g2d!k@Zenb5 zY$BK@y%SZ-PElSe$W+DTjL{Y=&8$-{R|+e@=5S5n9S+8mmd!2A`aXeg@!I0bvV6y- z33KT?u|nb>jq#yf$(_U<*mHN(SD$f%`@_v?-=@And}IFB{Y`n2T;AJ>sJH#9tlVt- zN!!Wj$@XfR^mX(;xUqvM-(|j2ev2R$*f-$ ze|8Pz?4hn4p7U{|Z%%q3YK{^tD$L{+XP05us8&9UHxou&PjbBe;i7=NO`D&1<`=n) zb4<5JN07%M*T`n7Yh9F(n4noKRjgDjx!=lFc9@@**DBGhbr*;x+Al++OCxC>GXkHs ztum*wl#h~+Cojl%QN~xjeFQ=ou01-?7!ikc&Ubl#NuF-d+#MO}4#xa5HsSnW~(7#yr>8?|* z+xFS^Wm6+ilTpjc@5vvfD9bnI(dF^W@yqoO{~pd7o=)aW6=a)vx1GA3I+MCmZ>a5| z%~)4Z*I+7LwV|D-byU}47pl#xm8+?ytyle_G_90sy1BGDA2YvEAx@znaxYjt|Cg11>LBv;Kb7;jx+C+ZNHBLBu>U_&7 zBR`IWeS6Onc3I3dM=?fc+1Kl^hv<4N(^OI?B+Xx&H#!HOg-1om1`RPM3Nfb=^ez2r z-H>s)aMWA%8ox+OtxoMaELbQ%;ySWC3R}$h&5=QuuEp;Br~8-qU!~14;g=cTS*=$} z{1n9%1I=r{20UkhCdIc2O1tqX83zgyNa_|4r>|EqpTvD-e~ zAaq6CpW^A$lh@N2BtL-ag*j|QplF~D%-yw@4_P}@m~X-KvTE*7^vlmiQC!iOpwght z&QdaqUk6`H$*#7OMq)=S(Lz7^?M(kcG}h?pW2@MO?_$&-{2-n0PV@u?8A6pc6 zUU`4}KH>dxsyUk?Z#k0;C%sS+vz5R+cN0gGa38ao*6%6JG)-w6SwdcB`Z6v%o3@qv z!?Uopw6&M(-mjBbe(5=QW{z~7hvwrIGGj6FC5Xs{EAYhs6UCq}!23dVitSDXMe*z+ z>M|#18RHrYpB2}oCssI>qL=sjb`aab=}Fnkp3At|7(!F{wMFig+)^rEI$nw!sqH&K zzE-y2Z?Rt;#fr$}KKxxhxbT(x$8pBfAyyaG>bJVw&$1d!M4DTzC04vu0*;;w zDC@ZJ44>5zN(34r>*#H#6pIfv63hHrslDW_1NA!xgF0(pSnt17L)i@V-CvwJ)Kk=C z(ORiBy8WC+AcPwcS%$OlIuX}@mUhu&lOW7~uswM(zNWCar}5LM*|^#6)-qGN4q8G{ z;#MM>-K)9znpZ38HHR0M5(_Me!?X*{!FA$|+3f-iEvEScBg6c{syV9Xs<*0KN8?Mi zMl;uTV@CwuEtebzQwusRR}Vr1Z3}8I)a0kkrcCdo@2ana%OZ+)uM_TU^-2|N9S{3q z$6+53DbVU>8YicS#syWCW2PDQCDHmx+8)!6-I-o-y;6(*(YHq7@ZNJ{_X>ICiue`Z zyxSM=l2ybB5;r1qA{HyLl+%tIpiob=%ruUY;?j;vU(0_0UXnD$i8nV*h+N&BAW>&JYvXtlW9&r?x;T7Ha?H@@SD*LOd4za**MyxOcJK4WM?Z~Hr@wy8dK@ZyjmP45J+(hG zGL|%!nRuEQ*KX^R`>@xs|F(Rgud9!^ZNP(_P5)f|?y%E+(Vgfxdj(x_!-v$L_Q~R= z@3R)0D0l~Ui!VLs>l36nro8Y)J4UL??|KHHdOY*+R+CXOe8EZGB_5ADE?6L zUKFNyu@hz5f89$oi5UJ|Kjy7x3w;>y_|=U zdV$aUe@8oG!gN-ALu5qMf5#9DbS<)@_rGJ)KXj=kzJSS}{zdiXN(R_RAYN{Vqb!8Onn2Yja6>z6pMpN~Ym-p>6CZ*o6|_OFxC&>%`65vsObxkZp9 zG#|<$k0a=s_B}7xW_?(mC8I&xkCqkzCnu-N1}EbbYEDkhf+8zh4Ym_AwThWz=D)uu z6wJ;8$dymtOw}T1vB3^GeZ)aRXvNt;_{9?b5xd%RZL{3ts`qZLVuym`6(x%Dp!)Y> zQ_9OfM} z^Z%B5h4^aG8U60Co+KC%eR+Kp`XQUp`8OL59-j6>O}q!i63AMYJBR^syfWaZQaLeWqWWlPm`NFF6SAo40--{Yk1*f~G7Jf{~i^ znb1YNYNmkghua7*>fuD3haTs}K0|wbPR%_7H=8OF*{_&S&X0}eD${MSih}nL&i(0o z+RTEYNK>tijg6oCd};*v17mHZe~ZNmaFb3X-t5vQY|=2)qxQ2o5)v%LzWGdgcpmUq zpLD|R*wqmnH}aSf?=7sXjMw|3RW&rS_iwrU>!;pS?s~Ng682}B^h0OsqKk@j>f>ow zFXeci)JKG!VJ`Nkt6fYfBI2dB>!tIU@J;yg4lz(HLVSo@^g}fVbJ)sMmcE*Klw*~( z-r(6?M@dX%X`I}`Nd4r@tCU+Ft)FUT)6RC(00uVhdYa zqN4t8zdO|KD#rBt_B+dx<$u{Y*zyw6&h+g{KH64MsqbCun`VX6;b zbTdWDg!%Sq$@o0l`XhOE2ip?y!GBGdDyF6ufv zK5WI2MYlNm5>z|v11Psr^JsKKnHr<-6xugrj_!w0K3U<>b{=!SdXZrC)j+oov!771 zr(CJtNKmXsQ=N-WfqILAV4=>^4r*Mds*FiW6lUSfE{=$1I6T|!vHg9U^wR=!}_CE}YViZrp2KqQi$h9Dzl@6XJqu!yX+^Ev6(ADY#5V*iXjKpZbw@ z(#%zc5-UfUuBy5^;zM@Q78IA9j;g5WTU=alo+SqdhhfT=f@Q6;3``(|mzUSpG`xSk zXZ=J_-++#)v9U2nxsb$S6a0Bvn!Jk2#3=sHMQ!Sg(V5Fu4*>=8*y~|MDgE-q#YNrm zU5;Isl#jIUO-v}jzle~EI6I$R9cd?Kv@nTfV#v$O>wIsF$C97;H9QReGc(gDu`eS2 zTS-Yt-Q(ffcpiRDNmQy|-Fp=rflku;5-2uaPT_E|6njQqqOj>9ldxzi@J z^@?o&m}HAj%clr?#t58BX+?P)1X+BDXe`@{+1}2Rk7=|17H{bmGPw#>2)GNNxpT8Q z)p^vN$0QV5ph7ry9849tiox&y zkwyPWg8V%>X3#1IouE7iUM?>lMY;@TG#7TM-e^JW-Je>G6)q|h_mJhH_4%DZjYyjtCPD2 ze%mtGe|HZXo13<0_8}MrMT4zZ%R|4D*}1J>lED#h+59zlx_v!nac<5(y`=s0bl3i5 zZ5`Z=F8pIu=&r;TYh{{}1SRy>$jIZA!iUJL3a<+*sPLl)xI(l%g|tCj4P8;bG_$@h zZw3B!z$WG0M3Gcpd9`kAZyzfg+;i6Tc7?udygO=^&Yu7ewST>n6_vUD-f4t)o6yS2 z%B{&(TZOvi{&cA2q>q3HD(>ee6e!Z6_g&9z(I1jAI+RbKa=#MfB?Gg^OeJHz^si_y z!9QPumV_r=Xz5I|B`duzL|T0OCv}-hDl3muJM{ji#%Azx(4s*@WZi}|u#3rjV*w%1P7 ztQvK*_LTHeunX^Ep%E@NjMZ-$mcE$wh|(ghntGeZ0z9m!`092zUu*dTe9Nw=a7b-V znU*+Na$hlBYH~e4UdiYTMpV((j$Ap;my98X3+_xycOmw_cNBU!S7~zD72_dX-c2jZ zv;3Vdn99$(fn6^9jW`DM~kQHdUO^uCA`MGVfyQr$L5tjHuo>JPxF-UKeY(`{mo9lxD4X zwKpG@y^l}+h@;mg)49)RW21!neUrK-ij|_gURZhj9RCeU#Q)s!^>$1DyjmGGD*|Tp zy_q(CGF;uHVs#$MyZ$=nc52F^*{OqsA~6a7TzIfx>D; zdVa%^)q{}*8@s!;_k{vcD~UH_jIhPIPrT6TZoe@r!daUOv<>w?nKKS+1C#^=${e|J zdus^M$iXYeGqKhE?le1hkBa)KHJ@vv>EOQBsktn4CcqSG(ki7LH1Y6C_J&78tQ5@+qjM%KRn@4txnD2TA;ZD=oDFmP+@JK{-;DZyP*Vdi4_LvLztw^x z(slvBebcIpA%AQ@nzUwg*Efekoioh^1u|A|*?iEiUJUgs@` zWzX%*eLiIwKw?U2xOy}0gH)RUR@bAs!8-h{8e%p9oyMQLQPXtzZGduaZjJ{!F}=0w z&`>HLH$XY?>D!MVKkAkoot@bMNg1;Ksxlq&*e|W$nJy(5vxvu}`0!_PG9=H^7LS6C zDpo3IcxiTW@;&|c`7#?$d6TW*$v(Hc`HOA~w)}c5KZi@Hb17q`zAEH<9=BdKY=W@TlpA?s}3V*O(}MwadUo6lnj&1Cq|Ff{`*G9V>~ z{apD_122>jgD!mkRjpXvahP-FKv_?a7#(yMZKRmG`n1_Q^sw$vrlw@Ml=#tDXkp3R z_QW*l9^~8U-psD9uGbHKfLbBo_O`anKv%9hB=z-u0L+hrvU+y&$F)_S*wfQf?gvk- z1CN}Y9do5-2@`_7j_dv3VDy5Ll8vI`viV%Tru%n;PW!hFxu#wk0_dfqCmz1P_2P2M zxOzJt8##JalGJ5=A}}_#KlK@lJHybWm5#hBwf<*je~IuC89{84GdFx6&ruwUo2oy0 zwM?QOfe?f9a5;kb+C|?F*Wi_<2-pi#%Mb!axM7TYtc^!=wcJU zMusJ3RNk*EtrfyqiqqKcAW4vN;7X{8Vsc1imz3y68{sF_h1%+DY;P(ntA@YFQlysJ zv&6^WKe=mx6T|fJ6Yex*RdHlOYV>~i7gx{y=>n2@FQQ}JUH26lT!U(((my$~K1)5$ z^;I2(Vd_h=RaYezZ68+2ENaNwLYeaEtVxXHS_F-&B#tBGntz)02LZi9!_`V0lKIM+N&$ zVg&oF%Uk=NDfwnQLs4G-6%a%!3cR8EtzKj02ExFMNpRqA{%{_#T;OcI-78)MO%@`S zSyv4zHVOEll+;v5Lh#1jyxTv-N7Ds&$FdPs^5jG(YU-RGHd*{Lt!K(~y>@edr*KAz zqw$7BVAE8&>?-#`iDWG;>GFR#p{S{;f#LvdoGj;by&5)AZ*Q>dwa>&MZ%rT)nf3R= z>jsp-&SW7rXq)vhNs=YHdO(W;7n3SK+?PG$zkfgccA6qZX<=gn3eV|ufCd{BpRm7B z#QUJLQQ-`QG(I-7-*4J(_ZWm8uT74c_L-Oc?rhP7?;R4D^#*$)u;21JQ4;aF{2iBN zSz1MFpVF?jTjF~b3Hp9Frh`L6?pBgbj_V(o8~(y9`#hVI832oBI8~&!=rqK1ez=ebnEni)8U{)zAkOE`LnGpI0O;lnVAOfV_o|i-7Emcu z8lS6iN5Bh4{T7dAym@tozn@TkAP16`&TSQGKVErr(s1Y zv!dVy4p`Hl=A-HV;Ss1BAK*KmZ$Q`gVhZ5)^Mkm(Ivx#p0qe1o8HR)q{5zF9=2>O} zwGJ*intS^uIeVptX9s;uX(vjxU2kW@89K%%Nlx%8gNo4}|0$rVtn?`DB7xM*4J@YWxAIO zfvQc(BZmyXpr1_U@Sr9XL=o@5MN(;2TfK_R`dNTNJQZA2c+J65Tlqm%UK|^bc%cWA zSU{gdG$T>FW5SYAu;G^;==6(BF8N((c8m}{=yOC8pN?mIIre|@er~FC z|3}ZG_9s8UWkU%}*`VDI>R0?MQu-YGi6jA#zt;C4%lsHlVAl}nx`dr^R~7y(9NV0d^FXs`Y{Tf2r;1fbZj?^d2h z(%hHl@&tbPUd}xixm*fI#MO#_hAeYq$k9@Bwk5v*-NFinm;)%dv(+#Xr@pu5q`4aa zIySSSn6ol71DlVUqKE~(Y6hg#)Y={{b@V+};h*mTD*`U+HH+Ep`R@7tjD54@oHj*A zhR0e&-POU~QQ1_@;nkg`jZF`zMo{}sdxiO@hxIF`JJ~T#6Y|`S0KBT5Hf5NbcE}?m zBg5a5FM92l@<6*m)sEI!PR!baR=#dicb}Ux&xp>VCGctwMYh@^FQK^0D-ld-I%x+9bkcIS+H+UdtO-f z5uRXN2KDE@VE6cEI9;OE9Z#piikfZfzJB55xe+U=+2}+SBmBrytWj=uwAkpf^C$4z zH!Q}X`7%z(-=_UCahXQ(sINsuav4HtMMd<$-fex6ZFDwQ5W4x4?y-i<+_-^tx$JG9 z?z#2$`H7dcoXS*HRe79`Ndn>Z!*yEA=VD3&m^?=SR&~+CuxLC1;5@`0e_x;pT^p*G zYWEIvulxo=QASksh5Mo-Vj92u7NC_?DF2a&%)m1deWQ|1;;>ZKS+ETg2$}|j6A=dgr|1(c0+5lI8w=y!3Ms1>$wj;X#!f>w&!OqVY zzK((p&CR@>curM~`>Dfeya?4Y)s3Fr_T(^MR;z-wV;;Vm$3+!Q<8k#L2`v>QEmBN} z$-=TM2K`j|{%(LJdBPJe@MA#HceWONbg@|}IH^$8cf;eoLz?YwoDrXb?iY0jPtU@& z@t_p3Vy6#pzEbMQ6(sMVe^kYlSD9;Yd&Qt$M$Yg};`mXVRhdseCee^K1Ouko?Zv)< zUzA_}kD#fn9|ig(C$*fatrzc-I2TYipEI~g$DCl(yozx)n}wdr3C+5W@y_YgSYq5& z774zg`r8~J@a&p)sm*>Tb($vX^@U?nG=N2aBkU)jq3=mW;&;8uwZu~zouQEboHOuj zC7ED|eN<8kEGoKwc;pH#%E<{q#-{$0uSk;ab1MBz)@GyWOK#uRfDyDEvg3F7E0U6u zqS@lX=Krv7zzb~um}?rHO5R5`wW+#hq5YETYmkSEw);IK33$GN=&U`rzF>5|NbhBstz38s}+Q}oY33)J|; zmebyREd$7D=gN%7%`mEMiM<|YEovS_Me!9$n_UMN4IS!;#+yhK3vKR(>4 zC@YJV>$igB8fbnDRD{C9!d0*WrhAixlarHQr6|8DXVDHSXxRZb(@*41h%R`J@vNsn ze6^rQ3wV$B>^J*cb~99P`TsSCy87DL%^OxjkyK@V`(=S=)c_SZl~PqRJ>3{6F=$VR zMHl!AJk4ix5(O=-x8J{iPlXp?h!g|y3ZMspn~k_TKD4Z(TqqNA#~VYS)AVvPpgZ%FCnnx;h#r3nQ$W5FG*F_^e{*=e0-pk6R8en*kUB zgS`F284c)GO~yVIML`L0W4)2ME$8F1&-|vz_(4etGe+PP322AsBqUwXJIfOPvysC9 zRbox!D;>R((nH!@5IFulyP1Dnsk6Pk*q4-+Mt-=xF!}YBtT{fir51W|aRE?`w^^W0 z*UyWve=G1QeelJd!K<3GZMw_(Vuq)NUCp(V9R6PRC%|L-7nO+a%qQN zI$R{TCbwn<%93P+S(6v-lE-z%~EQA^ND^>@|T8jpDuajOS@WL2S? zF4dFWW=_K_GE`xSi?1>jk^1_UA(C7*fl+U8jVel-`dd#5zU4|GBGeM=pT|EhK~gw{ z2^4%9q3)I~9N&Jz&~=`kRDz_d&TP%%b_oC2B~+e?8m7V)acI(!5PL|<_^l=3f|xeK zxH9W2f_}Nb)e{zLcOr8nTtB2GB;XBvFL1LzL}vkQ$f(=!RZ;jM{+TXTyTi^v)r>7J zwk*8~i;P48z|I1+Ulrrp$+cPZyj75Vt};jh+U|~q1g{pw>A!bvpDBTiV!ymyK|uj6 z&l2SFAQ)(0i7|Qugs+{Q-NFp;`+yWw0J>PF>@UW$UoVy(XCtT-A%9D0; z<0@1wVnSd5_M8U|h`P<^NDlPUdo?v;pMRo^Lt-*>ZeDUqIA9=FP+s28ipn^&2EvVX zU{WP!T!D-Pc77qcefB@j#8%)j3VRr-Vg#8GxI4`R2@w0}ypz(K;RUqaxcZquiaHKN zJ~Fbh(v(=X>o&maJ$r>`Kmozc;{#Ber0Iq_lEOMB)~MYUsn~9z&s;2gzl#1}s}ZlA z@K8v)7!AgI&w3vhL(pLnFOA1@QrU(%UcIU$s%yju`a~~rl|@>v&-WGk_!doGY3IlB z_7p=HtGOwA{)734zP;m_kD;XLRXoSS?2X4QfvEe0Kj{+Y>w4kHlyG2igu8Um82kTi zI4pH%7+IqvW>g6$?EaOCkW^{BZznmKPmHQ$A|QhdK`gWPxhfH`F_8kPV%tV&`+RVQ zMMVdG=*J?|Sz;i;v7>~*6(Z%yKSAGCo7=XL%1Rsgy}0{A7$`YR$uYqZy~&_)x^(_F zDKA2D;@{1KMbYPuzU{Nq2U9MrHEYWsXZUCGQI|wsZ2q_2v)0sgbW}QMgp24vL)kWa{q9Y+V)R)iT$dx-5N<-Fw4u} zw8l%+_o6FSFI}r16t%-Jje|&uWdFHsm z(b0S`iD+u#`w)#UK^{AstEUHe>KRTlKU(CwU6i6oTi=Wb-Pw%r?K6V9)C5WywA%dy0ppw>%*Cy(8PhW`Ea;N+o1|H)$sD!a*(n!JqP-TQqXMDT zvl<2$R{;VG5S;_O0!E+Tw%)T2L3k9HRSP z8g>M5Q5j0gXzY*nLy3lDSz1FZQ}}IO%1`XfR#Jd0lPk}%%CHm0>tb(eOaCPZ&&2Z>N=$IvULFnsnXK9B<*HM$^E}Gln<`eq34O-U z@p0wT(^DiknBQsqiNcR3F)koWkhfgWf>u?E2cE@*n7pa3csXkS z3XIx8mxV%{y5;m|$pPHglfu;4W+EAO!_x1cqMJT9o5H-0*LTTm>v-P=;D(1Q(}cWO zKr*PP980pXEBo1@x4YWovMMvjH5e__Pw1}SB0;0~dXzvmsi`5|`teVy@WBdZca2oe zxUlB-yFjWHMK-BwG&SmzO;ytBDvZ!x&AH9{i@DwVvqBaNE4!@5!ic6OFJ@sk4DSm& z$=3V;e0zA#N9d#n{~tnH@vZM73UHjdUxYCboZ%xYFllMUIH$elu(RGu6hTBjjo zp^p3Qd$jj6e_E~u@rEDanw`isPfD5jQqkJJFwlhN(o~L1+pteLNkT(i& zX(9{E3MWcx0gmr<9{O^jP9BI32?+^)*DqGq^VZf}ZPUoju9ZAHKZALIetRCIft1PQ zd}r+0=KlCWsH$e`z4AP60V$JA46z{3UO{#P7+!%YAh2(V1)Zlp9qwfh3Xm$> z)=%?c))T+*1|A5^VOXAXWH1!p1c6X)R+e$K6EYd-PDBtb0|I6@=|g?ih0m!I!Ylmu zwzf=Q{{w()eSKmusx!>+y)-(Qt$bz@kSEj$jye*8ByR}hUIQQ!Ytka>Uj2tAmxKmn zwC#%&es)I`G7#+OdTxFP#h3~m78$b$V8?^g9djmzGn~>)bCFnVj zWdkv@29{v;n=G@@^}p5gy{V|@8C!2ANcOoBz>XH64uQP=j7BsFOt4%cvz`NC7zi)I zo&!;!^qqlkkITqVR9DAqDmxqXf5ethdY*)VviRY1IsgXWHr(M_GSULX=Isxc>i}!) zs&x;;0d_sx^5^G;#`6~f=Ca@gwt)kP#2%#Ck}=dQEHPlIDjinEfK&g713y&thQk5_ zD53*^*}Cpat}X|&nEj4BATFekgnsG?#{`p}&p>*sfHpLmZ|17VLj4Q_t3vKi+}B7k^1%KXOn*J1zAS&tOU_SD zfus<`r9V6li)0*}>eW`g?{L(H;r^VqI+4P;>`g|b3pSb5s~Uod_V2WM(zr=!H3!C* znMGgTG?G-CGxf+#O;nn|Gia230s$$1t2Z&QeE=wb_}%V)A>vQC?c-2*2u7L9_ zh_=nODAJ2a{v32qno@p&MG_HB!g(wOBN0Y%m_bdjH_bPcxAL^A_ui>mqMQ?IWUZdS z#Q$L*u6EbC?&4~}d*pJkcDK2%M$^{wi>=P+f;N%6dOAPBOr@Zw-Trp!wCM!VLET<+ z^9Hjv%GPi^wZgQUMPA>w~Ml^72m(&{ys51 zSl#MawR>Dk&kD4w|NS}%2;xAN6j`>PYU|^cTUOfMUVPLnfA>4@>FD>H75!$L!$uwJ ziHvM0b2}ryRkajlm!A7lFYuYee=^1E-}cXV4eK$ie$5z+MlNf%C)cAtZP+_srJYSm zXw@QNVrJfoS5Y7n7Jj;uz0ZMLkjcuM3Bb*7SP?1GU=a7)@JM29HOV4nf7#s{ZL zwZn+%ue52#<>T0*;l{aQ$NL=Nl!yDKoxWN@e#nWG$n5n~xx83*Enf7$A@;w^qY0P%F-QU)kws&X8wlDg4 zZ~(L1WU}P6x}uL3m}c2-P{mZIF_K0%3cbz7fazu}C@$_^KVb!={v3u_=BL%ob+tEZ znYo*HE-%l{kAVlERnL9tCzskJGf+NJTP>M>2FnuC=bbT{Raq7}!7`s1ph1@Kr=FjS z8{O|an%jijMr2~dmj>i)`>%alJTlU61Enx}8CNSWiY*+n&Ii=4D+YTOG6@=&ZBQqu z)9Nbs3H~9#)G+Lav$>L|N0+aUDt%R6%K7_E$}MD9r7g3jhRFBsmErW4W2syfi=ug_ zLWjO8WgR_v9-N*UM&MqeY=LiwF}YY zx$o!c;(xt>>!MIvAClr87K>r-xqL<0Y{8*L<*QU9rNb^o=)g#*l#x${>OmiPC9x9RTqLn>T!6QndHSV*{;bus_cmJo!B zqpzy`=Ylhg z$PetSJL>(xTRng3`H6!GzMCVt-Own?UI(5`yJ|pGOM=(?kn;!p%Y=!^kMbG%df?)} zGiV&u*;lI>Lf1)i(8T@@?1gfV$Ao{xl*;*?lT%-sv!J8*Xl^-EMl>q?OQA?&uZo`n!evZz&=USO;oCT|{VwB8Qxna64X1)UXjDOAV@h z569u~<4?6GetaFeeEd-kW~uM3mWW#&X|0Zi}(cEcGmIC zJ=4+Pz(!&Pa;R8HeDtKB2aSPxxoNv_hRDpSAckn*gz?2!rlD#I9bFa#N{0R9hpw>S zUTe~kE!D^&FjDVCOLY*Iq<2ZFHnz4WH0u+_1l1ST;E{yHOZU+%8dBT`Z2K2PPIAEL5QpgQ9a*yq4%JI?{8_ydE3 z^QGGj{~hVQ- zBtEFH=x-G)k1yd+s+1mt2p2xsLnkWoK7U^sG3~oE_{r=a^X;9mp8;fezdySONkVjD za+rLRTVB9a8}CH(%X|~9@9lZEPJP)Y$*!NYv{HnY;8?W^jOqiE@wvq*&zB`_)DEcXaf z3JS|!SOUAreR}rt*_4535$u+53VXe3iyqTI;TAD=^l9DYc{it{HQ3?+Y^rN3Q`${l zRO`&XZ8Kf{#h|VKP-#ag^0+p(Cp=7GLe16-@>oV-@Q(uene_ti5lIORI5!m-{ERXZw#jRF7rTJEK%Hr1vcs;z{0_F)-g;4*6|a7@dFqJ zxtNIj-%0#c<^Jz{x_)TA?;TD5{l$;F<87l&ZE5PL=4DSXU>GBV;;X&%Z zl~SC!W8_*MSLa$JFQCcPV}$)*vFM0Y4Z>eGAheUBZd4crXK6VNk6cG zNeRlLms)s?jY{s3;xP7dLiU#U@HP&uDKlFZw>^&9(lUhHNPtK9xQmX;t0f_c8AD8z zmeiI&m87%8MvQn?Ehf!mKWCjf{eZFMfLB5UDI!_H=nag4Iz}{}gmR@cH;qHfi+dq- zV+Q+ps3^VF-+{SmQ>W*3y4h4x3*4GL==i=)p{(26tdZ8~8sqc9#7-#vy`ZUi%SiEd z%KiFm|Bli*8?uZd64&9-qc!e_=D@23`h z7D^8cl1RY_DOrspga5Oh*jiCoqtm1=GszWdce-DSiZ^XfF_y>6Q)Jra_9W?rzY_#^ z|2|#~_&B&peuIV?t}~|lU%pr#x`j>TX#M5Cb+K90&tm>l?(1#iyRDajanREvgFC0* z1!4~6o^@*Cj1O)Z-PdQfqyO@aP@)IYn7)c!ys^|ro58!<$#%s zmh-wM5jfEfm=JD=^OgQu^YH0)`QJ`)X5))%>&A^1Sh`rc5_x=CC0l$3gRRfO`sPo& zBo1PiqqHXfZO6|b>_=eA)!~r1IMhbA@ei6WV!g|FfZ1L-MQoBG5KJS@WLV@n)cj%b z#bdH30mVxG?_lz~n!)DDgO|=PH z>q?)}ADl-|iyW~@s~N#Fm2T4De|e%gtc1U}yn0MQVlbTxDicbtJ(yd7WMs5Qt$dOx1v?ZQ5VSS% z^>ZMTC@p=FL&d?8TB;A>b-7u>Qli;#{Zqf*_Q=M+F27H!#1zav54y1xlopkQG#b^uYH6v<&-@4JU ziEY&GE5zu-(^@)nm*B#Xy;X9p(U;EcSXhS?VhWs^~RYS2SSDuUuB1Sd#@%m5wq!V?1fjV*SmJ%zfmsk zT4c_c%as{B(+GRh250?x)a2rp&t(j%?|spwBAoWA;x)XMJ`QK+Z88DU<&gr^_^Se! zGSS6YB}a=2o3Ku|jAR5q-#|QcHz~&$<0_ApF#6|8mff&GLU{=_JdP`YOrl$30W?}N zs@i8upa>g5`D{G%sZBLx_{(oh+LR!7 zkw25lz3IIKTg(1gS@nfdw7}IM;3*i0*p5RK5pR!GpycoK6Rqi`ClG&>gK?Yh_ABEAdAmgL zd5Gl~CVdkEE{9Ji1K-S=(pmBI$p#=X=o$W8?hhv@k;JWm=ZA{y6ng!O-j6bymhNXg zbgh;O$<1VJxCVD)U*@(yw55~tH2HH{Yba(O^&q~HVNz^6QPh8|`{BIO5O;7>e$r(d zb9Qm-b&vvc>HSyfGR=wpDvWsh2s+;50eFE#0GO7Gr$47ug8K9j>{ zCa5-;oIZ7siGp8Iq*wETYxMq*SwA(6@~=*0{>ntA~r%Gckpiv$WG* ze1vD1_4kE{k-utM4WuiL$FX(&*PoP3tZE3HUnJ^#3Q~y%ZybdyA#s#bYIBCMtawG? z8^3{uiHvxe*;|nAoUFatv$@}Ke7rkG*J6>6*F=Z}m*gWT3G~$nTbI_B<;Vje=y0tX}d;->A??7K=)=d4dv!-(3X7rhhyi zb|+Xwk_cf^QnY$7EQ+L;24`-LgR5uvh0)(BJVkQT_;$0GlXQ2|;Ko9en{{Q#a5!Qp ziPJ_F(3gL2SBic3;lw2FPvdcPL}R&gXD;-^2O%wg>31NDJQX#(mSi<`!2?V7#7#}gCTo7U%+ZG=oO>9Ld0*c?%d-<5f(Z{@SC zCci~YS~YX+L-94z4TIW3tKL3Hp5m*$TPNVvfZ6J&EDzC;#8aFGOW_MbnWXI+zY z5W*n&Ld}tN&2g`oicN~4|kMN&D2Uyy?TkZK`}ly!3fXAKpr$GzGY~qj2|o&Zhj$F>9xH?d$ic zADq;ML-XRRbxc)p5c$(`GV!e}s7>$w$nHh#A}9y^dbQ5h@}=>F%8tL`3xt#@ZdWC- zZc<)UC2o?t#L$$JaEhUCyPB&avx(tQMwCxj0s2239IhWk9THTf_cAClFMv5EoR<$P zu!xqHwjfeI2tgGQr0DJ;h=pZeq$F7y0Um zs;R2_e^DDUSQ~i>(_%6snh$mrm01T zl^&Y+MBkkfUP*KI;Zs#W14*kUVTn}+jYA-QItC$q)_c}wynj->I3@Tis6Q_9W-w8F zm_9;XiD~;G(4g0nIea=xTXpf$bK>aSL{Sk7%Y}ntA}9S~e?yr&X?86a?B6K*qciA& z?YaI`Qa}eO-xn>1M8NhgTU7xBNKzos%kl{T*_B4OCvkHm?|(f!`QZmA2JXEDP_bsQ zlmHLz&A6HN-ap?`DaSV(OuYFYcy|q8v5zwD+tj)KSD_kfuwo#d%r6=QhC1>A(SKee zWCxbG4~>kJl@xGyL?D+KZyMb63N?`9A2TU zigynR5`iG{0e{@~%WRtcsiFSs7cW6@E2>p3!%&3hj0_!7ZK|Fmm;c^mC;bR5iP14aOLHpLHw)HD z6UmvXbQ@2FGAQHiq7uo#SC2EcRFiKkiu^pdix}%&%##^dyA7L()@O;A5@d6UuwW!Au-d`1n&6uoV+`d`TP(Q zp^ir)(SUZ~N)tp?#BV?JV&4?3;S;e-jND(^6Q&>9vV0`dxkq}T5YqX5F4Cx!+^Ib) zioC5PkGlbD@vqPOLJ(aiQ7=^Mu>)}q8%#O5L(7 zTI{ToDxQ~&UEY(DSqzbXa8_&GH}p%_09r!|ovnUbxdhLD1gIF-!KqWWG8aZy)eibO zfe*txAc^aUAw>ET{A}A;YOrRCFtB4^PmML%-3<|nq%bPJpsQcWWQn6sO=m{gGcRHq zo7w>hn^8tfBFRpsfWnix3y2QDLYNRfwBVQz-MPjBdQE}59`TesXIB(|pJqm7v(Zt5 zAxnyEF=?@AMSx!t4Sq73I~9>Bt$@qkcoPXxCmC@T8KrN40&0bwdJfk`3gc@yNQGRE zXnm))L{G}UCD~@*XfioIK~kjLF%suK9|5<5?#H|tA{i~N!zr@na_D2z=*M~o?XO=R zH~-|RTM3R$o7w=g0cN(yw9Xwo{~c;wLgc1(rIt-84y)~oSbUxreH9(jU`4`eCs>LH zZ~ZL0aJtm;#WcyDh5Z5=0+d=*>4{XHP;{Xs+N+B(5W9@qB|P=ep;3iJiDQ^R1yGm8 zbP%?=|D#ia&tRi_Htv=5@)S=WS!5Ht@)$(27H8=wxwD9ML65V`^GXSkbwEa4=w#%Y8 zoSVj3BE+gK@qnsAo>Eo^Z?SmCj`Dxgpr#EH;ou^$;xKibH6t$tpkM7g`f|0wE5S$g z&n!JC=MT$i;xsh833~<7StcnF2=92E*Cyu@tpQ29S?qVNIYyY9=n%=GBp~$}vupJM zm@mv)EsU?pgT;xd`@JqLn&}Fg4Gh)<5H*mJ%~4>%?fwpSX)&xijVJYT_J3CV(a)5A zz+SzCz;VX7i@aO^_D!`IB6d7*5KgP7ug7Eazh=?f$}sBpG%m{*0ekMv(El0uV@8={ zt3sj%lFIgZYWx4IlEHN{?!V>-$D#}xAZ1BP8MHR*|LqOAJeQ_&$Tw0hT`1Q4@Ba+E z`YctDSrp50uS);FOZC7Y78C(}Ox*bYI&aUVi3PGxqCG7CowDF7T@izkyRXFvd$mZ~ zB9_2)@(2?%QB}b}8T7wF)OmNWao`oNnI*2>9D;7UI`FhL>sNml^G_(N3I`X3Sn`6M zyzYW=w%=rEr#VpaH{&-+{+-@#E&V(hxuBz}r62s?0JK4l8GvM3ix|u#9Mqx~17@aD zK&DdhDHZAUb2~KD$LBIdYZZBgL)7$A&Ju_m)+j#0d?nk~yd`Dtz#=i7U|>VN@|Pr) zw27*}Es;jPNGfLU8%pzbyvQ`RSl-xT8l!Bf z=shBbq#6DVZlfz*Rmdci)XH*=vMlXYQ&XYsh;ccN7R}Rp!BWDMeyw-{U!%5k0V{r?i>{CAWZEL?HKH6A|iC z8*^D$)(iBgwkGCWJJ@JD5aHA6NmpzgiD?$m*8tcFlnF`<>Ir2I=pM-OLA)i`Zw^>$ z=^a724_n#aZKC~>G;q&(w)&gCoRBliW@Op?#=+j+WS|MG4eiLOIU{f1Mhv4y!-ip> zkIJnjn{EP~tr@_gtVZ5ETt$e5Hy}`+v znNXg+66>ZW$b9a1-GRydHq{YCiaOzBVyP~O7*|c7*=2!8Ac67z>R#q+3(sIp{qwedy@Z6(K2k8b}8lYm0 zry#xdiu*S;Ill?9G^(3#d=0UCYx{HFH^)n*K~qj8C_ft2i|J4gBEkiPDiLYlu(jQ- z=b|9-(`zjJ=agSNE%&zG&VE24*cY9qvw8%}*1f;XOrrtmSZ9K?t=He=@P`V;AIW>V zdbpb6@XP!(WsA&(2Rt4yIYnj_P8Mpc{d1+BgAi{5O4dqM;70-S2V;k$`z$s#Brh6a z|JGLiIGQ{h5+I%1h zNBHK8E0;%Ggwrz9Q|w(&|JD9VOD)-}5zf8wnI*K&Kh@}Ky@G>l@{UHN=<#JWk&xT* z886=&Oxnx%Zzpd@_%u%^X}3@B z@i!`(sQx`%wyS%$FymemdhN2tqI>!CRd>FIeG26rq-Zml)g;-55-|xbm=XWIQG{*xfh+&* z*5W-)49S6Kc^vz9?tZ9Lf01a|sK6U#fiYvq{|ATbKsGMAUT2gor{T9hPE4Bu9}LEa zME~+@m-B1YE~fNuvo+%BY73I8LB2r|~d zg})jFX2})0{Ux%ph=X^O4W7J6+I;S7<@|=t-;(ov6Qj*|aMyW2MqLeD*kVbb$^DC4 zV$)|A>Dm2=U0U1%pIL^N9mBj2h8XsIo;cN=!6Czf=faP+Nw2L=v?m?BZpB>w**0@{ zTYKJGn4wYu&;9DVfNjr-ngqs?$dJWstLMFVuP4c25@UgQsJ@BV^UbS_#H5AKGOckd z6Qe-FLDQKOye21OsYujwRh;muB`Ld^dkHbinoS)=!*MA@q#GIs?O$*U{{*Wuyae%Y z(|%Iq&DFQaa8N;)%vw>QbEXwlRN>K*CSvtWc@Pc`EJK~PqC>6*Kf76hpP2>UOo%_5 zsgmW7&+(f32@Rg*%m1tUWv`fHy`ek7PO|7a7C?kRPoK$mOn{p0j4Y<<$xF(G_0|f< zKqbbW@wp-{V9-SpFUS#W8Zh-;`(`t6ZBQ{@^J*z|{rb4z`5%-{tN0i?bZAHrVhc(O zqUQ*eL+DqHVKqJc;fRQmIBE53xGw~6c4cGNP2!>I6SCSl(VH$dt^kO5pmft26QPa5 zN>~p?!TR3+b8m)%P7Zq^>VnY7=?4%jeL?JnkFc!3-6jZ~a!v569_> zU#8ya0$?-}S+AvMmCD}3#7F_~kRWKd;2jk7Vbv*nm3KPPak5-bmQpzu8WsDYyvaRWekDl!xFj3e8&P#yvH}OwlphAO&~-X0oqv!_b_H3Fq1YQwN9%9F_wmpX^K@z@O@Z zyX+T+tYOSXyeW`)=Kh*Qr&aDLCJD{}nJFYP$^JtThI5k@OvZwQQiK%6*A5kg2$94B zIa!Wv(snuw<1)cnsj`5EexjOZoHv=7h(5c-w&aOe*+ROfjsPGmVb6N+mqPaETUmiy zi6l4F6D2eafkJdL%Gn5AG0H8OqRO9_2b`J-L@F(O3o~VakH(RX`7Dfr8bi375Tw6{ z%`}g>_}vm)*Kor?=qbWqI57Fj=yPoTfV`&qb~>R!GFuq{T_L&-ZFUn>RvG4%jF~K) z3OubW)wqrnn>CG4dn~fUSX0k@-Rpp}6*iR?uSKdK))8UJ?yocbjzE9&Q{$ z9==^DTtz+;(>5}N3_c77_$5DRAnZLmj?$elDy-L!)ti_i6z*nu@9*9Da(E+15M8`y z<%DM*>@e8D*WGZns?(Vm9*i~5|5&$?<1bNrKxKR(RzzPO5J+U992Q(MCdzclpX2I7 z7qg#FHP8AA`K#2T*wl(4APq%rXX)XQ+A<(^-bfStNYiS3#1i{!Dx0qZvGGLouBL`WSUx=BL;mMbE)*@M#e#{;Q%$I4eHIHt(KUm zZQkT8Nkz{4l$X!)R|0dy4;fxKLT~h#ytfE%_j3DgfrCl?@tZJ3t;r7F`yj%y&JVIn zWn=k=;MW;zMJQd0$eG^^V>7?=51PYaLDVr1uS7kPp-?pj&9SA)+$PxN&sWu&O{d&B z2yn=SfvT~?mt!UM6=)se^j^1(&oyyXdk5YuzzEmrB}WTh`9Gg|bvoxyG*#b5D$DPw z(3_q69RvM&AP)SdTLleGEXa1DcSxj%Bb=!N&@we#S*r{Q>$ z)z_cvl~6aV%xmb8^J;nY^7^P<4iS|Pm<*SWeh1b-P^X(6aI^Y*3rXh+C6saJ?Vsb& z=_w(I4-${jc2G8U>W_?sr`FUfaxF+63)%@wJzU7t;)=z^JU@PCr6OEPZ)do)diP%* zp)>NiHAlR0<950&qX~VzH#rOFbt!qv1kK5#Lvjwrb9Y9?FA$H&;^^*STP0pP>`};5 zEaF-}3}Sijo`#1>#e#tW?!_EPTK@M`bxL(qRld<@>>&9^CP1puVBcX{(une}rWUC3 zd~SHwPyGvT7pi$V)>lHFEb+(hk(kXY@A#)>etlIY#^6Us6x=ia`Ub5ri21Yf{z6up z;#@L5IGZphPj)SdOeByRcd%xcy8LK6>*uQHy~J>A;$~sNH(PwJ8k3O| zmR;$T9U8vT1BLC-N$o}s!`@Kkz(EqUr5KETRw1u_tWF&rdCWM|!S}pgK8xnN*)bgr z>|i7Q^i`7Q2%B=T26aSU;_^}j+RpbU`Hc@Bm^k;HA@xV=d`GIy&R;yviJ0jf(|Bge-PP#HV$jFbloIpzV&9X z#KIt(=LxQ9xMYEue;LA?W}n)>qII;yrl#J@(0YGv_#YV%OHqvXq{><`-LurlvsP;} z6MAq0SkeH9iKj+ z@`GddTkf0vQK##nzPO<79B$!*4%t+RW>Qh(pb)mu=*NHovGpFzQ?J7fG+hj);_oi- z^#SY?9wUk19RN+)vFC6W9ll*R-2GT1h`S}_H_1nm zrj5qrTi7e{OIT(-1K;te*G)|3*vb()V$Xo=`vNBS)%oT{ej5Gk49XVbCgHF z%>(ZB$(TC-sB;-?&1c=!H4I``IM9AWXnVWQ`?$fw7TlOpC<#p6q{&6Bw}Rf1givbx z-4%a(^B>|~s2-9+Ls?oP{v*HJfBFhl&8%vp-uoNYUID?90eNEQRhjMAbM9t19pAo1 z*V}9xbn3zdC~nc9S7!IV=Z{${VmExZz8Y(+yPCR#B_y!3>KL7EEG{AVdOgsa-zX6Q z|H7#u*?ag{L`x?Wm_=(mY4xyz4KrZ&aryE1WG0R*ugP@^h1V8jG7(~F;M?2PmHs;Z zxqpni+3%W@Z+P)@P@YkmqD}qBKs<~0t+8=K8VfN16UO-4LDwe&iBeVfVkPeT+gjW@MW21v<7Wpcm?y<$Z z?MgKIXuD@@+EMS5i^nH>2YmS!9VZ;w25$)FwP$Q&DWs?pGlqP@$o`El+bj$pcWxV> zW`cI*M#xt+2gRAG_P+=+ZqC@>4vU+0s^B2Hf&>Ed&_u-DVtWUXEziC`vIKmZj_Ll2 z4Sav}HVSxW2ZYGDU<}&a6V_W{8ou5ilyVF25BTO;4ByDL8#zQy!e#K8Lo6C~4GXyJ z`nSIwQ1gIon7%Dt7h?!tXdMJZ=6*%tf2AEAaIpuwt0^qe5ji-y3J_!+=0+nZ(Lr=N10J8tGS^@qz*%hPo@PML8+Y{- zA<}x7(E952NXoHH8L=Q$}Z1?58 z%dKGiG(Yrb&^{ReGV*R~5yG>BvYEl}U z-+cYFy-9P)Z@nHeQIJ0-#|;+LCAqs@@SmB$z(a!GU+5cOf`cM*BP@nQk>IYqIp$ux z1s=nDy0uA0X~o@a@;(S>g^eO|mDJi?V42&wyJIK;kZax7ebWI(w^&JR1Wxe*D3vG(wF$~ z)~ORrwU{aV!TsUczkJ4T#u6>@Vm;|yV6#u?zA(Jk{(@LH{sDIQKf3gC7GtD^pMM`5 z+9Vq0?SM_-*+)p5FznCzct*ZZ9q^r{YHaySY;GvXZimu}LlXv+JMsW~H247Bhs=T# zwsI14Iep)bI*EbX{%RE`!? ziRZEe->+aPu(j_j@{1#Wo#^HY=Lm(o`+EowDN=-<^IjblKlw*q)bPJ~A23x~dC3O- za&Y)6V`z{t`7`hxYgt#<@2TGc5`x6?9QbFup^?YA%M^gg2fDq5QGzF%_JA9${{_!( zvuBE&^-TL)`FzwiAea(o&Vpz&fHzgy3ehK0Aj1R6`{CyU;bUY#)M9mo@;&v(vw&Ru z(Fjoa;8%+qhJ4vP`_Us#pE<2rL}XHDD9_P9%A*)Lp685!yL6<#C;gljB(7|Myp1He zHT7YWT}jbMkCq~}eNtwpvUYY~uZFXj44&66c~z>n_g@#TmmuL1?JZ8Y)t^lolqQ|O z=>ASf*FJQ+`t|YD7@~3J@hv@n3L#S_Str4m z-y8N8GKS(30RqF*evzU{(v+xEm03DG65&{$|GB*kJUD10*&n54zxEac^Cd#N3|&x* zABZzDsUH$}<zg-T%`7Tl&7&fe83X>{l)B>j8VqQNDEoqrNoH8)Z%@sf*W@M9K-{Q8h=p`9hnIa zH*pS57wbq%laVs0dED1H((V6K%e5Gh76pVE2YXo(jVChQRSijT=>k?B3!IL=t5NCP zv;RF^n2e4)kxX}oE^o!`Z;~ZIl;nMOrw@ZAg5)K0&2~3y4Goo8!8C+(m5|NWi%ti<~SmgsEG!w6}2xKX}FITky)8JevLji(M5$j=O--L%F_SnB{P?Dets@b z$j`n-LbikJZK}^zSZC-Zw+#EXMoE&HreSG0%eq& zljT>CQODa{zk-5%KMPxT{Y+X$S-5G$aY5T<6ToIAp7B2#h8Rb_nAof?FZk*ktgDyEf?jopd+Z8H9I9o&@5u8mpztwOc2~C8(4(AQx&7!%c7XZ zU_6eJo;yBd8Y)BOahCrcAs>v+1;jBKLO7gi+q7Q0IVu;p(WC~Y2Jm^%7s!)wEEC@} z2+oy>^l9C0u5MV{M!NdAA4kr6;|m>|WEI#hryR&saZ5yVBZ(3Du+;>zezX!Q5p94( za|Jp27#UUzS-bct#<(khj3yT;gi?9aNEb$ZBR^KjP*P;iCIwjySl>W%RjF z?x!?N3QmQ59?oTS(eZ1(oRcGZu*SHrbW?K)mzwLMO2RxFcyE)iD#R?`raQmqPnwMl z6?R3fh1>9g(7qu=Yb}NQqw4h)*9nbVuk&H5GS&?6OuKWPzotyp>66(FL)S7MOF44K zVAMbAVjE7p9QVhz*`Oz1WQ?}AvXw2|Z;d%3)|Z5aOVZ_$<1fk{!^Vv#OcnP@^2;Im zAF1ZbWsVngCcz*e8BX@a^R~uq*cZDKi*S!ygdP|F(pPRBTae|Zj4JC%xjz{Sx(K(S zjJ!@Sa&!k}C~)?;)2P_kD_|u&I6ZvpbP#v+3>!3hMOI~jKD}2y-fZK?LS4pP|5fQ^ zQ&v`$^;+b@(G@RoPL9fJ!U6777yac`B(JoFl>PmCM3-v6wBO*ioP7!(^6s-wdSJb3=Nw|m$4u0t`91L1Qt25_$zUv@)d;C z*c#t@t7AcNpg8PvSeRA1NT9nCRAnr#g@HsE8A~c|9E6MofB|r@mHwAlLdi+&95{@^LBhlo zYo8`er%BiTQpJ3nE?AnX+{w}CLC#ZgW6(7ANa}PICy&Q5+=}LFX5*6zX=43{wk8WR zD1=s`{F`c>8A-}*NFmUWiZaJ0dYJw7QB1kRz9S}OInG}Qg#8jv4%fgIhe4p zs#8^f4@t%Wn3TxKp##B4ZDfKldxX9F7x=pDiR9{D1Mg$60OO`GH{+}b`|GyfBTCQ$ zPYs$W62O^lbKajsGSX_B_EQNQsyJ}sr~e>ADV00l>5zINU3CJC8(#c-w6PScUgJy3 z7Ykb*`1iM#xIkBl=}5XpFwvo=dKswjg9EN?^%%gJg*D-fv(;2==YE*-hALOVSJ1au z$BeGnHT@ZTYfN|EBj}@*AMkLDULpD)PB8utB#~*^k`fM7RwyQ8PvYOcLfgu6l@JXe zdu5gz`{Y)6cI`g3gS=Whh7XOu_racvqs^24ZD!s20`rVrL9f%v0Cf8mkGep9@z#_9 z()PXf(bGUs>`p!u&3vRaUX0u8GhufMd_`ezr{E>yS4g84?Kzncii|biWJuuRSeE}q zL@=1MY&wvP=9hm{N)318)ieqzzB?f6BSBGOJ-^bC8t!KmBI+IUmeaF zvem5%u+IcbNG8UME6b94YM=w+l?=t%$+`fT2@2WTik6z}_v6Hfw;?oOQ*f#NUpaqq zqW<%d1W{4dQBRH1Bwto-fR-7a$Ntf-*)?!Z4eNCPdQ8dwpDREbmd0Kge2 z$Mx>Z$KB9uEXgB-KkA7n=x*1|KF86Qec~0}`Xhj@^9)k%%@!G9hE1k#CL@R(V8y3M zZo5TeLY16Rm2c@J(A!}gAUd1W@Av#mBrSG3tqb|^O_*_OWb~ttyPp`@iRm4cKbn6a zeKw_`rO2P32W0W7DxQd`F!~`0o6WpuJsg>Td((D#m8dX%TEQZ_3UF8&N;CAJOOt3M zOsR3q@!Q{6b6ro3rM*FCu$h!iHx{w3OpZG3^XTrTfW7(1;pR2((cnWK7yqd+Jv$ve z9Ur4qvxWBgPMt4Qq{3Q5ab6^w)DpSF^m;Y8t92Eh%(Qo}ma6lI0xRGX?n8hte*i!O z3{6x>nqw?UII0I!wg}L3RoaAHqU~E)S+tcBF-ivIQDw3?W5e|#Vi`T6a2xX{pDr*_ z^4yWvo-TtDD#-8@lRQPLh#P!REw*kaou?3t(Z7OGd`R`^G>nrC(D3xp8y6xVhW6ys zw6xoFrBdt{Kufa&`VVeJZ9EE)+&^w@bP;cPm`>Qqk zem8Wq1U!-oc66dlk^(^1V=a<`{$e{Xrfw^5284~rDhENUm^2NDps24wUw>RlH~%U$ z`BU0>sF*UOtUVyde?&Ehhcw$}rAJPDaayp_|G;A)_S~)JKFskxw!1PHQUJAw?Ax*RV;#4G6NH~+i455`i!N)v7u|P)1>Bm4 z0aA;n^jFnFD`-rn2f5Wx>s`uWTFD@Wcv9)6leo;-bUo0bP?8AMQQ*-mS`E1?n=98Yw=4k>X1Dqib!OJ8!*Rq};1z zm9v*#TR=paa@ouYCn3{9QY?m*-@eRDe$E)5yyg6po%b;5#=i8qd`*W@y=cWe+(TJ9 zU#qo`kk5=p{FOWYVS_?L6VMA*(YtMeN2r+)6;N*sIvyKr*HFXAvD z?FR=MVigK%E=aM1O)VLwKn|CQYlJNh>MA;8H{l_KlmkK?{tP;4RJln_%m}ViSCD)u z2bhXn4P|m$G)ApWp?T*HT1<6Tb<=RBs|y#+w*GT01iJ(A+A7#6jGE)^^W!`+9L5PV zpj;Xi4`kb9dwZ%ZwPD)fZf0nqObbO#6i(IbqBlF@PBXrDN50H!L$@jVMHRe8j1Ty5 zh-l_6^sZ?I|6EBeT{4VufZn3S*ji<_3!c=@%cMI#D+20lWaiZjF_tgFm9f+rcR!`kz#KdeQcbJ9+TXH zyZ%oDC}kU+hJhSYeutKkY7xn^H9EEWM25_z=?mD+sj=tv%U(qzxvWac-8k&cFZEyq zHYZ2GRh$@GZB9$-x`m#6wK1AR7_Yc~gR0G+iGyn@=OID+>p+Dgd1<*VmwOUz_8Sn? zgygF#nUuvjZbKQq=LMst$MN&0g}+`uE_@=%4E({Nh&t4`ZCuU{;oFi;BFkxB7wEOf zoaZ%))qR}JlkT&RdHn+3`3#yM&7lATBJayHWvTmc>YOGw<}9Zx&<(*BtidB-_0!$M z3Hw#GsJficcO^x0$NO{>Go+?I_fsC7hMv60Dg{q)kgSj1 zT~}IJZQmEYmqhSTbY|lH*1wO+}yMG$~eBlIUXh#6XgXB!m#$&OnO753=6yUcjcI;GTM|-cuY{wi6go4QQ*>Y zG%Mdk?PxfG_v6n!A9!9jpXd;B9gxT{_z^|&-)y5ix zJQE>arxz>X=GfgkNW_{`3FrkzSJ5csHUh)rNx`^MXP&0fYXxD;Kopoaf!Bq@GvOvA@fY_#mKu_Fe*C!G z^g!Y9PTZXSY^O;{j1c0E5qJ)!2+Hp~pCOGlAgTbr_Lu|H>9@=p1CDIqgQ53nwvW+= z7fN_I@7ntz8S=S)kLHh`CKs5g8-|>qC1WyOVG?64REohj)WPNZIDf~b@8`VzfX1vH z&8{xDsg|=ALRer?5siudR}eOh5eZqB6e%)&{wEx@Fz!KBU~W&;4tkY}ioSv_>Xr_d z8cjvjzj_9HS`|(lNg4Z5(F!`CyYtW+=qUgx%$8TCaBDgx?a~?q!khREz_%`>v8e*i zV19;FkrGm4@rQ`qR>+LnCAu7ZrYc%o!oz6VCT0!^$YbG+8zUyN_Vc^4Kg+C&R>`fp zg%|BCmnaggPGp?u7u9LR0~1iw7*#oc_J=XAj@%nP$=Usy3;S}s zr1QXaQdvp!^IbfN_xI)t!z`?E2KiUlUE!{x^SWtwj=&t`Zf; zW-%?}Zf)s1N3gjbkC>=Br^dEPb5prkjJ#sV!E%%E8{fl*{scY@zQ4~nDIA{-NFs?_8mliEzwYwy{JDZ8N zpu3Nu@6*>-=rs8(%>6dgCVp@wR&5JE?OF5Dz@NXhlwDg;D1-n>zASp+_k?iLFmK?z zz3eN&s;YrQk!$sECp+h;BQ7avy}(uB$K92vv(|lx@J09T1i#Q2H@P(~CJ{LBEAcfs zIXm9rlcv9KE?~e>f^>)F^zY!`$7Wj%Ip*UmF{O@Ed(fq}+&|B?HZ=p!HmB!Cz^##g z$SO&e#6@(vb3ZE-?YsiRBccOt`X&QtH$kDCeb4}+YcjH|(m|M8A-T!XqUK9g#O9%- z>Ie7lvciJ=Md6o-)au2ZTRZTb(s>3?S-3;?Qd)RnxvjmO)U9v5L!;#_lWmQY$yx?$ zj>`!Nc%wXK?4-+4>NePLRi`tMVk4@nXvk>+NF=9a07V>J8nY_;lA>*hFUU(VIcp*7 zT2HRMdB$R_w!?^aM@JE<%j<=h@Gnzg{QnFd6gK5fxw3?V7K=&OP8$skK7_x$W;2uO zGsR|q7<`~jB8XX-5p)S3Q~Z{RrPg<41uB@-*vCl^gP|)|UIM=DATf+N$C@J7eKjr( z%^4lzQ1jKWMmJg}+VXaBYdStpN!2-$`@Bn>3#nrYy{-a=JpJjUaAI5{W{2!aY4^t8x z3jZknFV6&QTj&aDxu28%f3id-VQxr8I>tdL!~Z8s3=l0LpE9E*=;zG%PX`IU-g^4f zxK?^7=?!K7yp;_b$aa2*FjH#*_S!D@ha2cXsmUBF5+kao$2Txl%oYy)w*}or{Fz~`hcnl7|P|flShcdX2U)sKqwZnEhrs+xbr`=Qw`NP1boVE9>% zdhB3#4Z=mU|7^lH$vb*-0f-$EL8*FCbLB-(FXjMT(?0D4IlH~II|+47`&F?Wlk6mk zajAw?lEYSn|2td#eK_69P3k|?XgUd-REX`I1wI6_pOUC6ofK4O3YmqBzm$X~)|9)9 zw<{Es(zh6s09%L0^Yv*e^xwL6dH$@F|2KEl8ET2 zFr*BaK?cq3`>Vt|A|NU$6upjJ8{F;W*zfip7gG`%i*p4kCsfl~F*~_$b zysUbb`|=$}^XGmqLG6BvuTZ(&4;+ZXBD(wb>)&Ad`7~#2>kACA&y^~%uylioksv3l z=k{Mdg7is?gB%rw`85LRP9 z5^vJ-RN#+WcGCFa0@(ibbFr@Z(`otx-Xq4kX(V8@p?U6masZhFfi=?KRkZ?py;{Zf z)9kyrg};7{oTDwK?7GcOq2F1b<4E;j3mvwXs9G#dOBT(tX$eRB>fLKJu;rb47R=$x zgUjOb9d_-$;Am>jDh?G{6x%wB=ki4{cf(q6B86| zs~d!mJ$xFP))U_!UHXk8U7lRTqxRhQLw;{=N3VW}42nBiO8Idqzg<{d_&MPq6c*7K z-~RrfzP2xw^y?)s;C|8|_BrQ@KolJw+VwJl_=ni()tKmh%}Ut$8x2hIZK=0p3g@F zpH*kD)nIp|d&im}nu|*cfgIs8>g5(YOGE`DF(OP^JkNB%2)_SN%m0!8F57QW!6-hO z5vF#@mMkB@jIEel^!m(2S>8W3EFB;AmedzbJT*-ZwAKY|oaPf=(4`MF8Y9OC^{Jho zE2H7-XQFoXZ!IVA_B(70G?+-m6&_@>)bC=?%!bYThb2FL$!IPnshOpFHL{P4EIBlZ zv|IUYbf1|)OjZBod4T)rJ*qzE@ywt|ZuHS=U2)TKKP8r6@XwAJVoVGe4^J*!M^OxV zf=mAS^N))rPV;F)*#ybRsQ zDmp*!`G7k*lw^Hp)_g$C7$PmU2LHg0^hDukMb}kxJ-wqHj%IFO9F)@Du;l_3Qmu%l zW)^PeNWVXf81l|sm$K-zeP`!20JaLk6&OQfr!676pz`t3ZI>jr9!;+YJ~Rt&iuHM` zLPJ!r2Miy{>F;8*{bn}N3Ii+iRTg;L)$^sQApNgfXrXAHM<-n)m1TRFc_tLzrbvg#ZtkV~Z3_^+7I1HO0pISS!NSAsQ+l zEUQ+8(XU>s?+Al7YYQ2noRe=QsC6(4B7{Y zuM?5AX7lH#@Z$z`SzBaQL0em!z9a@XqmC8>9YYmEMFbnVBt=RLP}0`MADIaOn{koM z9}t+s&hl^TJ|GbHeq*wo1dP?>y=Z*UySz90-m$>X+hTzyubh8yw(Mpg)DX^lsR@RO z)6(H>A!vpI$Xv3n1B3 zA+!|HC6RbTHhWZpq`Zu{&&q2(08vWHXY#H({;)ths%6N3ifPE1L#FCzo*Uy^+rhN$ zY83FJ3&D4aHr?_3j=x@a_1jq;`8{gsQPLqP*dlb)T7XBkV@WJ!C=_Gdez z65R7F<#AnGCK2}3#S*U^v&zsu4foAwUGbS*`tt)tvO?TN^Io-{^hc- z%@%n()WMvOA>W;9v3blIHYkG%KY!vYtPze5U!!?j?^wAiux0Va#GZMMb$W)MQvaxT zRZ#ES(-)9oo$-soJD(vR$=U3gs(VxmxN&^|r!V*PXRqnrP`y-SrJ#BYD)RJXq<57M zKS7;kPsfR9u+1=Eudawcm0Khf!|g1v2fW+153Kh!bg;JlU@)1-V|Py1?TFZ&G2S+SeYMQJhw&Zu``7V3k@(&r>%pyD)_jc9i(4l?wy#;PAKi#p zkpmJfMY2{F+3M;=OGGE!l9Be~QtAvgMG;2spSyZYlJcs%E9GOYyW$;o;*~@dP=43w zab9o{7zd|7i%BwvSsS^|F4ztROoLkHFAd}QGt;IVwr5b#+lME>HtR2@AD}qhDZ&Fx zvPp}uFdCZ*V6aL4!5#i)vI&~a%wNuQb}d&f$1jexnz#MEQyY^Av4#SUzENM_u11wVWIuj=^Piq^XC zTIN=NkES?adb5dwWj;P(wU9#o%~h%=0*(_s0nBvLvm7;Ar}=PHRj}aSf~=#GN~j?z zl~7~j$=<*V)olMUhjme0T)dzdjxKO zcT>g4BxR1xX~h1us%ZemOqgCYE}vCo1(BYxe3OV|s0Pz>8;Z!~`0n_Kih{(=0rX&| za0Pc!y1_L9N74@>91a*Tg8Yk_s#rNUDFR|uQBfs6A|0@ZOxDM}^=(T=JXLc_7G|T0 zLs3$lC{j&yNmL!1qg;+a1Di5x@oR2*vNvx2I~Uq^rU!$0WA&fbVH=tFMWEfFmHLzh zgu4$i-|*i634mz7V|@`kIiGmmfM}n|RiE;qqVq4fDgcj>vn7oF8S$T&R5G1pRhS^c z8MaZ?dNY>p4~Rc9sLxFRfxU|kEROSf==gFM1oXB&0#JHQPg@7SDx=1~TD&Q@FqFnD z_AN0AAY9un|C4`~_H#I6CG%~Sut|FTGLFHzMdYwF`t24h9|Sg@#WIiqe@eEeQ2u^BpBZz^a-3|o_&xSuu z;9g=R*t=hRefLyItoE$W;jucr!uk4V^Io$jFX^{f+;AXmW!8z#6c-#z;!mn_;ATYG zlFHd%kc#PY$bS5dJ`EyJE47~A>@S;`sfB|eN~eGntW-IXs)z{L?pXXCG0s?Uj=dS$ zEN?FV#Qu9SXNeN}srDyu}VC^mGHYtfV77@32w=KbB%rF-u>jP*|1LguS|7Mm(5aEX;f~vg9=baGt4{r47Tf;OXjVsqhQ|Kga^LM6l`=1A zPC8%n=40o>ubcA$*^-sgc#DM`f`^7~jwn`1mm~*s7X$9!Pf=;$L!N9v+r)4!t?Hbo zWX2uZaQ_FuKtI2|WTgE!r$|GOfD^1CV$_EbUivuKVgM33KL2eZ-HjCM_y#|nk@0rd zApnBj6?fBNzUthFa94LK3|T{5rlVAYm`|=G!Op|@8|>WT#o%`$$jucn0B29+5O7Om z$BecJf}Z+ARuj)dZl5hlM6eGo2FHb~f_9DDaWc7?H(0U6z_9nCF`Jbq{6q4_C<+3S zB$BZH1KL*haqzzL_gqhQ@?MZhKRumR!NG(@m*wp>w^2-4q{dXIY!pBsMZ+Zw_hY&5 z^oxOOtpCN6s?jwF4H7}+iSdb|gq(Sog?+v8^$*0eY(rjObQ4jhM<L8YiD-Qf0Z1tcBV7ShqfpU5ixSd%Cq>LoDFL{0%8&DH<*=R?;8Fb0@`wl6ar%<^6C?y2+(ud)a$U!sx*I zC^(%-F<^87Yt}tt6BQtu>Wve)dE+KGZzXYW!zO-}Ehw6RAlk{!KEdWKw=gH3;K<&) zBpP0)o);AFG>{0>?+hF;icJ@?NP3vagR=`*x+ew8wTE0U?}H)vAql6pvGuGSRdOM) zS{>>}ui(2Muac1%&)tU^4rvz@6is<_D5%INvK_lyMe0ZF=cgZbbMxjM?j6(%co?HnDiE@0B+%{*v4fg{(F z$;n*7`;i~AdVE_9LJkk&;)son=Waqaf{?@I&GVT)U1d_DhIVEcMNB7%sXCeuLqdqz zK8c|p-sZKJW^&^GUOotK$kAk0AYR7GE_}cf?*4+eYeLImps|XURn&^L_&N6Yr3mn?X{1JaKpKkY;hj zMk$sw9^Q}T?t_POD#Qtl@ZfBzoI*)l2u0#E1O zk&uKOE^hpesWUQ|m8B6ovp>OUyV$205rDw1vsimLnR^*K775LzVbcpk9vz0Y2H-nGn?C*hW213_2L)v;U~MWr|e+4rb8E5m1xzDCdrtIX4vs% zyc5uviF@MN@Lm~*3DA_q{lf=1(6T3OTpbq{OJ)*xVq%DiNydf+y=Y~9N=d$3e-`__ zc_e-JB?~UOQm)M|e)xVbF)_EewtfLWTzA9U1MVM~#n)fOF(p;w&Z6N&rEO)0X2b;p zp6<7pIsXQACvGKCJ4mx_Q<%LkmTbG3;wUIzBuByJs8&2M#IqOEGjE{I5g zi)LYWN+_>|RA%he<-G0Fgek}3S@Du5H?}WfdA*ltr`oX# z0urDqzWDft5%6fZ7BU}1^TF~33@P7?F)OaH>+=S9MZeDagd{T368L?PnU5Qd;IOM7 zUak>@8=QTA;xbtXO#UZKIf^P{x0#Wx4vmRoGoz_0U`JCO;6y_}P!)_h_t2gPNkswD z4)N7{9Vi(YK-IxE+PA4rxKx$S!*u-qQ41PT_bJBP9S~bhqSC&hUy1gc)vsm{0yMshPN1v;n;fw z6l=uS7i_%!b8m_uBYW56i}gpDT<$UhYll&;Tm;4X-6Awnk4vM$%&4%B5p5gLa8eSD zx)i}v1DEg?44XC%hE*pdx(x06f5twWKOvzZgogOy@aoXx8(x%P9|8&RM6qTes8)yP{4=XuLAF=n zi|_jrX^_x0Xv4cMb!pYm4e+8^-KsQ8k0DM?B{3l!zp^c;*BI=r%oSVYw1yBv-Cm4P)v32ru+Z@0&wWtE`$jG7#t zK8np1s?oH02_P346~*p|1khsRxRi5&$(<@tx=veOoqY{AF&&G|pN3W2(5IOZC`psD zzJ%Y7B{8rOuVntt%xOQf>F5;_GZlxHOaMVsvEP2keYZZeE)U>CsfI1-+T=V}9)Q^v zMCZos=vWQVSE54+3AZ~YRLe;wz1EhR<=Qau$gd1<(S!!|8#4W*h$vZkcz7BeqN~z= zz({`BIFoKg!f88r3MaAwF@{y2zDD)1It<^mlyL)Iqe1CtKKd=5T)6;~j{wLSq-Ocx z-ti;4dji1?>D;s&M>Fw-Fuj%YpwMb!{RFl8rkXy1O? zz0?*xfRw_CB_nBCsw5?&yYu<|UWp?$H~4q3ax!f(&euYnJzFU65&&EQ^)9mwF+;t`L=ICj}ZtN@38;?;Hz z-p{?4g6yh8L`4v5GjV!fLeS$?p$D&bIM20PGKw0*ec3Swstl^`v473E-+w2#Trp}E z4{=O=`VL04X-eIiwQ1P&TTV+NVn!VMzwAj+L@l}xSxQV%ALo7wmlh9U%$0B&y*_{l ztf;zJ?mx`M;xMFR*YrpRrw^W@f~zmpUVV!WY3I3aa>&~4-^Vj%XA048j-!b`D6#`& zoLIMx64lF4CCJ|?qY5e-sw|U}aeI^QLOD(U_f=hs3XlNX5jY?f>g z6jZz2>5HJE$_lC~qd1MIo}@80Y%a2E=jWSpf?6?seQSQm=S-+53Y7;PGNd&hD@S{=*W;N ztHtQEYM~=cQBhFzO__P}Dl?xl!~By-k!57N(_Ck>Alob`s)8Wf&}0$WW(CDWip7r2 zrs6GV1v*yRtcoKnPm!@Z=gQ%`qM!%@f~ZI5l7l5D8I$u@_wEX)Zbm%(fE6Q|95|of z8x_Y*4{F%~Y<)N&-#d~xDtl4B_86ug8%z28uRoHGn_m#_$vNbv10kSj0(uvRe}w8{ z#LKrUi|;O??V}&%aB7JKMUk;_HJ$v_cd~xrS=ufdNl7#`RYq3J(SQCf-kGnk;f*gazx@&&8&<>}1w~Pv zW*#FtLBimgr!>(a2^MULv7`clq?3~QkaVLrA+`g&`SvmDf3k(muSK$`V`uJRbB0x> zlaQ=Hl!h($5~q%N6Ez~w)a00lgp>#5x`hxF?#_XEKk)0e8RR4+k#%7rMH|IIpSJ{?vdH-R7}i&wKX#=StO^b+#5NWYHL5G@z5p23|;bAR&&?W^X=m_{(LK2 zdquFYLnrQQHXNCtGDt{KAX0}l_aY~cgb?{j6yBA#5T62sBycmqj5VS(kpP_Jx8J=e z_i7!A1v&SxpzbWW(*5!K*;frl4)ET~w&l?*66;USw zhgrQogc`%E6XXY|`PB#-f|QNbl*06G&9Rv>NlMa@^T}$4wy8jH)HNRD0It_Ko9>BE zR5(5;|jy|OkNCWfYGBY z`pj6&Irot*W)yoCcAE{!7>?1q2s(Ek=iv;3TL?bE^`9TN|D0Izrw{3Z&urz<_kzH) z{u7$^OxvOa8g|U835ywURi178x$*5P&%+K5VDr5G3C_F;Prl=yp1fU=Wdv(J&6wSa zrfF!J9ZeC@WCbrtX2ESMu67F_g+CpeqhJ+sv8tL=#caon3A^e9CRi~mIhgRKT74f@ zP5GU93#-xDe+#p>RiOS?Z7C`*rQ1hGY58Rp&K};%1-FtktQ(2vBL@r-N%Eyc^%4Y5 zp3SJyifX}v37aP3 z5?zTVMQ1YqtG(!}-{JJ8gWPfbm@iz+9JE@nXg24(YuGVi)$&Y{8VFYWE0@4k07X?F zYoHVrBn6$9k$^Jcjy+saou(QURdM*3c$W!7=jnn9Xo`R!nu$GnfOGfubHyHuvT+y1 zE0?2T)exd1eDFT~9UsoE#h{=~tUPj@geI>cW$VyYuyZr+2>bSIW!0g0%D&}zkCm(J zShJd1$!;W{S;uw%&lwh-!o}_TiNlZdGpm_@{vM6TOs8M#5c<704oF~H&AvSR;0r!# zUj#k3F>4N)5Co93AF_Me49<32LUSExPSC35%K;)uzO;G28b5rqoF#L7=q|5ieqseC zl!V)RcMzX#!7j(Jan>nX&HauD^dv?E6L#@C2G6R;u<)I%+;@l@Wm=*`LUen`*`pg- z|63UKlohPK*M~v%!|{+bhl8^7y>6jBnSG}xVCC|Ks8V`fmc zeg^wIe5u!~0iHne^69L^i(&Oj5#X@CKb2QSKvEr=zTBt;_8(YJ%x~*CmK;sz>pK}Y zb`hD8?^4OWj}2>5@vq#0y1g6o@x-O9(Pt8HWgqH?L#bo1ar@97u4D?>((kc;-Wv2H zx6>eJKi_=z4X1Q(@uT};Hmpg(Gol)`t4Cp4Foji~;Y_Mg3?FCTL}aX(u*w2%ew~;W z(}`)=xVdvS;|HGM&AA`YG<6@x_HX3p35#(LKFQ_UZoQa_u5Uoq&s8e9GP`kd?R< zFgk#VY{qWM#gdbTh=7Z$h$w1Ef=Z&<8!t75@}1CS6FC>I;a00E^?G)tZM}Oe z-*ShriXCWN`5fz)tY)L7GH*3)O1++?xjbzOKW*R1juY3(DA9nf;UdYI{#0yNjbOn} zMr;aVu^KduOkmoCiOl$U0lRKB;j?isQ{GqR{^@Lrwr@s-kZ7v4E5?pbKVt6Ii#$l4u7nqUQfZbY;`JC2*q7fQB)7gwyr~Qy;Q)u6Y&fwL8S&2 z@qGq3YiOE*h=w&O73_;%RnZWU#58t&J(zD+#bPMu$Gro)IcqCR=VsCP7cEP0&_jOs zYz!ydB56>y2knc75Z}mc;x}cay2PmDiBv8mj`FFDbltH zW&QQY*1McPcAKiN52bz)vA_$ArfIkoZ$V4(7OQ`n!gqW98N23dUN4!&>H!}!ed9Lv zAHPk7aR>Oiu@OZT@eD3a(Guy*`0P`T2_e+3)0@s=p+q)_z#gk3!atL}2Ujw0*#+9p zn!+2^!*M}_JGthA4;{YNoZhIngmFkSU8$dYoYJVFBsaaD8_&WGN~c zgf7i%6X^P!gl>8x9^oYjK0Jv}S6nAMq!I7*j6l^%B%a>Kjk}lGx^64mHm@VWy)un^ zyiV8jP0W}*hu;nFv;E6X__-vp`OAS!T)u;Sr(y{1zMNkNmnZes1&-`JKtkFLHvhJT zZCln8E0v*s^Gc+j+>2bM9bFq$!PiA~M#JTB|BQ*^9h*|h(+O5YJLZfBBtP_^RQo!F zdz7H2mz9ePM)2vCYD^gM5nU^|0w$6!rr}qwA(bNp4ow-%_{Ce;b?_u=vjyz@q8=h1 zL=-K7_UnfX*`=plpRf3$P4M5LrB(%5mhFX_lNWcwKa=qhoEZYue|X;=s%K4mQU&TFX{lxH%LIx8+b?wjIBIwc5sT8ey; zSBir2^f;er?{OQV=oqi6DyV8+U8fgWNp+0BdDWG`hAM*aG46T}mraI-(*^a8J|H2vm&n9~-KsKI`{U_&Ndm`&=!EHR* zx2NUePw-t;Q8g6}$;r2ZdFAM5LA?4~GQY}&z@(7==e1Wa5}0Hs9UwRD0_L0qEZKK4 z=O$yZ8u9Y0L||BP1f7c`uZgI~)hiMYzsg8@&%z4Bg;Yp|R7lSOCWU~ckP7Ml9roZ8 z+63>A#+b7c$w|M4Ip;otp&0(5m2vm*EKoC12ucd6kP4}go==6qnp()a|1y$u z_aW*fG>TwO--6X-K@sHx9eCDxv5@{7W*SX1qjM{Q z-lGWaVISZc*q-dH6tYZu+yctt7E}?>po)MQyE&1@NC4yEPW{5kAlGzF@g`@GE~uojGYl@rn9QkNPD#3avVt zQ3}o}l7Bwcr_~P6iHItY|M{bQ)W0nvvruF5B3Y}6Xi6%mu}JzNNTQyMmhP;?Xom{u5QUVav@xkxj_fOcccm|26uOyuxY!spcf4 zhiiGKP9K(BxBcUQr6ft%Pkc|4&L6Wq*;&BNmdL3&eF-iSNmN7xT}Dplviv-rNJ!Ep z=63&(RabJISx6t9+DKX^XIH#WU{n*{|LOcQ2k5^z1(7s6iQ6X9w8uD(n)0d@KXo9d zA7*_2mV_6NCL$t|;lEuZOLO#VPWKO4b~C|@d)B2~IFVpS}n zn97c+187vH4CP7|C#>N}Hrz-@kfZ`q_lroXncM5WpxLXFIc<~B>2kQZW+vZ!w3Mqt zett^FX*hhkDg2Qnq3Z znhxDShE#9`Y9tBCeu-}fH^sZk09Ia1DR_L(`>idW^^*qCZPZHQL>;=ULyUX71w~3k z6B!Z3h;^69)|_&5bsnuc4q;84f*=S;f|Z9yX3(=*B`TDTqF9v<3|@EvbUJigVaBM= z6b}m~wBArwIr}9gZ{+3H)hN|<23IWdv)hO$A!#WboZlCps5Xq<9!J9Q8T73lN>EsF z2K>CAWKBYnG!B2+iTagFQMyu1emH00$$|`y%Hp^8FJj_bGdZjM2ls$NjmbZa^k_;l zU_+5*&{XW^OcYx#nr26_W&c0AmgMCp_=ny=|F7VZe3PeXplTKr#SWs3qFRuxnW%OX ziroaF_+J1`BqZqyv)fO{@Yy(Ctr>*znWS3(Hj~i2Yct@RV)%#tleQcYNqWH2H(K+R zP>RTXDa2VEXwzah;!?gVOP0QkU+O_-Oxw)xiM3esc|ANR=+>Ifm4inJ%8>K%Nkg8f;1D*+j~{

    dgj&6W2)s6f z9wTN@EMhW)t7UWbz!8F<>K9l^y&X$zdNqcvA3#KgNMPw=z$MP^O~9j8ABKKV9}lY^ z6~Y|aUG15^X_!s1tp9m2cds{a)T1%Vq~5*6nbQF@(jNC!k|1GSUuI;7)AyStRE(R; zE2CFXZvLB;bJzVzhFG|J;UpKVRp|KmKHvaXGi>{533tjCAq%jX{b}{;Q0lxMNZ{2ObpL1; zr7C`m|ExZY%?>1JR|0pkRcD87WZa46#{KdP+B}ew83KOMB@swr^N4TQbTyKX7mc8_ zt0$$3`y+6N#jg$|IeIML^lm{BgY*=yL?ppV{NCBjn|y|z<2N%nNKif7)f10d{p%v6ta@8bLMCoHPydQbx{aR zUf6-<*nS*SjRTk{j*qI^k!@L^*io!ms88Op{^a3to^KmY#rykd^r`BDuFw$l_sp|X z*Qu%ss8%$^jH1X$k`>i%LN;fh*h~mWnA0!d>Rkc7Yf!!@tb%SO3L1}Za1NEKR)G55 zkzftMQ4;=%779eG0)mw9_p0;c5S>+$1!oy|R1(fz#Y0vQCBY%U`ERIykRVD`9qM04 zvbB6FV`DhgnuI?F(ofuYpO=*Dahs2mOgRDhb5z=bAR!9RGnY8b41$)Yx>r$EUs`>- zm{Q6`7O(roQG#AmkzBnfRl6OP3_74B-Or}6<@OCysE3E(REa;H20+AsD+Zl}B#BRG zM9jGYvRISX-!4m(vpAn1=GT1WsoI_W%f~lOmNB3DiKRYmXs+EuE8w6|6$O`|XljI( zMz0g0@d#f2{#%r+Ok^aCxMGlWPxedG&@>N1{YufcT0O!Zfh8H$7D9!xjc8N50d7ti zSD#6XDj?cTWS&{fD&O|B(6UjTeUmf;M#1RdsmZUjFVo%!xK?4*Q8; z#7q3N=0|k-=S_1b*t-U8tJkNP^Q-J5Kd?G6osJ{s^L|rTr`!XWh`kj~vrn4Swm}J8 z6b1E(wdnXycBY8rUYpl@6(PXpL+z5)spsK^JD$Aq)BD7oyvW1%TJu^7Jsx^JQj5WK z`1Tu4-yTlAXc0}wYg0le8Zin6{?2--g{GVrK|AG{uG{+mNkU z4i&#G7ZfvD4-X@V&)1uYVxD?EZ$q<_d?S{0SwqT`AVGTkj3hdXrU?l7z83}I$+q$z zAW!^0?|J8eCg%J8zvAZq*N`Jasf;SykZn2GEO#7*8f7br&5Ufxz-CED6cx3~gJf_eykPbY_^R=1 zyg#f9f*=s}(iiN#C!*7doSf2~>S1oU7$kcC9EVvv$+$`{@$*$1lAw@rdMXV(Jn`^! zr*z|&So=VSPM5*K*%O)EwJ)#sZHXudlzV43=Tk(djEhK8BER(cjO|$_)F;50fF!Bh zJHCxMBW82$8FPu#lrVfEt4>@a$EoJmGy}n4@y38FA4(2ytMasPOvLE7HgyW zlmHMfGoyDS!i*xK*o}FYQvp4KphtISDV@SX2r6Ed_ckYDj$OjArXR92<`-VA-Hjhk z3P?JM_zh!eU(Au=v-u~#am(a5WOt8jNU0ESe0;naxIPoJ?H(I`$e{0_s%TcF!0U$w z=yejhynW!{V%C(8q+)0=I#g6ahjeGLvtMNx@Ovf*dW>!WJSI|2cje(NfH^Ce`P>f0YNa*aNs~Dj+w&r zrE8co?M+(royD0%@$nv-e-oEunBK}CPcLsuRBFV6ILN#jL(Fj_FZV5jHOKCl4=Eq- z4=iR)#YidyhEcR=87hSbJf-0h(YvH^>Bev(Jc`ip)mg*>mkuQnk|46oT3V81n&R{nl?d6%G8`)M4AUBc)dV_ABBK0O-0$-)~R zczJl?fHz4bg;b$JsZe~~-SE~)4j`SBN@}_0)DM#o1evrGlc}vY5?;R<;}6ROx=DZQ zRkskBys(?Jf~v@jPHl})IM4OOwCSTeC&Gmvdrh(Z>biTj^PUH^DPl{h`~ zb!r9c5e13fOPBI#t+!c_bcoMeMp0zwCIn-eVg zRVM6xfRFAb3lE$kv;Gfg@hhlv>o~L4U4*n1jEb$ypyg+HkZ_ObFGb)%4ypGZl4V!P zN!`Gw9i~xxbs{No$C%pMg&(?q$p!rIww_|rj_VY8Z5itI9|_*Ig`f9c#Dst(3V=#> zVj5;ASQnny%0yJFnatEIhc+cYaB%``b7}@THu>>aXef&E)Qwp{l0=d({=(bE1%$@a zP+Co7(OV^f`>gCUfop+pvmsH%y15KHcVFh7UBPHL!x!JDG3MBD_Rr|VxpzKfhyQC# zSo0a(ioDG9b!!=16K<^;#<2P4X|ebL*(vu~@o`5=dC2Veum)e{zQVEt*SLP|Dqpqq zL^&{Ej2}tdtiHrRWn?Nl`R6O0@Z!iz#U&9Qu)Z2@B{qVm|l$Tse3*fcB#n zqF(%g+(mPkupxz)*3YDGcwGj~-pAqrH82Q!7}IP$ZMI)0{`^L!c8O>4<;HxoWCUGH z_GR{(MZ8f)K~o(o;>cH@kyJF2+V#s~L_tvnBr%z#AB-UM{r*&Rhs^tH__Xs(8gI$r z#^Xk%TDApY2zucP%C#KUous)xxImgwnTVqOJ&&YN&Xu36r+|=tVdNqu> z-9~T{Kin**Ig}p2J3p^xPQOS>*8ZFoN76~P?P27F4XikDA2TNyRsSPGr<~)~h0_eq zTEVO|D|#c`*)gB#lk9w*qM=hMzLFw?Pg?KF0w5LRguvY zD~fDJwq>H&GSO5KK`<6jlS4tVSLEZb-=kJUaf){9!E5#?8nuW*7gm;PZR$|}{yA=v zM*K}rT*|efSy>>U3-9y-Nxngn$$(!_AeX-#hW@)Tyi`00<=T(5^7F;hGn8_5z9$9= z`QcSIU7XJwWn;OBtKbm?4+U_5b^^mzIQ6XN3nao0GM zu#?fvOA=YNA#Eq@;O@iwD2gAoE4AgVF2$f&V>(v$#`oF{()=n?|KeOG{d|CXsy}}2 zqC@qMgoKLiRvcH=o^)&HhKqki>bL7e>xw%#lLB^o0Bss{q-Tp@DAk6Zkt*EIM6(`Y zMEx=ZxR+$;-k*6rq9{Q@p^Q1;aM(-OIhsnM8|6Co;mZ}{sIC{N(0v5^G9@JGD)ag^ zB3Sg}wG}fM(!K$~dVyXGZjmiZ1zZR;6h+0aY!808W<@*t8KFx@&}7I?hi``Y21};( zqj_{7q20b_&7O-WiWOC^$jGnXqeijfL^b+=ciZgdOpGi3AzrxY-0=+oxXz)inHWP~ z;iaY_c=(49;Nt?e9jshihW0&MQ?XPi!NFm8yTq|*>RE=p+XPFt2?Z6K9UzqxbKfFT z6cNRWygp$M=|I&tXRsqlMVnik2`%1Z!r}W4uqIbvrF`Y zmh|Y+kP??qaTCya`{D2HLeXv?@J6IU){QK*tep&~5=nrUC;kD0*qnWxUuIrp_<*M5 zWac7k3U-@Ao=rL4G;Gj|_ui_4=-QmOUh^a<=mOJTZ_3V+W7!^~p&h8j_?p95o05z5 z=3X`(?aJUmRq^o;AtX2uPh%3t=DtOQC?blLczwcQR9vuTg!1aZ{`6=bfib)fAH8;) z`-xeYEh?>Bv?Z))1f^aXz@V_XY&;|L@XQ6SrS<0hmx|-+8%&^&I|3efxVz!u;g7#J z2ANd>FZMS};ve!hfMX-wBwTT=4sDK6gCs9d2uwJU~0 zh4=ZmeJn|5u8>L)-bMqS{=xWrNeFS*IQnoOV_TJ>WR?1~{9-%zQnLvN@x|TXfnOkq zIsrk1gf;zn_qZ=jUhYLre^3;Mx$NNBdJOaYf(e}hF{m<@JNJpLI+|fE^|(h=r`1cn zXquCY>2KUu3w=ypj3vimmz8a3k_FjjL6vQ&iVaOsQ57AsEgMa-fT$sg`adq}SE3?K z?|#MXS#DG)Hh_kau7C>$LBinXj=Mp?bnyJCUx?|(?g(o|AF+JvjN#6V@bNjt{V$k zSLS!#%}po0R8J8tO7Ex@V+HQDlo?faa1m5um~yv&+m`o{o3&=7bW%BiUus-{OLIVuF} z@@eBl0R-7Zy0H~g4qau6n82J?UlX)qA{~4@5K&PSSHfG4=YskLF?%-g>yjI^T{Mcy zvWzS!C`wuS|8#)&7G?758{^6B`x@PwRKZ(O&`=!qbxA}(M3f$DS|ptjH$C85j%pPH zxppyz1WJ&d9L<~GP36lEo8YfG{d9yQ*c2Hz(b0FS9LMcz28;&KavUaIO?3=N6dmEA zc@BqSo(4p4B;(85Ljn%)$Gy}sCkl4E9o6{^j|wnav8fcsilV+i z!*>{7u`daC?P!9CD9DerTml-Z8bHl=ej?`47!vk>}8>YsmOr=NSLUOeLYlI1ApX&dVV(ikiUbjZ2ss zyaByAn{2ZO$s@}$`@3F5ySSqVDBp!y4%CSp1KJ^i*B z>Hq1^yj|NDO>>z1;}^Y3@3gU;o7RgUPaUYvC?Cbie>7A@LHV0)^@SRf7j=`?RAjpq z*=llpEG9=7sbY29rfs<>b`!E}A;a!0)mre$he9Pr{C=J5pSv@qbpZ9hI7AwHL{UK0 zNr;jJl7OIPW6k@S&59}41s9j6npSu6{%hMQ^Y#Yh+$@%MD~GROL6LL_=5$PU#|EwB zWRfF*AShVOUX-sff#b<3q?r`7b1V6%f$!f@4*Q=s&$9i=Iks7x4xl#2JloB9h%(D# z&1_Dv;Gugus6s;#Im6(edS(?i3>zFd}5clug=2q-IQdJw0_;g=o6ajQ9q$S+u zZt0;c7}X7fmW0)2MG+JfL=4f%nbeZYPkg zX7V8R9uJapk(FGM;;(ZfE`ikJd)WOzL+jX>aEef+!aWYGUc=Tyw@HYP;l}+OryI|C zHg7)6%^TObx@RK?QwGtcyn@B9IQXOhl%jqIKkWB^VabLV67SsPPI4~j+t9n$EjBLQ z$cZzzh>f{LVonpjPfQ{`Es2|_X7jp#Yrfevm1eFE2jaZ>6(s>%RwDOeZgBHXA{m>0 zV|~f`RI3$+D=LccWWNrl4x&?aJLz#ZxP3Q~a~qd3YtwGT*Sb-a9PYPu9 z&&D9CHY`aXdH!mSy3u;K4$R3+Co}CKm-kGicUWg8Z5>M$GO%!eQ>;iQ#tqJu>YMXUs=3 z?3{apYaB<8?&rjrWU{X=V9nVM)UWjly+@`pWA_aAf*Nf=vhuq2I{l?!|U#bB$Y6qiBy-$4nUDDJn660csdzg)^T1dTfgWGrR zb7A`$X02RJc9%~W_Hr>EXzN+L;u@Tq&ky@Fmlvz!aBM!Bf6)bgFq z@}F){y!Ks={Hy8=86of~@V!oc$oUfW0NK!m0TC^Bp-nxHL3jKedWZ4E*Gj^*P z#cn~Ctq7V1nvAOI5H&~iii5lKvC{jfHC zcF>GIRL`N8o3pv+x2zgz;QKC}nU~;>mJ>nukyDuec3IG%&CEsId3PY6wX2RvvXRwh z8rK(8BCK>TTG-~(yxA#q9>EM-dzSK;h;t33NK_Uc&gqEiJf2VQjbi9a75P%I&}8_p z%pBF7reAO3osKW@cB`++6g7IyzrmFDzUXx-g5*v}bP?Q?XKlTr0Jk@O!-r$$a>8uH zn$eu;hi1^Vv=^WwsN~Bux6F0+D}<51pP^#H4nFPCh1s`V(7Y@2`ls9Y@$Hht{Prn> zKl+w~={l?>`ti%sujpRE=TU^q6aEs4!{Jykco7;Ij;jplG>rZYXj^(0r)IXn^|#Zs z`0N*kHfuw4n-Eev51@Db;pC$6#v631edDE=p~zYBO0EZ zL=E>M-RQ{$z8~C>ekbF2Wx*NR7jeOR_+fs0vkonqO~ECoJxh*_q^znzxt@&tJdMH4 zt5Za;P_fge%>897Va19PCV4vm?6WFN5K7Q*(Mn=Uzf6@`Hhha!VC1rWyi?XOcB4-q zA>jdd0x=uDX27TOIB7Ow&1}IBhkvA7vwZS}*yzxE ziV|-uy3NFG-@`S;g_@dJCl(MvMk#R0m^@tBuOIe?kdcgClPdh z*e%(pvW@hI*D>W<@bhxT)!lKE%~U*Dklc+?Q6~wlKIvI4gd`y)?&PCEpYrpb>j+90 zrtkZf-jxHn_H!HhOu0lxr=Pg-O-r(47V}!;PdK4?Qo6xg%=+yUDv`nQpJ%iAbTF^{ z*pG6+&80&b^5uLE7kh&@LUO4xbR0cv6vy-GENZ;;9qFo`+5_Ih_v@oHy}gniZaG}u zG>Nx+|45usBdcT=zMk|ggX{bK!l8`7@(FrLA$Y=vn_E#Tml^+^z;=7pC(!MA6}_gEeZ3KxEwKY0L2D_|b;+AfIK zd2RhGxq4oo^4iSb))S6rC|dqd<0raRfLu8=iQ*s1L_S{q;abf5&7ZzO7qA}xXb%3G z`(7b1d11h04Ve$Nq2cDJFsnjVS}Zx4CVahJad8u!OHIXHFQEiP)<=%r6&)xCv!{u-vuTa2^+{x zIg8btj@^=u-I_^mjvZHzNCJXG5OhXVMMeiU!0ZYyU%sKb4TT`)H(y&@=NUkMt3y8qr?gLJwE4T;Y8(16ldFT9dYHK_L zVhXq=3qsy)G!N+)oVZAoOkCT!p5qBN?B-nd%-%@Rk2VwKfH(!H#tR8F{EBtOw@7Dl z(r=QLe1@Eic-%sx2r1qOZ@=IIH4}xPq>u`!kP7MfR0vF70I77<`TR1lJ-UtP(oC;hCGgs{UOEmVkhX8@pGs>_iqe)ktW~MXVZJ2V)^1`9o4H z38+d2t}X)ZCF&tcO+d3_vm{|kyXVaCDj*sB(Yb~pNQOeD6;dG;QX&1(iBxFHdBF$% zqtLMYw`T2+!-M}8D!>-~KLAQztSJXF5iokP4}g3h60&Y|0UwsmcrK#giku;D14Kvj2hXt}og-S5tE^c$Ymv=ifo6Y3r z=3=+opY`xBq(b^HBvn=M_4R#$@+^QLp=owB93U-m6|1akjr)v*7a((VrbEJ4T@0ppCo5GA32`ccmt>%SS5Q-D)@!O;>=|6YAE zoc~YFL0*KkdkKe= z+cJLE5So@rW7T_O`Snf;Hl2iE^r1vZMY?`AoF)Oz?4eKbHtzSIm_B_GCxvpnId&wk zH;TrHg#%+gX3p8`WEg8P`sYt+;3blE=to|fxE-AU0p)5jc>GwZ8J=#}k#0P8?bm#} zY!_E@+<0l+Ox~>0&*guuh@|9jW9KryKjOzHU%rg6cQ%tg|CL+5?&x$z+zFu3+e7Kst_+tZjNpgE z=Xoeql8U zao;s;#d|Ped|&E@DQx~=2n+6}q7P`s=($6wB<44@OGr`<*LQ5@=oL>I4{1k)SWrKo zB-wI?m7g6UV(dWbdF7vLM|)S+&u9A7jl}!9qtm(IDFo4M;4peNj>1Ry7qapH2bgG@ zMn-x%-rhdAxVjdabN<>pJy-EMIlcB+D=3FzD-G5AzKkX)Zg zOI}F-inJFR)|}s0NJBzXZ78x0Q7@yZc4S*7s@;riH(~s*sLCuMNw--wXgP-d@6)!t zAA0@+@@5R7V*Sb#aTottvVk{I^&8UIYDd(pWE@||j9-0eKd?DfS~SPi!;=8>HC8V; zz}BKY8EQGfh~?Wz328-V`(B2vielBMCX}pGkA_iMD58jPWeuPGYNXqwXYUb`Bw)X@ zgt_Y%a4+grdRSL6Wy*Z~qbAYf-XJEQwos*R8-n7tGT`$qY@XB>yUm^E&0Ao!CUR}h zI{JUqm_0Ka<4wMUNfP1iA&#Z%2yEDsUf1XI`GB7Y`F$jvig_StS?pW*9jkv9sWNmB zb$p(8$I0dLp0#Xu6{*&%HX#mt`g{m03Rp8@+4%i9*4%4Hk1t=QPH0JLwroLBA74T< z5A)5mllXKrka}(;laJmdvSxeg-rvfgFE+C7+a9JTJpRY+;ZUwO#Ts>``sI0i^7aCX?;J_sw%3{Ypej9E`jdQiBX50Mi|xZoU^fQS zrb8zJ(vPub@y~o>sKxSk!`buEc-CAqQnghlLi|b*#wOg5q z^!6nzeJ^9Do+P+i4zG&93p|E&nx#SsG0(oTEQ|%)VfttvU6jnyR8{R#erDqR1fG zP-K&%P@~O+fPgjY7B=5%PvtQwI006EA0$UXNJr8$;ZG)5E6}&*=>%))qf5LajlLi_ z%iG(zuy!k6ulJ*!Bp@iD5621Z&T>`50U} z`Bk7}wo~;iJkK29RJCh)YI_w`DN5512GJD2n#NIi8C$CMr$JyD__VC!XEzsfD^ni)WwF9^} zWGlC5O!a5LUojf?C{G7(Up%SIi4wy&cIgdT6!XOM`cF)?)}RA1=%qhW)r%N4Pds$4 zj%>S5eixXxNDvY1S=_(AniX1Ox(a%1HgGT7f;Yyta6EH7mW}s(Y2G}H%j1txq|fIJ zeW^L2Y5;R;Tp-z8n_~;+QKIjChP-Cx!os`s8nu?>BkvIS3?>pWYF>EgT^y=@;qltJ zx%@3wMh@r1<2dFbLh7THDKtJ#s)=%5VC$oZ(Ol9cMq7S3ruZzyP ze$}Vc3!11SsP5~GY;FKdT&fYk=#RE?i$+v0C|RLPBrST?Ai&cLH_CA+WHd)_w!<(d zfp&|wGbBRc_F0K_gAR~ByebvizDG@0JTXzBVQSBf-2GJW&!3~{IkZDOpRkSD8vLw0Tffp{4 zQy%i0mo!(3RBKDW8f_haA2`P^_akXkwKVR)i%j}0=52hMra5X-Xj9Cg5ctV z5(6M28BBLu(t9~`AjNXD()}Gab zh$gOX{gOt3{se@!XUwv5oY_2@_dofTBbg$)+-CBSEvwYjNK9xpo!K#Aw z!Af2!6-9}t8no@bj%-Qd_MYX;?=zAw#=VKZZvc&l{>bSx5uHxp=FjiZwn_<#gop6{ z@;g|#$d8?d@@tG8Nrdd%%jg*$L5YY+8uomjJ-Iq`x-3rpGLNN$M>FKZo&@>_(fW(k z+|151Es01{GQW?U&cR#@>Jwm0K#~+5oM8OLo2Niwm2@?17wyiM*Su%I|< zSZOjj*=Jcd(@4*rW%8M^Y@FSDnTMAmY2QfV%s~?&LUE#k0M9x!A)eUS6f&KMo1&d# z`6P|5U8*2xAW3%ao%o)XAwdKeY01zZHgMNHlpv`T5dbu%L$y>A;}faZu_Xt;+{DSG z>nwidTdKbFGLd>6o~};QmpPfcXATfouQ}D9R(L21N?=jKy}fZ)0c6zhs#Feg$Auhr zjlWFuck1Kz=vM-gBx1U?m$6NP@DB>6+1r!3NFeU69)!EZuxMx>D*6Y~{`&(Y+Qer7 zv>}V^^YG zV>z?81Z}Fi07iUDSEAzGqnvm;^KRaHlRODGTxE9uo>T}5rQ4iyj`!h9~Fp z(f(7wBtJMQ{QR{akU&$=lzRw53VN3!*v;vr+`U3>atxZ?f?~~flvV#X+Eq0WMFXxz zJv!9q{8mMk3>aNpaCI>v{abS2xEbs9F1YGNgnuZgy z8@(1YaBcC&%>MZ&ckmY$Ot{Y*d#-YEaaTMuPH?GsLyDb_u z%^C>uVZQJ1D^+K2Vb_Yu45)F6$!AhI~zc| zQFB0TX-9BNiWoq-_lUc{}Fn zBRK!l>m)7ug#`z0V0+~E;zH`VSj?)1B<4FTB@xggXIV+Pa?hbHk(}BS!C5sJS2C~M zBRk8C=(un{K7!w@PefP>s^`TIEKYcT3^#YQtu&OX*S?AR-tg46+5QB@ayI$*@Bs;N=y=ci-+n zX#4>ye(6W@_^()e>O2q9gE*NT!nEnr7+cH6pdPch9RFfzlM_W1rNahTZD8`!; zmvivw34R&i#?O7nF#C7{HtEUnNdj0hPxDRlKzu56W0E$AV{=*nIhC$fzr2Ld zU^;2dzhLGorO3KxWmk+RZTgR9-=tRj_Tfx^x#Lc;vMZUp{T{L+U^}^p3Ae4N3gq5e z%%s!1yu_8tAM^dJ zIkb;i#WF-(43Kec9kYjAr2E$MoLTk`l{}6x|D5dbM9tjCinLJtt5qe+@WOFPK44M^ zPX4BYGY^}qXlj~MZ7-wAHe_oKvONdcnu#h~9V+xc^${?-=5l%C_YCVefn&JgDi#1< zbZ)rcT}IoQ#qew}jx$-7e?txoxVznFRsVMwJAFU*1vlJWT`@?)ztPXX0{FdPFCkTS z6z{WJkgd7M)=V@-c2pLYO~|%PWNSLA-~p0Pf%$7BduiSr`YxSYG^feHzO;QHP^m+6 zDmCv&hgTa@?%H9llEJmpX5>;G>D?`wQVmBjxLXccNhf(I7NJ_*`UD>Ofq+lHWmvT+ zwCi(e7ZyrjU<6eg&)_x!x$(zXad;jhIyIt6?*WXO`8)S=n=@)wGxkjG!8c-g-h8DS zbxKwy+~`Mi_4+g_69jk8vhnPCzIn4fZF=+T>rT(!J*eZijKi5A z+I^{0qdl+otVLMY0lXGzBkNi+vi&%tn^mD`UYso&AtpBI`Jy=-)%*44~ z6FV0X^-32a^WhTHjSJjLzDTupEdVR3m_ll52D#6%*&o|Dm+&6#sG!q8vy&Tpg4L&% zF{XP{n!WNSZ+)|ekcM69SmX-*{Uy9!T8dfUfY+M1vUO}bt~C0B6~Eu$+Rqgj)A$?q zSY`BXC3*FS?HpL~9q;D;M%&)2$q;fm{zG3%>UHR)I=nyoI9ZZ}P7+C7*@bRrD)9Qt zjfis3;gayt$F|BHdL?Ilsc7*qr*g2mKO~>zQP;5 zno_>;=Zxujn>&fA*b}z$R^^g}2Zs_-@)LIE+-BF}tGxfk%ZRyP&`B8edEQo#d1N~& zo)&7>seu7FFtIb|stjh~rdVQ^)@EYMNo>nBp>l@@5A&Z&dfY^XOAFtnv|f)vUz5I* zj-uj7r1dZ9kWHHM$;ZNYSxO@9}cIN_7y7+38390NqIuW zi43?Gtw4<$m1#M8G%x!maraUxYVICBs9BcqpdiAEe8>))g2Am6y=Uy;;EHeQpS^~* zum4IG3Tg32S-N==1KTyEalesFUAUX%lxzSVENV{oYmFK7N>xH#llbMmSCGb@;N-@w zEa_vVSF1V1AP^YQoR3zW;rfEU_^+MDpd~v=_7o{oz79>B)S={?-!rP}2KH=|=|1Hn z(nmKZGCYj3%UyW8d<7zctt8&MPi*x2eBQ4V6`OaVTg!%&vM5MA;P=Iec$Vu$uUDH; zw^4JdM0h~vaW+}H@&1rjv~1Rxj&Jv(i3XZ%Cnxqet4}Urbhjon?e#W;W^LkDOfmpz z`__{kW~4@yvglttF3Fcz&1p9-q`%U~L`8M_8fY4hS~iLWS+*nS?8vgo2}&#|iUkz` zP5m?T(p8k^s0L>X5J?N5hcXn>8hd+|I7 zvEt$q!}NwD$r<`3{o6$2uE~FU{E((;pnI{o0~OhhY`0*ynVtVyQ56{x8>(GI7Og0@ zTtwB1D5yMZT++}qH^PhgIVuqwJqQwf@Nsu8P@^keN*1yvqu5Je0E32H>?P(MXpUJE&=~`WAd91EUX-ddmM@QfKtw_oHWyCO&Fz&BV$Rg47J9?1I3y|{H`AKTW&((uP2 zRIy5Uc>-!AJ-=8)#|g=-dv7*5Jvz~_t41_#H9nx14V3h6kRyMd8QyFBuPV&jRc1V;_d2~A5*pkYqkxuXLG*Zu$@n2 z6;blQ!@h^PtJkt=PcUQcS)^r(ob49P{52m_UCiLf&WCtdYg4<52wdmn+HfMq)TB<0 z5_r}aME{@O;d*Q*N>s2S%K~7-d?$qmZY2nIkto;YOSaY9Vw_yq@M#vN64Is#9AlH;j zwo604ShJZAZ3+mUgymqUHvK{_p`CPc@q}y4f{va zVrO+`em$HfQSQJ=POhm=!>JXi;2{$3okphvKXWQ`08!q7L{$g^La4iOH=B;0=9a~P zzmFS60l=LQpE4BllW?yxnBPu!A;YR*d$^eq-7C;8QpSEsLh>()FAj~Mr*{B8nuhgvmSDlXzF|q_D zY#Uf}&`3mdG*QJv@y39nsScB#<^Wia`V8njJt_IhbbcG%golZ-7a2y; z+@)+g1CYe!JxADkz9+3h6s%UKqh+46o~D7Ip$Y=NMT=1^Jc1xMA3`Fdh>naTz||pz zI=2AAinzSs&vD+s(co8_TmECpAQnOev?m)t_ubCgw zo;GFm4!IMJxJUWop16^1XZ$HvGMeb3L3kN-=skjoh%QF#;vYB@RfGoh>rh19!l9!{ zWZHm);~c#jNzri8QM6M9Olc%sj^R>+)-;p=&k!O@m!@>-5(N9XBgX$irzv-7{mT3F zsTYQ(D9CCR#$LL`ty@<(cXB2#d)8;vuQO@w<3d1{G88w?XYO7bNRo3;(BtY7%fS;T zxN#p~J8QSsrBbyJyuAzrm53xdI-1CcVEp~MvLGpi2Qeqv^7BZ#7wOC=^FF4!2;A7j z@=N!T8#bY`ux6b{wj`n<7SI-mS`K%%kDr;4o%G}&FodLB!Vz26nr)L^FzZk-xem`*yA6!Hup20E9>GA<{Zyw=?w`&pc z?ov`rGQvLq?7nDH6g#rj?D*KsD6$Pf(?D~~E1HTZiDYJ($j&hrkgP~V?`lAo_q`xt za4|koWr~s>gAvR??NL*BqftD4d;|ocCpSC4!H4~-a&OUxEKd1}kK0zKh_@I1t-t5G zO+i&0j-864plI%tX*Z0oCzN4MbqNnwJ^E(7d9(MsYdkJOksZ5qGDm7~*; zTo$|*N$3Z^p%~lp{q7;ez7dU=mj}k;)p_aH7{Yu#Fc|gDO+-LvFrfGJBkaL0-fR|) ztL(jmaC{U~MfITwKc1|2G)6Z74;_#HQ0@Fyv)?5z!fp z7<7{3Z%si_0_d}LGHpFv90|0ve33tjMp)gp44yTZ(yD^;2;exJloi#54nKautF_DE zrsU;d5I~D#|CaOAd8r-6QBj@QgC4}6<<=cD%{w+h=eTqtH5|#L8kx*%ARzQk<+Bm} zX%y`VB(rD3ajJA_MJc_6hK8aV39s@NQx~;hLt|Gw+}&_%*oYQAd(zp>h@=zfbfgxa zP5GSKt|j?k=Ulwky-5XMPrORMOUTR#w3K3)+R7gvUvJ#~Ycq6171k|z2{%a69>lLQ9 z@WqYSP38l^lD`>NJ0u^qrVL*93Mh`c10sT4a-h=PnElH7f)0x{sWKL57 zA^dA>;>zbKWy)+@7UibypWNVw9Y#dY)MKe&WVjqSL3*`Oc0wsEV!S(PSbT?W_ z1FC#Hj}HQ`FtCIkQIP2N{Sh9>HJP+x5WC0JAS@(^;ntSC?yAFXhoBnoFlBxderxE0 zhnpU;d>6htkxJ6Vli0n(Xjr`*!e4_+5NtM^Jw85O7akst)oLv?ul&W~!eq_I#kUNy zEf+<$lam%t!p*Z74E_WLd7?8KkSz}}h7KVo=>Ts2wK4kCL{qI#A*DIi>=V*PeaDb4W$@G# zP;yDl%p(2nMkaRMPv@H}skU!2<3`@$l~W7p>J!VaLq20ed@Vj%-;*P4`f{@B2Ymi@ z1Pe;NNA{R$&bI8&ua^85nsVIS+{nntKv9$zP%B5^{-u!!q7m6@MNw?nE!m_c#UW~X z0{mT&^v(*>sK|H`Ty6xOfmI#hzj+~>q9bX7R?y#hnKJYK&KIJnX{zIvD+q}B`>$yZ zO~Z4N7YL8CN;>?J9_4xw1RSr{9%nbr(}+CrJLkK3vTqI^IzaN{?5LW<{8-?)^7lh~ zG?qL-`-m5s_M&~59sNapW`0G%q4L(A{$9-IOZA6s6vR92(Kz!ig#|ySKE=!Y{4Cgn zD?U}2OUnn&o|Uzy-kB#if{4K5HStK!{+NMJ$|(X47Cq-(Pqq74-u^h6PH+fB0e#D# zRW_eIJ=M1Al&eR4`V;SaF7NY)3v1fr_3$+R|IEB>;KXB zTHcy`{EkPm@bvS-AFNB~+I?m&Uo1VYmGf8KFbgT4ABd)*$u<<51-s3HVz(mOtZ0fI zO|_udB?K(UmTX)!yF-4|g0%sfV#jhngOrA!@J3ZDRyBh9-FkEOJ2ST2EVAs0?ApGD zT~+3w%grLK-e^7&A{~A!n&xO%&EfuvQPlck3pzV^_&24esyTB$2nbr9qF%^zmv$U% z8V>VAUd|0wL*vCCCVvK)yl9y=dXy(S~oJ)Zb4Z$_3@;_#+@vz_U+oFxr#t6mV!fe*=HAZ~1xs>|s{WxC+?lp6c6Q zl}pe8w4U{&DwwYh8UJ%_JZG%W8+!rY|0!Vb2mRuY_*r1z)JIP6{{{n}nQvA5bL0DW z#+YaNeztE6CG{F}Q8#!ryH0!^B@8-Qu2>?Yyla8^)s-P+=Dk9poIduQTn=M&MRK2^C zaWDUX$>y-}Yoghy!c(wVOk`^g`>Ez!&v}vS3veR82$8Q7~07ae3WZZr|L_uA6pB zscr;>hEXJPHNP!AO3{cTY&?5`8zq_`p<%~@Rkb1GjgOCs<7aoXy|{r^rTvk_zgL?6 z3e}@(OG8jCc=<)(9Z&{I(4nCq+jFt!-f=o1gQ)XB)O#ZcxLw z^{4f~-h5cT67`#X!sxhM)Kopy-u;R(ITIQ8{ZO_`b~39DVoh{2%GRz!W`G-#-HKYf zA5$v#=8G{WFjVYJ@3;N%x7!JdZb65Rr+IT+7Y@~~L(S-p3@#mtra@@AYLqMPiIy8l z`{7mCHRW5zWcgC}vo`p;ihrxtL{-%noM25r&fJ8irGn~-%^ZtjlhFh>jILfNvJF+0 z9bFK8aSLdJ!85W@V^T}ht^J{Q$FuA$8g{GXp6qs1B+@Fl5ITAc+D%h;q zWF*}|6!iG}84-1$r~;m%37b9=U6DcP-HM^9_5$0KT)heKGNQ>ccDof>Ctyv@z>EP8 zZ*RQv(p%eeNK3b(_wz)|$s*S(qoKpi*B?&fw!#yB=g285OJD zj49oM!QThH-Arz_3Be-}Ur#-fHIw8_%inIwQB@TmA0M)^vR;t$D_E0fVDv4AAeF{$ zx)7qd$d-p#&FR?j#>1-&l5ZHAXh2kDOrin3djz7+7e$sSxHPDSnw!pp zXVOxN2*~7Sq>`KQ^ud~zUmnOwO(f@O0ELV>D;0Crv)D>bOMmnZa#Bgk`R8yr&r$e= zf=fX{(`;zUC5&Fp5Ot+UjvGb%Wj!TIl|%0l0GfhoH=!Er|98dxQSBOqe->C zi1fr|r=YRrlLu8nK}0I3Uys^)whc#t$bZ5AN3!r#AD^x#r9H3s% zt%>N>0ymEa*m7gAW?x4$rJ@Tgj(1=sTs%Y3&?Dr9b82=})e5S;kad4jWAc}2zcdBa zb_|WusEUSa&Bc_SfR~F0ieg4ltmyu0Jh<}e()@=&gdicMpJd^Tvy^=M4eAE#{xRbe zrQ2-!YAMIeRy09GFnCccyev)L>`3tk=UDl}LXN5d)M(y`m)ljw6&YF5p)=iJ_39J2 zR&7r6ilMkkaA(8!EIgSEo~;@3abrB6V4fp&{=G9NxP044#qMlP+mcP&*Sb*7-I@7R$mQm-wai%ifJVLg(<$H@zb;wE!Q|?^{!TaQ zm-9hYlmftsfT*ctUE9HeLkgW=Z%d?J`8O)g3P@5Ghra!Rt!WmFzE$ZvqB}*O8Iy!0 z<#21?VPY+zRBc^}0P@}=B1!^6>QQF=8c(e*U8o*tKok|s=~p?tCY};+w5OE*an2e+ z5)tk3Y+HMf`1xdKI>q0qC0ST4ti@z~<$S14}`iREKCz-cx z(f`NZdB;gntZn=1?nyhF^Rm0ZE@{a*XHXDC5CcgBb3ieps3`to?P@+R;A79qk9qS0jp6k* z0t=t#={HxCIpj$?cCSy2s4UqHVex6^Wv%n4Vm|f9_VsuWU>9 zkUrG5pZ%E$eKYSo{sOCF>d?AQ5~$_qQb8X3p2x<&M#_lusYL{2`T3_9hS(HEAt51w zlHy{5!QdbFL$I*;H;9vb&BBdbUIf4=N zq1qyl(mY2v8&1}0IVpZbxNPjHA!HGre$~#%kulE}>Nq_FT`hDkgg_{vK@H0J{<+tP z>D-$Rbz@OXGgQg;w2-e9e zK2Hk3aC`mUREct~khF@bDk!pQio(P+8!~e0n~Veqma_f50qn@Xfu@I-@%T?ZZdx~s z>zzAz>ao{Z{`oSDjsvg-SMuuqa^n5IGXwp?}(}hc&MZ{|gC=!3!K7M$2JC`m$ z$o)xq%=>%_55Kbz-+-$)qjzg6co*^XL5;>n7B$0`!m86rWZUjs_TG;;Y=Bfj3371H zesc9reDlrSv|KQeD>lQ$uP@;4%=Z}3?`MAK(2dp?)ji={bfP7tpyJTyyqwpVVX6(y zR@KFnQyvCF*G>RhsO?Ym2`}>>`;JyKxAI)8XbSgCq2-Wy6yDU7^fPpVic7{3XOG6N zRKI5wR7FK?Th(5iI7$^aacTk)u2b(ZMF`CLjp$m-Al|egPCv0T+OvAU2MDlZ^FGSm z=ke9t+vvb*mQHBFbytmM!UG*b*I5b*BQE9Xmq%dJ6imy(SgMj}r12Ya|b zNSum^r(Pqv*3yX=;p2i(eW^B`85~hSlB%3EuM>Xq4$R^0f@TcYVop@bKBN5sG=W-v zJ`7`hjYAfAFnxMG_Uo!mN9w*n1K z+rzAT7LajGJ-&JPO}0m+G4`34Xt3liM!dO)^cLN@cKk&8XV?HQtG|4eDKF0Bu+->z z`(*AO(v7(FZ*$8FU$ZCQMpA~8VDnq}@YXJ&O3&3JA*!Fft7b6iuJ_n!Yt5D8?&AEY z`Fyc0k&CV#O-tu89(v<@N`6_&lA=B6w~XYM5tEpEdpGd>zyrgcW33rW{Z?am`I+A2 zty;kPZ+CM%?HKP(|Ai()@8aGYE~ilpBddu$I@$^HqwUx8^+r=E+mdhq{7jx#WqxH3qa{tKlsO1)zrh=vw zv*hLPh`DYs&D^e#{r`!n0YSlz4Xj<2N7JkNlX;4GQPDIXYo~vUuTuwF<cnTUWZHHHbzeroZ)Kc!S8r@U-aEhI$gV}5R@rDluyK%| zzKdYs(t|q&PKffail1C{ZcY@6-T$ zAV2_UG;#t@u!eh`^FxW&5}d9m+B9v$E6*+Ey1RXBnz@;NSKd!VHEnsK4S+*aek7qs zb86P!jcOX0B8ILvJxzPh0>+N{F*GnKK?--zX6m?UEIgu6`shTO^;OIQGvWef&XXN`NpK(qhMIcl+X_0w+|H@-b z_~<)QZh4VMMs%dbs0p-S^~v@+v4x7uW>U8H3$7nGg`zH(aO?f|a(=tP+}5rOpMG}- zivzzOCQ%dxf9XOV9`+pTWfIN0UdtWVmh$$aAF-fVD2|y|G7W6 zK0Tgct!j}J<2X?AmelslH4Xn*gXg}nK~M84YW#@_u( z9vOEXJ(6t5xCK0L?{cQS+K2JeCeSA>2F0l4i0@S{xo|x#>ki=IS8t@Arr|rXnh&49 zjhU<6INMyr*n4j0lG?VjKkWRO!bD1m%jF6Q6l+zE#eWc{Y5u8VTL=ST1~K&@rs>63 zaR4DCiV=#K=zay=UxY2T3mE$`gGHz9A&;e>KE&)z*Kp^6UUXXZHbX~T%T@h*aP7bZ zmVZ5$@sD=pf_Hjz^qa{{efBpZ`rN{pgn7(-`ZZotvbm#k3%d6*Xd9WwdpCSY=D-*f zyNwgNL;^~H0 zXn!8(HLrm**Ym*@(@`!S%U#ih9NGR8Q}?&#lH>Cj|HL=cdh`j#U$l?OZ%yOnj843H z={D|NR6thS3%Md%Qln-x4rM2cW`085tH#hZ?l;~UK9()@?qg*0!)*EWCmy@571L+* zrDDei+%$PN?IzsMz31=Yo+sWSJ*z$s^r;no>UFbk?kZ|sH7FEaIT3+T0Tth|GIsy4 zf%;eV4<(k0a4vK)Zr@jQ~2+`}(y^@7tKv zq#E?N_&)AEKLUcka{m@T-8;0UeZnv75};BO0UhiEu{{BP#KEz+e6quV48f zM>3s zsgoDgm>Ld%2%;Q8L|M3!vRdtXOo?yzhunO;D+?Prc&M6UQKK_ycj2vM4fOHtn~RwL zN)}z8y@<;B_i+CgxzuhokmfN4*(s^Cdgwvw*JwxgUa^$zYs%Lj*Ta5#Ql<!3@&cuG%o!srt=jgtld4JdWbnKGD+NFXv?V1rAU588V zo=ifo{{IF}7`USQ;yn#_Nr zKXL9fTJ;-4jea_dXZ*mo&woj$SBH?Ma%K+8pD9eL#EBIx`Kur4O-#>fO#LX*G(g%= zl#ow}q5Hy>eodsJ;)tw=E3P$)%?(x_(EloG@~2K0nMTO5R}Wz5eso`csJNUGKo~ZR zpn(}E!e+}rahPYhb{Y|8ExHdH&DgOm(GR(p*K{h0Z+*gb4a;d+Q*hrC-?4>u?Eh&m z#aRQHGHC?$7(q&I7e3swh};XWX2f+J@XznZnlbM%v0p2cy&p1a=nHHxoYbgy6Vv95 zpnS*oytCj#BK-yYRep*IURVaJXY+^_q~9ao^Vp?zh_;!CpvjgW-X(IxH#7#y z4*tlJ1>e*6wS`P#9bbO8lc&De%oy7*B-d|9`?ftJVOiWfToLNX*`?yuGV}6`%irGr1<6d-h}h6Eld8vxTz9WVLY#P!x&3Vi!NW zHI>#=zG1BUAnSi#$Gww&<%@~US^4UN-1ova95vf>%X^bK@4zB*`dmtrtOjfi*l;A; zLIonvu%fr&PHe+@mtVk!Eyo$sXDH>%moj5h8QyB&EmapW{`EXL@?Pfb$|b+uE%lt!`yyXFKPf# z$>Qh6k$m?XJeLfCO+PW=>Q9+9{Su4?PjmgP@3K#+L(h>9@%p3=D1MC^je0Wb#_Q>m zc0KX?Tk`q7ZRB~g$#S0=VUYq{u6pzzeKVuGM$)6+6rP{<9zW$?#ue$Ohek9s?@}JS z@=?CoeT<-TG0*?{5S{avF@3=-@=FWZpcQbS&`Wm4NNyR{pWlv@F?2`=Y9bMF{kgI= za9tKhnmok%)qA<5aU1IOzJjakR$`RwWBR?HQgh}|qW5fIiGC?BO}&by93?Gp8;2GI zF#h20jiP|=J;E>3R&eo?Ul3jN0g-kak>NSL$ka#*a@X?IdyB|jUqG`qBgrF@CcQ4D zNiX2)Xf~z4!f(5-r%Q(%`VP+ld>rlIW%#g}tbDyc7bQdx^z7z|XTPCvcRm>x_o4tu z`wL?hmJQ|KijL`9jV-Ds$l7>I=HadIqB?4jl+g&o2!v}Fn0SiTpgK}<#WujwkN>2I zjDZpKhhDl5L)Q_)KoJ2V8^r#e?+Onye5)v)$ zs8}+C$MKmy0-i*oBI*zy-m-Di2;9d^d;!4oA)P;N$g_{PrbdLsNb1B5k4>UPs6@o( zkV*x)1remzzkyqyzl_Ag6*@U9A|Aio z9-1#lBFl6PwH2A+^N3GOBBy~)X%U#hO`RGU)Q$&;q^8qGNrjJcS}<_zeYEr+Vcvw< z#ElzG`{+or>qrnbV(a%~+>~tgZdu3jACJ;%{4kok)2ZVENTI{fTS&d&2#cTo0`K`f z>D06qbsHt&R720ALTu*ycVii`usPr(f6p$~ep`=gw)UkXU9eS7;@gcM@>wvKZ=ZXT zPp4-P+;fo9>yP7X@EkGOL2L?0si5ZNaYV~xU=0I(qYYb5M{)p2B0aq&jrZlUan~Nc zoH&DbK70mq?|zDY+(|I~GbRjfNbD&ikswg9oh9$3aq;ns=tq!xsjsnr>SrvI-Duf& z6cf^W;S=e!?IBq>VEE*O$0mGf7I8E$!16&)k~a4~-0#25 zj89CidGlqAsngh*Xdv|?9InWsep)K=q31CaZ9CsTZ=>;s!HlR8N#)T5Rt$WdUrUE` zX^V>(_gq6fN))Ntjd9||8;GGv^Bn4=g^oNn(j@2+82Y&)nKq(hvgzC{wabR-gudc=caNnHW-R>C?=-R(Clq#Wf%C% z1k#k42sF(`L|Pk~>KpM^!hw0ycIz_-n)YT1lmA>4KtU=3#U6#C z+K8z+0j+2ixw}3ATM8*PvqQ!6fQsYW5Jm-7&47QHFfj~_pbsP9!_Y$l#S|ursUr;y zLota|0?a+^Lksx1Eb(k*9|Qq^cy)zopi2|o42u>sw3Jb5DWqf`py224*(L|kP1(Wp z_hWEe)__LwC4AKVH%2^rA04yfLN|6yUAhmfTkSi_ao1G9vy+OnUW{se^8N2_+(_Fi z?;&pCR@VGf|wQG&og8ylLI{Yv#YgVvh^?DZm+LLFdKyg5#n?`tW zG%=(^Dkg>&MUx)q(}V&JJh6iGe*L*9E-E~gqY;tXgkBdlCfjYJXwxRnJFg#&2{|Ym zW-N8vbfuo+r*ztCDmrvyK+hIL6Dn^nrOLs%Q+O|J7(X=$x4UwLBjxKj;DwIvN=lCV zC@gHqs5izj^rEo@lJ+zG@)yYMbtC3P>M*JkH%qD1*_ zGP6AW7%I2$%c2>~enWQ7@GC!OS2Q5zJy6j zmvO6JN#TKoOucC(JtvHzwPz>qZ`s1$oI9A=vJoFe7~~!ZpxZlfe#;w~vSK-d1~#Ty z6o8L%xt#5L3}g+7=_};;;S>_$z!BSm3odI>?Es5#I1jL5RWujmLEY31d@;W^8TV(B z5_@WUX_`u?da$38vX#tV3jMm3uw(sUwjb}tRXHIMZO4t3kP)H8(5aTS)3(Zgxg;P3k$A+dPo$j7Iy=obo9m8YW~(;Lj((3LdnKCo*Z!_rZfbwuBttcUVj|646b@r^ zq@oAQDLJ-_%EEmJ!;cxPz%&CPhf=HI{!s`+#|U^&yi6kyO2`xjLIgn=*frQ)WN@%V z53R;HRoW0#yaa^|dG4X($A=-p10+HGvVt<8=iLu8xaN8;(V~d7^<-(Q;fx*Ije?Iy zF>%wYOuVQy^-_~a?e`+vgF2>Zo_GmjXx{%;#$ToKP==e7glHl!xRx8QAIdw&57Y3H z=b3taJ`*NQX7^c|7Q3j^wsK6Wl5>LQ+-K8WwT#*vzmNKF0CTsdbq$uSU+fpAi! z#8i9)9Fe3R`-vMaXiQW>GQGyR7%-p_@lJ_fdI_2;(dn1*Z>xaZ$Go=}ka77S8X^(WO-`q4xMNHrcSXh#7nR2St36yW z?iN}`B-6NC2U<01Pp#-kG8*TQ>4y4uzR2|(Zlqc5R9d~)hA-Z_2o(pln+)UD;Q@w4 zMbq$-d-y?ZM@Q3-Ej5k?ojcH~Q3tYPqeySqh(;+Ii^g@QQAQ`8Dq74vo$HZx={pps zT+E{{cjuK_i6kbZartwL={98&t*V6UiI<&(I*n-CtpjbEwk5;mBC};Pvf>JuKCCWT zbuM9Q>3l|KH=xsP^9kZYC5T`8379~~YZ=>C@>Nd-rOQurxn>Mkc25hJ&Zzbxj_kH= z>DZ|&9oy9>!5K-N7V!{Wk51<|!SPXN98CxD{GwdaY8#XSgJ!-#zpYalkQhg7w2P}h zNaev9Skit(zp$|uL0uib}_j~YEm_#Hc5TP0P%8Ds0svsyG z#HOYYALYa>%cIZ}z|du=XrLpGw3L|e(#n&^s;Uy*S4RHvGIT{EosmRp63y-+GA51) zvy|KtgXs8poO&Sz#a{G?Br+2s(WIBWqlNf{1kFxFd=iOTfQm|qJ24KYrsFLxC#Xgc z6DcVyD8dskP>3cuGl2-3PQ~#Gw1jvf?JAg+$hr6B+3`VJxL;YG~!tS?AzY6y@Ay;uTc`DNf5hGN>#nM2}1%(WQo#?W$n- z%gH}hLI7|^$CH>4j}sGtf}$CC^2;zIqKR}nuxa2gI!1nlj^a)tGsTTGB`To%N;sNd zh8p3Rf&Po*FtDGrwgrniiu!a^#D zB`r0cNQa8}of}Y?J}Qd*xRMibX%Z3eQdXEpsffVsa1a^k!s(8}shM~R3Mj7hVMvKP zF_V;NlfvA5JcdNkY{aEz5~H2z%c7_z{&Eiie*m8uz~?iFN=_#++KIpDD8-fLY3&t_ zV)&>m^kO=6%F6;cB4bEQO~U3aqM)#hpyEKoKqrF4*eD)l*1OxqjmOgd;Z89{?1I8T3(E8pM^HK!ggWzk-s& z0?MVENQa%smPZ|WB`QGn; z|5=Zr>hsmMm1t<%Mjmhc0QOhj;r8AcIHmdjbyNJ=!lYpLt5g(i3a$PT3c?IhUYrL+ zk&qMxHapTZP*od|2`x#;8j3TrMzunI3aX|cO>xqrpxWPxqJ#%p8U8!u#Sw}?hx|CI zzeiPQ`W%DFsh_Rt2Qsw(u#brl5>yRUslKm}AULsQ*e67-`aFaTS@mArm@zmVN%YKZ%N}p~%xju%e!g`|EroaFDqH0QbIeWEZJ8@rxY|l^cUnlL_!{;mi=ijkYuIq{I z!)Jt}H$&I& zFZMSxEJ5;jPw0eIv=9aueoQlnFb$*#A`LG_pcFIcLsK18vcfci?hH;LyO-{rLO=bfJLVMU=~qrV0Wc9n}v0KoE(7!xf3krXW#}B7mpT zkBN%i>B8-{VfX?FAu*(ht{Z4hH<2z4sGz*O410MQWxf=WUH`;cM@e$MTZqjpq@r*g zCC8TIDc*%GrURMvE+i?l8LBPvgqfOx3W{>twUePAxO4m+S}k|#fO5JnJ==Td7HYrq zSt(C?Rfy9K%;Z@G@hRRB)dub}OIw`nJk7J-5At{Z{`2m`vk2ecZP$>PJAEJK|F+Ff zJ4Y$RIZR09|1wf~T0c7Hv7J^cM*iQv=l8Zh^W6UUcb%&r{C<0#83FnKJHK=Ed*$5c zd+y^pcYly)ee-{~x8)yce}Od5-sk@{eeGY5m1FWZ4{Smh2%#g4AV#2spzmO)fK!!o zsIL^=SA=GF;Va#Y?$76JRx_$*Qg-As#@4)m$EH0&&x8ar+V^MD50$8zit69Q^xFr~ zFeRDfguXoV)gDmx^GestxcSPy)Xy2myps8htKFB!XTHFN8R;}=*^$Zf_AqCBXA%<< zsM-D!o?RA1QB_Koy~uUF63DEPNJ8)NEZh-9Rk!m*%Zqq?;#itAYfPQYG%k2)YshOs z6tVT=akNWLCq1{+`~fmwp!C z-jtOSC$I{^qDfEl-H|T5pKB0U)Qg?#R`FZ8AGf-m9a$6Ebnp!>PmTh8EAK9-&3sQ0 z%N}mT6Ib?U)sU@7xrMa3L0{*gz_^(^>)6BW3L);2TcNN+am zJWBqzce3N@sr-n}@y#Fd=v}+Gb4Mw~Yo295z2BI!JdgC)Bh1`oXW-;t2aiHzGI;r2MY@e3yX7NP38RE&)bF(T4t*IF!cbY9z>ct(hOkgHWbB= z9;hHf1Wne(^LWZw=S(Pk;XE_{hq9j2pJc&X^|Fi}oF zfnW{b`I6Oa7XTXnCipBMct~0@d(x)Eh(u zO_F|hSQ7;GLJl1VY6^}Y-NV*RakQ;zQe2wAdAGmG^DmF2=84a5W^OQuu7{Jq6hIpI zy(S=$rjB14=my}Fm_lIKqe(Wl@bG=#;^^`ofkhqp^6KHNF+J$Sp7 z*56tbHM6easXedK`Na1ZGVcQ)x^9FGh75v236=WB#E=S+ZW}g@KU}r+ua206f{r@U z+=@GX2zKXTiVr`?fh{(&a++Xs#ex(F-GgxW|9d;Ss)a1_rTLfHTK}J~ZuLZAd9K2M zzlU~q|A*7uT|@7Mk~z0~PJGD%e#? z*5_;|O+zKrKBf#8)~i-2GE~@6JGHQ*3>$uFXEsjg`~GmpI`#aj>LZ;|BvNpq4&8|a z(Quo~KXTo|g)6CExH8;kXPjHLYk6A9fRHP6wPKp#oDg}UKxegMI_-K&(?nF=N2m9N zGYWKua$HVL^gY-4o@|#>j!THY?IFq%CV%e(H$vAj0-lfuMlgVB_>oc|g^n~8BnGiI zljn8?X)1M^G&pCkLRAI+%58l2@f_;aJO@li=YR2^OrA71pZr-q3iuk>N~Ttqey{8sQQ3l^>8!$q5kZmpsr z@l%O%;#bAMCq4KTCrM44&?@p??zyQ25BHCvP)VmlzbtHyAYK^=>kdg!@!%6WCTXOm z6!Oc0S$yWagyC&7(EhPG8VblDBKR|s984h)zH%yy4ib}=gE0IEGr+%3l1cc-{$C{` z6cyF8mnGjHAhlO_>c{-^XOI<5LssOm>DTXAU6@SMRvqckEFn~B`45R2Nzk*GTw~h(hW9!{WCkffzaS(cas>CM#JvyNcA0I z#rz-HDWa&|uqB<_*1;(%IJ{*O8@C<7V+0Af>(Z@zD{3dWkY{uT1y!0<9NNsX{VHuc zHz(N+-n?C`Te_Ux9tYX2I?%3ZT_SCQD#>?kwT~R@EYbVJxWH? z&U9~(hkZ2xZ<+6<&E%6dm9mLdb zL!S<{ap33J?lt_ld=I8Ooks0C)2^16H9xIl`_Xa~RU@ZcUs`4)pmDZ7te|01a(FfK zmgbTfKCVC7-z{PCAEiqqhT%sE211UZx*uWaC{l)mi44``)^X5KZYG%mOzh`y29^k1 z#5fz17MRDq6W36u*I*u)(g{0IZ`3nP(x2j~7oXx$&7iE!ZM5ll9&P&%psZFbc0kG+ zbR5{9jF`~i6cLj{w*fk}?ErR?v)j?Vs{==LJ;o02LH?sJaQmx+7&3G)tve*6;Gku{ z3sGvg(U2%=CY=ZMrH%t4k}u)G*+IsQc%FyXNPIOqb7ReM3~tktZt)pmoAoFfb?-}J zgLo8@x$KFa{PNrkUUN0%@>c2CZ2y0GCW@k9v)OPs9DjJZu%amFy8b_YpR88h7R82? zK}Da8x zKVO(A8mg>d&7v2%b=>=S{24^|9LA*S&CQ&dTyaw}gw^E^LByNNPNIkM#l z376f$y_eTu!IQ7CF)@Jz-#(VE4>IhnuX*vtPPoOX!9hg<%62gO&KtOKEi_3^rNxjm zdbUbOtrkdB6d-RCU(I}#`CC0iA6r3Q=NWu4qZKRPdy|ikm0_q7d3*=kgBSA2j(17< z`cB5&v=v7k4Oycn*GzqlTN)hTlgDr6@$U+#+bD%V{2-E=G$bn_;zY2gdV~gFE=!)e zg3A^*;`7b38Eh|M x!Yf~M=-^I@(ns;o+i!7wvspYh{#kxHt`azMfTV}!@cH;i zetB~$pO^bX(b6M3+3&oBPq)t?L;atlq>83N+0Q&M{%$swxTxG8$I8VY^FkvxhnIcC zvr|?RWfW2tjG@aTKk@d6xX^&NYd({Qk74J)xB2p=kBTHHF z=$%~qZ2?(P4&pnHqkH#yMC7mH^V>&q(}uR({csk&nx(>_A9?P|t60`$3SUjTk%pKY zdi!z4zPTJ-0awH8Xwtbc@wuOI&7eu>t(%gdMpL{0gY@Z88-3dkymI?^UO8l^Zh9N8 ze5fVu;&<}xN3ZeO`U+z6R&cECRA#(!Bi(AK$kSAxqA3{1SMk|xS1@K{JMNyCMUQ5w z{DI5x=iGvpkICQnlr2mjxm(7E>Z_On1r0q=NpapmRBXg2I78DQLK0*1AtD-)(0Bq7 z(Y4N4F05)M#rr?y-ga~7e{3#8?A1b;Ca0~pKN0N^c{)0EXhm{oZl8k$xW235kL z?JAFn>fzc@n9wvsYw8uH`t~RH7Yg~F5`{!cP}S4Jy`kd?d0{Bw2<`v>?Q!hbF$xL_ z@cDda^(#4Dm}r_tLP9)IQPIT3L~-1sozus}pZ7A(ga$}VAQCf}!HyO8qd97mnwEq+ zAq_L=rLuS*&X_L5*SZuGty(d^vxSXMEleS+mH?gz_nsOiR}}4x^EzvLoe}Om@mm~f ze?>u46cn~FE@Lz?v%Y40=S=LTi9Bs8K?;FXwA1=Pct1ipHMC8*!Y|eO))}Gp(6oc9 zs%PEjNdXvcFY|0m9m9Q8IoGsHXlh20p{WUZuBj3rux9~}PaMyN5u5nt!XKGiFDvd23HY;2D`~1iL7ATjr=6$>JMbMBWWGkvd2e!e%S@aA!cYF^m(h9U zc-D+FdH(tvh@82H2U2$N(o-)n`^aE^om!Kp`o4YWi8tacss683y}1%q}z z#`5cq@x&UFB8q%y^=sU7=_ialyo$j9ET#Q7T|J$j{e;JmK$=?|-QB*szH7>tDj1H@Bi_ z`)}<1?Fhwj1$_POChDC(jNt>iQ_Bs-OFv-xck9?+7Nqs?M;P8oXVsg_h`xLlk@{E0P^1rcltdayHIc zjk{kLvR!tRY9V-46O%kJ$ZWM9ypo8(ZhW-87TgP#WaCZ;|7 z0ox20={Xm2QTqerZI0!NR{$-C)(Oe%+4LLRX-6ZQLh03*PjOt6Ph6yL8CJxMf zf%jJ)!z(n}4ZVWBudJinm>YR%++EnRnlpUNHPk|C_U<@ zqMa@j6fnFc?0f%5Vn<&}^2C*)`#7mKSxH$a0#K8wo7NDgeG3~lx20#>Ce#L~bsOVS zJF<3LIfLuR5upkE75n-0)lFRTMi)3slE0>Dly9HMCv)br<){N^w^2+Ok;=~teO!K9 zCXo(M+6|)r)=&7U>{do5MuoTZA_D}?kEf-%iaF1I$)=(Tw5Q%B;kxVSzJD#p4_1KjriTM^uLaS2M^MrLkDWrs&z5~5q|3Qc)SQ1a#=J@6Q9qAp&RVjxt;v{ ze3~?F2)|R5T$m=p3?hsmrs>1)IU0&Y839DlgW*>&0wt*KrkH{K82*CO_OPGNCtt(T zA4k(O)=Sy8>0G|0ge&X%kR^Nh<*o1d?r0NMJ>7>qLv#pLuJ%7yr{Q zb5*)QWm!48y_D&Xd_&^%y?9Wwg$sa%`+{Onx_dESJo*{CGaFH-bQjB3EWzLE5DT8z ziim5Dvh*Xq&ev(`_7ju_dSw}9ULDii#dmkT#!6cj*=`R7>*n%dSp&N4n89shz9M$a zO|;Gbm6z^6Kz>A1p1)`>kA1v|5|4sgGpG!Js_x*!haaa-rvWsJ+RB`V|>@(ZQ7&VOMN4{g?9i_+_Q@E>3O86<(#+n!BP^(u5>bhOw zB7T6TqM%Z~`w+|DUqQkJ?Mc>DR1uEWs0!d>+xrU$+#E}tnyH~^q^W?qj|F$W%rcQl z?P#6y4IeR8tA|VWq;3*G1d-8TFRdT|1h-D($*HqAq^A<)GN|+m6bJ13@(w0`e1O;* z$=KZjpApKhf#dAjzMVD7Q0}cm$el}5ft7r*If>+cooEog)ersfFb}`K9$P{x4u_4( zz&5sTYlgFME&0a}aQMgX_$j|Tizd}QH98ZnAiI11RAzqj8|x|}Xz|?L^r)YNO_-rR zeqcTy92?4;?QCFcPtP$Oc;mt>8nn$KEp;Ft4vPhuN}tgqDPO#u0}Eeb?5aGTeD8iP z&W<{D3fVL$I`9qmZEefjS4HxKE>5_gN>ie08o{L>u_mC=bI|q3Uq>;2e`|Wsm~8J_ z7RUnx3qqB7RaM8g?|VKg9KrPVp{J!&qO0MjCtV0MTO`RDh0K2Z6 z&?-X5yYG8GFC5PFRsh}TF>)DKkE+Sc1{u_Eel1^i=)$UZo@LRoO!m@==5iB@jQt!d zT~EQ*rr0}dBe%2yed9E)+}DZ4Z-T$vgWvQ}Ru;hSJ;dy_+u0)8a&_Ys%-wCnP9FOY zrc>rBK-di&Yo>9{bvewNJBrq6J-Fk(Le}j+%#ttfW33XygPlt_uq}&((#^<2EBW@3 z1MCU3;gu0_99Z}U)8{T_b(xFClkedCW;IZOppdvCTnPUrX58`$o#*r?SQ$F5@{$UC zfAeAkOPKu4h>$eL9aopgxVooAGD36Ne@tOWso;uj$t4f83`I7C)wWgm{eCn}BNz;# z>pG?xngTIRlk)OP4AVdeK`;=ctfB&!(@9VdVhd`V)y?jd>t`VJ07fu?VfYAmjv)~=r&8xE(QTLX*WCk`c=c__uyL`Y0_kPM9?+)gj(qTOJ#I1B{ew4`{ z6c9c6MQ&+V199kero1-?am95c>Brfzdkd>RzJvj_qj1KyL#_W0@o7e5Z)1`#Z?wP`(Lr2)PXBVz(k1;L6P5<#Txw?6P{5795Y0_-= zR1|aUU)Z#PhcnI4X=#(64x_dGUc-RL<2$3 zT$U;-vE9e<{C#e=&3}R$@4uY|(%g^zPtwdpqWdTzb89f?ialCX9c8`kW@c5oZ3k9H<#8W?&tyZ2BfOcd3ID<+;AH6pPG z;qWipIFhx20>6XCqlb}j-48@3+i(FGn|Xi28+^a>2tLuByWhWsE(vZ#z+lf0GpM}c z16l)~yiM%ivzPuiKTKTtQFato@b=Q<+&bZWJ{k}z%s(XkpX960p~O0xzt z>9JwdcMPGt{xCjS*_Wmlbm00&I{;n|Ef~)wx4q1&W_?jzNi-k&C}Z!wi_h*K&0AkQ z&-xLMQ!^@($e1`9rluknZ)SVT+O$iHrBUC$1b_LAlF|zFUCY_%c%18=xSf5ME#~rP z?&N&rAIhb&gvo#OtWG!&cz@Wtalp&@pra!!$5-BQ$D=P<@C{ zEtLPE#jBQkhhL_yBZMBB%F$H}HHZ*6dfUzGbZ3nvo@EGXp2(?GrkVJ?X754 z2f#sGTq;fcM<_Qc@s(u~AKi-d@RnV>N3rOTPI)E3_gwH)IoD0w8w)jeBsVRi&sr(|-UT}9r&yGd*20E+M{eke9E1St6x z`0btP-aeItq69iNy^!`7#!;}sMNZ8ey3_-Rp=|m z-(gH|8>$i-I7GgmpmqU`!jHr?GHTMXy^p-3P}_{7O@sQhOb1A$soT!_5+7b8n#_hx zXpt0)cT)*bO`Fju(oK3)XgIRRq|>-*dg}W<1%6PE-YCK^Z=^6CK*8lT|%RfeVX^p zA-n47TGP-9wzAFBk4cT3C_-R{*WYWJujxZbZ67C}r}7R}nUAyZ~jE5(HY)ard5 z_n!x_kRi1m;)~vGY0|eIQR+SxyyIc`yX{a2P`LLuzI{EwWxF5X0!mr+&P%wh4`L)g32Vb2G9$!TCmwMopteils+aK$HW z!w+H_5eYSE(xwe*N(yyqCJ{?1zfF3LIonF8(Y+%r8x@flnL;qN5JL~GWYS7YIj$tr zF;!xVtk1>cU*Tek`StyWc=)BY6kkG~l}p1cm9-9)ZY?uHd3=do7}>()XbBjy6pt=3fSr4m@y%23!|t`PdIft6Hj*&J zhTn*wbJH5cI{?~qMOzn(eG*|vgep)p2hnv0&@=Ejhx2t3l45C>2@p%$#*Nre>Y<G_$va5YP8b`OHS%WP&6^SlN@#rRAKj8X%pKL8* zV)5Ul0cBNvkkej5{%#f3b4E-I13l;qRTtL%7(qWm3RIyZO%*dJaLNEb9QUF4gIths z=AvN*15ZUbAHodalR81YO0?(%QBiCO#HH<{VBJsbVE}D8#-|^5^aZxxo|uWW>sxh$(kiPx~}67PZb44=tnb%okjyk(P&^_YTwtHM;2~k zco$n}1(c$q)r=u3_y#M=?x$(2pWWMbu;`Z-jDH^Vpdb*`35J6A1f)b_5U{1w_lDc) zOBrv?yN{Z8-%G#vsPI&dotOrFxMgA=4lG{4tnxJs9RCmvkw{@+h*a8NdMzC=`C{$; zct?!n(q1izA{<%FOd(M_fV=PgObCZSg8P5txz&q!doi5XWjkvMkKu3Lngp_GnZ1Q~ zx36Yvpe3!H;iTEjE_6wGlJ{5MNB0X;u~p4O_;XqJ%NP8dG>Qjm0z#l_DwKS~2OBGK zp5Ke6QQ`48t_$5VAL7&1H`Aw467iab!_kI%IXCgt7sU)3Wn=I9MZCAWH6PT1q*_C{ zx82Z_Q#sZBQOqKaM%SlzbOa6sihiELTl!^u+{OiX(dBV+effC9!+=eVB0A{AQI(IR z0qY*+jbjz`ubWI{L^cC&y@!ES{XTGjvG2Xhu0RRL_c|%xaDb*=+fmObX5j~)GT(6} z?>s()#wYq;G;Ic7Lz}^n`$88kXgY-JQe$yQg`+>e!h6bazHF_8gq{*XTC0n>yVb=f zyKnv%y!`V~YF+*)Pu=3?nJ<5$sGuH$1}faTbU#BoW#d{li-j%DV`_BuJ1jt@A*paR zq5p*!(d^|cj>i zCwDO`;~G9|lF2&}FZ22m=+I+7^Ox*nrMQ4GiPe8)iZ~Kkmo^CrxHmt~gF70r=Cg66 zDnD?;yPN-UP6n1R`P(1owUd3~ES*ECmL?#D0BI$U{F5+E9ReqXiK+WR2qZefR8dty zgiWyOIJko*19MJ)645DFig1~NP!!rvDJ9`KUWtK+QnQF+?DW6sW>(+wIG3e1#_bG{ z-s66rzM&u9c|*8i@fUb^{J;X60*!Cui}$Xfj$J*`i&QO+mVHNY?ZP`56IF+2>f5Mj zHjvA+4zhDqB*R|$n6WjkrS~I`@%-nH(yh-S#$MKuw@1Fonu+~+?2-9g+NdsH)_38J zs>=lvCv!(skWyJePym|1uar`1x09H+l6&tQ&zD=vaUIH}->lliI1f-Ji}08#(KQG0 z(7g+}zD`qKNfEeW+jG^kZ_}O<=9^`d3QyQ@PvE75auE!BS_q_Kr{9aW<8(VtUAbYJ z2vw5Qq9vD3Xh1TAR~0BBBP~-w(@Z))bRA|!4IHv6QCmRF1x$YG8wR(j%eQqS@JD9S z>9%K>G^!gzuZ*N-R7;u;8N>5;HUVJx+YhnzlE=8R=5rV^K6*d&9Z!vF#rUsp<*M%8 zX`Sl85uLy_Z!Y2bn6-TU!BUcLpGrC)WGGs)^Rrp3D6(-?kJh*WQ<$h)J?{Maes1hB zj2=&`C=oV>zPN(XuT5at6%A@AJxl4) ze7cMuPs?rFSg`O14%t1Z4Tdr4h0(N#bs^0IeEH0$aQR|dD514&NO@|aysDw4bYoE0 zkC{BVHM76%L(+ylv^E7z@19Jri?86qPZcU-yYb9>ml0RCk(aL-#v8jG*eX?GvM%E8 zFYcgOqK#%_a)1JC3s+#qccfFxBwS}qeJdajhK_5s=<%&c|HfD{ZR8l?tkWHx+cY7zWyrT4;e|9&!eEkNyjOl(~}^_@KP#E z@c6-z*_J`Kv;~TZS-BREw-v2wMU(UN^IUPw7;fqGI(mU5bL=||s_SRgO`UjlrH7!Y z;EV6Vi=W&^r|cl&uHM{pWjqZwLogC`Uo5SrJk8}@lfg5H zA?YKzpz|jTWF;{#zg4P0Y$=n871R(?Cia3JOw${7s|~ z2%#et4M$`HTnX(_ZPA>yRHVgO(KL;ZKKh6rJ$jIolteJ7hn#hVKsQXv%F04hIfj9* z8~FWxTuvv4jvOE=Dw4kEpUX{2u7H@qXqj+a4xQU&5p~L{92HHIR2J@G{mPw` z0Wv8SEJ8-ChAo*@wSC{i1> zpm{_Y2M(E}w5UV8>L-8K0m`&wveOMVt=q!U5)X=&P5T~=NOD(lVC7*PO&XCNsbL0> zvhK(AI}X?1DSwjPlLC_Z?If=U-P8r395^^&`JKi-%cWYmnuDFw31{Oueoyc9+I zo#n#eCG%%27uHb7XX8)nITkdLHWvvw?dg;jWar9X*z8NCX|q-|%y3~C5}Qq-cbUaQx8or8I_;?wE5a*_B&CP9bEw=w zMx6#Ex~c|76-_favSK;gN-8lFg<7rq&@@SMWbGo><*US|)S+Gb`nXRye+5m0()}CR zyz?++LP3a3+V^NeTC^P@yd2rIp31Z~G)i_LP*61mfBAmaF4;mcDsh?hXw|AA_M=-_ zw`C7SL69*G=-fJoq-f=w`38z22~_5BXh$VU?Q)1LJ;d%U+sO|o1cL^qVUX0YA#vs9 z96NptkCenW?nT?|XzZ9s>E-aIjrcO!(UB%X$10jv1Q{nj@WCF9jg&vE1UGh z7(CmTvHD;sW>QP~w#mQ<7PIfS73{81KsrgR(Ugv@Q$ykv6;1P#zw-cPS_0{HQgLIR z#cB5R;|jHLW$|9tE!{>58i`qrXw$qdzU`~ouc^P4>og=TaEyaHJS4Wx2_M(r_OoqR!sKriCVm1%@8F2e zM#@_FO1{BUUWsB$A*EJxOfwh?kVun?{Cz|uUWh9;=L`=Mi@#5pf4{}h+$i66-`kPrirSmClY_nkO|GnRX$YrpgDPLT9wT=3W{?2 zDu>g~^OXHnJHN0Gi4dX0QB74&T8ICsk7%c#UubGi3%^;Fqf{mGLVi8f^MuakV`7Gv z1*>5%AX#ld5Bar(JX$zSKq_b5$BDK&hh_U2J|Cy#x~SETGu#(Wv5v1gziKx8{Lgmu zC&Zu{^1YDCsoS4p0`!#QIP=)fAx=&|KPfN;)!L@2-z%rQcc$;lX_oY7KdZC1*(vu= zmA%24?HFpZ(~cwD_fNFfDc4as#gbk?=zgj?Ur{As)U)2_rmrp<2NL=^gi-PD z<7)ojp)5(NH->0WE)|9AC_BD_^3ucLXhde?{-o4whH8sMN)e8ZI75G*;-~UQy<-%V z6ZK3^?MLzt`@NiPdrtkKuR4m;_bJbwSY7?t#0jx=wjcY`wm)Nk;q#MK0pKLE;>V>f#UYrCZiUFing}y^B6^}=S(N;vA~KFR-1b-^V(OAq zdk|6>pxDuDE>z7soF$Ve}eHNr3=&0Q8XP>_hJMp5QYz7 z`2WxjO+$ptiLA)VS)MB7Da(eX5D2r{5@H#C{cnUr*z8VG9cZc}Wc!W`Pjy&kG8PsV z7XMpRs|o%tLIvrn2CvY7sUw9S)6@|nh^c!q17)F?89>T&S9(-6lk%gVaZBcKzVvD* z=BX7$Mbk7iO$*I8N>Ef4C0sj4s}eD%eD35is#<8CQ`NLH%AqT2wQWvp6xt@VZ#8U8 zrJZ^V5Z-4fFQMxFlV7Wba|`}OEgde@CxkqaUn0WR^QLKpUcwBQH4oPh3jg!JR++M@ zu8S2Fv9PePup%b^j!*I7c|;*}FnpLs0AU(P5kTr548I*S=tEQOlpp&Zhr1?@$n-N3 zV5N{09nPmruORPmDJ8Yt#7AiaDvQX^DGlm}{6S(;YY`_4 zIaKIDC>l|THAsw5Fmx{!1p%}umD0Roggb`Bq-3Hr0jj`LoJUcq7Xye&N+%)8g{Jr^ zKVFHj>y%g8Ny>;t6da<^qkzppWMT>_Ztz!n@Kt#6E0SP9Co(RM=*SrCsz5b894pp| zj*B9~uKu6L_=JQ6N=r+z+wEc3*N`Dor~qClK~~iigiXWYv?I(=PKev>KCAt|g@uKM zg(Xb>Q)LN47zm*wbRAQc5cHLYp4^QfM$n7m2QyHC=7_;tvKu{6fHNxnl(AY-6#V60 zp1p7abISvKJ*Y1~PW*%~uYv_n-pgGtFQzz{#f1;Q$XgSeGv|iUEKRIU#lbBsTeOtg zkNm*H@gH! z5Af20{TNCK4X*i+w;mfwtJL*OYI_@pxTbvxeM^Z+G~c4X|ADnVBqjjw!{Ws}>m z;j_s+eczWHY14whmhXwb@&P8^`5@<~tFY=(x=yh1%p2pmG$#&B@&Bz&gb-w9WwCqr zZq}?_b4CHg>RJ9(`8#&Ioy3Ghl9H1CR$FEZ3kwTNm{|Pf2t&sV1~Bvhrcr^v;sC-V zR1{A4p!kCrzGFCRjz{zV1R{8*ypfWKxG0|8^Z{C%kGWv?YzC|4teP=_*FV#kxG|T@ z4!_22^Oy43p4!xoFW{3o@w~t4XFf~)oHh;ma?hAmtlm8X_l8HP+4psRm^_X4nn_;i z0geQQvDSQoUtb!_|cVEsA!3Su?HpaIc#;afC@baxuxaD3-J1l3{ z$Bl5QV7#)67I*ID;OftKZNi%@oII0SGLJlWW3GQ^HaDk#$MCVg@Z0JGoPTi^KhFJy zVb{Gtx2*VZ5w`zB`wBsPd^{aGbRZ%k0`0WA^i|V5r!Tiv6a}Bphi7{N*+g%=g`cZ^>prtshw2EGa))#8M6)g*K*>tQr?`#UpJ2 zXxzRfo%a94;azzgFK9_tvrg0r{U2_;9-bBzc(7xNHeA>>4MmZd<@;Fj_+4B)dn?HS zNT_oWQ9wXXA*Xg7TGs~X$Th|Se%`u=f{XX?-SMj#a7ANMo%~CduSproEeQsLe^{8P zsv4T=vAU>*g@wgmik1BOH)EPQM$m^5^kM|Pm_dKYT*}lDx*sFpK{I^ps|ZpQG|`lE zPijaEOw~?A6o5uhMA5j%9n9IVgFOcik^9x7T#yt)na_{UV-Ns9CxDJWXoS)?%^-ek zXeua*j@O^d?xO$(2lwq|$F>Ag>qg*k=2GH2N=5j)*RONnjBw&a0tUgLi6RY3SG>mP z8C}WUx0hAlzCZ{O zuS0^+^^hnD_`=gU0i-aIrj8T}(lm*-nLN46pgB6t8_09)O2uwZBgVd*886MkbxBXU zp5Kg&_g~|-t0TF(qefn2ONNiCf#UGs5qc>4q8NB7!x6640zoP%Cm3MRj8Ye3-fq-Cv2nvJ_QSaYrbqszgQa8 z?%t7l$q}eh$Dbcb!~SiFFWtt{na4>#U$WqfHNrHa9N8KYy|Nhw~^heBXtv;I5V5jBzG<|m*f(t)rT7|Z%lUc=EPO{utn9OS=UA+ zV1g1u*5SAL)X|$EgD<0T+`rEC)9dvjrNm~lg{;=AUxjMRmrsA+G))|K8y;Q7X;X07 zRcjHjg@uL1pNp_+<@}ApM3_EuH{XvQ^dbZ(*f0Vfit`VkN*i$rPE-v{0Wo$TxSNsC z=>F4ct(+!L!Z{RDN`#c*`U};rxCr}nDB(I0va0S!l^tHC?W^0tgi~(L<0tiq;=8kW!D%j&j0PAQKc5A9|4ML6KW1;;P^c7($n)U z?P^fT9!GJClu$In&!thZxl9Se{8Cq)xh6-EpC8o)C#S4P2b$%z+1NImyiAI!EHpab z*C~qY;liub#EDc!cX6=@_uQ;{GCzGsgD-FD5&zuIQ`5NUP83?dDG4WkrKQ9F_i#U2 zAReY2M20ximETfXPWS3Ijb~w@ z<^K0bUYih=PO!Rn>@?Re@1m~Qi3Vt&S+&3)AWH-!-OT((eMdK~{gQxo`mfjL>qq4x z$A9AlIy+`%_*hQqE7~K=_N?=2xYTsp_%QH^Ktmz>@x_h?f4cqqN;iaoI=(m%jS2>) z7z<7v5ka+0_41Yjm1`%`E;uQLm-<0;pOz~C`!_@=b8|8MFk40SIUD3O7|Q5`atpnNhU;Yc9C zrz22FL1o6@sge4jaMCC<7Zqex=b#po<0(qhVVF$BLi6*>Pym&G?TgO73DMO_t@P47 z97WhJP%$$DRSuL%`_V?v-o6D}YK5HtZybhq_R*k9P-v>eArZ5`f;9sy!Q+Z!Sb{JE zoC>je;XD;Zut>v>;?jOm?y-n7133vW@bZP)BO+vp`|)!famH6v5;CEaG%+N=EVR3;;Te7~GO#U9 zMjtD*2MutO$FX;VR>f@%S_zZn>xJmXbB`^353+P;@&yu=(S(XfW#jc{f}B<`EyU*4 zfT`d+y!lI!x)WffMFWCDJmvn$=cD!F4%X6nPGd{YHTVNivwt?iZ)7Yv>Y0^um3#gO zWVfN+?NwK9-JOq*!sJRg7vr6I4h^(=MEU2bz+&iK8&W1tC|ERtK$!g|*?we}8p#X^ z0A&C!#rSTT78*$MXcpJka0MjMnIRC8{L{a+L0I_?R3Ap;r`?v0ST+Hq{x01tLf-1E zY5j`HIeC1tIqLrUhQY2sRA7%MJb^WecU@_I)!E`vsYhACuPb`A5>|(fR%?Fj`0Z$N zbu6mIlz?Ni~!?{j>%}jLrlL_XeOm zkwaq`q7EeB?)<3kBVl^u2q?sTAQQA+3HvOkk4wsgIpd?XVM-v}F^F2V$O9wRPrza39_7wT}Er!6Cd7fS}c`cqy3PxBC$Oam^_v znL+TE{yxVDX_MpA@`?ut=|60iB?|G zpm7QmRBh+CnTEDPD{UWU`>2m_)oJlD{pHvp)axB$86Q%+Z7DI^ewoP=F z*H;|{aSy9yxSlQKgUlGwyg%_{dp>c_do%*)8Z0eZqQwA)*XS}YtYP%ob^-~gB2pOD z-6y1EE*&Al7{w^HqKT{fFm_kzb`hxmmhE>Bxb5Cx1Ztg=>}OGFd1Q+V3CJ~3+|!MU z+&6twWKRY1e#-&FR0;|Tf8FPJRPyk$xi{QwGAb(_DmLDXZVZ<^O*Pz@BpRw%QOB`b zyM?Ga!>RPcfPtk$dsgDU}2Gkc3imTST5l}h>LiHfu*h#1Ln{1 zOX3-8lC?6V<0YgNrhggZg_#kEqL`2JLdQenDJDU6ntGMeY)P7q$?;?pUJWArG;bNk z$^vCdTDNi=+>0C&``jue2j6S#nTca4_E_TbH@Cur5Jk>Zwa+vr_+L=>g8(`gbM|~l z1TS$2hns$WLI;wvN0R?BMQAN5vTjD{iVTY^r|hIeVXa#4zqeOIqknKu9+{k|MP=%U zj4BUg4jNwQ8caxoTK9heoW}6Z4GN7iF6I0GlH7~1Mup@5@2gKn4dg_ASW$@bl>AS` zoMghP+Q|QZhQd|MC;H%KKB0uu!>8c;|$rb%x3zwq6IM?G>N zPi(S=9>CzX6J;l_Qw8b3xq-XV4FmMjQtUj;$k3}9@z(|f5$HeRluM-lm!=^i@t9jt z7?41t4E*N{))|8EgRlBnc>K~gJMtyqdQu~q=(+wsNgY}Sm>d~?1(z9vQ!|1drU6se zJ9E?`i%L`AB7k6T7?!+FOI279`@e|u+mAslW-LcU!Y0_NHmx5V6jKa|C=iOoADISB zc?3!=*lIbAEKilkTufd?RaDWWwKzJooRUJx00ufTv>1iS2KLMCe>IDDvzZC(NEMI6zarYJZ zFog{L@d-*m3Idiu314UT>w=pcex06P|`-vY{&k#7GN9nD2#f_sy=B7vEhEMOcj&6BhkYmfyj z?UO0^hD0Xds63#>okS|j&>XO?#G;C>%SV@R+AVL%=JA(70fg#8jjyJr<2%}gpg5_5*@*q@_(aQvbY%RGyBBuFf zDsCjc_(bGjt`z>~!haDp=9+r?)^5|mY%Oak~ zF+LRIE}IQ)!6OLyhRWUb(ceGn%%-qo2>4?Fr;R`&aG;?xz9L4YVfq%Hi6eR< zdm;fCkctCXSfg?SS->dLBeic8JgSp9Q6ww}UqAH~JGEa80&?)xqY7{0vv4UjC)K6v zG1-d0-x+{-2uANzj;yNT4pz>k=fOh^;q0Ayd=iQw%7ErdFT4A$>PEDHBKUDcc=c$> zDgbWUFB_dH3DJo+vOHcQw!Zybun?`0vv)8cV0p^1)o;UYL4%uRY+p zpl8*S%q97mHJMP7ZhPOu-ycnp@bP7zoLHPK*T^T5$(}6N5HwjW*5{M`b6#NZoe_cx zK!(fR8G?F2@kUAYcslR=~3+sMN7EN^bvSs@y%WcaLP%P_mwecr26W7VfDLgv5 zsIwDSwjqT<^S^X)z)xjF%;>@o!x!a`sEkM`%WNY~5SdvzpR1GF*|@rs`1e?Am>5}L zfXJ3})|l)tbwftS3hkHJ(EW=)!I z3?l8p2RT_?z5@ugTeIM|jgCqH1={2^%S`?|mM!PYW^y2QkKqiS&-bvt}D{er`~~@)iUQt zAw`e>UNF86Z#}H-T61pbIZ(Z`HZ^p)dDv@GSZg9X%A=IOObY^1t;YPCEt>1YTG2_P z=$UrcCmGM|F_ae#4V{>o?zq~zBmPM3wdCg?_bxp&(LNy9k;+O9g`93?wNgt2><~*y z37t9SKE#G0a#*o-cR??a?K4%cTf+Lc+wW~NF_DIt?dY7Z7!|y-1uvt^Xaw(Y!W0xM ziYk!V2|-E8?%}bHdk*UYQfT0HSC|VA@r4U*4^fBxi(*nLqJn~iG7&1OETX$;Gf1)p zf5C&3@|MehvPl=b`FWP(mdUXYg4-<{di&^H7q8jY2|~y?l;~(hNr%eh_ebW)Q6Gnn zYwFvn`FW}>UF=hSGOGlXq!17gD>iJn2#{7y!*NRame@cDS%46UjwCk|i7Y_Ce-w(` zLl0+8E`+1yDK;~`{$HVm*k21imP7OmE<)-m)D_w>?o&qxXoIT1O~fZm9i|Ein!u76chh2dgcMLF^V^1~tU zV+?~M=f;IRS7t#(y@aY)qa;=M@)qVsdAHhr^38FRTY*|Almr|my;!-?j~z0$bm3|~ zO+;qWFX%*2b#U;|$*^U8rc=(4AQ5mc1>Dr@=lvLm1bb1L{|erEAb*$4r%ga$WPVoW zQ5;Gz+Pg8ca0Sh&scPfF!JlB7Q(@4vZBzeh6tejE_!S$!&J60vz?tKQ;0R!F9s){> z*eunL_Gpw+&(#M;o*`BPyxZ6Uj0*E z+5Br{iuSW^Q;2iq&KtHOi{^9MTv8M&&ue^~#t?{*-0BCFQ{d855i_zaIlX>#xhkpN z{f-Qei0nUg&;T9UlP70lV{6pWfHG_f1rFX15ROx>OB#Im@WxFMTr4EKCH@b{@q<nRGajaIb#Yo^iQ!rA#|!Lp-HF*(PCQqe zbQmGT9OD0-^nmn0Ak&iqM1TO2V~Q*6BO+vTc@eeH2mwP}WaPjhPu-*% zOaT6kak(pQdME>!%DEYE8@|MnQq*g$HWAots6o{>+N%qUO8A29J$UR#f%F3xQ zLnVU&(jQR=4aXG}RIVkk8N?tF41wT*OR)ofRSb$q;1f>`hN~b_A6)H6WJRvR>C4gr zb3nrT-P|Ny>gS#48riN&6{8K{#Qg2T`SlAau+vXTpJ(-AxUB#ys*|D7Z37afoCLJRA zMkE5a0a+JRv4xKNYa)tWn?IEtQ7&oB&&SbmDQ=0;W>IkFx-F>?8p1E7T@%jl3t%It z>5|E8xslcDqitVFMHX#jZQbJhEjOcp3up&Lv{KiVKuMnl?tP2&2d-JgQx|)p76e8J zOc^W{6%GuW3|ByL`mWc)c}Ib2wdn!!Nu^YRHesQ1xUrld2>B($i4Yy$JQxpfJW_j< z^J!(6pNsPIt3@4)=Yf|vou#+T1SsJi=3XX>ZB>S-{0oUF_U2>#+M)1raf6pFpr5n? zdcjVhDoNsElwUEEV#Oxm4o}+sstplonYX{HO&ROgewaJ(eoiQdfT4)I*fy|hS$`wS z#2GS&hc$5$THe7n3@Vd6Mz+rk(ZOJZoQJ`aRJ~FgD6(rr6@9i{WE87J`MQT?=V^h! zomhSJ``Mm|b3EWZ_T&#XvfbFNroF>@L&K^z_MoacxV=nQNVVczZW?apF9I-p-r@a; z6sG2snCevp>1KxW07D)i9iLEh?TSklfNkrR4C7h94@2vqjpT^zK zsz81xzb_n3%^IwxBorBQ>>&KlKVBJ?rbo`oiu7s2%Ib%?YVLJPwX`%qfjn6ibX9;u z$K~LVYJxb#U^bVlUI*{%gr6On7dr;&Nf3I7E+0E)hTV<63V-rU@ zBJM=uepq6a+Krn9s^LMy>07~IqrGIPvPSic->*UNpZzlVqD#t?D^3Kg@o9qeTSoN7 z<^HF6GL}A)}%quVviq(%zC}(GhRBn)D7H zxe|ftfr6m262pY)2IOMYEXUeWa1ahIOb~B;dO_iDRMVvvnFu(Mpk}7f*|{QhZQ(I7-$aSw39^~+7V!e4q4#dV z<0AvlqJ-Cti;2rvMVCXsoh5npG}S++*=;WJU9|PiP(-9cS~!paIs|uAII`e z*CcLrwr}e^uBx1<-R_B}S=qJeDxy zOLWzVtg}Uy&6?BIo3AT)_S_!)d!6kkqu%aGf6J?pEnV_=76O)(`|~x$Z>k~nojOl; z+(Hv`mjODpg0ts&jkqq97QD9*WbZCG=j<27`YjYr=I?>4)v&VlBpfe8_mf+C5l4~5 z_qEn#Ws-#|j$%RPU-F&o*5p_iy3<3Pb(l{|&2(uK<#-M&pU41g69?lN3)iU)DF(jS zWNj2I7ioeskEOe(hI>v5<53$2`~mTnpVRu&pO5-?Lz&436_2MrlKky0vH^F5D6{!C z2fklF8kX@2<`pa)Z>t_Ac_!rnPjR!HDMifPC7rIuo`~3D$7q6mpRC>;H`Gf6jt18A z(Yroea|~lATcuXxRBxCAVb()Cdj?}#i@EuJK-A*r(DT#PuO;cd|HFnOU-7H+%EdA% ziq}G`$Mj3xkhl(2y#$toj^1#+#o3+pS$Zkr+1*Nnta+Z0%vGn_=ts{ZjW)NgnE0C` z%*P?x#rpW)t|811goc-~GVd;R5~A^+Zq6V%4>i&`K@A=|>4=W{-02rn_Zkg<*?%;1 z$F6Ph;_5!*)l5$frG3H~pV#c>Js%swMEg@lT-t%gDD;XvD(kq!b)BC(jh(v+WTQZ- z+!!k)ipj<{JXmo0en92$vmx)FuF9bCGhKBNNJPXARtzQZDir)MaO+_B&BpxpdfVC5 z!Qb-CHp>EUiKx{0OgJ(D!_n@C!;O#<&=4+9t~Zmu#4Fk2R;=y7zAfjQWe=M#(L}KO z@(H8kgYBq!WyI%o>-QQz3rM>7S|4hTn%)r1f5MvW~;xC1yz)%_?(iWNT zPJ$ie81dGPRM2OwQmu2?zW)QgfS9<{pMuy(f#i+uycdpn@&GGc&xIZC4WOi=Xgfj3nlplXIWA^}txI z^Ud5G>}^314NPwL4^6KB*Zu6TphxRv1wavOF}k=!kUNV6S4Pe3tNVFC;i zRF@+)TpB4pFKh@XErzHW#u&~%BP?3wwE4t%xD&!?&`-2}DOhejlQ1RRoB7llwUx;a zcs+*WD<6|tY$1rA(Z%w;0_zX>^p!IXdL3Dno2?newljDA!*-Q_R%5&TvWIGF-uxq> z%@wc~#~TT8;~mIw z`$!6|%Y?-DN-UmtDyK3wpx>)IWt%+lT*rxpS7es4+$zT5lJ~-4_Z-L#zQ4RdlU6@;8?1sAf zIFM+7^Xp9fb;eq3mhOziB<#d{jklBO4dyR9-BCcvmS{zJaq+l(y(uGo&tFb$KEI$6 zjB1jNCU)^fmRg4~AvN#SNdCe=Z2u4ayVLJk|AuHPW_jszo^uNNqC9l^uFd}rD= zKVPhhDP;M2*qrjc#{+BhKAG+iDaO-?d7AAjj&ESh@K%1G4)Z1DXR8%-2^-%K4z+s2 zL607Z_v_3lx-=3x$R4_)34pCzkTCt71;`BZ9`#(_G;JtH+V1Y((QE-;QeJTDAp$z1FpL5f5r@Em*0(lw59g~c@FO|%w^6J~%^Nm( zd2WoyEDTMt;4~=z)rfuajcEXE%grEGLKXG4QF4@GIazpxFB(z&ON6pm{Fg?x`>pFV z1y@Q&wqMLCYPrV8sr97$CG)~s_QOTe?u>rdL?>c8g{n8&WBOoF&DO+B?6r(Q3(TvN zA0lOZf&`727N8s1%hn5Bf`?oBuK*c*S?Hai#SvC5n^{1M0DG^yTPVz%H0ZkGaLaD`!iVuJW#wREm% z^I=kQ!!9@2M7s3J-_%*xI|SQZ=H$?M^S$j&=!4@@5pQb=Nj#ADy+84}TevH-Gbalt z>~=nEMS}y`w4Rjpa(ZHi4SVwS35BWliGjMnba6rrzv|1-#tLEQMLl(~Hh4wol7}s1 z^2$C+DP`v^L{1n?h*Ou#SgzEdhdUIG)&~%NA??fI4AfTh(MSho4P3Bgi<2SRcMMCv z3>?#Cmnfidr~jtIk19ETq2`+F5F=mTt34ko@wn*ou*plC7vW4sHw>Jr&|Kt6niIBy z^3r6Yr7e_2tYMT?I~BLpOh3wu9n6J(-)qEo!ScXgjy{h~XI*PHuwhD>V)SW`zX?DK z;8M~Icr7$A#; zru07+%#TV~qP+lKQCTPAdw?mP>5RSK$BX#wZ6{0N3#ZP@_uE|GH$8)_tkdneipC1A zw{OsdQUGlU0|M(D@yz2R2Vp5vu8NtVUnmU%hXVP zIj8wNl$1@hOMYnLBA47nnZXfD()ctSTOx}!%0wj7&PpOCcRn1F%Na5`KEo^%UA2Ou zx0EmA1tRhf&;ZGHR!KRn!gLvlquLBzlS1-KlDCyZSJM^BeavP3B2sO^8oA5xGP+PZ zj63PiEiY&Xo>( zeHGItf4zDR9tUgXNp>NF-yJDHdavH zo&Y81E4qWF(al8`1MAd>C(q!pbIsXfkEGxrnaAlD?~6v|A7;FY>H5tN>E@}9gfgB~ zw-kYsqpe@~zrgx}PH+l_B?HLqBo;C4Knw5>+%7@6X>-s1O)c}D2Nx-i6!+uS9h0bI zuN~zO$#TY^!%*j+{PEJu#0k%_qwfZS!*iVvAeDtOtF(M;_|sOuKDObM(Di=l9F#FX z^DZsy0k?h?HzwHMG|$*LjZR34XT2Yd?>#bddwINhQ(LnOHPmHw;ttWtM7rVxiN1iM z8E@(yDh2%JQe(=idFT&R?;x6>6jhJ{N?+;?Dn0G4`0_{gJqcvhS9()%1fGL~j%J+B ztG>;)1m&11(}J4%zOrf@N)8ezGoU{)HRhm5mxyLl%msH~0SmQ^l{xK>u;g|$;>Wz* z_aH$y&h8LvUmutTesBMf7KGy`?IQ-m!EbyQ=tBs}fUgAYHd4d*hk09Ubd*FiN%?`> zZ#pbmk`*9(8RpEVPa`WU-bZwzNm2*%-u%deX6iH8)#Mzvl|PONS`=^ca$h ze%)IfYb7l$FuwBF7}?Zt7{mejAXJd3@%Ik6^~In2!IcI$y^?Y^5Q1zf)1CboL+;F{ z5AOheljGV~`%BPWL_XoV)gk1feB%PJk^8%ONM&5f=k#7-V?J+8E%s?Pjj#pPFSLmI zE<`!B9f^{cZ-9p1g>@4g#hVNv4R6B|9Uze{oxQ>9X1BkzhI*_SjH|gPF}=0$?|kSZ zPYUSCXXW3-o6S(Au!QOSGPNhyTi?_2RDQY6by4ujzjC^5F$L!6u*B2br;W93{)mVA z3H|t|pOzm_5?wz&iMBOnos8KuA%XTFv-7D-Jf={_s5KW{Dx!&QzbIqmc0pZw^e36q z=HY%>ahkKABMP&h7d%OJv=UzQZGS?Yp-M`Pie4@l0B?6i=ue@(^aI>7l^dFT|r%COv9O{0*b{> zLEFTNWvhgKnn=$+mS()^hgLKKIb5MIh4e=|EsKTd0^Eh52gBHsDbC#5<4$P;*_M8D zdP-#k_Q}La!(S!u+IQg>D6J0nuOdhfm-U}pJ`dn$%asQ+erpm1#|CGDo(TLQd0o^B zzwl;q%J`$rX&~;C=wB-hu`$LB^Zs9r7*Al)(DkxlL(fsKM?5YmKpeb(ulFZ!Vm--l{ z*J!sP!6K@Y@?z+;BjlX`)5w-$XbWhYSc+eeSrFhK&fJ9byXUdv`m5>L=?;JSyo73} zF1;DfxbU5IK3eB*(p z*v8?7BTuJ5=Ghk5DS?$?kmA_w2NiP4Z*n5c-?_Fr)ARI84dm*5w4 zpo+P|7-&UTYQ970TXV{Y7qyntlV@p(zr_iEWPTk5v}vFC4frv%C2CS&(CrX>7gbzo z@#8-%Dhj#k_k$?UudOMINN|5=Xjg=oQwKe)tE11iI)ggA)7kCKW;Fb zP`d&D@O(DdSg8vhFtnK%PQ;&cz&xzQ1qs+g+?%m8>f1nPfexrZ1GHT$h#^$|B!qXZ z(jBW$)|T)feIQ^B6l6UFU!D0&nvrL&Z$(X9%2KyGkTnA0gr6HEOgp&h#{EGAhtwt#nyPgm1@40Ch~eRG?*uLx*+5l^2S|xKp?Pl ziFm}HUJV+zsL~&Sgzd>!^~XDx*@XVET(14y#UyyCxF{Yj|KnzP2ll&Ww-LmqwRKr# z`QAV*-(G6~SXpVgQ}D5eE7_k12oh27V4K7O_E9W^upgPyWk^tvio7_0Mx+3W_*}#x z#?dr3rI!d11gThQ9e}{IijW`#cZsnygdan={B129s(Lv%i6Gj@paVMbE@3&6e^51E zc_X>P2h3XNbK6@0xdkqF)-wH7h_$o|rJ%npHfBn+2w{;_DFsw?+55CuB7(H3j9 zIKWIAw2v^)pnFoYm95>-$m5kUS;{}(;akxqc66rP-(H|gABl!mX^xWO+48LSu{dei z>4Ea0!R#ioA?#?eHQTmCYlr)%n;*xN<*lRS{f!6?qG((-(bgyp4i0i1)scekHV9Yf zjiutD(H(I?kT-)D{b+5^#t;FG105nD#Qa8WzT-{pL+j@=r|_*wHesvD#VG~0Uz`K` zZ!w*&CtC~#VVl(t^^M1GQ68b{HF$w3lV~WzFce6M1W=5YHZ~?l%Jg#u<``u93?S>x z(BSVTEYalp=~M5|DLbz_?+tRtsmJnzjkLHU9~D^_i1!ul9LcZd?v|zi5!(I6rw>NJ`-H@7PAQ}Li9`a*R&8gHrpD)4^EVt*|vYo@r|Tepy6#JNPiuHRs^vh@nR)P11ARXlsEMFU`H0fCHK z!=zzpH>~wX`_faGbv*Y=7t*%QvHk^$cxKHM@v_i_Mi@62NQ`M*Q`B`m%TijXyR4NoWeah)~vSHl&HR zgN@wZX4A)OYwDmyk!NPg=&!ex@zUV|q?kmMH zw)m&8x|2FrUOuT0G%iylxRCOg2Rf-b2t3R|NAE++dz=SOVK1G+z9Ve)D`7A0%WPx# zc2H?{+Kz$&N$<2uDA6O9c9wl?a9oQExu;ysw#u5SqD+Z`y0)T6WLfDiGUY$&Sr@d_hJI5;mp`KZ8G=L+Nx1X;rQ8k!D{54nSO`EmSCErv9qo6W;P=Jks+~JpI`l zlc1ZLLKxk#hmUO)lS#!Ak_mw`1!@*lz&jLP_2%{ z_eMTYZwtJAqN++W(SLkTga$ED5B2gfI5Cb(RI~s*vluA}fIz%U3rfApYxZFbm-+jh l9=;HXJa+KG5@mj2ee1f-OfJL-*Zc-FNl`hGY9WKb{|D}q4jBLd literal 0 HcmV?d00001 From d4cfd1e8854c460ca8c59b0ac4b20322f6ce6756 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Oct 2017 05:11:43 +1300 Subject: [PATCH 0417/1961] 4500: canvas extraction 967895 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 2073107..f63eb04 100644 --- a/user.js +++ b/user.js @@ -1570,6 +1570,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1354633 - limit MediaError.message to a whitelist (FF57+) ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) + ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From e1034faf1fc5f8145bd8e30ab36244f6078d374d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 31 Oct 2017 16:29:46 +1300 Subject: [PATCH 0418/1961] readme: extension cookie exceptions --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f63eb04..e6f324c 100644 --- a/user.js +++ b/user.js @@ -19,7 +19,9 @@ 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-installing updates for Firefox and extensions are disabled (section 0302's) * Some user data is erased on close (section 2800), namely history (browsing, form, download) - * Cookies (and thus logins) are denied by default (2701). Use site exceptions or an extension + * Cookies are denied by default (2701), we use site exceptions. This breaks extensions + that use IndexedDB, so you need to allow exceptions for those as well: see [1] below + [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.7-Setting-Extension-Permission-Exceptions * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) or enable them as an alternative to RFP or for ESR users From ce66da10a431cc6a802f08db83656ec8fa769544 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 31 Oct 2017 16:51:44 +1300 Subject: [PATCH 0419/1961] start 57 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index e6f324c..185d4aa 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 2 October 2017 -* version 56: You're So Pants -* "You're so pants, you probably think this song is about you. Don't you? Don't You?" +* date: 30 October 2017 +* version 57-beta: I Love Rock 'n' Pants +* "Singing, I love rock and pants. So put another dime in the jukebox, baby" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From df01fb87cede17b7ccd79af99bb5607f9e0bca6e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 31 Oct 2017 20:17:26 +1300 Subject: [PATCH 0420/1961] 2300: *workers info fixup "Push and web notifications require service workers, which in turn require workers." - this is clearly not (or no longer) true. See #256 where workers are disabled, but service workers enabled, and service workers create IDB entries on Youtube --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 185d4aa..655ef0d 100644 --- a/user.js +++ b/user.js @@ -1086,9 +1086,8 @@ user_pref("dom.disable_beforeunload", true); /*** 2300: WEB WORKERS [SETUP] A worker is a JS "background task" running in a global context, i.e. it is different from the current window. Workers can spawn new workers (must be the same origin & scheme), - including service and shared workers. Shared workers can be utilized by multiple scripts - and communicate between browsing contexts (windows/tabs/iframes) and can even control your - cache. Push and web notifications require service workers, which in turn require workers. + including service and shared workers. Shared workers can be utilized by multiple scripts and + communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). It is recommended that you use a separate profile for these sorts of sites. From 2c56d90a6fac9719a6abcfdebac6289d8584a175 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 1 Nov 2017 02:28:23 +1300 Subject: [PATCH 0421/1961] Create test.js --- scratchpad-scripts/test.js | 1 + 1 file changed, 1 insertion(+) create mode 100644 scratchpad-scripts/test.js diff --git a/scratchpad-scripts/test.js b/scratchpad-scripts/test.js new file mode 100644 index 0000000..a6b9b7e --- /dev/null +++ b/scratchpad-scripts/test.js @@ -0,0 +1 @@ +// boo! From 1dd683c81f9512bfebabb4037dd1b58bff700fb2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 03:13:42 +1300 Subject: [PATCH 0422/1961] 0330: more telemetry pings --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 655ef0d..6506a01 100644 --- a/user.js +++ b/user.js @@ -168,6 +168,8 @@ user_pref("toolkit.telemetry.cachedClientID", ""); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) +user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter +user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) /* 0333a: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) From 06d9d61558543b9a0ce80bd45f431a81574f16bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 07:05:08 +1300 Subject: [PATCH 0423/1961] 0514: more activity stream --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 6506a01..60ddf10 100644 --- a/user.js +++ b/user.js @@ -365,6 +365,8 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); +user_pref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // (FF57+) +user_pref("browser.library.activity-stream.enabled", false); // (FF57+) /* 0515: disable Screenshots (FF55+) * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ From 3028a7a61a5819b38ad7143fffacb7510b134292 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 07:58:21 +1300 Subject: [PATCH 0424/1961] 5025: another media type --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 60ddf10..44a1037 100644 --- a/user.js +++ b/user.js @@ -1767,7 +1767,8 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); // user_pref("media.wave.enabled", false); // user_pref("media.webm.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries - // user_pref("media.wmf.vp9.enabled", false); + // user_pref("media.wmf.amd.vp9.enabled", true); // (FF57+) +// user_pref("media.wmf.vp9.enabled", false); /* 5026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); /* 5027: decode URLs on copy from the urlbar (FF53+) From 95f1d6ecf64c7b69a7a2e4861a65e9d71e4a8320 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 10:31:08 +1300 Subject: [PATCH 0425/1961] 0514: activity stream fixup `browser.newtabpage.activity-stream.aboutHome.enabled` is not needed, as it is controlled by `browser.newtabpage.activity-stream.enabled` --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 44a1037..08dcaac 100644 --- a/user.js +++ b/user.js @@ -365,7 +365,6 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); -user_pref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // (FF57+) user_pref("browser.library.activity-stream.enabled", false); // (FF57+) /* 0515: disable Screenshots (FF55+) * [1] https://github.com/mozilla-services/screenshots From b373fe2a58747ffe9c48b2e6f3ede473d7a96469 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 10:54:52 +1300 Subject: [PATCH 0426/1961] 5014: download button visibility --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 08dcaac..78bc3b4 100644 --- a/user.js +++ b/user.js @@ -1717,6 +1717,10 @@ user_pref("layout.spellcheckDefault", 1); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/ user_pref("network.manage-offline-status", false); +/* 5014: control download button visibility (FF57+) + * true = the button is automatically shown/hidden based on whether the session has downloads or not + * false = the button is always visible ***/ + // user_pref("browser.download.autohideButton", false); /* 5015: disable animations (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); From 7f4a671b09421b674c9cf973b59391f1ce9a2212 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Nov 2017 12:15:02 +1300 Subject: [PATCH 0427/1961] fixup spacing --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 78bc3b4..fe07533 100644 --- a/user.js +++ b/user.js @@ -1771,7 +1771,7 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false); // user_pref("media.webm.enabled", false); // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries // user_pref("media.wmf.amd.vp9.enabled", true); // (FF57+) -// user_pref("media.wmf.vp9.enabled", false); + // user_pref("media.wmf.vp9.enabled", false); /* 5026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); /* 5027: decode URLs on copy from the urlbar (FF53+) From 76bc2bce252fc45e95aa0a58c0b5c8b8d0efa227 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Nov 2017 23:04:30 +1300 Subject: [PATCH 0428/1961] 5008: open bookmarks in a new tab --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index fe07533..4c1aeac 100644 --- a/user.js +++ b/user.js @@ -1706,6 +1706,9 @@ user_pref("browser.backspace_action", 2); * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); +/* 5008: open bookmarks in a new tab (FF57+) + * [NOTE] You can also use middle-click, cmd/ctl-click, and use the context menu ***/ + // user_pref("browser.tabs.loadBookmarksInTabs", true) /* 5010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); /* 5011: don't open "page/selection source" in a tab. The window used instead is cleaner From e080becba5fdd9c32bc3238fae41233646a63d66 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Nov 2017 00:14:36 +1300 Subject: [PATCH 0429/1961] 2610: permissions.manager.defaultsUrl #259 FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=506446 - FF35 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 4c1aeac..86aafbe 100644 --- a/user.js +++ b/user.js @@ -1266,6 +1266,9 @@ user_pref("network.jar.open-unsafe-types", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) +/* 2610: remove special permissions for certain mozilla domains (FF35+) + * [1] resource://app/defaults/permissions ***/ +user_pref("permissions.manager.defaultsUrl", ""); /* 2611: disable WebIDE to prevent remote debugging and extension downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); From dedfbf04b6392cf7ded3557bdcc3121a486804e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Nov 2017 10:00:31 +1300 Subject: [PATCH 0430/1961] 5008: syntax fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 86aafbe..5df5c51 100644 --- a/user.js +++ b/user.js @@ -1711,7 +1711,7 @@ user_pref("browser.backspace_action", 2); user_pref("browser.link.open_newwindow", 3); /* 5008: open bookmarks in a new tab (FF57+) * [NOTE] You can also use middle-click, cmd/ctl-click, and use the context menu ***/ - // user_pref("browser.tabs.loadBookmarksInTabs", true) + // user_pref("browser.tabs.loadBookmarksInTabs", true); /* 5010: enable ctrl-tab previews ***/ user_pref("browser.ctrlTab.previews", true); /* 5011: don't open "page/selection source" in a tab. The window used instead is cleaner From d256908a5fb58a09b8795f8c52aefda9d6900f86 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Nov 2017 13:51:20 +1300 Subject: [PATCH 0431/1961] 0330: telemetry changes 58+ #271 --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 5df5c51..6d8eeb2 100644 --- a/user.js +++ b/user.js @@ -159,9 +159,12 @@ user_pref("extensions.webservice.discoverURL", ""); * IF unified=false then .enabled controls the telemetry module * IF unified=true then .enabled ONLY controls whether to record extended data * so make sure to have both set as false - * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html ***/ + * [NOTE] FF58+ `toolkit.telemetry.enabled` is now LOCKED to reflect prerelease + * or release builds (true and false respectively), see [2] + * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html + * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.enabled", false); +user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ user_pref("toolkit.telemetry.server", ""); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.cachedClientID", ""); From fe46ea79ced0ef2c203a23c33b5a14c1f77bd92f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Nov 2017 16:03:42 +1300 Subject: [PATCH 0432/1961] 4500: RFP MediaDevices API FF59+ --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 6d8eeb2..719d04d 100644 --- a/user.js +++ b/user.js @@ -1581,6 +1581,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) + ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 64a6eb794aee53277acef15af22898c44f78b606 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Nov 2017 16:27:54 +1300 Subject: [PATCH 0433/1961] 0850f: disable local search history in locationbar kinda moot considering 0860 disables all search history :) Added for completeness so users can tweak their awesomebar to their little hearts content --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 719d04d..106ac62 100644 --- a/user.js +++ b/user.js @@ -507,6 +507,9 @@ user_pref("browser.urlbar.autoFill.typed", false); /* 0850e: disable location bar one-off searches (FF51+) * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); +/* 0850f: disable location bar suggesting local search history (FF57+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1181644 ***/ +user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions /* 0860: disable search and form history * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember search and form history * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember search and form history From f89bb3f1c224e4a02523193c2cb7407415e6bcf5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Nov 2017 17:03:08 +1300 Subject: [PATCH 0434/1961] 9999: deprecated FF57 --- user.js | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index 106ac62..1f1d61a 100644 --- a/user.js +++ b/user.js @@ -199,15 +199,6 @@ user_pref("browser.newtabpage.introShown", true); * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); -/* 0374: disable "social" integration - * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API ***/ -user_pref("social.whitelist", ""); -user_pref("social.toast-notifications.enabled", false); -user_pref("social.shareDirectory", ""); -user_pref("social.remote-install.enabled", false); -user_pref("social.directories", ""); -user_pref("social.share.activationPanelEnabled", false); -user_pref("social.enabled", false); // (hidden pref) /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness @@ -996,7 +987,6 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required -user_pref("media.eme.chromium-api.enabled", false); // (FF55+) /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) @@ -1278,13 +1268,8 @@ user_pref("permissions.manager.defaultsUrl", ""); /* 2611: disable WebIDE to prevent remote debugging and extension downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); -user_pref("devtools.webide.autoinstallFxdtAdapters", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku - * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ -user_pref("browser.casting.enabled", false); -user_pref("gfx.layerscope.enabled", false); /* 2614: disable HTTP2 (which was based on SPDY which is now deprecated) * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities @@ -1762,8 +1747,6 @@ user_pref("browser.tabs.loadInBackground", true); * true: load the new tab in the background, leaving focus on the current tab * false: load the new tab in the foreground, taking the focus from the current tab. ***/ user_pref("browser.tabs.loadDivertedInBackground", false); -/* 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/ -user_pref("browser.bookmarks.showRecentlyBookmarked", false); /* 5023: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); @@ -2089,6 +2072,33 @@ user_pref("browser.fullscreen.animate", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1385201 user_pref("extensions.formautofill.experimental", false); // * * * / +// FF57 +// 0374: disable "social" integration + // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1388902 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1406193 (leftover prefs removed in FF58) +user_pref("social.whitelist", ""); +user_pref("social.toast-notifications.enabled", false); +user_pref("social.shareDirectory", ""); +user_pref("social.remote-install.enabled", false); +user_pref("social.directories", ""); +user_pref("social.share.activationPanelEnabled", false); +user_pref("social.enabled", false); // (hidden pref) +// 1830: disable DRM's EME WideVineAdapter + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1395468 +user_pref("media.eme.chromium-api.enabled", false); // (FF55+) +// 2611: disable WebIDE extension downloads (Valence) + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393497 +user_pref("devtools.webide.autoinstallFxdtAdapters", false); +// 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393582 +user_pref("browser.casting.enabled", false); +// 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1401238 +user_pref("browser.bookmarks.showRecentlyBookmarked", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From c6d55296fb4445674131df864db6b4410a768df2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 16 Nov 2017 06:46:35 +0100 Subject: [PATCH 0435/1961] typo used to be 2021 not 2012, see https://github.com/ghacksuserjs/ghacks-user.js/commit/908a8d66f4987568fc76649a7f47e8f61f8588f2 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1f1d61a..a730410 100644 --- a/user.js +++ b/user.js @@ -1631,7 +1631,7 @@ user_pref("browser.zoom.siteSpecific", false); // [2] https://wicg.github.io/netinfo/ // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 user_pref("dom.netinfo.enabled", false); -// 4608: [2012] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API +// 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API From 22e51e2a083db23e19cf477cef7dc0877240cc6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Nov 2017 04:06:04 +1300 Subject: [PATCH 0436/1961] 0506: disable PingCenter telemetry --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index a730410..37345b4 100644 --- a/user.js +++ b/user.js @@ -333,6 +333,9 @@ user_pref("network.allow-experiments", false); /* 0505: block URL used for system extension updates (FF44+) * [NOTE] You will not get any system extension updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.url", ""); +/* 0506: disable PingCentre telemetry (used in several system extensions) (FF57+) + * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ +user_pref("browser.ping-centre.telemetry", false); /* 0510: disable Pocket (FF39+) * Pocket is a third party (now owned by Mozilla) "save for later" cloud service * [1] https://en.wikipedia.org/wiki/Pocket_(application) From da3ba2a97f81ba78bd9d95c854c9b54933910257 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 17 Nov 2017 15:26:27 +0100 Subject: [PATCH 0437/1961] Create updater.sh thanks @overdodactyl !! --- updater.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 updater.sh diff --git a/updater.sh b/updater.sh new file mode 100644 index 0000000..3c71615 --- /dev/null +++ b/updater.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +### ghacks-user.js updater for Mac/Linux +## author: @overdodactyl +## version: 1.0 + +ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" + +cd "`dirname $0`" + +echo -e "\nThis script should be run from your Firefox profile directory.\n" + +if [ -e user.js ]; then + echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." + echo -e "\nIf currently using the ghacks user.js, please compare versions:" + echo " Available online: $(curl -s ${ghacksjs} | sed -n '4p')" + echo " Currently using: $(sed -n '4p' user.js)" +else + echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded." +fi + +echo -e "\nIf a user-overrides.js file exists in this profile, it will be appended to the user.js.\n" + +read -p "Continue Y/N? " -n 1 -r +echo -e "\n\n" + +if [[ $REPLY =~ ^[Yy]$ ]]; then + if [ -e user.js ]; then + # backup current user.js + bakfile="user.js.backup.$(date +"%Y-%m-%d_%H%M")" + mv user.js "${bakfile}" && echo "Your previous user.js file was backed up: ${bakfile}" + fi + + # download latest ghacks user.js + echo "downloading latest ghacks user.js file" + curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded" + + if [ -e user-overrides.js ]; then + echo "user-overrides.js file found" + cat user-overrides.js >> user.js && echo "user-overrides.js has been appended to user.js" + fi +else + echo "Process aborted" +fi From fe752c8be37df2248a46424bfa5b37cdc205fa3c Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 17 Nov 2017 15:45:16 +0100 Subject: [PATCH 0438/1961] Create updater.bat thanks @claustromaniac --- updater.bat | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 updater.bat diff --git a/updater.bat b/updater.bat new file mode 100644 index 0000000..0d84c7a --- /dev/null +++ b/updater.bat @@ -0,0 +1,68 @@ +@ECHO OFF +TITLE ghacks user.js updater + +REM ### ghacks-user.js updater for Windows +REM ## author: @claustromaniac +REM ## version: 1.0 + +SETLOCAL EnableDelayedExpansion +SET "_name=" +SET "_date=" +SET "_version=" +SET /A "_line=0" +IF EXIST user.js ( + FOR /F "delims=" %%i IN (user.js) DO ( + IF !_line! EQU 1 SET "_name=%%i" + IF !_line! EQU 2 SET "_date=%%i" + IF !_line! EQU 3 SET "_version=%%i" + SET /A "_line+=1" + IF !_line! GEQ 4 GOTO break + ) + :break: + IF !_line! GEQ 4 ( + IF "ghacks"=="!_name:~8,6!" ( + FOR /F "delims=:" %%G IN ("!_version!") DO SET "_version=%%G" + SET "_version=!_version:~2!" + SET "_date=!_date:~8!" + ECHO ghacks user.js !_version!, !_date! + ) ELSE ( ECHO Current user.js version not recognised. ) + ) +) ELSE ( ECHO user.js not found. ) +ECHO. +ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-override.js to it. +ECHO. +CHOICE /M "Continue" +IF ERRORLEVEL 2 GOTO end +CLS +ECHO. +IF EXIST user.js ( + IF EXIST user.js.bak REN user.js.bak user.js.old.bak + REN user.js user.js.bak + ECHO Current user.js file backed up. + ECHO. +) +ECHO Retrieving latest user.js file from ghacks github repository... +powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" +ECHO. +IF EXIST user.js ( + IF EXIST "user-overrides.js" ( + COPY /b user.js+"user-overrides.js" "temp.js" + DEL user.js + REN temp.js user.js + ) + FC user.js.bak user.js >nul && DEL user.js.bak || IF EXIST user.js.old.bak DEL user.js.old.bak + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + CLS + ECHO. + ECHO Successfully updated! + ECHO. + TIMEOUT 10 +) ELSE ( + IF EXIST user.js.bak REN user.js.bak user.js + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + ECHO. + ECHO Update failed. Make sure PowerShell is allowed internet access. + ECHO. + PAUSE +) +:end: From 754ec610d1d690e3550dfec177f46ffb80dac708 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 17 Nov 2017 15:48:39 +0100 Subject: [PATCH 0439/1961] typo --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 0d84c7a..1dcfcd0 100644 --- a/updater.bat +++ b/updater.bat @@ -29,7 +29,7 @@ IF EXIST user.js ( ) ) ELSE ( ECHO user.js not found. ) ECHO. -ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-override.js to it. +ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. ECHO. CHOICE /M "Continue" IF ERRORLEVEL 2 GOTO end From 7ae034a23c7d1cfd2edcd7f5bfcdab7a08d3fcf7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 18 Nov 2017 18:01:01 +1300 Subject: [PATCH 0440/1961] 2706: Storage API => inactive --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 37345b4..3361e9b 100644 --- a/user.js +++ b/user.js @@ -1441,11 +1441,12 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. + * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" section * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ -user_pref("dom.storageManager.enabled", false); // (FF51+) -user_pref("browser.storageManager.enabled", false); // (FF53+) + // user_pref("dom.storageManager.enabled", false); // (FF51+) + // user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local From 500c129d484494d06ef3cffcc91f534077e5dfc3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 18 Nov 2017 13:39:29 +0100 Subject: [PATCH 0441/1961] fix for profile detection this should now work no matter how the script is called (including symlinks) on both Mac and Linux. + Storing and restoring the original working directory to prevent problems in certain circumstances. --- updater.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index 3c71615..ca8ee93 100644 --- a/updater.sh +++ b/updater.sh @@ -2,14 +2,22 @@ ### ghacks-user.js updater for Mac/Linux ## author: @overdodactyl -## version: 1.0 +## version: 1.1 ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" -cd "`dirname $0`" - echo -e "\nThis script should be run from your Firefox profile directory.\n" +currdir=$(pwd) + +## get the full path of this script (greadlink for Mac, readlink for Linux) +scriptfullpath=$(greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null || readlink -f "${BASH_SOURCE[0]}") + +## change directory to the Firefox profile directory +cd "$(dirname "${scriptfullpath}")" + +echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n" + if [ -e user.js ]; then echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." echo -e "\nIf currently using the ghacks user.js, please compare versions:" @@ -42,3 +50,6 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then else echo "Process aborted" fi + +## change directory back to the original working directory +cd "${currdir}" From 450adab519e4e8a3d426f12df5659acc00f83bd8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 19 Nov 2017 08:21:18 +1300 Subject: [PATCH 0442/1961] 2706: Storage API => active false #273 Sorry, but AFAIK, with this enabled it clears web extension storage when clear "offsite website data" is checked on close or manually (which we do in the user.js). Note also that even with this enabled, the UI settings are disabled, and the data-on-disk calculation never finishes, so at this point, its a bit useless to enable it until we figure that out. Will be back in 7 days --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3361e9b..8fb0e98 100644 --- a/user.js +++ b/user.js @@ -1445,8 +1445,8 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ - // user_pref("dom.storageManager.enabled", false); // (FF51+) - // user_pref("browser.storageManager.enabled", false); // (FF53+) +user_pref("dom.storageManager.enabled", false); // (FF51+) +user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local From cdeb0abe79145b70513aba517e954a706845e038 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Nov 2017 08:58:47 +0100 Subject: [PATCH 0443/1961] update to v2.0 https://github.com/ghacksuserjs/ghacks-user.js/issues/264#issuecomment-345462158 - It can now handle read-only files. - it is somewhat more explicit regarding what it's doing in some circumstances. For example, it now informs the user when no changes are made. - It now accepts two parameters: `-unattended` and `-log` - Minor improvements here and there. --- updater.bat | 77 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 59 insertions(+), 18 deletions(-) diff --git a/updater.bat b/updater.bat index 1dcfcd0..234e388 100644 --- a/updater.bat +++ b/updater.bat @@ -3,13 +3,23 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 1.0 +REM ## version: 2.0 SETLOCAL EnableDelayedExpansion +SET "_ua=" +SET "_log=" +:parse +IF "%~1"=="" GOTO endparse +IF "%~1"=="-unattended" SET "_ua=true" +IF "%~1"=="-log" SET "_log=true" +SHIFT +GOTO parse +:endparse SET "_name=" SET "_date=" SET "_version=" SET /A "_line=0" +ECHO. IF EXIST user.js ( FOR /F "delims=" %%i IN (user.js) DO ( IF !_line! EQU 1 SET "_name=%%i" @@ -18,7 +28,7 @@ IF EXIST user.js ( SET /A "_line+=1" IF !_line! GEQ 4 GOTO break ) - :break: + :break IF !_line! GEQ 4 ( IF "ghacks"=="!_name:~8,6!" ( FOR /F "delims=:" %%G IN ("!_version!") DO SET "_version=%%G" @@ -26,15 +36,30 @@ IF EXIST user.js ( SET "_date=!_date:~8!" ECHO ghacks user.js !_version!, !_date! ) ELSE ( ECHO Current user.js version not recognised. ) - ) -) ELSE ( ECHO user.js not found. ) + ) ELSE ( ECHO Current user.js version not recognised. ) +) ELSE ( ECHO user.js not detected in the current directory. ) ECHO. -ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. -ECHO. -CHOICE /M "Continue" -IF ERRORLEVEL 2 GOTO end +IF NOT "%_ua%"=="true" ( + ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. + ECHO. + REM Visit the wiki for more detailed information. + REM ECHO. + CHOICE /M "Continue" + IF ERRORLEVEL 2 GOTO end +) CLS ECHO. +IF "%_log%"=="true" ( + CALL :log >>user.js-update-log.txt + EXIT /B +) +:log +IF "%_log%"=="true" ( + ECHO ################################################################## + ECHO. + ECHO %date%, %time% + ECHO. +) IF EXIST user.js ( IF EXIST user.js.bak REN user.js.bak user.js.old.bak REN user.js user.js.bak @@ -46,23 +71,39 @@ powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com ECHO. IF EXIST user.js ( IF EXIST "user-overrides.js" ( - COPY /b user.js+"user-overrides.js" "temp.js" - DEL user.js - REN temp.js user.js + ECHO Appending user-overrides.js... + ECHO. + COPY /B /V /Y user.js+"user-overrides.js" "tempuserjs" + DEL /F user.js + REN tempuserjs user.js + ECHO. ) - FC user.js.bak user.js >nul && DEL user.js.bak || IF EXIST user.js.old.bak DEL user.js.old.bak - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak - CLS + ECHO Handling backups... + SET "changed=" + IF EXIST user.js.bak ( FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" ) ECHO. - ECHO Successfully updated! ECHO. - TIMEOUT 10 + IF "!changed!"=="true" ( + IF EXIST user.js.old.bak DEL /F user.js.old.bak + ECHO Update complete. + ) ELSE ( + IF "!changed!"=="false" ( + DEL /F user.js.bak + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + ECHO Update completed without changes. + ) ELSE ECHO Update complete. + ) + ECHO. ) ELSE ( IF EXIST user.js.bak REN user.js.bak user.js IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak ECHO. ECHO Update failed. Make sure PowerShell is allowed internet access. ECHO. - PAUSE + ECHO No changes were made. + ECHO. +) +:end +IF NOT "%_log%"=="true" ( + IF NOT "%_ua%"=="true" PAUSE ) -:end: From efcaa3de8a04aeade9d4bd0fa1167f5bc0cda267 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 19 Nov 2017 17:41:19 +0000 Subject: [PATCH 0444/1961] Just some polishing --- updater.bat | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/updater.bat b/updater.bat index 234e388..1b54410 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 2.0 +REM ## version: 2.1 SETLOCAL EnableDelayedExpansion SET "_ua=" @@ -42,7 +42,7 @@ ECHO. IF NOT "%_ua%"=="true" ( ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. ECHO. - REM Visit the wiki for more detailed information. + REM ECHO Visit the wiki for more detailed information. REM ECHO. CHOICE /M "Continue" IF ERRORLEVEL 2 GOTO end @@ -50,11 +50,9 @@ IF NOT "%_ua%"=="true" ( CLS ECHO. IF "%_log%"=="true" ( - CALL :log >>user.js-update-log.txt + CALL :log >>user.js-update-log.txt 2>&1 EXIT /B -) -:log -IF "%_log%"=="true" ( + :log ECHO ################################################################## ECHO. ECHO %date%, %time% @@ -67,7 +65,7 @@ IF EXIST user.js ( ECHO. ) ECHO Retrieving latest user.js file from ghacks github repository... -powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" +powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" >nul ECHO. IF EXIST user.js ( IF EXIST "user-overrides.js" ( @@ -103,7 +101,7 @@ IF EXIST user.js ( ECHO No changes were made. ECHO. ) -:end IF NOT "%_log%"=="true" ( - IF NOT "%_ua%"=="true" PAUSE + IF NOT "%_ua%"=="true" PAUSE ) +:end From 69c278c3bad2076b85e5b5e19a1efd0823a7a0c8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 11:26:03 +0100 Subject: [PATCH 0445/1961] 2630: accessibility.force_disabled => 1 Prevent accessibility services from accessing your browser --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 8fb0e98..4e85fd4 100644 --- a/user.js +++ b/user.js @@ -1347,6 +1347,10 @@ user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type (FF42+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/ user_pref("network.jar.block-remote-files", true); +/* 2630: prevent accessibility services from accessing your browser + * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser + * [1] https://support.mozilla.org/kb/accessibility-services ***/ +user_pref("accessibility.force_disabled", 1); /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. From 59ae0b1028d0fce03194c83a76db419fa5c3d0ac Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 13:11:55 +0100 Subject: [PATCH 0446/1961] 2706: *.storageManager.enabled;false => inactive Controls the visibility of the "Options>Privacy & Security>Site Data" section. I'd prefer to remove this completely because it only adds to the confusion about all the different storage types. This is just an extension for localStorage (2705) with 3 methods: estimate(), persist() and persisted(). A site can ask for permission (?) to persist data which when granted basically just means that "Storage will not be cleared except by explicit user action" whereas otherwise when not persisted "Storage may be cleared by the UA under storage pressure." - I don't see a problem with that. We'll keep 2706 inactive for now but might remove it in a future commit. --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4e85fd4..2e3d98f 100644 --- a/user.js +++ b/user.js @@ -1449,8 +1449,8 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ -user_pref("dom.storageManager.enabled", false); // (FF51+) -user_pref("browser.storageManager.enabled", false); // (FF53+) + // user_pref("dom.storageManager.enabled", false); // (FF51+) + // user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local From 89e0aed652e5ef13bd0c1ed4f78c4afb0cb79dee Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 13:49:19 +0100 Subject: [PATCH 0447/1961] 4600: redundant prefs due to RFP --- user.js | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/user.js b/user.js index 2e3d98f..0137a78 100644 --- a/user.js +++ b/user.js @@ -1203,23 +1203,12 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://wiki.mozilla.org/Media/getUserMedia * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); -/* 2506: disable video statistics - JS performance fingerprinting (FF25+) - * [1] https://trac.torproject.org/projects/tor/ticket/15757 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/ -user_pref("media.video_stats.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); -/* 2509: disable touch events - * fingerprinting attack vector - leaks screen res & actual screen coordinates - * 0=disabled, 1=enabled, 2=autodetect - * [WARNING] [SETUP] Optional protection depending on your device - * [1] https://developer.mozilla.org/docs/Web/API/Touch_events - * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/ - // user_pref("dom.w3c_touch_events.enabled", 0); /* 2510: disable Web Audio API (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); @@ -1569,8 +1558,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+) - ** 1369309 - spoof media statistics (see 2506) (FF57+) - ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) + ** 1369309 - spoof media statistics (see 4610) (FF57+) + ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ** 1382545 - reduce fingerprinting in Animation API (FF57+) ** 1354633 - limit MediaError.message to a whitelist (FF57+) @@ -1648,6 +1637,19 @@ user_pref("media.webspeech.synth.enabled", false); // [1] https://www.mozilla.org/firefox/geolocation/ user_pref("geo.enabled", false); // * * * / +// FF57+ +// 4610: [2506] disable video statistics - JS performance fingerprinting (FF25+) + // [1] https://trac.torproject.org/projects/tor/ticket/15757 + // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 +user_pref("media.video_stats.enabled", false); +// 4611: [2509] disable touch events + // fingerprinting attack vector - leaks screen res & actual screen coordinates + // 0=disabled, 1=enabled, 2=autodetect + // [WARNING] [SETUP] Optional protection depending on your device + // [1] https://developer.mozilla.org/docs/Web/API/Touch_events + // [2] https://trac.torproject.org/projects/tor/ticket/10286 + // user_pref("dom.w3c_touch_events.enabled", 0); +// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 5743fe303cc5b12cf3e18e368ef3fec7b06ef274 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 13:55:02 +0100 Subject: [PATCH 0448/1961] 57 release --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0137a78..9451e64 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 30 October 2017 -* version 57-beta: I Love Rock 'n' Pants +* date: 20 November 2017 +* version 57: I Love Rock 'n' Pants * "Singing, I love rock and pants. So put another dime in the jukebox, baby" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From e1e40847e0aa487b2395e3e9468c96bec3fb59a3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 14:01:57 +0100 Subject: [PATCH 0449/1961] ooops, that's not how Pants usually does it nobody saw that, right? --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9451e64..0137a78 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 20 November 2017 -* version 57: I Love Rock 'n' Pants +* date: 30 October 2017 +* version 57-beta: I Love Rock 'n' Pants * "Singing, I love rock and pants. So put another dime in the jukebox, baby" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 63b924f10194bf6b1cc3af8e413e1fbaf82ad9d9 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 20 Nov 2017 15:35:52 +0100 Subject: [PATCH 0450/1961] Create ghacks-clear-57-[changes-only].js https://github.com/ghacksuserjs/ghacks-user.js/issues/276 https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-%5BScratchpad%5D --- .../ghacks-clear-57-[changes-only].js | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-57-[changes-only].js diff --git a/scratchpad-scripts/ghacks-clear-57-[changes-only].js b/scratchpad-scripts/ghacks-clear-57-[changes-only].js new file mode 100644 index 0000000..358fb9f --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-57-[changes-only].js @@ -0,0 +1,54 @@ + +(function() { + let ops = [ + '_user.js.parrot', + /* --- 57-alpha --- */ + /* commented out */ + 'browser.storageManager.enabled', + 'dom.storageManager.enabled', + /* removed from the user.js */ + 'browser.search.geoip.timeout', + 'geo.wifi.xhr.timeout', + 'gfx.layerscope.enabled', + 'media.webspeech.recognition.enable', + /* moved to RFP ALTERNATIVES */ + 'dom.w3c_touch_events.enabled', + 'media.video_stats.enabled', + /* moved to DEPRECATED/REMOVED */ + 'browser.bookmarks.showRecentlyBookmarked', + 'browser.casting.enabled', + 'devtools.webide.autoinstallFxdtAdapters', + 'media.eme.chromium-api.enabled', + 'social.directories', + 'social.enabled', + 'social.remote-install.enabled', + 'social.share.activationPanelEnabled', + 'social.shareDirectory', + 'social.toast-notifications.enabled', + 'social.whitelist' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 497f6ed58cede3e92bf5130e0f61439c5f0bf5f1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 15:33:07 +1300 Subject: [PATCH 0451/1961] 0103: home page #277 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 0137a78..0ebf6f1 100644 --- a/user.js +++ b/user.js @@ -73,9 +73,10 @@ user_pref("startup.homepage_override_url", ""); // what's new page after updates user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) - * home = browser.startup.homepage preference. * [SETTING] Options>General>Startup>When Firefox starts ***/ // user_pref("browser.startup.page", 0); +/* 0103: set your "home" page (see 0102) ***/ + // user_pref("browser.startup.homepage preference". "https://www.example.com/"); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); From 18048832da64bab0d1f7e8f88111acda663b8fd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 16:12:29 +1300 Subject: [PATCH 0452/1961] various => 2700 section #235 section 2700 will get a revamp, so not worried about numbering for now. Slight header tweak until we revamp --- user.js | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/user.js b/user.js index 0ebf6f1..4e1f0e7 100644 --- a/user.js +++ b/user.js @@ -584,8 +584,6 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); // user_pref("browser.cache.memory.capacity", 0); // (hidden pref) -/* 1004: disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); /* 1005: disable fastback cache * To improve performance when pressing back/forward Firefox stores visited pages * so they don't have to be re-parsed. This is not the same as memory cache. @@ -1141,11 +1139,6 @@ user_pref("dom.event.clipboardevents.enabled", false); * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) -/* 2404: disable JS storing data permanently [SETUP] - * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions - * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 - * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ - // user_pref("dom.indexedDB.enabled", false); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); /* 2415: set max popups from a single non-click event - default is 20! ***/ @@ -1180,18 +1173,6 @@ user_pref("javascript.options.wasm", false); * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); -/* 2450a: enforce websites to ask to store data for offline use - * [1] https://support.mozilla.org/questions/1098540 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ -user_pref("offline-apps.allow_by_default", false); -/* 2450b: display a notification when websites ask to store data for offline use - * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... - * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ -user_pref("browser.offline-apps.notify", true); -/* 2450c: set size of warning quota for offline cache (default 51200) - * Offline cache is only used in rare cases to store data locally. FF will store small amounts - * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ - // user_pref("offline-apps.quota.warn", 51200); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); @@ -1406,7 +1387,10 @@ user_pref("security.csp.experimentalEnabled", true); * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/*** 2700: COOKIES & DOM STORAGE ***/ +/*** 2700: PERSISTENT STORAGE + Data SET by websites including: cookies, localStorage (also known as DOM Storage), + IndexedDB (also known as Offsite Website Data) +***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension @@ -1450,6 +1434,25 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); +/* 2710: disable JS storing data permanently [SETUP] + * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions + * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 + * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ + // user_pref("dom.indexedDB.enabled", false); +/* 2720: disable offline cache ***/ +user_pref("browser.cache.offline.enable", false); +/* 2421: enforce websites to ask to store data for offline use + * [1] https://support.mozilla.org/questions/1098540 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ +user_pref("offline-apps.allow_by_default", false); +/* 2422: display a notification when websites ask to store data for offline use + * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... + * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ +user_pref("browser.offline-apps.notify", true); +/* 2423: set size of warning quota for offline cache (default 51200) + * Offline cache is only used in rare cases to store data locally. FF will store small amounts + * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ + // user_pref("offline-apps.quota.warn", 51200); /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From 44316934f3de6d6b73ba25a128aaa8b8c856b33c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 16:47:12 +1300 Subject: [PATCH 0453/1961] release date & version fixup You had it right the first time earthlng. Eg Start commits for 55-beta date shown is 9-July. 55-alpha release is dated 18-Aug and we drop the "-beta" part (look inside the release downloads). Start commits for 56-beta date shown is 12-Sept. 56-alpha release is dated 2-Oct and we drop the "-beta" part. And because you created the 57-alpha release before you reversed the date+version, that too is all good. --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4e1f0e7..944963b 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 30 October 2017 -* version 57-beta: I Love Rock 'n' Pants +* date: 20 November 2017 +* version 57: I Love Rock 'n' Pants * "Singing, I love rock and pants. So put another dime in the jukebox, baby" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From a281090cdca85614f9a37f3981215e1fb691044c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 17:30:53 +1300 Subject: [PATCH 0454/1961] Delete test.js --- scratchpad-scripts/test.js | 1 - 1 file changed, 1 deletion(-) delete mode 100644 scratchpad-scripts/test.js diff --git a/scratchpad-scripts/test.js b/scratchpad-scripts/test.js deleted file mode 100644 index a6b9b7e..0000000 --- a/scratchpad-scripts/test.js +++ /dev/null @@ -1 +0,0 @@ -// boo! From 98bb8ad20364084cf9c1f4c3cea8d27bc5f7a854 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 17:33:32 +1300 Subject: [PATCH 0455/1961] Update ghacks-clear-57-[changes-only].js --- scratchpad-scripts/ghacks-clear-57-[changes-only].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-57-[changes-only].js b/scratchpad-scripts/ghacks-clear-57-[changes-only].js index 358fb9f..08ee19c 100644 --- a/scratchpad-scripts/ghacks-clear-57-[changes-only].js +++ b/scratchpad-scripts/ghacks-clear-57-[changes-only].js @@ -1,3 +1,4 @@ +/* see https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] */ (function() { let ops = [ From d279839ba657ac3ff8bf91fd8b7e8d4adf475133 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 22:11:49 +1300 Subject: [PATCH 0456/1961] 0103: fixup - thanks Forsaked --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 944963b..0716744 100644 --- a/user.js +++ b/user.js @@ -76,7 +76,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); * [SETTING] Options>General>Startup>When Firefox starts ***/ // user_pref("browser.startup.page", 0); /* 0103: set your "home" page (see 0102) ***/ - // user_pref("browser.startup.homepage preference". "https://www.example.com/"); + // user_pref("browser.startup.homepage". "https://www.example.com/"); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); From 2bf9e6a773a542a84886022553f99483e283a295 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 22:14:28 +1300 Subject: [PATCH 0457/1961] 0103: fixup lets try that again --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0716744..8c88489 100644 --- a/user.js +++ b/user.js @@ -76,7 +76,7 @@ user_pref("browser.shell.checkDefaultBrowser", false); * [SETTING] Options>General>Startup>When Firefox starts ***/ // user_pref("browser.startup.page", 0); /* 0103: set your "home" page (see 0102) ***/ - // user_pref("browser.startup.homepage". "https://www.example.com/"); + // user_pref("browser.startup.homepage", "https://www.example.com/"); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); From 910d4e2e5975ebfbd494f64ebee09327ab8dff33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Nov 2017 23:35:14 +1300 Subject: [PATCH 0458/1961] 2700s: numbers fixup stop overworking me guys! crssi - thanks! --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 8c88489..7d1827a 100644 --- a/user.js +++ b/user.js @@ -1441,15 +1441,15 @@ user_pref("network.cookie.leave-secure-alone", true); // user_pref("dom.indexedDB.enabled", false); /* 2720: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -/* 2421: enforce websites to ask to store data for offline use +/* 2721: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2422: display a notification when websites ask to store data for offline use +/* 2722: display a notification when websites ask to store data for offline use * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); -/* 2423: set size of warning quota for offline cache (default 51200) +/* 2723: set size of warning quota for offline cache (default 51200) * Offline cache is only used in rare cases to store data locally. FF will store small amounts * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ // user_pref("offline-apps.quota.warn", 51200); From 2c1e4ae542f76ce47f22422fbcd75078502d222d Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 25 Nov 2017 14:31:17 +0100 Subject: [PATCH 0459/1961] updater.sh - next attempt ... at fixing the script path detection. should hopefully fix https://github.com/ghacksuserjs/ghacks-user.js/issues/264#issuecomment-346891526 --- updater.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index ca8ee93..d8709dc 100644 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ### ghacks-user.js updater for Mac/Linux ## author: @overdodactyl -## version: 1.1 +## version: 1.2 ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" @@ -10,8 +10,8 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n" currdir=$(pwd) -## get the full path of this script (greadlink for Mac, readlink for Linux) -scriptfullpath=$(greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null || readlink -f "${BASH_SOURCE[0]}") +## get the full path of this script (readlink for Linux) +scriptfullpath=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || "${BASH_SOURCE[0]}") ## change directory to the Firefox profile directory cd "$(dirname "${scriptfullpath}")" From 41a55ad5f2a4e29a36754d7d35588e30cb52a85e Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 25 Nov 2017 14:37:25 +0100 Subject: [PATCH 0460/1961] Update updater.sh --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index d8709dc..9b32157 100644 --- a/updater.sh +++ b/updater.sh @@ -10,8 +10,8 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n" currdir=$(pwd) -## get the full path of this script (readlink for Linux) -scriptfullpath=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || "${BASH_SOURCE[0]}") +## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed, fallback otherwise) +scriptfullpath=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null || "${BASH_SOURCE[0]}") ## change directory to the Firefox profile directory cd "$(dirname "${scriptfullpath}")" From 82d20c328d53dba5495017b46fefbc00c205d966 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 Nov 2017 03:23:35 +1300 Subject: [PATCH 0461/1961] 4000: PSA on FPI #281 --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index 7d1827a..1dc6401 100644 --- a/user.js +++ b/user.js @@ -1519,6 +1519,11 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1337893 - isolate DNS cache (FF55+) ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data:, about: URLs (FF55+) + + NOTE: FPI has some unresolved issues + ** 1381197 - extensions cannot control cookies with FPI Origin Attributes + ** 1418931 - IndexedDB (Offline Website Data) with FPI Origin Attributes + are not removed with "Clear All/Recent History" or "On Close" ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) From 679ca592334e2e50247b9a8c50083d790ec6682b Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 25 Nov 2017 18:56:49 +0100 Subject: [PATCH 0462/1961] Update updater.sh --- updater.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index 9b32157..d9548ea 100644 --- a/updater.sh +++ b/updater.sh @@ -10,11 +10,14 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n" currdir=$(pwd) -## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed, fallback otherwise) -scriptfullpath=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null || "${BASH_SOURCE[0]}") +## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) +sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) + +## fallback for Macs without coreutils +if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi ## change directory to the Firefox profile directory -cd "$(dirname "${scriptfullpath}")" +cd "$(dirname "${sfp}")" echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n" From a269e53f88a27118bd49aacf89c19dbbba71b253 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 26 Nov 2017 15:57:32 +0100 Subject: [PATCH 0463/1961] Update updater.bat - multioverrides support - formatting changes --- updater.bat | 140 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 97 insertions(+), 43 deletions(-) diff --git a/updater.bat b/updater.bat index 1b54410..3b48394 100644 --- a/updater.bat +++ b/updater.bat @@ -3,54 +3,74 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 2.1 +REM ## version: 2.2 +SET _myname=%~n0 +SET _myparams=%* SETLOCAL EnableDelayedExpansion -SET "_ua=" -SET "_log=" :parse -IF "%~1"=="" GOTO endparse -IF "%~1"=="-unattended" SET "_ua=true" -IF "%~1"=="-log" SET "_log=true" +IF "%~1"=="" ( + GOTO endparse +) +IF /I "%~1"=="-unattended" ( + SET _ua=1 +) +IF /I "%~1"=="-log" ( + SET _log=1 +) +IF /I "%~1"=="-multioverrides" ( + SET _multi=1 +) SHIFT GOTO parse :endparse -SET "_name=" -SET "_date=" -SET "_version=" +ECHO. SET /A "_line=0" -ECHO. -IF EXIST user.js ( - FOR /F "delims=" %%i IN (user.js) DO ( - IF !_line! EQU 1 SET "_name=%%i" - IF !_line! EQU 2 SET "_date=%%i" - IF !_line! EQU 3 SET "_version=%%i" +IF NOT EXIST user.js ( + ECHO user.js not detected in the current directory. +) ELSE ( + FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( SET /A "_line+=1" - IF !_line! GEQ 4 GOTO break + IF !_line! GEQ 4 ( + GOTO exitloop + ) + IF !_line! EQU 1 ( + SET _name=%%H + ) + IF !_line! EQU 2 ( + SET _date=%%H + ) + IF !_line! EQU 3 ( + SET _version=%%G + ) ) - :break + :exitloop IF !_line! GEQ 4 ( - IF "ghacks"=="!_name:~8,6!" ( - FOR /F "delims=:" %%G IN ("!_version!") DO SET "_version=%%G" - SET "_version=!_version:~2!" - SET "_date=!_date:~8!" - ECHO ghacks user.js !_version!, !_date! - ) ELSE ( ECHO Current user.js version not recognised. ) - ) ELSE ( ECHO Current user.js version not recognised. ) -) ELSE ( ECHO user.js not detected in the current directory. ) + IF /I NOT "!_name!"=="!_name:ghacks=X!" ( + ECHO ghacks user.js !_version:~2!,!_date! + ) ELSE ( + ECHO Current user.js version not recognised. + ) + ) ELSE ( + ECHO Current user.js version not recognised. + ) +) ECHO. -IF NOT "%_ua%"=="true" ( +IF NOT DEFINED _ua ( + ECHO. ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. ECHO. REM ECHO Visit the wiki for more detailed information. REM ECHO. CHOICE /M "Continue" - IF ERRORLEVEL 2 GOTO end + IF ERRORLEVEL 2 ( + GOTO end + ) ) CLS ECHO. -IF "%_log%"=="true" ( - CALL :log >>user.js-update-log.txt 2>&1 +IF DEFINED _log ( + CALL :log >>user.js-update-log.txt 2>&1 EXIT /B :log ECHO ################################################################## @@ -59,49 +79,83 @@ IF "%_log%"=="true" ( ECHO. ) IF EXIST user.js ( - IF EXIST user.js.bak REN user.js.bak user.js.old.bak + IF EXIST user.js.bak ( + REN user.js.bak user.js.old.bak + ) REN user.js user.js.bak ECHO Current user.js file backed up. ECHO. ) -ECHO Retrieving latest user.js file from ghacks github repository... +ECHO Retrieving latest user.js file from github repository... powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" >nul ECHO. IF EXIST user.js ( - IF EXIST "user-overrides.js" ( - ECHO Appending user-overrides.js... + IF DEFINED _multi ( + ECHO Multiple overrides enabled. List of files found: + FORFILES /P user.js-overrides /M *.js + IF %ERRORLEVEL% EQU 0 ( + IF DEFINED _merge ( + ECHO. + ECHO Merging not supported yet... + ECHO. + ) ELSE ( + ECHO. + ECHO Appending... + ECHO. + COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js + ) + ) ECHO. - COPY /B /V /Y user.js+"user-overrides.js" "tempuserjs" - DEL /F user.js - REN tempuserjs user.js + ) ELSE ( + IF EXIST "user-overrides.js" ( + IF DEFINED _merge ( + ECHO Merging user-overrides.js not supported yet... + ) ELSE ( + ECHO Appending user-overrides.js... + ECHO. + COPY /B /V /Y user.js+"user-overrides.js" "user.js" + ) + ) ELSE ( + ECHO user-overrides.js not found. + ) ECHO. ) ECHO Handling backups... SET "changed=" - IF EXIST user.js.bak ( FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" ) + IF EXIST user.js.bak ( + FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" + ) ECHO. ECHO. IF "!changed!"=="true" ( - IF EXIST user.js.old.bak DEL /F user.js.old.bak + IF EXIST user.js.old.bak ( + DEL /F user.js.old.bak + ) ECHO Update complete. ) ELSE ( IF "!changed!"=="false" ( DEL /F user.js.bak IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak ECHO Update completed without changes. - ) ELSE ECHO Update complete. + ) ELSE ( + ECHO Update complete. + ) ) ECHO. ) ELSE ( - IF EXIST user.js.bak REN user.js.bak user.js - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + IF EXIST user.js.bak ( + REN user.js.bak user.js + ) + IF EXIST user.js.old.bak ( + REN user.js.old.bak user.js.bak + ) ECHO. ECHO Update failed. Make sure PowerShell is allowed internet access. ECHO. ECHO No changes were made. ECHO. ) -IF NOT "%_log%"=="true" ( - IF NOT "%_ua%"=="true" PAUSE +IF NOT DEFINED _log ( + IF NOT DEFINED _ua PAUSE ) :end From 3ec7dae4960a41eb77e27d462a152b847b8ba05f Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 26 Nov 2017 21:47:30 +0100 Subject: [PATCH 0464/1961] Update updater.bat merge functionality and some cleanup --- updater.bat | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 64 insertions(+), 3 deletions(-) diff --git a/updater.bat b/updater.bat index 3b48394..57f72ba 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 2.2 +REM ## version: 3.0-alpha57 SET _myname=%~n0 SET _myparams=%* @@ -18,9 +18,20 @@ IF /I "%~1"=="-unattended" ( IF /I "%~1"=="-log" ( SET _log=1 ) +IF /I "%~1"=="-logp" ( + SET _log=1 + SET _logp=1 +) IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) +IF /I "%~1"=="-merge" ( + SET _merge=1 +) +REM case-sensitive check because we need to strip it from params +IF "%~1"=="-updatebatch" ( + SET _updateb=1 +) SHIFT GOTO parse :endparse @@ -96,8 +107,15 @@ IF EXIST user.js ( IF %ERRORLEVEL% EQU 0 ( IF DEFINED _merge ( ECHO. - ECHO Merging not supported yet... + ECHO Merging... ECHO. + DEL /F user-overrides-merged.js temp2 temp3 2>nul + COPY /B /V /Y user.js-overrides\*.js user-overrides + CALL :mergeprefs user-overrides user-overrides-merged.js + COPY /B /V /Y user.js+user-overrides-merged.js temp2 + CALL :mergeprefs temp2 temp3 + DEL /F temp2 2>nul + MOVE /Y temp3 user.js ) ELSE ( ECHO. ECHO Appending... @@ -109,7 +127,12 @@ IF EXIST user.js ( ) ELSE ( IF EXIST "user-overrides.js" ( IF DEFINED _merge ( - ECHO Merging user-overrides.js not supported yet... + ECHO Merging user-overrides.js... + DEL /F temp2 temp3 2>nul + COPY /B /V /Y user.js+user-overrides.js temp2 + CALL :mergeprefs temp2 temp3 + DEL /F temp2 2>nul + MOVE /Y temp3 user.js ) ELSE ( ECHO Appending user-overrides.js... ECHO. @@ -159,3 +182,41 @@ IF NOT DEFINED _log ( IF NOT DEFINED _ua PAUSE ) :end +IF DEFINED _logp ( + START user.js-update-log.txt +) +EXIT /B + +REM Function section starts below here + +:mergeprefs +FOR /F "tokens=* delims=" %%G IN (%~1) DO ( + SET _pref=%%G + SET "_temp=!_pref: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + FOR /F "delims=," %%S IN ("!_pref!") DO ( + SET _pref=%%S + ) + SET _pref=!_pref:"=""! + FIND /I "!_pref!" %~2 >nul 2>&1 + IF ERRORLEVEL 1 ( + FIND /I "!_pref!" %~1 >temp123 + FOR /F "tokens=* delims=" %%X IN (temp123) DO ( + SET _temp=%%X + SET "_temp=!_temp: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + SET _pref=%%X + ) + ) + ECHO !_pref!>>%~2 + ) + ) ELSE ( + ECHO !_pref!>>%~2 + ) +) +DEL /F temp123 2>nul +REM DEL /F %~1 2>nul +GOTO EOF +REM end of mergeprefs + +:EOF From 3b95e04b568acf05dfdf784832291cbe75445be0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 27 Nov 2017 10:14:55 +1300 Subject: [PATCH 0465/1961] 2700: header info --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 1dc6401..172b6aa 100644 --- a/user.js +++ b/user.js @@ -1388,8 +1388,11 @@ user_pref("security.csp.experimentalEnabled", true); user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); /*** 2700: PERSISTENT STORAGE - Data SET by websites including: cookies, localStorage (also known as DOM Storage), - IndexedDB (also known as Offsite Website Data) + Data SET by websites including + - cookies: profile\cookies.sqlite + - localStorage (also known as DOM Storage): profile\webappsstore.sqlite + - IndexedDB (also known as Offsite Website Data): profile\storage\default + - AppCache: profile\OfflineCache ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] From 76b24fa6aa666b41dcb3f33584b3e561ee5dab19 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 27 Nov 2017 10:22:55 +1300 Subject: [PATCH 0466/1961] 2700: header formatting --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 172b6aa..3affa6a 100644 --- a/user.js +++ b/user.js @@ -1389,10 +1389,10 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); /*** 2700: PERSISTENT STORAGE Data SET by websites including - - cookies: profile\cookies.sqlite - - localStorage (also known as DOM Storage): profile\webappsstore.sqlite - - IndexedDB (also known as Offsite Website Data): profile\storage\default - - AppCache: profile\OfflineCache + cookies : profile\cookies.sqlite + localStorage : profile\webappsstore.sqlite (also known as DOM Storage) + IndexedDB : profile\storage\default (also known as Offsite Website Data) + AppCache : profile\OfflineCache ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] From 1c997693ffef7d4e3610fa6e0038b113409e6e63 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 27 Nov 2017 14:02:12 +0100 Subject: [PATCH 0467/1961] merging improvements - keeps all user.js.parrot lines intact - keeps empty lines intact - fix for keeping `!` and `^` in non-"user_pref" lines intact + some other minor changes + streamlining --- updater.bat | 94 ++++++++++++++++++++++++----------------------------- 1 file changed, 42 insertions(+), 52 deletions(-) diff --git a/updater.bat b/updater.bat index 57f72ba..d99e552 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.0-alpha57 +REM ## version: 3.0-alpha92 SET _myname=%~n0 SET _myparams=%* @@ -74,14 +74,15 @@ IF NOT DEFINED _ua ( REM ECHO Visit the wiki for more detailed information. REM ECHO. CHOICE /M "Continue" - IF ERRORLEVEL 2 ( - GOTO end - ) + IF ERRORLEVEL 2 EXIT /B ) CLS ECHO. IF DEFINED _log ( CALL :log >>user.js-update-log.txt 2>&1 + IF DEFINED _logp ( + START user.js-update-log.txt + ) EXIT /B :log ECHO ################################################################## @@ -90,9 +91,7 @@ IF DEFINED _log ( ECHO. ) IF EXIST user.js ( - IF EXIST user.js.bak ( - REN user.js.bak user.js.old.bak - ) + IF EXIST user.js.bak REN user.js.bak user.js.old.bak REN user.js user.js.bak ECHO Current user.js file backed up. ECHO. @@ -109,13 +108,10 @@ IF EXIST user.js ( ECHO. ECHO Merging... ECHO. - DEL /F user-overrides-merged.js temp2 temp3 2>nul COPY /B /V /Y user.js-overrides\*.js user-overrides - CALL :mergeprefs user-overrides user-overrides-merged.js + CALL :merge user-overrides user-overrides-merged.js COPY /B /V /Y user.js+user-overrides-merged.js temp2 - CALL :mergeprefs temp2 temp3 - DEL /F temp2 2>nul - MOVE /Y temp3 user.js + CALL :merge temp2 user.js ) ELSE ( ECHO. ECHO Appending... @@ -128,11 +124,8 @@ IF EXIST user.js ( IF EXIST "user-overrides.js" ( IF DEFINED _merge ( ECHO Merging user-overrides.js... - DEL /F temp2 temp3 2>nul COPY /B /V /Y user.js+user-overrides.js temp2 - CALL :mergeprefs temp2 temp3 - DEL /F temp2 2>nul - MOVE /Y temp3 user.js + CALL :merge temp2 user.js ) ELSE ( ECHO Appending user-overrides.js... ECHO. @@ -151,9 +144,7 @@ IF EXIST user.js ( ECHO. ECHO. IF "!changed!"=="true" ( - IF EXIST user.js.old.bak ( - DEL /F user.js.old.bak - ) + IF EXIST user.js.old.bak DEL /F user.js.old.bak ECHO Update complete. ) ELSE ( IF "!changed!"=="false" ( @@ -166,12 +157,8 @@ IF EXIST user.js ( ) ECHO. ) ELSE ( - IF EXIST user.js.bak ( - REN user.js.bak user.js - ) - IF EXIST user.js.old.bak ( - REN user.js.old.bak user.js.bak - ) + IF EXIST user.js.bak REN user.js.bak user.js + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak ECHO. ECHO Update failed. Make sure PowerShell is allowed internet access. ECHO. @@ -181,42 +168,45 @@ IF EXIST user.js ( IF NOT DEFINED _log ( IF NOT DEFINED _ua PAUSE ) -:end -IF DEFINED _logp ( - START user.js-update-log.txt -) EXIT /B -REM Function section starts below here - -:mergeprefs -FOR /F "tokens=* delims=" %%G IN (%~1) DO ( - SET _pref=%%G +REM ###### Merge function ###### +:merge +DEL /F %2 2>nul +SETLOCAL disabledelayedexpansion +FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + SET "_pref=%%H" + SETLOCAL enabledelayedexpansion SET "_temp=!_pref: =!" IF /I "user_pref"=="!_temp:~0,9!" ( - FOR /F "delims=," %%S IN ("!_pref!") DO ( - SET _pref=%%S - ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" %~2 >nul 2>&1 - IF ERRORLEVEL 1 ( - FIND /I "!_pref!" %~1 >temp123 - FOR /F "tokens=* delims=" %%X IN (temp123) DO ( - SET _temp=%%X - SET "_temp=!_temp: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - SET _pref=%%X - ) + IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( + FOR /F "delims=," %%S IN ("!_pref!") DO ( + SET "_pref=%%S" ) - ECHO !_pref!>>%~2 + SET _pref=!_pref:"=""! + FIND /I "!_pref!" %~2 >nul 2>&1 + IF ERRORLEVEL 1 ( + FIND /I "!_pref!" %~1 >temp123 + FOR /F "tokens=* delims=" %%X IN (temp123) DO ( + SET "_temp=%%X" + SET "_temp=!_temp: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + SET "_pref=%%X" + ) + ) + ECHO(!_pref!>>%~2 + ) + ) ELSE ( + ECHO(!_pref!>>%~2 ) ) ELSE ( - ECHO !_pref!>>%~2 + ECHO(!_pref!>>%~2 ) + ENDLOCAL ) -DEL /F temp123 2>nul -REM DEL /F %~1 2>nul +ENDLOCAL +DEL /F %~1 temp123 >nul GOTO EOF -REM end of mergeprefs +REM ############################ :EOF From eba3470a81bd1c6c6fc5b22b1353824a056cb216 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 Nov 2017 13:32:49 +1300 Subject: [PATCH 0468/1961] 2700: header fiddling --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 3affa6a..546d863 100644 --- a/user.js +++ b/user.js @@ -1390,9 +1390,10 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); /*** 2700: PERSISTENT STORAGE Data SET by websites including cookies : profile\cookies.sqlite - localStorage : profile\webappsstore.sqlite (also known as DOM Storage) - IndexedDB : profile\storage\default (also known as Offsite Website Data) - AppCache : profile\OfflineCache + localStorage : profile\webappsstore.sqlite + indexedDB : profile\storage\default + appCache : profile\OfflineCache + serviceWorkers : see 2303 ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] From 0be33e2408eda922071fa63d6407aa31423d8803 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 Nov 2017 13:53:15 +1300 Subject: [PATCH 0469/1961] 4700: UA Spoof fix ref link --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 546d863..a33d58f 100644 --- a/user.js +++ b/user.js @@ -1676,7 +1676,7 @@ user_pref("media.video_stats.enabled", false); 2. You are not in a controlled set of significant numbers, where the values are enforced by default. It works for TBB because for TBB, the spoofed values ARE their default. * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) - which is already plugging leaks (see 2 above) the prefs below do not address + which is already plugging leaks (see 1 above) the prefs below do not address * Values below are for example only based on the current TBB at the time of writing ***/ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); From d3eda589bb4e4063aaeba848eb08e5d1fbcde7b2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Nov 2017 17:32:32 +0100 Subject: [PATCH 0470/1961] Update updater.bat --- updater.bat | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index d99e552..76de40d 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.0-alpha92 +REM ## version: 3.0 SET _myname=%~n0 SET _myparams=%* @@ -206,7 +206,5 @@ FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( ) ENDLOCAL DEL /F %~1 temp123 >nul -GOTO EOF +GOTO :EOF REM ############################ - -:EOF From 5b931b06e8167d092f5df059421fb221dd02a85e Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Nov 2017 17:34:14 +0100 Subject: [PATCH 0471/1961] updater.bat auto-update part --- updater.bat | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/updater.bat b/updater.bat index 76de40d..376d342 100644 --- a/updater.bat +++ b/updater.bat @@ -36,6 +36,30 @@ SHIFT GOTO parse :endparse ECHO. +IF DEFINED _updateb ( + ECHO Checking updater version... + ECHO. + DEL /F "!_myname!-updated.bat" 2>nul + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '!_myname!-updated.bat')" >nul + IF EXIST "!_myname!-updated.bat" ( + CLS + START CMD /C "!_myname!-updated.bat" !_myparams! + DEL /F "!_myname!.bat" 2>nul + EXIT /B + ) ELSE ( + ECHO Failed. Make sure PowerShell is allowed internet access. + ECHO. + PAUSE + EXIT /B + ) +) ELSE ( + IF NOT "!_myname!"=="!_myname:-updated=X!" ( + CALL :begin + REN "!_myname!.bat" "!_myname:-updated=!.bat" + EXIT /B + ) +) +:begin SET /A "_line=0" IF NOT EXIST user.js ( ECHO user.js not detected in the current directory. From ed4c9202b975ed27ca5713a35b3311b7af157221 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Nov 2017 18:15:14 +0100 Subject: [PATCH 0472/1961] updater.bat v3.0 the real deal hopefully :fingers_crossed: --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 376d342..8e2703c 100644 --- a/updater.bat +++ b/updater.bat @@ -43,7 +43,7 @@ IF DEFINED _updateb ( powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '!_myname!-updated.bat')" >nul IF EXIST "!_myname!-updated.bat" ( CLS - START CMD /C "!_myname!-updated.bat" !_myparams! + START CMD /C "!_myname!-updated.bat" !_myparams:-updatebatch=! DEL /F "!_myname!.bat" 2>nul EXIT /B ) ELSE ( From 51d98fac091434ff9db33fd87ffa102a7af07513 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Nov 2017 18:27:55 +0100 Subject: [PATCH 0473/1961] last attempt if this doesn't work I'll remove the damn -updatebatch part for good --- updater.bat | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 8e2703c..8a4993d 100644 --- a/updater.bat +++ b/updater.bat @@ -43,7 +43,8 @@ IF DEFINED _updateb ( powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '!_myname!-updated.bat')" >nul IF EXIST "!_myname!-updated.bat" ( CLS - START CMD /C "!_myname!-updated.bat" !_myparams:-updatebatch=! + SET "_myparams=!_myparams:-updatebatch=!" + START CMD /C "!_myname!-updated.bat" !_myparams! DEL /F "!_myname!.bat" 2>nul EXIT /B ) ELSE ( From a3895722439d6b81a10b9e15e52c167128906ec3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 28 Nov 2017 18:33:31 +0100 Subject: [PATCH 0474/1961] loops forever - fuck it --- updater.bat | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/updater.bat b/updater.bat index 8a4993d..18830da 100644 --- a/updater.bat +++ b/updater.bat @@ -28,39 +28,10 @@ IF /I "%~1"=="-multioverrides" ( IF /I "%~1"=="-merge" ( SET _merge=1 ) -REM case-sensitive check because we need to strip it from params -IF "%~1"=="-updatebatch" ( - SET _updateb=1 -) SHIFT GOTO parse :endparse ECHO. -IF DEFINED _updateb ( - ECHO Checking updater version... - ECHO. - DEL /F "!_myname!-updated.bat" 2>nul - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '!_myname!-updated.bat')" >nul - IF EXIST "!_myname!-updated.bat" ( - CLS - SET "_myparams=!_myparams:-updatebatch=!" - START CMD /C "!_myname!-updated.bat" !_myparams! - DEL /F "!_myname!.bat" 2>nul - EXIT /B - ) ELSE ( - ECHO Failed. Make sure PowerShell is allowed internet access. - ECHO. - PAUSE - EXIT /B - ) -) ELSE ( - IF NOT "!_myname!"=="!_myname:-updated=X!" ( - CALL :begin - REN "!_myname!.bat" "!_myname:-updated=!.bat" - EXIT /B - ) -) -:begin SET /A "_line=0" IF NOT EXIST user.js ( ECHO user.js not detected in the current directory. From 6ff3d1eb36e0e7fe7b2374d7903aaa8c3e6e58d2 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 28 Nov 2017 21:53:20 +0000 Subject: [PATCH 0475/1961] Fix for the self-update feature and misc Also minor but significant improvement to the merge function: it no longer writes temp files to the disk while processing data. --- updater.bat | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/updater.bat b/updater.bat index 18830da..12dae37 100644 --- a/updater.bat +++ b/updater.bat @@ -28,10 +28,40 @@ IF /I "%~1"=="-multioverrides" ( IF /I "%~1"=="-merge" ( SET _merge=1 ) +IF /I "%~1"=="-updatebatch" ( + SET _updateb=1 +) SHIFT GOTO parse :endparse ECHO. +IF DEFINED _updateb ( + IF NOT "!_myname:~0,9!"=="[updated]" ( + ECHO Checking updater version... + ECHO. + DEL /F "[updated]!_myname!.bat" 2>nul + REM Uncomment the next line and comment the powershell call for testing. + REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" >nul + IF EXIST "[updated]!_myname!.bat" ( + START CMD /C "[updated]!_myname!.bat" !_myparams! + EXIT /B + ) ELSE ( + ECHO Failed. Make sure PowerShell is allowed internet access. + ECHO. + PAUSE + EXIT /B + ) + ) ELSE ( + IF EXIST "!_myname:~9!.bat" ( + DEL /F "!_myname:~9!.bat" + CALL :begin + REN "!_myname!.bat" "!_myname:~9!.bat" + EXIT /B + ) + ) +) +:begin SET /A "_line=0" IF NOT EXIST user.js ( ECHO user.js not detected in the current directory. @@ -106,8 +136,8 @@ IF EXIST user.js ( ECHO. COPY /B /V /Y user.js-overrides\*.js user-overrides CALL :merge user-overrides user-overrides-merged.js - COPY /B /V /Y user.js+user-overrides-merged.js temp2 - CALL :merge temp2 user.js + COPY /B /V /Y user.js+user-overrides-merged.js updatertempfile + CALL :merge updatertempfile user.js ) ELSE ( ECHO. ECHO Appending... @@ -120,8 +150,8 @@ IF EXIST user.js ( IF EXIST "user-overrides.js" ( IF DEFINED _merge ( ECHO Merging user-overrides.js... - COPY /B /V /Y user.js+user-overrides.js temp2 - CALL :merge temp2 user.js + COPY /B /V /Y user.js+user-overrides.js updatertempfile + CALL :merge updatertempfile user.js ) ELSE ( ECHO Appending user-overrides.js... ECHO. @@ -182,8 +212,7 @@ FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( SET _pref=!_pref:"=""! FIND /I "!_pref!" %~2 >nul 2>&1 IF ERRORLEVEL 1 ( - FIND /I "!_pref!" %~1 >temp123 - FOR /F "tokens=* delims=" %%X IN (temp123) DO ( + FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( SET "_temp=%%X" SET "_temp=!_temp: =!" IF /I "user_pref"=="!_temp:~0,9!" ( @@ -201,6 +230,5 @@ FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( ENDLOCAL ) ENDLOCAL -DEL /F %~1 temp123 >nul GOTO :EOF REM ############################ From 44e129ea3d9f27ddccd697eb1955a1c85a1e1f4d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Nov 2017 13:32:48 +1300 Subject: [PATCH 0476/1961] 1830: ref for DRM / EME --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index a33d58f..7013663 100644 --- a/user.js +++ b/user.js @@ -986,7 +986,8 @@ user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback ( user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); -/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/ +/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] + * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" From 22695f464bf622700f49f26d1986d130259ac55a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Nov 2017 16:21:17 +1300 Subject: [PATCH 0477/1961] 2303->2700s serviceWorker cache #235 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 7013663..0ba2b0c 100644 --- a/user.js +++ b/user.js @@ -1112,8 +1112,6 @@ user_pref("dom.workers.enabled", false); * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); -/* 2303: disable service workers' cache and cache storage ***/ -user_pref("dom.caches.enabled", false); /* 2304: disable web notifications * [NOTE] You can still override individual domains under site permissions (FF44+) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ @@ -1394,7 +1392,7 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); localStorage : profile\webappsstore.sqlite indexedDB : profile\storage\default appCache : profile\OfflineCache - serviceWorkers : see 2303 + serviceWorkers : ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] @@ -1444,6 +1442,9 @@ user_pref("network.cookie.leave-secure-alone", true); * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); +/* 2715: disable service workers cache and cache storage + * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ +user_pref("dom.caches.enabled", false); /* 2720: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); /* 2721: enforce websites to ask to store data for offline use From bdf69cd19895a6fec858fbef86cddc3eb51ed128 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 04:33:02 +0000 Subject: [PATCH 0478/1961] misc To account for the possibility of the user running the script silently in the background. PAUSE would leave an instance in memory doing nothing indefinitely. I was going to use TIMEOUT but PING performs better. --- updater.bat | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 12dae37..7a70f28 100644 --- a/updater.bat +++ b/updater.bat @@ -49,7 +49,7 @@ IF DEFINED _updateb ( ) ELSE ( ECHO Failed. Make sure PowerShell is allowed internet access. ECHO. - PAUSE + PING -n 301 127.0.0.1>nul EXIT /B ) ) ELSE ( @@ -58,6 +58,9 @@ IF DEFINED _updateb ( CALL :begin REN "!_myname!.bat" "!_myname:~9!.bat" EXIT /B + ) ELSE ( + ECHO. + ECHO The [updated] label is reserved. Do not run an [updated] script directly, or rename it to something else before you run it. ) ) ) @@ -230,5 +233,6 @@ FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( ENDLOCAL ) ENDLOCAL +DEL /F %1 >nul GOTO :EOF REM ############################ From b1fd2ba48b48227a58f3884c5fe019a26cb3c607 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 04:50:01 +0000 Subject: [PATCH 0479/1961] minor fix What would we want a warning that we can't get to read for? --- updater.bat | 2 ++ 1 file changed, 2 insertions(+) diff --git a/updater.bat b/updater.bat index 7a70f28..71576cd 100644 --- a/updater.bat +++ b/updater.bat @@ -61,6 +61,8 @@ IF DEFINED _updateb ( ) ELSE ( ECHO. ECHO The [updated] label is reserved. Do not run an [updated] script directly, or rename it to something else before you run it. + PING -n 301 127.0.0.1>nul + EXIT /B ) ) ) From ff9370b7142f04201b07a28fd83d3a390b8bc50d Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 04:56:33 +0000 Subject: [PATCH 0480/1961] fix for hiding powershell output Everything in a line after a powershell call is considered as being called from PowerShell. >nul didn't work because of that. Enclosing the line in brackets should fix it. --- updater.bat | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 71576cd..bada83f 100644 --- a/updater.bat +++ b/updater.bat @@ -42,7 +42,9 @@ IF DEFINED _updateb ( DEL /F "[updated]!_myname!.bat" 2>nul REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" >nul + ( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" + ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( START CMD /C "[updated]!_myname!.bat" !_myparams! EXIT /B @@ -128,7 +130,9 @@ IF EXIST user.js ( ECHO. ) ECHO Retrieving latest user.js file from github repository... -powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" >nul +( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" +) >nul 2>&1 ECHO. IF EXIST user.js ( IF DEFINED _multi ( From c9e7f1ccfa6ff028151a5b7cf0dc2f60303dd831 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 12:08:15 +0000 Subject: [PATCH 0481/1961] 2nd merge optimisation While I figure out a fix for the missing characters... Enclosing the whole merging loop in parentheses and replacing the source file with the entire output at once is more efficient than appending individual lines with >>%~2. The script doesn't have to wait for the HD to continue processing. --- updater.bat | 53 +++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/updater.bat b/updater.bat index bada83f..6eb9a3b 100644 --- a/updater.bat +++ b/updater.bat @@ -39,7 +39,7 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( ECHO Checking updater version... ECHO. - DEL /F "[updated]!_myname!.bat" 2>nul + IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" ) REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( @@ -207,37 +207,38 @@ EXIT /B REM ###### Merge function ###### :merge -DEL /F %2 2>nul SETLOCAL disabledelayedexpansion -FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( - SET "_pref=%%H" - SETLOCAL enabledelayedexpansion - SET "_temp=!_pref: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( - FOR /F "delims=," %%S IN ("!_pref!") DO ( - SET "_pref=%%S" - ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" %~2 >nul 2>&1 - IF ERRORLEVEL 1 ( - FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( - SET "_temp=%%X" - SET "_temp=!_temp: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - SET "_pref=%%X" - ) +( + FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + SET "_pref=%%H" + SETLOCAL enabledelayedexpansion + SET "_temp=!_pref: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( + FOR /F "delims=," %%S IN ("!_pref!") DO ( + SET "_pref=%%S" ) - ECHO(!_pref!>>%~2 + SET _pref=!_pref:"=""! + FIND /I "!_pref!" %~2 >nul 2>&1 + IF ERRORLEVEL 1 ( + FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( + SET "_temp=%%X" + SET "_temp=!_temp: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + SET "_pref=%%X" + ) + ) + ECHO(!_pref! + ) + ) ELSE ( + ECHO(!_pref! ) ) ELSE ( - ECHO(!_pref!>>%~2 + ECHO(!_pref! ) - ) ELSE ( - ECHO(!_pref!>>%~2 + ENDLOCAL ) - ENDLOCAL -) +)>%~2 ENDLOCAL DEL /F %1 >nul GOTO :EOF From a126a3210907093af30156fbbeba06666eaa5ab9 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 15:18:23 +0000 Subject: [PATCH 0482/1961] Revert "2nd merge optimisation" This reverts commit c9e7f1ccfa6ff028151a5b7cf0dc2f60303dd831. --- updater.bat | 51 +++++++++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/updater.bat b/updater.bat index 6eb9a3b..bada83f 100644 --- a/updater.bat +++ b/updater.bat @@ -39,7 +39,7 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( ECHO Checking updater version... ECHO. - IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" ) + DEL /F "[updated]!_myname!.bat" 2>nul REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( @@ -207,38 +207,37 @@ EXIT /B REM ###### Merge function ###### :merge +DEL /F %2 2>nul SETLOCAL disabledelayedexpansion -( - FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( - SET "_pref=%%H" - SETLOCAL enabledelayedexpansion - SET "_temp=!_pref: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( - FOR /F "delims=," %%S IN ("!_pref!") DO ( - SET "_pref=%%S" - ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" %~2 >nul 2>&1 - IF ERRORLEVEL 1 ( - FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( - SET "_temp=%%X" - SET "_temp=!_temp: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - SET "_pref=%%X" - ) +FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + SET "_pref=%%H" + SETLOCAL enabledelayedexpansion + SET "_temp=!_pref: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( + FOR /F "delims=," %%S IN ("!_pref!") DO ( + SET "_pref=%%S" + ) + SET _pref=!_pref:"=""! + FIND /I "!_pref!" %~2 >nul 2>&1 + IF ERRORLEVEL 1 ( + FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( + SET "_temp=%%X" + SET "_temp=!_temp: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + SET "_pref=%%X" ) - ECHO(!_pref! ) - ) ELSE ( - ECHO(!_pref! + ECHO(!_pref!>>%~2 ) ) ELSE ( - ECHO(!_pref! + ECHO(!_pref!>>%~2 ) - ENDLOCAL + ) ELSE ( + ECHO(!_pref!>>%~2 ) -)>%~2 + ENDLOCAL +) ENDLOCAL DEL /F %1 >nul GOTO :EOF From 635cacfe547e0b992bae0c573c9ea3b3cbcb8f2a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 15:49:21 +0000 Subject: [PATCH 0483/1961] Replace PING with TIMEOUT Otherwise earthing's nosy firewall bitches about it. --- updater.bat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/updater.bat b/updater.bat index bada83f..a93c65a 100644 --- a/updater.bat +++ b/updater.bat @@ -39,7 +39,7 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( ECHO Checking updater version... ECHO. - DEL /F "[updated]!_myname!.bat" 2>nul + IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" ) REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( @@ -51,7 +51,7 @@ IF DEFINED _updateb ( ) ELSE ( ECHO Failed. Make sure PowerShell is allowed internet access. ECHO. - PING -n 301 127.0.0.1>nul + TIMEOUT 300 EXIT /B ) ) ELSE ( @@ -63,7 +63,7 @@ IF DEFINED _updateb ( ) ELSE ( ECHO. ECHO The [updated] label is reserved. Do not run an [updated] script directly, or rename it to something else before you run it. - PING -n 301 127.0.0.1>nul + TIMEOUT 300 EXIT /B ) ) From 3737b65f5392caec75d78a18797e8c59be5c103a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 29 Nov 2017 16:15:20 +0000 Subject: [PATCH 0484/1961] Fixed issue with commented-out user_pref lines It ended up being a mixture of the previous commit and the fix. It writes a temporary file on the go that only holds preferences, and generates the target file at once at the end. It's slower than before, but it works. --- updater.bat | 54 +++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/updater.bat b/updater.bat index a93c65a..d8f5517 100644 --- a/updater.bat +++ b/updater.bat @@ -207,38 +207,40 @@ EXIT /B REM ###### Merge function ###### :merge -DEL /F %2 2>nul SETLOCAL disabledelayedexpansion -FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( - SET "_pref=%%H" - SETLOCAL enabledelayedexpansion - SET "_temp=!_pref: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( - FOR /F "delims=," %%S IN ("!_pref!") DO ( - SET "_pref=%%S" - ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" %~2 >nul 2>&1 - IF ERRORLEVEL 1 ( - FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( - SET "_temp=%%X" - SET "_temp=!_temp: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - SET "_pref=%%X" - ) +( + FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + SET "_pref=%%H" + SETLOCAL enabledelayedexpansion + SET "_temp=!_pref: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( + FOR /F "delims=," %%S IN ("!_pref!") DO ( + SET "_pref=%%S" ) - ECHO(!_pref!>>%~2 + SET _pref=!_pref:"=""! + FIND /I "!_pref!" updatertempfile1 >nul 2>&1 + IF ERRORLEVEL 1 ( + FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( + SET "_temp=%%X" + SET "_temp=!_temp: =!" + IF /I "user_pref"=="!_temp:~0,9!" ( + SET "_pref=%%X" + ) + ) + ECHO(!_pref! + ECHO(!_pref!>>updatertempfile1 + ) + ) ELSE ( + ECHO(!_pref! ) ) ELSE ( - ECHO(!_pref!>>%~2 + ECHO(!_pref! ) - ) ELSE ( - ECHO(!_pref!>>%~2 + ENDLOCAL ) - ENDLOCAL -) +)>%~2 ENDLOCAL -DEL /F %1 >nul +DEL /F %1 updatertempfile1 >nul GOTO :EOF REM ############################ From 0a976605067bd41130c37f21f1e14368850079b1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 29 Nov 2017 23:20:00 +0100 Subject: [PATCH 0485/1961] updater.bat v3.0 FINAL THE REAL FUCKING DEAL this time - finally! THANKS @claustromaniac !! --- updater.bat | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index d8f5517..997f7d5 100644 --- a/updater.bat +++ b/updater.bat @@ -56,9 +56,10 @@ IF DEFINED _updateb ( ) ) ELSE ( IF EXIST "!_myname:~9!.bat" ( - DEL /F "!_myname:~9!.bat" + REN "!_myname:~9!.bat" "!_myname:~9!.old" CALL :begin REN "!_myname!.bat" "!_myname:~9!.bat" + DEL /F "!_myname:~9!.old" EXIT /B ) ELSE ( ECHO. From 00e17281dc439c1e517671eeeb5bfc4e96f90104 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 30 Nov 2017 00:10:01 +0000 Subject: [PATCH 0486/1961] Updater 3.1a -updatebatch now will (or at least should): *Download new batch and name it [updater]*.bat *Open that script in a new CMD window. *Exit The [updated]*.bat script should: *Copy itself overwriting the original batch (without renaming). *Start that script in a new CMD instance. *Exit. The new script, with the original name, should: *Delete the [updated]*.bat script *Begin the normal script routine. @earthing do you think I should still rename the scripts to .old or something before overwriting/deleting? --- updater.bat | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/updater.bat b/updater.bat index 997f7d5..37b5867 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.0 +REM ## version: 3.1a SET _myname=%~n0 SET _myparams=%* @@ -37,36 +37,37 @@ GOTO parse ECHO. IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( + IF EXIST "[updated]!_myname!.bat" ( + DEL /F "[updated]!_myname!.bat" + GOTO begin + ) ECHO Checking updater version... ECHO. - IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" ) REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( - START CMD /C "[updated]!_myname!.bat" !_myparams! + START /min CMD /C "[updated]!_myname!.bat" !_myparams! EXIT /B ) ELSE ( ECHO Failed. Make sure PowerShell is allowed internet access. ECHO. - TIMEOUT 300 + TIMEOUT 120 EXIT /B ) ) ELSE ( - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.old" - CALL :begin - REN "!_myname!.bat" "!_myname:~9!.bat" - DEL /F "!_myname:~9!.old" - EXIT /B - ) ELSE ( + IF "!_myname!"=="[updated]" ( + ECHO. + ECHO The [updated] label is reserved. Rename this script and try again. ECHO. - ECHO The [updated] label is reserved. Do not run an [updated] script directly, or rename it to something else before you run it. TIMEOUT 300 - EXIT /B + ) ELSE ( + COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + START CMD /C "!_myname:~9!.bat" !_myparams! ) + EXIT /B ) ) :begin From cf6f614f5b129a949246e36e307c534992de5c1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Nov 2017 14:12:53 +1300 Subject: [PATCH 0487/1961] 2706: Storage API => active, disabled #281 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 0ba2b0c..85af838 100644 --- a/user.js +++ b/user.js @@ -1422,12 +1422,13 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" section + * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" + * section, which also requires Offline Cache (2720) enabled to function * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ - // user_pref("dom.storageManager.enabled", false); // (FF51+) - // user_pref("browser.storageManager.enabled", false); // (FF53+) +user_pref("dom.storageManager.enabled", false); // (FF51+) +user_pref("browser.storageManager.enabled", false); // (FF53+) /* 2707: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local From ac7ad78d1dda534b1904e0f62a0cecb7d5fb5f59 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 30 Nov 2017 18:22:18 +0000 Subject: [PATCH 0488/1961] 3.1a1 Just added a few lines to make batch updates more visible - which helps with testing. --- updater.bat | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 37b5867..bc95e4f 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1a +REM ## version: 3.1a1 SET _myname=%~n0 SET _myparams=%* @@ -39,6 +39,9 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" + ECHO Script updated^^! + ECHO. + ECHO. GOTO begin ) ECHO Checking updater version... @@ -211,7 +214,7 @@ REM ###### Merge function ###### :merge SETLOCAL disabledelayedexpansion ( - FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + FOR /F "tokens=1,* delims=]" %%G IN ('FIND /n /v "" ^< "%~1"') DO ( SET "_pref=%%H" SETLOCAL enabledelayedexpansion SET "_temp=!_pref: =!" From e5d00be8f0b6ce276158b687a620b0f5b4ed84cc Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 30 Nov 2017 22:11:42 +0000 Subject: [PATCH 0489/1961] Revert "3.1a1" This reverts commit ac7ad78d1dda534b1904e0f62a0cecb7d5fb5f59. --- updater.bat | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/updater.bat b/updater.bat index bc95e4f..37b5867 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1a1 +REM ## version: 3.1a SET _myname=%~n0 SET _myparams=%* @@ -39,9 +39,6 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" - ECHO Script updated^^! - ECHO. - ECHO. GOTO begin ) ECHO Checking updater version... @@ -214,7 +211,7 @@ REM ###### Merge function ###### :merge SETLOCAL disabledelayedexpansion ( - FOR /F "tokens=1,* delims=]" %%G IN ('FIND /n /v "" ^< "%~1"') DO ( + FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( SET "_pref=%%H" SETLOCAL enabledelayedexpansion SET "_temp=!_pref: =!" From fc47792df261e6ba3d4561d82614696ae5a84d3b Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 30 Nov 2017 22:17:58 +0000 Subject: [PATCH 0490/1961] 3.1a1 --- updater.bat | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index 37b5867..4c8f7a5 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1a +REM ## version: 3.1a1 SET _myname=%~n0 SET _myparams=%* @@ -39,9 +39,14 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( IF EXIST "[updated]!_myname!.bat" ( DEL /F "[updated]!_myname!.bat" + ECHO Script updated^^! + ECHO. + TIMEOUT 3 >nul + CLS + ECHO. GOTO begin ) - ECHO Checking updater version... + ECHO Updating script... ECHO. REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" @@ -54,15 +59,14 @@ IF DEFINED _updateb ( ) ELSE ( ECHO Failed. Make sure PowerShell is allowed internet access. ECHO. - TIMEOUT 120 + TIMEOUT 120 >nul EXIT /B ) ) ELSE ( IF "!_myname!"=="[updated]" ( - ECHO. ECHO The [updated] label is reserved. Rename this script and try again. ECHO. - TIMEOUT 300 + TIMEOUT 300 >nul ) ELSE ( COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! @@ -211,7 +215,7 @@ REM ###### Merge function ###### :merge SETLOCAL disabledelayedexpansion ( - FOR /F "tokens=1,* delims=]" %%G IN ('find /n /v "" ^< "%~1"') DO ( + FOR /F "tokens=1,* delims=]" %%G IN ('FIND /n /v "" ^< "%~1"') DO ( SET "_pref=%%H" SETLOCAL enabledelayedexpansion SET "_temp=!_pref: =!" From 8a99bb350c0d2a66c2729fb4ea979e01b057bd1c Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Fri, 1 Dec 2017 01:05:24 -0300 Subject: [PATCH 0491/1961] 3.1a2 --- updater.bat | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/updater.bat b/updater.bat index 4c8f7a5..5f01b8a 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1a1 +REM ## version: 3.1a2 SET _myname=%~n0 SET _myparams=%* @@ -110,10 +110,10 @@ IF NOT DEFINED _ua ( ECHO. ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. ECHO. - REM ECHO Visit the wiki for more detailed information. - REM ECHO. + ECHO Visit the wiki for more detailed information. + ECHO. CHOICE /M "Continue" - IF ERRORLEVEL 2 EXIT /B + IF ERRORLEVEL 2 ( EXIT /B ) ) CLS ECHO. @@ -129,8 +129,9 @@ IF DEFINED _log ( ECHO %date%, %time% ECHO. ) +IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) IF EXIST user.js ( - IF EXIST user.js.bak REN user.js.bak user.js.old.bak + IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) REN user.js user.js.bak ECHO Current user.js file backed up. ECHO. @@ -198,8 +199,8 @@ IF EXIST user.js ( ) ECHO. ) ELSE ( - IF EXIST user.js.bak REN user.js.bak user.js - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + IF EXIST user.js.bak ( REN user.js.bak user.js ) + IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) ECHO. ECHO Update failed. Make sure PowerShell is allowed internet access. ECHO. @@ -213,6 +214,7 @@ EXIT /B REM ###### Merge function ###### :merge +IF EXIST updatertempfile1 ( DEL /F updatertempfile1 ) SETLOCAL disabledelayedexpansion ( FOR /F "tokens=1,* delims=]" %%G IN ('FIND /n /v "" ^< "%~1"') DO ( From edec5cc366d690fe9ff9f3c614437ff0c1f4a6a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 3 Dec 2017 06:35:08 +1300 Subject: [PATCH 0492/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c134cd6..f220ae9 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Literally thousands of sources, references and suggestions. That said... * 100% genuine super-nice all-around good guy * The ghacks community and commentators * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis -* [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) +* [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github 1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) Important: We HIGHLY recommend using uBlock Origin, uMatrix and a cookie extension. Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. From ce3c077d0639f0771128c6ac67daf08774f8d6d0 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 3 Dec 2017 13:35:41 +0000 Subject: [PATCH 0493/1961] 3.1 --- updater.bat | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 5f01b8a..aee829f 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1a2 +REM ## version: 3.1 SET _myname=%~n0 SET _myparams=%* @@ -36,9 +36,15 @@ GOTO parse :endparse ECHO. IF DEFINED _updateb ( + REM THe normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( + REM Phase 3 + REM The new script, with the original name, should: + REM Delete the [updated]*.bat script + REM Begin the normal script routine. IF EXIST "[updated]!_myname!.bat" ( - DEL /F "[updated]!_myname!.bat" + REN [updated]!_myname!.bat [updated]!_myname!.bat.old + DEL /F "[updated]!_myname!.bat.old" ECHO Script updated^^! ECHO. TIMEOUT 3 >nul @@ -46,6 +52,11 @@ IF DEFINED _updateb ( ECHO. GOTO begin ) + REM Phase 1 + REM -updatebatch will: + REM Download new batch and name it [updated]*.bat + REM Open that script in a new CMD window. + REM Exit ECHO Updating script... ECHO. REM Uncomment the next line and comment the powershell call for testing. @@ -63,11 +74,20 @@ IF DEFINED _updateb ( EXIT /B ) ) ELSE ( + REM Phase 2 + REM The [updated]*.bat script will: + REM Copy itself overwriting the original batch. + REM Start that script in a new CMD instance. + REM Exit. IF "!_myname!"=="[updated]" ( ECHO The [updated] label is reserved. Rename this script and try again. ECHO. TIMEOUT 300 >nul ) ELSE ( + IF EXIST !_myname:~9!.bat ( + REN !_myname:~9!.bat !_myname:~9!.bat.old + DEL /F !_myname:~9!.bat.old + ) COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! ) From ccaf06973bc5a13589da51979a8d501b3ed9563b Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 3 Dec 2017 15:01:45 +0000 Subject: [PATCH 0494/1961] 3.1 Minor change suggested by earthing. --- updater.bat | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index aee829f..9590acd 100644 --- a/updater.bat +++ b/updater.bat @@ -149,9 +149,8 @@ IF DEFINED _log ( ECHO %date%, %time% ECHO. ) -IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) IF EXIST user.js ( - IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) + IF EXIST user.js.bak ( MOVE /Y user.js.bak user.js.old.bak >nul ) REN user.js user.js.bak ECHO Current user.js file backed up. ECHO. From a6c93b3982a41db00fcb08b2862820ac38d25877 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 3 Dec 2017 15:04:41 +0000 Subject: [PATCH 0495/1961] Revert "3.1" This reverts commit ccaf06973bc5a13589da51979a8d501b3ed9563b. --- updater.bat | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 9590acd..aee829f 100644 --- a/updater.bat +++ b/updater.bat @@ -149,8 +149,9 @@ IF DEFINED _log ( ECHO %date%, %time% ECHO. ) +IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) IF EXIST user.js ( - IF EXIST user.js.bak ( MOVE /Y user.js.bak user.js.old.bak >nul ) + IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) REN user.js user.js.bak ECHO Current user.js file backed up. ECHO. From 457ef9ec2f100c052cce8fdcad51b0acfa487457 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 3 Dec 2017 15:07:15 +0000 Subject: [PATCH 0496/1961] 3.1 tidy up --- updater.bat | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/updater.bat b/updater.bat index aee829f..90a4080 100644 --- a/updater.bat +++ b/updater.bat @@ -36,13 +36,13 @@ GOTO parse :endparse ECHO. IF DEFINED _updateb ( - REM THe normal flow here goes from phase 1 to phase 2 and then phase 3. + REM The normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( - REM Phase 3 - REM The new script, with the original name, should: - REM Delete the [updated]*.bat script - REM Begin the normal script routine. IF EXIST "[updated]!_myname!.bat" ( + REM Phase 3 + REM The new script, with the original name, should: + REM Delete the [updated]*.bat script + REM Begin the normal script routine. REN [updated]!_myname!.bat [updated]!_myname!.bat.old DEL /F "[updated]!_myname!.bat.old" ECHO Script updated^^! @@ -74,16 +74,16 @@ IF DEFINED _updateb ( EXIT /B ) ) ELSE ( - REM Phase 2 - REM The [updated]*.bat script will: - REM Copy itself overwriting the original batch. - REM Start that script in a new CMD instance. - REM Exit. IF "!_myname!"=="[updated]" ( ECHO The [updated] label is reserved. Rename this script and try again. ECHO. TIMEOUT 300 >nul ) ELSE ( + REM Phase 2 + REM The [updated]*.bat script will: + REM Copy itself overwriting the original batch. + REM Start that script in a new CMD instance. + REM Exit. IF EXIST !_myname:~9!.bat ( REN !_myname:~9!.bat !_myname:~9!.bat.old DEL /F !_myname:~9!.bat.old From 183a62448fe3ea9085c639588bf05a1de742f14e Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 3 Dec 2017 19:01:24 +0100 Subject: [PATCH 0497/1961] 1110: updated URL --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 85af838..3e79fa4 100644 --- a/user.js +++ b/user.js @@ -673,7 +673,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true); user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play * with them. The values are integers, but the code below deliberately contains a data mismatch - * [1] https://wiki.mozilla.org/Sandbox + * [1] https://wiki.mozilla.org/Security/Sandbox * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ // user_pref("security.sandbox.content.level", "donotuse"); // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); From 467b3d86024504d62588a8f3ac5a1ba04d4ee0e1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 14:08:23 +1300 Subject: [PATCH 0498/1961] 1273: FF59+ show HTTP with negative indicator #305 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 3e79fa4..3e150a8 100644 --- a/user.js +++ b/user.js @@ -826,6 +826,9 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); +/* 1273: display HTTP sites as insecure (FF59+) ***/ +user_pref("security.insecure_connection_icon.enabled", true); // all windows + // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only /*** 1400: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From 83aa56e3531ebb891b9c85177ce9268162d98311 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 16:52:51 +1300 Subject: [PATCH 0499/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f220ae9..0f6aeca 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,6 @@ Literally thousands of sources, references and suggestions. That said... * [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) Important: We HIGHLY recommend using uBlock Origin, uMatrix and a cookie extension. Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. +1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) We highly recommend using uBlock Origin and uMatrix, and maybe a cookie extension (note: cookie & persistent storage extensions fail with First Party Isolation which we use [bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1381197)). Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. 2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. From f683383ba3dbf54b941d75f4f3caeeffa2eacb71 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 17:10:31 +1300 Subject: [PATCH 0500/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3e150a8..b71ac5a 100644 --- a/user.js +++ b/user.js @@ -34,7 +34,7 @@ before using to avoid unexpected surprises - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) - 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Keeping-Up-To-Date + 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-keeping-up-to-date ******/ From 8f34f8e0ff5042e22eced963b8d2ee6641a52393 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 17:12:13 +1300 Subject: [PATCH 0501/1961] Update user.js --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b71ac5a..8603ee4 100644 --- a/user.js +++ b/user.js @@ -21,7 +21,7 @@ * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies are denied by default (2701), we use site exceptions. This breaks extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below - [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.7-Setting-Extension-Permission-Exceptions + [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Setting-Extension-Permission-Exceptions * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) or enable them as an alternative to RFP or for ESR users From 9b5d4521d10c150e781f1be1e25d8c5d0965b9e1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:01:40 +1300 Subject: [PATCH 0502/1961] Update README.md --- README.md | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/README.md b/README.md index 0f6aeca..07db644 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox setting ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions) 1 ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong. - -INFORMATION IS POWER. So you can make informed decisions to better protect yourself online, we aim to be: - -* Accessible (provide information and simpler, less-technical descriptions if possible) -* Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice) -* Change trackable (yay! we're on github now, with commits) -* Compatible (including a [deprecated section](https://github.com/ghacksuserjs/ghacks-user.js/issues/123), [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases)) -* Comprehensive (including enforcing defaults and future-proofing) -* Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93)) -* Detailed (preference versioning, hidden preference information, explanations, and more) -* Easy to use and discuss (sections, sub-sections, numbering) -* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more) -* Innovative (formatting, special tags, and future plans such as branches) +No one size fits all and not all sites have the same requirements, so consider using [multiple profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with customized changes. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. From b802ecb18f86fa1c2a0f0cd220c4388778912519 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:09:19 +1300 Subject: [PATCH 0503/1961] Update README.md --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 07db644..4ac01a7 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,10 @@ Everyone, experts included, should at least read the [implementation](https://gi Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 2 - * 100% genuine super-nice all-around good guy * The ghacks community and commentators - * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis * [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) We highly recommend using uBlock Origin and uMatrix, and maybe a cookie extension (note: cookie & persistent storage extensions fail with First Party Isolation which we use [bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1381197)). Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more. +1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) We recommend using uBlock Origin, uMatrix, and maybe a cookie extension (note: cookie & persistent storage extensions fail with First Party Isolation which we use [bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1381197)). -2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name. +2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From 61aeaa47142cfe23e516279dd93a784ad9af0d4d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:10:21 +1300 Subject: [PATCH 0504/1961] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 4ac01a7..d3cc0b0 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/ No one size fits all and not all sites have the same requirements, so consider using [multiple profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with customized changes. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments From 85e633dc60a20daef65a54f2a9b380bb78e6cd4f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:18:15 +1300 Subject: [PATCH 0505/1961] Update README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d3cc0b0..9bd014f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js -The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions) 1 ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims, with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). No one size fits all and not all sites have the same requirements, so consider using [multiple profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with customized changes. @@ -11,11 +11,9 @@ Everyone, experts included, should at least read the [implementation](https://gi ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... -* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 2 +* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github -1 ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) We recommend using uBlock Origin, uMatrix, and maybe a cookie extension (note: cookie & persistent storage extensions fail with First Party Isolation which we use [bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1381197)). - -2 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. +1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From 60cfacadb377de7759075a626aa151c565ffcf4c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:20:11 +1300 Subject: [PATCH 0506/1961] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 9bd014f..4f7b331 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ A `user.js` is a configuration file that can control hundreds of Firefox setting ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims, with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -No one size fits all and not all sites have the same requirements, so consider using [multiple profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with customized changes. - Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments From eb2a9b2493ca9306d45a416488f1916b55163d13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Dec 2017 23:35:58 +1300 Subject: [PATCH 0507/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4f7b331..86af64a 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js -The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims, with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. +Everyone, experts included, should at least read the wiki's [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... From 9aa9752dc4ad6ad906de32a8e63aa923db76b8c2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 00:07:18 +1300 Subject: [PATCH 0508/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 86af64a..8eee826 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox setting ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the wiki's [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well. +Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... From a9def5992ffe2e3fff628ac252d4f9eecef293bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 19:13:45 +1300 Subject: [PATCH 0509/1961] Create ghacks-clear-all-up-to-57-[removed].js --- .../ghacks-clear-all-up-to-57-[removed].js | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js new file mode 100644 index 0000000..e5a15e7 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js @@ -0,0 +1,62 @@ +/*** + + This will reset the preferences that have been removed completely + from the ghacks user.js up to and including release 57-alpha + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + +***/ + +(function() { + let ops = [ + '_user.js.parrot', + /* removed in ghacks user.js v52-57 */ + /* 52-alpha */ + 'browser.search.reset.enabled', + 'browser.search.reset.whitelist', + /* 54-alpha */ + 'browser.migrate.automigrate.enabled', + 'services.sync.enabled', + 'webextensions.storage.sync.enabled', + 'webextensions.storage.sync.serverURL', + /* 55-alpha */ + 'dom.keyboardevent.dispatch_during_composition', // default is false anyway + 'dom.vr.oculus.enabled', // covered by dom.vr.enabled + 'dom.vr.openvr.enabled', // ditto + 'dom.vr.osvr.enabled', // ditto + 'extensions.pocket.api', // covered by extensions.pocket.enabled + 'extensions.pocket.oAuthConsumerKey', // ditto + 'extensions.pocket.site', // ditto + /* 56-alpha: none */ + /* 57-alpha */ + 'geo.wifi.xhr.timeout', // covered by geo.enabled + 'browser.search.geoip.timeout', // ditto + 'media.webspeech.recognition.enable', // default is false anyway + 'gfx.layerscope.enabled' // default is false anyway + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 28ba2a705affed7d72c1bc3f5d26002fdb5f3f58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 19:14:53 +1300 Subject: [PATCH 0510/1961] Create ghacks-clear-all-up-to-57-[deprecated].js --- .../ghacks-clear-all-up-to-57-[deprecated].js | 165 ++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js new file mode 100644 index 0000000..3b10345 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js @@ -0,0 +1,165 @@ +/*** + + This will reset the preferences that have been deprecated by Mozilla + and used in the ghacks user.js up to and including release 57-alpha + + It is in reverse order, so feel free to remove sections that do not apply + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + +***/ + +(function() { + let ops = [ + '_user.js.parrot', + /* deprecated */ + + /* ESR52.x users can remove sections 53-57 but it is not + crucial as your user.js will reinstate them */ + /* 57 */ + 'social.whitelist', + 'social.toast-notifications.enabled', + 'social.shareDirectory', + 'social.remote-install.enabled', + 'social.directories', + 'social.share.activationPanelEnabled', + 'social.enabled', + 'media.eme.chromium-api.enabled', + 'devtools.webide.autoinstallFxdtAdapters', + 'browser.casting.enabled', + 'browser.bookmarks.showRecentlyBookmarked', + /* 56 */ + 'extensions.screenshots.system-disabled', + 'extensions.formautofill.experimental', + /* 55 */ + 'geo.security.allowinsecure', + 'browser.selfsupport.enabled', + 'browser.selfsupport.url', + 'browser.newtabpage.directory.ping', + 'browser.formfill.saveHttpsForms', + 'browser.formautofill.enabled', + 'dom.enable_user_timing', + 'dom.keyboardevent.code.enabled', + 'browser.tabs.animate', + 'browser.fullscreen.animate', + /* 54 */ + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'media.eme.apiVisible', + 'dom.archivereader.enabled', + /* 53 */ + 'security.tls.unrestricted_rc4_fallback', + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'dom.beforeAfterKeyboardEvent.enabled', + /* End of ESR52.x section */ + + /* 52 */ + 'network.http.sendSecureXSiteReferrer', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'media.gmp-eme-adobe.autoupdate', + 'dom.telephony.enabled', + 'dom.battery.enabled', + /* 51 */ + 'media.block-play-until-visible', + 'dom.vr.oculus050.enabled', + 'network.http.spdy.enabled.v3-1', + /* 50 */ + 'browser.usedOnWindows10.introURL', + 'plugins.update.notifyUser', + 'browser.safebrowsing.enabled', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'plugins.update.url', + /* 49 */ + 'loop.enabled', + 'loop.server', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', + 'loop.facebook.appId', + 'loop.facebook.enabled', + 'loop.facebook.fallbackUrl', + 'loop.facebook.shareUrl', + 'loop.logDomains', + 'dom.disable_window_open_feature.scrollbars', + 'dom.push.udp.wakeupEnabled', + /* 48 */ + 'browser.urlbar.unifiedcomplete', + /* 47 */ + 'toolkit.telemetry.unifiedIsOptIn', + 'datareporting.healthreport.about.reportUrlUnified', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + /* 46 */ + 'datareporting.healthreport.service.enabled', + 'datareporting.healthreport.documentServerURI', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'browser.safebrowsing.appRepURL', + 'browser.polaris.enabled', + 'browser.pocket.enabled', + 'browser.pocket.api', + 'browser.pocket.site', + 'browser.pocket.oAuthConsumerKey', + /* 45 */ + 'browser.sessionstore.privacy_level_deferred', + /* 44 */ + 'browser.safebrowsing.provider.google.appRepURL', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'dom.workers.sharedWorkers.enabled', + 'dom.disable_image_src_set', + /* 43 */ + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.updateURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'pfs.datasource.url', + 'browser.search.showOneOffButtons', + /* 42 and earlier */ + 'privacy.clearOnShutdown.passwords', // 42 + 'full-screen-api.approval-required', // 42 + 'browser.safebrowsing.reportErrorURL', // 41 + 'browser.safebrowsing.reportGenericURL', // 41 + 'browser.safebrowsing.reportMalwareErrorURL', // 41 + 'browser.safebrowsing.reportMalwareURL', // 41 + 'browser.safebrowsing.reportURL', // 41 + 'plugins.enumerable_names', // 41 + 'network.http.spdy.enabled.http2draft', // 41 + 'camera.control.autofocus_moving_callback.enabled', // 37 + 'privacy.donottrackheader.value', // 36 + 'network.websocket.enabled', // 35 + 'dom.network.enabled', // 31 + 'pageThumbs.enabled' // 25 + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From ea54827582d44bda98035490e4db95df3fb97c5a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 19:24:32 +1300 Subject: [PATCH 0511/1961] Create ghacks-clear-all-up-to-57-[RFP-alternatives].js --- ...s-clear-all-up-to-57-[RFP-alternatives].js | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js new file mode 100644 index 0000000..c4f6b70 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js @@ -0,0 +1,52 @@ +/*** + + This will reset the preferences that are under section 4600 in the ghacks user.js + up to and including release 57-alpha. These are the prefs that are no longer + necessary, or they conlfict with, privacy.resistFingerprinting if you have that enabled. + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + +***/ + +(function() { + let ops = [ + '_user.js.parrot', + /* */ + 'dom.maxHardwareConcurrency', + 'dom.enable_resource_timing', + 'dom.enable_performance', + 'device.sensors.enabled', + 'browser.zoom.siteSpecific', + 'dom.gamepad.enabled', + 'dom.netinfo.enabled', + 'media.webspeech.synth.enabled', + 'geo.enabled', + 'media.video_stats.enabled', + 'dom.w3c_touch_events.enabled' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 5631fadd4ad0c663eb40cb4ea1f26f44b43b7af1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 19:38:08 +1300 Subject: [PATCH 0512/1961] Update ghacks-clear-all-up-to-57-[RFP-alternatives].js --- ...cks-clear-all-up-to-57-[RFP-alternatives].js | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js index c4f6b70..05ad069 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js @@ -1,8 +1,8 @@ /*** - This will reset the preferences that are under section 4600 in the ghacks user.js - up to and including release 57-alpha. These are the prefs that are no longer - necessary, or they conlfict with, privacy.resistFingerprinting if you have that enabled. + This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js + up to and including release 57-alpha. These are the prefs that are no longer necessary, + or they conlfict with, privacy.resistFingerprinting if you have that enabled. For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] @@ -12,7 +12,7 @@ (function() { let ops = [ '_user.js.parrot', - /* */ + /* section 4600 */ 'dom.maxHardwareConcurrency', 'dom.enable_resource_timing', 'dom.enable_performance', @@ -23,7 +23,14 @@ 'media.webspeech.synth.enabled', 'geo.enabled', 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled' + 'dom.w3c_touch_events.enabled', + /* section 4700 */ + 'general.useragent.override', + 'general.buildID.override', + 'general.appname.override', + 'general.appversion.override', + 'general.platform.override', + 'general.oscpu.override' ] if("undefined" === typeof(Services)) { From 744944a9ab0bb6fa4cc313d20644ac2930caba25 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 20:26:49 +1300 Subject: [PATCH 0513/1961] Create ghacks-clear-all-up-to-57-[the-rest-inactive].js --- ...-clear-all-up-to-57-[the-rest-inactive].js | 178 ++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js new file mode 100644 index 0000000..b52428e --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -0,0 +1,178 @@ +/*** + + This will reset EVERYTHING that is INACTIVE in the ghacks user.js + release 57-alpha master, but excludes the following: + - prefs removed since publishing on github + - privacy.resistFingerprinting alternatives sections 4600 & 4700 + - deprecated section 9999 + + It does not matter if you clear everything, as a restart will reapply your user.js + Total 493 prefs from 57-alpha master: 131 inactive, 362 active + These have been broken into two scripts for convenience + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + +***/ + +(function() { + let ops = [ + '_user.js.parrot', + /* 131 INACTIVE prefs in 57-alpha master */ + 'accessibility.typeaheadfind', + 'app.update.enabled', + 'browser.cache.memory.capacity', + 'browser.cache.memory.enable', + 'browser.chrome.favicons', + 'browser.chrome.site_icons', + 'browser.download.autohideButton', + 'browser.privatebrowsing.autostart', + 'browser.safebrowsing.allowOverride', + 'browser.safebrowsing.blockedURIs.enabled', + 'browser.safebrowsing.downloads.enabled', + 'browser.safebrowsing.downloads.remote.block_dangerous', + 'browser.safebrowsing.downloads.remote.block_dangerous_host', + 'browser.safebrowsing.downloads.remote.block_potentially_unwanted', + 'browser.safebrowsing.downloads.remote.block_uncommon', + 'browser.safebrowsing.malware.enabled', + 'browser.safebrowsing.phishing.enabled', + 'browser.safebrowsing.provider.google.gethashURL', + 'browser.safebrowsing.provider.google.updateURL', + 'browser.safebrowsing.provider.google4.gethashURL', + 'browser.safebrowsing.provider.google4.updateURL', + 'browser.safebrowsing.provider.mozilla.gethashURL', + 'browser.safebrowsing.provider.mozilla.updateURL', + 'browser.sessionhistory.max_total_viewers', + 'browser.startup.page', + 'browser.stopReloadAnimation.enabled', + 'browser.storageManager.enabled', + 'browser.tabs.loadBookmarksInTabs', + 'browser.tabs.remote.autostart', + 'browser.tabs.remote.autostart.2', + 'browser.tabs.remote.force-enable', + 'browser.urlbar.autocomplete.enabled', + 'browser.urlbar.maxRichResults', + 'clipboard.autocopy', + 'dom.event.contextmenu.enabled', + 'dom.indexedDB.enabled', + 'dom.ipc.plugins.sandbox-level.default', + 'dom.ipc.plugins.sandbox-level.flash', + 'dom.ipc.processCount', + 'dom.ipc.processCount.extension', + 'dom.ipc.processCount.file', + 'dom.presentation.controller.enabled', + 'dom.presentation.discoverable', + 'dom.presentation.discovery.enabled', + 'dom.presentation.enabled', + 'dom.presentation.receiver.enabled', + 'dom.presentation.session_transport.data_channel.enable', + 'dom.storage.enabled', + 'dom.storageManager.enabled', + 'dom.vr.enabled', + 'extensions.e10sBlocksEnabling', + 'extensions.screenshots.disabled', + 'extensions.systemAddon.update.url', + 'extensions.update.enabled', + 'extensions.webextensions.remote', + 'font.name.monospace.x-unicode', + 'font.name.monospace.x-western', + 'font.name.sans-serif.x-unicode', + 'font.name.sans-serif.x-western', + 'font.name.serif.x-unicode', + 'font.name.serif.x-western', + 'font.system.whitelist', + 'full-screen-api.warning.delay', + 'full-screen-api.warning.timeout', + 'general.autoScroll', + 'geo.wifi.logging.enabled', + 'gfx.direct2d.disabled', + 'javascript.options.baselinejit', + 'javascript.options.ion', + 'media.flac.enabled', + 'media.mediasource.enabled', + 'media.mediasource.mp4.enabled', + 'media.mediasource.webm.audio.enabled', + 'media.mediasource.webm.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', + 'media.ogg.flac.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.wmf.amd.vp9.enabled', + 'media.wmf.enabled', + 'media.wmf.vp9.enabled', + 'network.cookie.lifetime.days', + 'network.cookie.lifetimePolicy', + 'network.dns.disableIPv6', + 'network.dnsCacheEntries', + 'network.dnsCacheExpiration', + 'network.http.fast-fallback-to-IPv4', + 'offline-apps.quota.warn', + 'permissions.memory_only', + 'places.history.enabled', + 'plugin.state.flash', + 'privacy.clearOnShutdown.openWindows', + 'privacy.cpd.downloads', + 'privacy.cpd.openWindows', + 'privacy.resistFingerprinting.block_mozAddonManager', + 'privacy.trackingprotection.annotate_channels', + 'privacy.trackingprotection.enabled', + 'privacy.trackingprotection.lower_network_priority', + 'privacy.trackingprotection.pbmode.enabled', + 'privacy.usercontext.about_newtab_segregation.enabled', + 'privacy.userContext.enabled', + 'privacy.userContext.longPressBehavior', + 'privacy.userContext.ui.enabled', + 'privacy.window.maxInnerHeight', + 'privacy.window.maxInnerWidth', + 'reader.parse-on-load.enabled', + 'security.mixed_content.block_display_content', + 'security.nocertdb', + 'security.sandbox.content.level', + 'security.sandbox.logging.enabled', + 'security.ssl.require_safe_negotiation', + 'security.ssl3.dhe_rsa_aes_128_sha', + 'security.ssl3.dhe_rsa_aes_256_sha', + 'security.ssl3.ecdhe_ecdsa_aes_128_sha', + 'security.ssl3.ecdhe_rsa_aes_128_sha', + 'security.ssl3.rsa_aes_128_sha', + 'security.ssl3.rsa_aes_256_sha', + 'security.ssl3.rsa_des_ede3_sha', + 'services.blocklist.addons.collection', + 'services.blocklist.gfx.collection', + 'services.blocklist.onecrl.collection', + 'services.blocklist.plugins.collection', + 'signon.rememberSignons', + 'svg.disabled', + 'toolkit.cosmeticAnimations.enabled', + 'urlclassifier.trackingTable", "test-track-simple,base-track-digest256', + 'urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256', + 'xpinstall.signatures.required' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From e73eeefa6465d1d70fa08100b345ce0ff1405b1e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Dec 2017 21:01:28 +1300 Subject: [PATCH 0514/1961] Update ghacks-clear-all-up-to-57-[the-rest-inactive].js --- ...ks-clear-all-up-to-57-[the-rest-inactive].js | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index b52428e..81a148f 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -3,11 +3,12 @@ This will reset EVERYTHING that is INACTIVE in the ghacks user.js release 57-alpha master, but excludes the following: - prefs removed since publishing on github + - e10s section 1100 - privacy.resistFingerprinting alternatives sections 4600 & 4700 - deprecated section 9999 It does not matter if you clear everything, as a restart will reapply your user.js - Total 493 prefs from 57-alpha master: 131 inactive, 362 active + Total 478 prefs from 57-alpha master: 119 inactive, 359 active These have been broken into two scripts for convenience For instructions see: @@ -18,7 +19,7 @@ (function() { let ops = [ '_user.js.parrot', - /* 131 INACTIVE prefs in 57-alpha master */ + /* 119 INACTIVE prefs in 57-alpha master */ 'accessibility.typeaheadfind', 'app.update.enabled', 'browser.cache.memory.capacity', @@ -47,19 +48,11 @@ 'browser.stopReloadAnimation.enabled', 'browser.storageManager.enabled', 'browser.tabs.loadBookmarksInTabs', - 'browser.tabs.remote.autostart', - 'browser.tabs.remote.autostart.2', - 'browser.tabs.remote.force-enable', 'browser.urlbar.autocomplete.enabled', 'browser.urlbar.maxRichResults', 'clipboard.autocopy', 'dom.event.contextmenu.enabled', 'dom.indexedDB.enabled', - 'dom.ipc.plugins.sandbox-level.default', - 'dom.ipc.plugins.sandbox-level.flash', - 'dom.ipc.processCount', - 'dom.ipc.processCount.extension', - 'dom.ipc.processCount.file', 'dom.presentation.controller.enabled', 'dom.presentation.discoverable', 'dom.presentation.discovery.enabled', @@ -69,11 +62,9 @@ 'dom.storage.enabled', 'dom.storageManager.enabled', 'dom.vr.enabled', - 'extensions.e10sBlocksEnabling', 'extensions.screenshots.disabled', 'extensions.systemAddon.update.url', 'extensions.update.enabled', - 'extensions.webextensions.remote', 'font.name.monospace.x-unicode', 'font.name.monospace.x-western', 'font.name.sans-serif.x-unicode', @@ -130,8 +121,6 @@ 'reader.parse-on-load.enabled', 'security.mixed_content.block_display_content', 'security.nocertdb', - 'security.sandbox.content.level', - 'security.sandbox.logging.enabled', 'security.ssl.require_safe_negotiation', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', From d9e935de3c122dada644e4f63fe5cc295d1b6d93 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 8 Dec 2017 12:47:31 +0100 Subject: [PATCH 0515/1961] syntax fix --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index 81a148f..0bb617e 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -136,8 +136,7 @@ 'signon.rememberSignons', 'svg.disabled', 'toolkit.cosmeticAnimations.enabled', - 'urlclassifier.trackingTable", "test-track-simple,base-track-digest256', - 'urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256', + 'urlclassifier.trackingTable', 'xpinstall.signatures.required' ] From 008257283b3921a50f4e9789bf01999a570803f7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 00:56:53 +1300 Subject: [PATCH 0516/1961] 2508: hardware acceleration #244 I guess we can revisit this when Tor ESR59 lands or even later when WebRender is fully implemented. For now, users can override it if they wish --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 8603ee4..6ea7dc2 100644 --- a/user.js +++ b/user.js @@ -1189,7 +1189,8 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available - * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance + * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance, + * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); From d82475a7c36a09966aa58ae35b434e4e79773987 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:25:14 +1300 Subject: [PATCH 0517/1961] clear RFP-alts: move parrot to end --- .../ghacks-clear-all-up-to-57-[RFP-alternatives].js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js index 05ad069..ac5ebb1 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js @@ -11,7 +11,6 @@ (function() { let ops = [ - '_user.js.parrot', /* section 4600 */ 'dom.maxHardwareConcurrency', 'dom.enable_resource_timing', @@ -30,7 +29,9 @@ 'general.appname.override', 'general.appversion.override', 'general.platform.override', - 'general.oscpu.override' + 'general.oscpu.override', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' ] if("undefined" === typeof(Services)) { From f8472fe50163c897ae5999be66d304e19ae248d1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:27:05 +1300 Subject: [PATCH 0518/1961] clear deprecated: move parrot to end --- .../ghacks-clear-all-up-to-57-[deprecated].js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js index 3b10345..644dd69 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js @@ -12,7 +12,6 @@ (function() { let ops = [ - '_user.js.parrot', /* deprecated */ /* ESR52.x users can remove sections 53-57 but it is not @@ -136,7 +135,10 @@ 'privacy.donottrackheader.value', // 36 'network.websocket.enabled', // 35 'dom.network.enabled', // 31 - 'pageThumbs.enabled' // 25 + 'pageThumbs.enabled', // 25 + + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' ] if("undefined" === typeof(Services)) { From 76556481747767d20dfbc20144a66fe7ddfb1487 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:28:16 +1300 Subject: [PATCH 0519/1961] clear removed: move parrot to end --- scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js index e5a15e7..2651b53 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js @@ -10,7 +10,6 @@ (function() { let ops = [ - '_user.js.parrot', /* removed in ghacks user.js v52-57 */ /* 52-alpha */ 'browser.search.reset.enabled', @@ -34,6 +33,8 @@ 'browser.search.geoip.timeout', // ditto 'media.webspeech.recognition.enable', // default is false anyway 'gfx.layerscope.enabled' // default is false anyway + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' ] if("undefined" === typeof(Services)) { From 753c4695a6f3807c466d6a6f0c9469058cefd4be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:28:50 +1300 Subject: [PATCH 0520/1961] oophs --- scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js index 2651b53..27e098f 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js @@ -32,7 +32,7 @@ 'geo.wifi.xhr.timeout', // covered by geo.enabled 'browser.search.geoip.timeout', // ditto 'media.webspeech.recognition.enable', // default is false anyway - 'gfx.layerscope.enabled' // default is false anyway + 'gfx.layerscope.enabled', // default is false anyway /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From f09c860d96f1abf3780beff8eb2fe44e4e7d7e53 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:33:38 +1300 Subject: [PATCH 0521/1961] clear inactive: move parrot to end --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index 0bb617e..a5c411c 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -18,7 +18,6 @@ (function() { let ops = [ - '_user.js.parrot', /* 119 INACTIVE prefs in 57-alpha master */ 'accessibility.typeaheadfind', 'app.update.enabled', @@ -137,7 +136,9 @@ 'svg.disabled', 'toolkit.cosmeticAnimations.enabled', 'urlclassifier.trackingTable', - 'xpinstall.signatures.required' + 'xpinstall.signatures.required', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' ] if("undefined" === typeof(Services)) { From f2ed64c5760b29ba34c454883a9b8522cee65375 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 01:58:27 +1300 Subject: [PATCH 0522/1961] Update ghacks-clear-all-up-to-57-[the-rest-inactive].js --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index a5c411c..ee941e5 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -8,7 +8,7 @@ - deprecated section 9999 It does not matter if you clear everything, as a restart will reapply your user.js - Total 478 prefs from 57-alpha master: 119 inactive, 359 active + Total 477 prefs from 57-alpha master: 118 inactive, 359 active These have been broken into two scripts for convenience For instructions see: From ebd233bf6e9d3899eccf062f38ac87fd58cdbe28 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 02:00:56 +1300 Subject: [PATCH 0523/1961] Create ghacks-clear-all-up-to-57-[the-rest-active].js --- ...ks-clear-all-up-to-57-[the-rest-active].js | 409 ++++++++++++++++++ 1 file changed, 409 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js new file mode 100644 index 0000000..c310078 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js @@ -0,0 +1,409 @@ +/*** + + This will reset EVERYTHING that is ACTIVE in the ghacks user.js + release 57-alpha master, but excludes the following: + - prefs removed since publishing on github + - e10s section 1100 + - privacy.resistFingerprinting alternatives sections 4600 & 4700 + - deprecated section 9999 + + It does not matter if you clear everything, as a restart will reapply your user.js + Total 477 prefs from 57-alpha master: 118 inactive, 359 active + These have been broken into two scripts for convenience + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + +***/ + +(function() { + let ops = [ + /* 359 ACTIVE prefs in 57-alpha master */ + 'accessibility.force_disabled', + 'alerts.showFavicons', + 'app.update.auto', + 'app.update.service.enabled', + 'app.update.silent', + 'app.update.staging.enabled', + 'beacon.enabled', + 'breakpad.reportURL', + 'browser.aboutHomeSnippets.updateUrl', + 'browser.backspace_action', + 'browser.bookmarks.max_backups', + 'browser.cache.disk.capacity', + 'browser.cache.disk.enable', + 'browser.cache.disk.smart_size.enabled', + 'browser.cache.disk.smart_size.first_run', + 'browser.cache.disk_cache_ssl', + 'browser.cache.frecency_experiment', + 'browser.cache.offline.enable', + 'browser.crashReports.unsubmittedCheck.autoSubmit', + 'browser.crashReports.unsubmittedCheck.enabled', + 'browser.ctrlTab.previews', + 'browser.display.use_document_fonts', + 'browser.download.folderList', + 'browser.download.forbid_open_with', + 'browser.download.hide_plugins_without_extensions', + 'browser.download.manager.addToRecentDocs', + 'browser.download.useDownloadDir', + 'browser.eme.ui.enabled', + 'browser.fixup.alternate.enabled', + 'browser.fixup.hide_user_pass', + 'browser.formfill.enable', + 'browser.helperApps.deleteTempFileOnExit', + 'browser.laterrun.enabled', + 'browser.library.activity-stream.enabled', + 'browser.link.open_newwindow', + 'browser.link.open_newwindow.restriction', + 'browser.newtab.preload', + 'browser.newtabpage.activity-stream.enabled', + 'browser.newtabpage.directory.source', + 'browser.newtabpage.enabled', + 'browser.newtabpage.enhanced', + 'browser.newtabpage.introShown', + 'browser.offline-apps.notify', + 'browser.onboarding.enabled', + 'browser.pagethumbnails.capturing_disabled', + 'browser.ping-centre.telemetry', + 'browser.rights.3.shown', + 'browser.safebrowsing.downloads.remote.enabled', + 'browser.safebrowsing.downloads.remote.url', + 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google.reportURL', + 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google4.reportURL', + 'browser.safebrowsing.reportPhishURL', + 'browser.search.countryCode', + 'browser.search.geoip.url', + 'browser.search.geoSpecificDefaults', + 'browser.search.geoSpecificDefaults.url', + 'browser.search.region', + 'browser.search.suggest.enabled', + 'browser.search.update', + 'browser.send_pings', + 'browser.send_pings.require_same_host', + 'browser.sessionhistory.max_entries', + 'browser.sessionstore.interval', + 'browser.sessionstore.max_tabs_undo', + 'browser.sessionstore.max_windows_undo', + 'browser.sessionstore.privacy_level', + 'browser.sessionstore.resume_from_crash', + 'browser.shell.checkDefaultBrowser', + 'browser.shell.shortcutFavicons', + 'browser.slowStartup.maxSamples', + 'browser.slowStartup.notificationDisabled', + 'browser.slowStartup.samples', + 'browser.ssl_override_behavior', + 'browser.startup.homepage_override.mstone', + 'browser.tabs.closeWindowWithLastTab', + 'browser.tabs.crashReporting.sendReport', + 'browser.tabs.insertRelatedAfterCurrent', + 'browser.tabs.loadDivertedInBackground', + 'browser.tabs.loadInBackground', + 'browser.tabs.selectOwnerOnClose', + 'browser.tabs.warnOnClose', + 'browser.tabs.warnOnCloseOtherTabs', + 'browser.tabs.warnOnOpen', + 'browser.taskbar.lists.enabled', + 'browser.taskbar.lists.frequent.enabled', + 'browser.taskbar.lists.recent.enabled', + 'browser.taskbar.lists.tasks.enabled', + 'browser.taskbar.previews.enable', + 'browser.uitour.enabled', + 'browser.uitour.url', + 'browser.urlbar.autoFill', + 'browser.urlbar.autoFill.typed', + 'browser.urlbar.clickSelectsAll', + 'browser.urlbar.decodeURLsOnCopy', + 'browser.urlbar.doubleClickSelectsAll', + 'browser.urlbar.filter.javascript', + 'browser.urlbar.maxHistoricalSearchSuggestions', + 'browser.urlbar.oneOffSearches', + 'browser.urlbar.speculativeConnect.enabled', + 'browser.urlbar.suggest.bookmark', + 'browser.urlbar.suggest.history', + 'browser.urlbar.suggest.openpage', + 'browser.urlbar.suggest.searches', + 'browser.urlbar.trimURLs', + 'browser.urlbar.usepreloadedtopurls.enabled', + 'browser.urlbar.userMadeSearchSuggestionsChoice', + 'browser.xul.error_pages.expert_bad_cert', + 'camera.control.face_detection.enabled', + 'canvas.capturestream.enabled', + 'captivedetect.canonicalURL', + 'datareporting.healthreport.about.reportUrl', + 'datareporting.healthreport.uploadEnabled', + 'datareporting.policy.dataSubmissionEnabled', + 'device.storage.enabled', + 'devtools.chrome.enabled', + 'devtools.debugger.remote-enabled', + 'devtools.webide.autoinstallADBHelper', + 'devtools.webide.enabled', + 'dom.allow_cut_copy', + 'dom.allow_scripts_to_close_windows', + 'dom.caches.enabled', + 'dom.disable_beforeunload', + 'dom.disable_window_flip', + 'dom.disable_window_move_resize', + 'dom.disable_window_open_feature.close', + 'dom.disable_window_open_feature.location', + 'dom.disable_window_open_feature.menubar', + 'dom.disable_window_open_feature.minimizable', + 'dom.disable_window_open_feature.personalbar', + 'dom.disable_window_open_feature.resizable', + 'dom.disable_window_open_feature.status', + 'dom.disable_window_open_feature.titlebar', + 'dom.disable_window_open_feature.toolbar', + 'dom.disable_window_status_change', + 'dom.event.clipboardevents.enabled', + 'dom.flyweb.enabled', + 'dom.idle-observers-api.enabled', + 'dom.imagecapture.enabled', + 'dom.IntersectionObserver.enabled', + 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', + 'dom.ipc.plugins.reportCrashURL', + 'dom.popup_allowed_events', + 'dom.popup_maximum', + 'dom.push.connection.enabled', + 'dom.push.enabled', + 'dom.push.serverURL', + 'dom.push.userAgentID', + 'dom.serviceWorkers.enabled', + 'dom.vibrator.enabled', + 'dom.webaudio.enabled', + 'dom.webnotifications.enabled', + 'dom.webnotifications.serviceworker.enabled', + 'dom.workers.enabled', + 'experiments.activeExperiment', + 'experiments.enabled', + 'experiments.manifest.uri', + 'experiments.supported', + 'extensions.autoDisableScopes', + 'extensions.blocklist.enabled', + 'extensions.blocklist.url', + 'extensions.enabledScopes', + 'extensions.formautofill.addresses.enabled', + 'extensions.formautofill.available', + 'extensions.formautofill.creditCards.enabled', + 'extensions.formautofill.heuristics.enabled', + 'extensions.getAddons.cache.enabled', + 'extensions.getAddons.showPane', + 'extensions.pocket.enabled', + 'extensions.shield-recipe-client.api_url', + 'extensions.shield-recipe-client.enabled', + 'extensions.update.autoUpdateDefault', + 'extensions.webcompat-reporter.enabled', + 'extensions.webextensions.keepStorageOnUninstall', + 'extensions.webextensions.keepUuidOnUninstall', + 'extensions.webservice.discoverURL', + 'font.blacklist.underline_offset', + 'full-screen-api.enabled', + 'general.useragent.compatMode.firefox', + 'general.useragent.locale', + 'general.warnOnAboutConfig', + 'geo.wifi.uri', + 'gfx.downloadable_fonts.enabled', + 'gfx.downloadable_fonts.woff2.enabled', + 'gfx.font_rendering.graphite.enabled', + 'gfx.font_rendering.opentype_svg.enabled', + 'gfx.offscreencanvas.enabled', + 'intl.accept_languages', + 'intl.locale.matchOS', + 'intl.regional_prefs.use_os_locales', + 'javascript.options.asmjs', + 'javascript.options.wasm', + 'javascript.use_us_english_locale', + 'keyword.enabled', + 'layers.acceleration.disabled', + 'layout.css.font-loading-api.enabled', + 'layout.css.visited_links_enabled', + 'layout.spellcheckDefault', + 'lightweightThemes.update.enabled', + 'mathml.disabled', + 'media.autoplay.enabled', + 'media.block-autoplay-until-in-foreground', + 'media.eme.enabled', + 'media.getusermedia.audiocapture.enabled', + 'media.getusermedia.browser.enabled', + 'media.getusermedia.screensharing.allowed_domains', + 'media.getusermedia.screensharing.enabled', + 'media.gmp-gmpopenh264.autoupdate', + 'media.gmp-gmpopenh264.enabled', + 'media.gmp-manager.updateEnabled', + 'media.gmp-manager.url', + 'media.gmp-manager.url.override', + 'media.gmp-provider.enabled', + 'media.gmp-widevinecdm.autoupdate', + 'media.gmp-widevinecdm.enabled', + 'media.gmp-widevinecdm.visible', + 'media.gmp.trial-create.enabled', + 'media.navigator.enabled', + 'media.navigator.video.enabled', + 'media.ondevicechange.enabled', + 'media.peerconnection.enabled', + 'media.peerconnection.ice.default_address_only', + 'media.peerconnection.ice.no_host', + 'media.peerconnection.ice.tcp', + 'media.peerconnection.identity.enabled', + 'media.peerconnection.identity.timeout', + 'media.peerconnection.turn.disable', + 'media.peerconnection.use_document_iceservers', + 'media.peerconnection.video.enabled', + 'middlemouse.contentLoadURL', + 'network.allow-experiments', + 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'network.captive-portal-service.enabled', + 'network.cookie.cookieBehavior', + 'network.cookie.leave-secure-alone', + 'network.cookie.thirdparty.sessionOnly', + 'network.dns.blockDotOnion', + 'network.dns.disablePrefetch', + 'network.dns.disablePrefetchFromHTTPS', + 'network.http.altsvc.enabled', + 'network.http.altsvc.oe', + 'network.http.redirection-limit', + 'network.http.referer.hideOnionSource', + 'network.http.referer.spoofSource', + 'network.http.referer.trimmingPolicy', + 'network.http.referer.userControlPolicy', + 'network.http.referer.XOriginPolicy', + 'network.http.referer.XOriginTrimmingPolicy', + 'network.http.sendRefererHeader', + 'network.http.spdy.enabled', + 'network.http.spdy.enabled.deps', + 'network.http.spdy.enabled.http2', + 'network.http.speculative-parallel-limit', + 'network.IDN_show_punycode', + 'network.jar.block-remote-files', + 'network.jar.open-unsafe-types', + 'network.manage-offline-status', + 'network.predictor.enable-prefetch', + 'network.predictor.enabled', + 'network.prefetch-next', + 'network.protocol-handler.external.ms-windows-store', + 'network.proxy.autoconfig_url.include_path', + 'network.proxy.socks_remote_dns', + 'network.stricttransportsecurity.preloadlist', + 'offline-apps.allow_by_default', + 'pdfjs.disabled', + 'pdfjs.enableWebGL', + 'permissions.manager.defaultsUrl', + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.scan.plid.all', + 'plugin.sessionPermissionNow.intervalInMinutes', + 'plugins.click_to_play', + 'privacy.clearOnShutdown.cache', + 'privacy.clearOnShutdown.cookies', + 'privacy.clearOnShutdown.downloads', + 'privacy.clearOnShutdown.formdata', + 'privacy.clearOnShutdown.history', + 'privacy.clearOnShutdown.offlineApps', + 'privacy.clearOnShutdown.sessions', + 'privacy.clearOnShutdown.siteSettings', + 'privacy.cpd.cache', + 'privacy.cpd.cookies', + 'privacy.cpd.formdata', + 'privacy.cpd.history', + 'privacy.cpd.offlineApps', + 'privacy.cpd.passwords', + 'privacy.cpd.sessions', + 'privacy.cpd.siteSettings', + 'privacy.donottrackheader.enabled', + 'privacy.firstparty.isolate', + 'privacy.firstparty.isolate.restrict_opener_access', + 'privacy.resistFingerprinting', + 'privacy.sanitize.sanitizeOnShutdown', + 'privacy.sanitize.timeSpan', + 'privacy.trackingprotection.ui.enabled', + 'security.ask_for_password', + 'security.block_script_with_wrong_mime', + 'security.cert_pinning.enforcement_level', + 'security.csp.enable', + 'security.csp.experimentalEnabled', + 'security.data_uri.block_toplevel_data_uri_navigations', + 'security.dialog_enable_delay', + 'security.family_safety.mode', + 'security.fileuri.strict_origin_policy', + 'security.insecure_field_warning.contextual.enabled', + 'security.insecure_password.ui.enabled', + 'security.mixed_content.block_active_content', + 'security.mixed_content.send_hsts_priming', + 'security.mixed_content.use_hsts', + 'security.OCSP.enabled', + 'security.OCSP.require', + 'security.password_lifetime', + 'security.pki.sha1_enforcement_level', + 'security.sri.enable', + 'security.ssl.disable_session_identifiers', + 'security.ssl.enable_ocsp_stapling', + 'security.ssl.errorReporting.automatic', + 'security.ssl.errorReporting.enabled', + 'security.ssl.errorReporting.url', + 'security.ssl.treat_unsafe_negotiation_as_broken', + 'security.tls.enable_0rtt_data', + 'security.tls.version.fallback-limit', + 'security.tls.version.max', + 'security.tls.version.min', + 'security.xpconnect.plugin.unrestricted', + 'services.blocklist.signing.enforced', + 'services.blocklist.update_enabled', + 'signon.autofillForms', + 'signon.autofillForms.http', + 'signon.formlessCapture.enabled', + 'signon.storeWhenAutocompleteOff', + 'startup.homepage_override_url', + 'startup.homepage_welcome_url', + 'startup.homepage_welcome_url.additional', + 'toolkit.telemetry.archive.enabled', + 'toolkit.telemetry.bhrPing.enabled', + 'toolkit.telemetry.cachedClientID', + 'toolkit.telemetry.enabled', + 'toolkit.telemetry.firstShutdownPing.enabled', + 'toolkit.telemetry.newProfilePing.enabled', + 'toolkit.telemetry.server', + 'toolkit.telemetry.shutdownPingSender.enabled', + 'toolkit.telemetry.unified', + 'toolkit.telemetry.updatePing.enabled', + 'ui.submenuDelay', + 'ui.use_standins_for_native_colors', + 'view_source.tab', + 'webchannel.allowObject.urlWhitelist', + 'webgl.disable-extensions', + 'webgl.disable-fail-if-major-performance-caveat', + 'webgl.disabled', + 'webgl.dxgl.enabled', + 'webgl.enable-debug-renderer-info', + 'webgl.enable-webgl2', + 'webgl.min_capability_mode', + + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 4ae5967e09b33a39827e64a2016c03ed7fa73ffd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 02:02:04 +1300 Subject: [PATCH 0524/1961] Update ghacks-clear-all-up-to-57-[the-rest-inactive].js --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index ee941e5..eaad147 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -18,7 +18,7 @@ (function() { let ops = [ - /* 119 INACTIVE prefs in 57-alpha master */ + /* 118 INACTIVE prefs in 57-alpha master */ 'accessibility.typeaheadfind', 'app.update.enabled', 'browser.cache.memory.capacity', From 11b0b779b8a86fc840e0d71acd74763ba01e2798 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 06:13:40 +1300 Subject: [PATCH 0525/1961] fixes #308 --- user.js | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 6ea7dc2..03e8d06 100644 --- a/user.js +++ b/user.js @@ -476,14 +476,15 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0810: disable location bar making speculative connections (FF56+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0850a: disable location bar autocomplete [controlled by 0850b] ***/ - // user_pref("browser.urlbar.autocomplete.enabled", false); -/* 0850b: disable location bar suggestion types [controls 0850a] +/* 0850a: disable location bar autocomplete and suggestion types + * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' + * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false + * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true + * If you do not enforce the above, the settings may not be applied by the user.js * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest - * [NOTE] If any of these are true, 0850a will be FORCED to true - * and if all three are false, 0850a will be FORCED to false - * [WARNING] If all three are false, search engine keywords are disabled ***/ + * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/ +user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); @@ -493,7 +494,7 @@ user_pref("browser.urlbar.suggest.openpage", false); * be displayed (no we do not know how these are calculated or what the threshold is), * and this does not affect the search by search engine suggestion (see 0808) * [USAGE] This setting is only useful if you want to enable search engine keywords - * (i.e. at least one of 0850b must be true) but you want to *limit* suggestions shown ***/ + * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ From 4fc7490405b4e223bf376a6743a01518162db478 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 06:20:16 +1300 Subject: [PATCH 0526/1961] comment out three items see #308 --- .../ghacks-clear-all-up-to-57-[the-rest-active].js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js index c310078..5521336 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js @@ -122,9 +122,9 @@ 'browser.urlbar.maxHistoricalSearchSuggestions', 'browser.urlbar.oneOffSearches', 'browser.urlbar.speculativeConnect.enabled', - 'browser.urlbar.suggest.bookmark', - 'browser.urlbar.suggest.history', - 'browser.urlbar.suggest.openpage', + // 'browser.urlbar.suggest.bookmark', // this may not get reset by your user.js - see issue #308 + // 'browser.urlbar.suggest.history', // ditto + // 'browser.urlbar.suggest.openpage', // ditto 'browser.urlbar.suggest.searches', 'browser.urlbar.trimURLs', 'browser.urlbar.usepreloadedtopurls.enabled', From ab492c58c3719fe7c3e25fbd54cfd375290b4692 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 07:05:15 +1300 Subject: [PATCH 0527/1961] 0850a: remove cruff --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 03e8d06..6f018b7 100644 --- a/user.js +++ b/user.js @@ -480,7 +480,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true - * If you do not enforce the above, the settings may not be applied by the user.js * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/ From 4d2c26790f94d45488aaa27cdd6ad00a48b3cf9d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 07:51:35 +1300 Subject: [PATCH 0528/1961] wiki link changes --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6f018b7..63156d2 100644 --- a/user.js +++ b/user.js @@ -21,7 +21,7 @@ * Some user data is erased on close (section 2800), namely history (browsing, form, download) * Cookies are denied by default (2701), we use site exceptions. This breaks extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below - [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Setting-Extension-Permission-Exceptions + [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) or enable them as an alternative to RFP or for ESR users @@ -34,7 +34,7 @@ before using to avoid unexpected surprises - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) - 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-keeping-up-to-date + 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance ******/ From 8f68ee3e9ed018c389780af0f2e344eab65afcbe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:27:21 +1300 Subject: [PATCH 0529/1961] fix url --- scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js index 644dd69..bd3dc0d 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js @@ -6,7 +6,7 @@ It is in reverse order, so feel free to remove sections that do not apply For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] ***/ From b9c8329778071117e6bcaa307a1692c371e2e289 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:27:58 +1300 Subject: [PATCH 0530/1961] fix url --- .../ghacks-clear-all-up-to-57-[RFP-alternatives].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js index ac5ebb1..f972fee 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js @@ -5,7 +5,7 @@ or they conlfict with, privacy.resistFingerprinting if you have that enabled. For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] ***/ From abbbf8ef0eae89e574b3f508529c9f4b43136db0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:28:28 +1300 Subject: [PATCH 0531/1961] fix url --- scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js index 27e098f..5603fa6 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js @@ -4,7 +4,7 @@ from the ghacks user.js up to and including release 57-alpha For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] ***/ From f5a4ec0cbd83c5985dfb706a4864c6ba7ff78107 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:28:58 +1300 Subject: [PATCH 0532/1961] fix url --- .../ghacks-clear-all-up-to-57-[the-rest-active].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js index 5521336..ff8d551 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js @@ -12,7 +12,7 @@ These have been broken into two scripts for convenience For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] ***/ From 24df3274f19b40d93073ce83181fbeb42d2da3d1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:29:29 +1300 Subject: [PATCH 0533/1961] fix url --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index eaad147..ba3f039 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -12,7 +12,7 @@ These have been broken into two scripts for convenience For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] ***/ From f8ec9cebdd382350f5a8fbfce1d2cb987cbbb9b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Dec 2017 10:31:09 +1300 Subject: [PATCH 0534/1961] fix url --- scratchpad-scripts/ghacks-clear-57-[changes-only].js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-57-[changes-only].js b/scratchpad-scripts/ghacks-clear-57-[changes-only].js index 08ee19c..b3ab65f 100644 --- a/scratchpad-scripts/ghacks-clear-57-[changes-only].js +++ b/scratchpad-scripts/ghacks-clear-57-[changes-only].js @@ -1,8 +1,7 @@ -/* see https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.6-Bulk-Pref-Resetting-[Scratchpad] */ +/* see https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] */ (function() { let ops = [ - '_user.js.parrot', /* --- 57-alpha --- */ /* commented out */ 'browser.storageManager.enabled', @@ -26,7 +25,9 @@ 'social.share.activationPanelEnabled', 'social.shareDirectory', 'social.toast-notifications.enabled', - 'social.whitelist' + 'social.whitelist', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' ] if("undefined" === typeof(Services)) { From e663b8a968f5b36a39d732e0a82c66507b7791cf Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sat, 9 Dec 2017 16:49:42 +0000 Subject: [PATCH 0535/1961] 3.2 Prevent issues handling the script when the name includes spaces. + Formatting. --- updater.bat | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/updater.bat b/updater.bat index 90a4080..2569b9e 100644 --- a/updater.bat +++ b/updater.bat @@ -39,11 +39,10 @@ IF DEFINED _updateb ( REM The normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( IF EXIST "[updated]!_myname!.bat" ( - REM Phase 3 - REM The new script, with the original name, should: - REM Delete the [updated]*.bat script - REM Begin the normal script routine. - REN [updated]!_myname!.bat [updated]!_myname!.bat.old + REM ## Phase 3 ##: The new script, with the original name, will: + REM * Delete the [updated]*.bat script + REM * Begin the normal routine + REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" DEL /F "[updated]!_myname!.bat.old" ECHO Script updated^^! ECHO. @@ -52,11 +51,10 @@ IF DEFINED _updateb ( ECHO. GOTO begin ) - REM Phase 1 - REM -updatebatch will: - REM Download new batch and name it [updated]*.bat - REM Open that script in a new CMD window. - REM Exit + REM ## Phase 1 ## + REM * Download new batch and name it [updated]*.bat + REM * Start that script in a new CMD window + REM * Exit ECHO Updating script... ECHO. REM Uncomment the next line and comment the powershell call for testing. @@ -79,14 +77,13 @@ IF DEFINED _updateb ( ECHO. TIMEOUT 300 >nul ) ELSE ( - REM Phase 2 - REM The [updated]*.bat script will: - REM Copy itself overwriting the original batch. - REM Start that script in a new CMD instance. - REM Exit. + REM ## Phase 2 ##: The [updated]*.bat script will: + REM * Copy itself overwriting the original batch + REM * Start that script in a new CMD instance + REM * Exit IF EXIST !_myname:~9!.bat ( - REN !_myname:~9!.bat !_myname:~9!.bat.old - DEL /F !_myname:~9!.bat.old + REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" + DEL /F "!_myname:~9!.bat.old" ) COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! From 77ca6af2d943a1af53ebce59219c7a57d7f19731 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 10 Dec 2017 01:20:39 +0000 Subject: [PATCH 0536/1961] I said 3.2. I'm not me if I don't miss something. --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 2569b9e..a90c22a 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.1 +REM ## version: 3.2 SET _myname=%~n0 SET _myparams=%* @@ -81,7 +81,7 @@ IF DEFINED _updateb ( REM * Copy itself overwriting the original batch REM * Start that script in a new CMD instance REM * Exit - IF EXIST !_myname:~9!.bat ( + IF EXIST "!_myname:~9!.bat" ( REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" DEL /F "!_myname:~9!.bat.old" ) From 323da462047eddc1eba70a6af70b3a8c384f5690 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Dec 2017 05:21:08 +1300 Subject: [PATCH 0537/1961] 4500: RFP warn if language set to non en-US fixes #304 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 63156d2..b53372a 100644 --- a/user.js +++ b/user.js @@ -1587,6 +1587,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) + ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From fbd9f344af3cb6d0fb320de57497278887cc4b83 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 15 Dec 2017 21:11:53 +0100 Subject: [PATCH 0538/1961] prefs.js cleaner for Windows v1.0 thanks @claustromaniac! --- prefsCleaner.bat | 115 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 prefsCleaner.bat diff --git a/prefsCleaner.bat b/prefsCleaner.bat new file mode 100644 index 0000000..5f4b2e8 --- /dev/null +++ b/prefsCleaner.bat @@ -0,0 +1,115 @@ +@ECHO OFF +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 1.0 + +SETLOCAL EnableDelayedExpansion +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### author: @claustromaniac #### +ECHO #### version: 1.0 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 ( EXIT /B ) +IF ERRORLEVEL 2 ( GOTO :showhelp ) +IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) +IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" +CALL :message "Cleaning prefs.js... +CALL :cleanup +CLS +CALL :message "All done." +TIMEOUT 5 >nul +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + ECHO: + ECHO close Firefox first^^! + ECHO: + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( + SET "_line=%%H" + SETLOCAL EnableDelayedExpansion + SET "_pref=!_line: =!" + IF /I "user_pref"=="!_pref:~0,9!" ( + FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) + SET _pref=!_pref:"=""! + FIND /I "!_pref!" user.js >nul + IF ERRORLEVEL 1 ( + ECHO:!_line! + ) + ) ELSE ( + ECHO:!_line! + ) + ENDLOCAL + ) +)>tempcleanedprefs +ENDLOCAL +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### From 2f5ae9b294fe07c3c4414bdfaa3b80345ac4afe3 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sat, 16 Dec 2017 17:55:08 +0000 Subject: [PATCH 0539/1961] v4.0b Fixes: - Merge function: *no longer has the potential to truncate super long lines. *no more issues with exclamation marks in user_pref lines. Improvements: - Overall better performance due to ECHO syntax changes. - Merge function on steroids! Faster than ever, and no longer generates temporary files at all. As it always should have been. Changes, Additions, Substractions: - Leading spaces are no longer ignored by the merge function. Lines to be merged must begin with user_pref. - Added header with name, author, version. - Added help sub-menu. - Added special message when no override files are found when using -multiOverrides. - Formatting changes. --- updater.bat | 269 +++++++++++++++++++++++++--------------------------- 1 file changed, 127 insertions(+), 142 deletions(-) diff --git a/updater.bat b/updater.bat index a90c22a..86a60c5 100644 --- a/updater.bat +++ b/updater.bat @@ -1,40 +1,23 @@ -@ECHO OFF +@ECHO OFF & SETLOCAL EnableDelayedExpansion TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 3.2 +REM ## version: 4.0b1 SET _myname=%~n0 SET _myparams=%* -SETLOCAL EnableDelayedExpansion :parse -IF "%~1"=="" ( - GOTO endparse -) -IF /I "%~1"=="-unattended" ( - SET _ua=1 -) -IF /I "%~1"=="-log" ( - SET _log=1 -) -IF /I "%~1"=="-logp" ( - SET _log=1 - SET _logp=1 -) -IF /I "%~1"=="-multioverrides" ( - SET _multi=1 -) -IF /I "%~1"=="-merge" ( - SET _merge=1 -) -IF /I "%~1"=="-updatebatch" ( - SET _updateb=1 -) +IF "%~1"=="" ( GOTO endparse ) +IF /I "%~1"=="-unattended" ( SET _ua=1 ) +IF /I "%~1"=="-log" ( SET _log=1 ) +IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) +IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) +IF /I "%~1"=="-merge" ( SET _merge=1 ) +IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) SHIFT GOTO parse :endparse -ECHO. IF DEFINED _updateb ( REM The normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( @@ -44,19 +27,16 @@ IF DEFINED _updateb ( REM * Begin the normal routine REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" DEL /F "[updated]!_myname!.bat.old" - ECHO Script updated^^! - ECHO. + CALL :message "Script updated^^! TIMEOUT 3 >nul CLS - ECHO. GOTO begin ) REM ## Phase 1 ## REM * Download new batch and name it [updated]*.bat REM * Start that script in a new CMD window REM * Exit - ECHO Updating script... - ECHO. + CALL :message "Updating script..." REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( @@ -66,15 +46,13 @@ IF DEFINED _updateb ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! EXIT /B ) ELSE ( - ECHO Failed. Make sure PowerShell is allowed internet access. - ECHO. + CALL :message "Failed. Make sure PowerShell is allowed internet access." TIMEOUT 120 >nul EXIT /B ) ) ELSE ( IF "!_myname!"=="[updated]" ( - ECHO The [updated] label is reserved. Rename this script and try again. - ECHO. + CALL :message "The [updated] label is reserved. Rename this script and try again." TIMEOUT 300 >nul ) ELSE ( REM ## Phase 2 ##: The [updated]*.bat script will: @@ -92,180 +70,187 @@ IF DEFINED _updateb ( ) ) :begin +ECHO: +ECHO: +ECHO: ######################################## +ECHO: #### user.js Updater for Windows #### +ECHO: #### by claustromaniac #### +ECHO: #### v4.0 #### +ECHO: ######################################## +ECHO: SET /A "_line=0" IF NOT EXIST user.js ( - ECHO user.js not detected in the current directory. + CALL :message "user.js not detected in the current directory." ) ELSE ( FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( SET /A "_line+=1" - IF !_line! GEQ 4 ( - GOTO exitloop - ) - IF !_line! EQU 1 ( - SET _name=%%H - ) - IF !_line! EQU 2 ( - SET _date=%%H - ) - IF !_line! EQU 3 ( - SET _version=%%G - ) + IF !_line! GEQ 4 ( GOTO exitloop ) + IF !_line! EQU 1 ( SET _name=%%H ) + IF !_line! EQU 2 ( SET _date=%%H ) + IF !_line! EQU 3 ( SET _version=%%G ) ) :exitloop IF !_line! GEQ 4 ( - IF /I NOT "!_name!"=="!_name:ghacks=X!" ( - ECHO ghacks user.js !_version:~2!,!_date! + IF /I NOT "!_name!"=="!_name:ghacks=!" ( + CALL :message "ghacks user.js !_version:~2!,!_date!" ) ELSE ( - ECHO Current user.js version not recognised. + CALL :message "Current user.js version not recognised." ) ) ELSE ( - ECHO Current user.js version not recognised. + CALL :message "Current user.js version not recognised." ) ) -ECHO. +ECHO: IF NOT DEFINED _ua ( - ECHO. - ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it. - ECHO. - ECHO Visit the wiki for more detailed information. - ECHO. - CHOICE /M "Continue" - IF ERRORLEVEL 2 ( EXIT /B ) + CALL :message "This batch should be run from your Firefox profile directory." + ECHO: It will download the latest version of ghacks user.js from github and then + CALL :message "append any of your own changes from user-overrides.js to it." + CALL :message "Visit the wiki for more detailed information." + ECHO: + TIMEOUT 1 /nobreak >nul + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 ( EXIT /B ) + IF ERRORLEVEL 2 ( GOTO :showhelp ) ) -CLS -ECHO. IF DEFINED _log ( CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp ( - START user.js-update-log.txt - ) + IF DEFINED _logp ( START user.js-update-log.txt ) EXIT /B :log - ECHO ################################################################## - ECHO. - ECHO %date%, %time% - ECHO. + ECHO:################################################################## + CALL :message "%date%, %time%" ) IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) IF EXIST user.js ( IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) REN user.js user.js.bak - ECHO Current user.js file backed up. - ECHO. + CALL :message "Current user.js file backed up. ) -ECHO Retrieving latest user.js file from github repository... +CALL :message "Retrieving latest user.js file from github repository..." ( powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" ) >nul 2>&1 -ECHO. IF EXIST user.js ( IF DEFINED _multi ( - ECHO Multiple overrides enabled. List of files found: - FORFILES /P user.js-overrides /M *.js - IF %ERRORLEVEL% EQU 0 ( + FORFILES /P user.js-overrides /M *.js >nul + IF NOT ERRORLEVEL 1 ( IF DEFINED _merge ( - ECHO. - ECHO Merging... - ECHO. - COPY /B /V /Y user.js-overrides\*.js user-overrides - CALL :merge user-overrides user-overrides-merged.js - COPY /B /V /Y user.js+user-overrides-merged.js updatertempfile - CALL :merge updatertempfile user.js + CALL :message "Merging..." + COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + CALL :merge user-overrides-merged.js + COPY /B /V /Y user.js+user-overrides-merged.js user.js + CALL :merge user.js ) ELSE ( - ECHO. - ECHO Appending... - ECHO. + CALL :message "Appending..." COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js ) - ) - ECHO. + ) ELSE ( CALL :message "No override files found." ) + ECHO: ) ELSE ( IF EXIST "user-overrides.js" ( + COPY /B /V /Y user.js+"user-overrides.js" "user.js" IF DEFINED _merge ( - ECHO Merging user-overrides.js... - COPY /B /V /Y user.js+user-overrides.js updatertempfile - CALL :merge updatertempfile user.js + CALL :message "Merging user-overrides.js..." + CALL :merge user.js ) ELSE ( - ECHO Appending user-overrides.js... - ECHO. - COPY /B /V /Y user.js+"user-overrides.js" "user.js" + CALL :message "user-overrides.js appended." ) - ) ELSE ( - ECHO user-overrides.js not found. - ) - ECHO. + ) ELSE ( CALL :message "user-overrides.js not found." ) + ECHO: ) - ECHO Handling backups... + CALL :message "Handling backups..." SET "changed=" IF EXIST user.js.bak ( FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" ) - ECHO. - ECHO. + ECHO: IF "!changed!"=="true" ( IF EXIST user.js.old.bak DEL /F user.js.old.bak - ECHO Update complete. + CALL :message "Update complete." ) ELSE ( IF "!changed!"=="false" ( DEL /F user.js.bak IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak - ECHO Update completed without changes. - ) ELSE ( - ECHO Update complete. - ) + CALL :message "Update completed without changes." + ) ELSE ( CALL :message "Update complete." ) ) - ECHO. + ECHO: ) ELSE ( IF EXIST user.js.bak ( REN user.js.bak user.js ) IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) - ECHO. - ECHO Update failed. Make sure PowerShell is allowed internet access. - ECHO. - ECHO No changes were made. - ECHO. + CALL :message "Update failed. Make sure PowerShell is allowed internet access." + CALL :message "No changes were made." ) IF NOT DEFINED _log ( - IF NOT DEFINED _ua PAUSE + IF NOT DEFINED _ua ( PAUSE ) ) EXIT /B -REM ###### Merge function ###### +REM ########### Message Function ########### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ############ Merge function ############ :merge -IF EXIST updatertempfile1 ( DEL /F updatertempfile1 ) -SETLOCAL disabledelayedexpansion +SETLOCAL DisableDelayedExpansion ( - FOR /F "tokens=1,* delims=]" %%G IN ('FIND /n /v "" ^< "%~1"') DO ( - SET "_pref=%%H" - SETLOCAL enabledelayedexpansion - SET "_temp=!_pref: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - IF /I NOT "user.js.parrot"=="!_temp:~12,14!" ( - FOR /F "delims=," %%S IN ("!_pref!") DO ( - SET "_pref=%%S" - ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" updatertempfile1 >nul 2>&1 - IF ERRORLEVEL 1 ( - FOR /F "tokens=* delims=" %%X IN ('FIND /I "!_pref!" %~1') DO ( - SET "_temp=%%X" - SET "_temp=!_temp: =!" - IF /I "user_pref"=="!_temp:~0,9!" ( - SET "_pref=%%X" - ) + FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") + FOR /F "tokens=2,* delims=:," %%I IN ('FINDSTR /N "^" "%~1"') DO ( + IF NOT [user_pref("_user.js.parrot"]==[%%I] ( + IF DEFINED %%I ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%K IN ("!%%I!") DO ( + ENDLOCAL + IF NOT "%%K"=="ALREADY MERGED" ( + ECHO:%%I,%%K + SET "%%I=ALREADY MERGED" ) - ECHO(!_pref! - ECHO(!_pref!>>updatertempfile1 ) ) ELSE ( - ECHO(!_pref! + IF "%%J"=="" ( + ECHO:%%I + ) ELSE ( + ECHO:%%I,%%J + ) ) ) ELSE ( - ECHO(!_pref! + ECHO:%%I,%%J ) - ENDLOCAL ) -)>%~2 +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul ENDLOCAL -DEL /F %1 updatertempfile1 >nul GOTO :EOF -REM ############################ +REM ############### Help ################## +:showhelp +MODE 80,38 +CLS +CALL :message "Available switches (case-insensitive):" +CALL :message " -log" +ECHO: Writes the console output to a logfile (user.js-update-log.txt) +CALL :message " -logP" +ECHO: Like log, but also opens the logfile after updating. +CALL :message " -merge" +ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot +ECHO: lines are appended normally. Overrides for inactive (commented out) +ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used +ECHO: together, a user-overrides-merged.js file is also generated in the root +ECHO: directory for quick reference. It contains only the merged data from +ECHO: override files and can be safely discarded after updating, or used as the +ECHO: new user-overrides.js. When there are conflicting records for the same +ECHO: pref, the value of the last one declared will be used. +CALL :message " -multiOverrides" +ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: instead of the default user-overrides.js file. Files are appended in +ECHO: alphabetical order. +CALL :message " -updatebatch" +ECHO: The script will update itself on execution. +CALL :message "" +PAUSE +CLS +MODE 80,25 +GOTO :begin +REM ##################################### From 1262edee6176bbb24312b4ad364f215715f704ba Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 17 Dec 2017 13:02:34 +0100 Subject: [PATCH 0540/1961] tiny issues space instead of TAB, missing quotation marks and suppressing the error message when no *.js files are found in the OR-folder --- updater.bat | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/updater.bat b/updater.bat index 86a60c5..b67833f 100644 --- a/updater.bat +++ b/updater.bat @@ -13,7 +13,7 @@ IF /I "%~1"=="-unattended" ( SET _ua=1 ) IF /I "%~1"=="-log" ( SET _log=1 ) IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) -IF /I "%~1"=="-merge" ( SET _merge=1 ) +IF /I "%~1"=="-merge" ( SET _merge=1 ) IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) SHIFT GOTO parse @@ -102,7 +102,7 @@ IF NOT EXIST user.js ( ) ECHO: IF NOT DEFINED _ua ( - CALL :message "This batch should be run from your Firefox profile directory." + CALL :message "This batch should be run from your Firefox profile directory." ECHO: It will download the latest version of ghacks user.js from github and then CALL :message "append any of your own changes from user-overrides.js to it." CALL :message "Visit the wiki for more detailed information." @@ -115,7 +115,7 @@ IF NOT DEFINED _ua ( ) IF DEFINED _log ( CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp ( START user.js-update-log.txt ) + IF DEFINED _logp ( START user.js-update-log.txt ) EXIT /B :log ECHO:################################################################## @@ -125,7 +125,7 @@ IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) IF EXIST user.js ( IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) REN user.js user.js.bak - CALL :message "Current user.js file backed up. + CALL :message "Current user.js file backed up." ) CALL :message "Retrieving latest user.js file from github repository..." ( @@ -133,7 +133,7 @@ CALL :message "Retrieving latest user.js file from github repository..." ) >nul 2>&1 IF EXIST user.js ( IF DEFINED _multi ( - FORFILES /P user.js-overrides /M *.js >nul + FORFILES /P user.js-overrides /M *.js >nul 2>&1 IF NOT ERRORLEVEL 1 ( IF DEFINED _merge ( CALL :message "Merging..." From 240bcbfbee4d622ca0aabdfdc1b5c8ce46632981 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 17 Dec 2017 13:46:39 +0000 Subject: [PATCH 0541/1961] 4.0b2 Not all issues fixed yet. --- updater.bat | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/updater.bat b/updater.bat index b67833f..c277ae5 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0b1 +REM ## version: 4.0b2 SET _myname=%~n0 SET _myparams=%* @@ -27,7 +27,7 @@ IF DEFINED _updateb ( REM * Begin the normal routine REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^^! + CALL :message "Script updated^!" TIMEOUT 3 >nul CLS GOTO begin @@ -189,35 +189,35 @@ EXIT /B REM ########### Message Function ########### :message +SETLOCAL DisableDelayedExpansion ECHO: ECHO: %~1 ECHO: +ENDLOCAL GOTO :EOF REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") - FOR /F "tokens=2,* delims=:," %%I IN ('FINDSTR /N "^" "%~1"') DO ( - IF NOT [user_pref("_user.js.parrot"]==[%%I] ( - IF DEFINED %%I ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%K IN ("!%%I!") DO ( - ENDLOCAL - IF NOT "%%K"=="ALREADY MERGED" ( - ECHO:%%I,%%K - SET "%%I=ALREADY MERGED" + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( + FOR /F "tokens=1,* delims=," %%K IN ("%%J") DO ( + IF NOT [user_pref("_user.js.parrot"]==[%%K] ( + IF DEFINED %%K ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%M IN ("!%%K!") DO ( + ENDLOCAL + IF NOT "%%M"=="ALREADY MERGED" ( + ECHO:%%K,%%M + SET "%%K=ALREADY MERGED" + ) ) + ) ELSE ( + ECHO:%%J ) ) ELSE ( - IF "%%J"=="" ( - ECHO:%%I - ) ELSE ( - ECHO:%%I,%%J - ) + ECHO:%%J ) - ) ELSE ( - ECHO:%%I,%%J ) ) )>updatertempfile From c9f62822a6934b693aeb59a5788bbffc0555b1a0 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 17 Dec 2017 15:01:06 +0000 Subject: [PATCH 0542/1961] 4.0b3 - Fix for empty lines. - Went back to using FIND in the main loop for the good reasons stated by @earthing --- updater.bat | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index c277ae5..388e70b 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0b2 +REM ## version: 4.0b3 SET _myname=%~n0 SET _myparams=%* @@ -200,15 +200,15 @@ REM ############ Merge function ############ SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") - FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - FOR /F "tokens=1,* delims=," %%K IN ("%%J") DO ( + FOR /F "tokens=1,* delims=]" %%I IN ('FIND /N /V "" ^< "%~1"') DO ( + FOR /F "delims=," %%K IN ("%%J") DO ( IF NOT [user_pref("_user.js.parrot"]==[%%K] ( IF DEFINED %%K ( SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%M IN ("!%%K!") DO ( + FOR /F "delims=" %%L IN ("!%%K!") DO ( ENDLOCAL - IF NOT "%%M"=="ALREADY MERGED" ( - ECHO:%%K,%%M + IF NOT "%%L"=="ALREADY MERGED" ( + ECHO:%%K,%%L SET "%%K=ALREADY MERGED" ) ) From ca947c6ae4b62f60be3719b10e72fb160cf0b9c8 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 17 Dec 2017 15:02:52 +0000 Subject: [PATCH 0543/1961] 4.0b3 - ignore the previous commit lol --- updater.bat | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/updater.bat b/updater.bat index 388e70b..b7f65c9 100644 --- a/updater.bat +++ b/updater.bat @@ -201,22 +201,26 @@ SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") FOR /F "tokens=1,* delims=]" %%I IN ('FIND /N /V "" ^< "%~1"') DO ( - FOR /F "delims=," %%K IN ("%%J") DO ( - IF NOT [user_pref("_user.js.parrot"]==[%%K] ( - IF DEFINED %%K ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("!%%K!") DO ( - ENDLOCAL - IF NOT "%%L"=="ALREADY MERGED" ( - ECHO:%%K,%%L - SET "%%K=ALREADY MERGED" + IF ""=="%%J" ( + ECHO: + ) ELSE ( + FOR /F "delims=," %%K IN ("%%J") DO ( + IF NOT [user_pref("_user.js.parrot"]==[%%K] ( + IF DEFINED %%K ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("!%%K!") DO ( + ENDLOCAL + IF NOT "%%L"=="ALREADY MERGED" ( + ECHO:%%K,%%L + SET "%%K=ALREADY MERGED" + ) ) + ) ELSE ( + ECHO:%%J ) ) ELSE ( ECHO:%%J ) - ) ELSE ( - ECHO:%%J ) ) ) From 25321e726242e26fcb94f45ca26116c33a5696e5 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 17 Dec 2017 15:59:55 +0000 Subject: [PATCH 0544/1961] 4.0? --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index b7f65c9..1797731 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0b3 +REM ## version: 4.0 SET _myname=%~n0 SET _myparams=%* @@ -200,7 +200,7 @@ REM ############ Merge function ############ SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") - FOR /F "tokens=1,* delims=]" %%I IN ('FIND /N /V "" ^< "%~1"') DO ( + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( IF ""=="%%J" ( ECHO: ) ELSE ( From 901670fffc66932a9431832e5120c04ddd7c91de Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 18 Dec 2017 12:26:03 +0000 Subject: [PATCH 0545/1961] Convert BAT line-endings to CRLF LF is messing with calls to :message in the updater, at least on my end. --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index c57b4ca..57a69e7 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,5 +4,6 @@ *.md text *.yml text *.txt text +*.bat text eol=crlf *.png binary From be563241d66fd0531f426a542bf2b3522b1b4f82 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 15:10:18 +0100 Subject: [PATCH 0546/1961] Update updater.bat --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 1797731..794f9c6 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0 +REM ## version: 4.1 SET _myname=%~n0 SET _myparams=%* From eeef37154de263216246da10b5965a5baf418417 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 15:10:35 +0100 Subject: [PATCH 0547/1961] Update updater.bat --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 794f9c6..1797731 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.1 +REM ## version: 4.0 SET _myname=%~n0 SET _myparams=%* From 8f4ab833017cc0c0ddb45ea163f601c96809e631 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 15:38:18 +0100 Subject: [PATCH 0548/1961] Create test.bat --- test.bat | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test.bat diff --git a/test.bat b/test.bat new file mode 100644 index 0000000..2adf2e3 --- /dev/null +++ b/test.bat @@ -0,0 +1,3 @@ +@ECHO OFF + +REM TEST From 1789fd902b5b12c394eb1630ebce538e87223a73 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 15:39:01 +0100 Subject: [PATCH 0549/1961] Delete test.bat --- test.bat | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 test.bat diff --git a/test.bat b/test.bat deleted file mode 100644 index 2adf2e3..0000000 --- a/test.bat +++ /dev/null @@ -1,3 +0,0 @@ -@ECHO OFF - -REM TEST From 1571e067e752da31dcb1c420f49548a1ed67c095 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:01:46 +0100 Subject: [PATCH 0550/1961] convert to CRLF on the fly MORE also converts TABs to spaces, by default to 8 but I changed it to 4 --- updater.bat | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 1797731..af116d2 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0 +REM ## version: 4.1 SET _myname=%~n0 SET _myparams=%* @@ -40,9 +40,11 @@ IF DEFINED _updateb ( REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.new')" ) >nul 2>&1 - IF EXIST "[updated]!_myname!.bat" ( + IF EXIST "[updated]!_myname!.new" ( + TYPE "[updated]!_myname!.new" | MORE /E /P /T4 > "[updated]!_myname!.bat" + DEL /F "[updated]!_myname!.new" >nul START /min CMD /C "[updated]!_myname!.bat" !_myparams! EXIT /B ) ELSE ( @@ -75,7 +77,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.0 #### +ECHO: #### v4.1 #### ECHO: ######################################## ECHO: SET /A "_line=0" From 6973bb459c219a7e7cca385d67a5ace31417183f Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:33:21 +0100 Subject: [PATCH 0551/1961] FIND instead of MORE to keep TABS intact --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index af116d2..54ee373 100644 --- a/updater.bat +++ b/updater.bat @@ -43,7 +43,7 @@ IF DEFINED _updateb ( powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.new')" ) >nul 2>&1 IF EXIST "[updated]!_myname!.new" ( - TYPE "[updated]!_myname!.new" | MORE /E /P /T4 > "[updated]!_myname!.bat" + TYPE "[updated]!_myname!.new" | FIND /V "" > "[updated]!_myname!.bat" DEL /F "[updated]!_myname!.new" >nul START /min CMD /C "[updated]!_myname!.bat" !_myparams! EXIT /B From 21b21d2adb9daf05a311596c804e0359f440d090 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:44:36 +0100 Subject: [PATCH 0552/1961] Update .gitattributes --- .gitattributes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index 57a69e7..726eca1 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,6 +4,6 @@ *.md text *.yml text *.txt text -*.bat text eol=crlf +*.bat -text eol=crlf *.png binary From 16e8d6ca7a795987b206d849b7aa96080e3887d0 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:48:15 +0100 Subject: [PATCH 0553/1961] Update updater.bat --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 54ee373..93b20b6 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ### ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.1 +REM ## version: 4.0 SET _myname=%~n0 SET _myparams=%* From 464ffcd7e6595d4c2aa25d2b5b84ff5aa669f631 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:54:38 +0100 Subject: [PATCH 0554/1961] Update .gitattributes --- .gitattributes | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitattributes b/.gitattributes index 726eca1..12c1178 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,9 +1,9 @@ -* text=auto +## * text=auto -*.js text -*.md text -*.yml text -*.txt text -*.bat -text eol=crlf +*.js text=auto +*.md text=auto +*.yml text=auto +*.txt text=auto +*.bat eol=crlf *.png binary From e0cd64391c6bf4d615e9acbae4bf03411dd07b1f Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:56:28 +0100 Subject: [PATCH 0555/1961] Create test.bat --- test.bat | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test.bat diff --git a/test.bat b/test.bat new file mode 100644 index 0000000..2adf2e3 --- /dev/null +++ b/test.bat @@ -0,0 +1,3 @@ +@ECHO OFF + +REM TEST From 877d6a5af2c35e1a8448b32bbbdc8cb3dad2ece2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 16:58:02 +0100 Subject: [PATCH 0556/1961] Delete test.bat --- test.bat | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 test.bat diff --git a/test.bat b/test.bat deleted file mode 100644 index 2adf2e3..0000000 --- a/test.bat +++ /dev/null @@ -1,3 +0,0 @@ -@ECHO OFF - -REM TEST From 8af0d4fa7a2a4fb61640c4be54cee729be52e914 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 18 Dec 2017 17:27:51 +0100 Subject: [PATCH 0557/1961] Update .gitattributes --- .gitattributes | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitattributes b/.gitattributes index 12c1178..44c1eeb 100644 --- a/.gitattributes +++ b/.gitattributes @@ -7,3 +7,7 @@ *.bat eol=crlf *.png binary + +.gitattributes export-ignore +*.yml export-ignore +wikipiki export-ignore From ea76ea91af8150ab5fcbc3da61f2eaa959b52eb2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:22:32 +0100 Subject: [PATCH 0558/1961] Add files via upload --- updater2.bat | 262 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) create mode 100644 updater2.bat diff --git a/updater2.bat b/updater2.bat new file mode 100644 index 0000000..602aeb2 --- /dev/null +++ b/updater2.bat @@ -0,0 +1,262 @@ +@ECHO OFF & SETLOCAL EnableDelayedExpansion +TITLE ghacks user.js updater + +REM ### ghacks-user.js updater for Windows +REM ## author: @claustromaniac +REM ## version: 4.0 + +SET _myname=%~n0 +SET _myparams=%* +:parse +IF "%~1"=="" ( GOTO endparse ) +IF /I "%~1"=="-unattended" ( SET _ua=1 ) +IF /I "%~1"=="-log" ( SET _log=1 ) +IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) +IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) +IF /I "%~1"=="-merge" ( SET _merge=1 ) +IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) +SHIFT +GOTO parse +:endparse +IF DEFINED _updateb ( + REM The normal flow here goes from phase 1 to phase 2 and then phase 3. + IF NOT "!_myname:~0,9!"=="[updated]" ( + IF EXIST "[updated]!_myname!.bat" ( + REM ## Phase 3 ##: The new script, with the original name, will: + REM * Delete the [updated]*.bat script + REM * Begin the normal routine + REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" + DEL /F "[updated]!_myname!.bat.old" + CALL :message "Script updated^!" + TIMEOUT 3 >nul + CLS + GOTO begin + ) + REM ## Phase 1 ## + REM * Download new batch and name it [updated]*.bat + REM * Start that script in a new CMD window + REM * Exit + CALL :message "Updating script..." + REM Uncomment the next line and comment the powershell call for testing. + REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + ( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.new')" + ) >nul 2>&1 + IF EXIST "[updated]!_myname!.new" ( + TYPE "[updated]!_myname!.new" | FIND /V "" > "[updated]!_myname!.bat" + DEL /F "[updated]!_myname!.new" >nul + START /min CMD /C "[updated]!_myname!.bat" !_myparams! + EXIT /B + ) ELSE ( + CALL :message "Failed. Make sure PowerShell is allowed internet access." + TIMEOUT 120 >nul + EXIT /B + ) + ) ELSE ( + IF "!_myname!"=="[updated]" ( + CALL :message "The [updated] label is reserved. Rename this script and try again." + TIMEOUT 300 >nul + ) ELSE ( + REM ## Phase 2 ##: The [updated]*.bat script will: + REM * Copy itself overwriting the original batch + REM * Start that script in a new CMD instance + REM * Exit + IF EXIST "!_myname:~9!.bat" ( + REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" + DEL /F "!_myname:~9!.bat.old" + ) + COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + START CMD /C "!_myname:~9!.bat" !_myparams! + ) + EXIT /B + ) +) +:begin +ECHO: +ECHO: +ECHO: ######################################## +ECHO: #### user.js Updater for Windows #### +ECHO: #### by claustromaniac #### +ECHO: #### v4.1 #### +ECHO: ######################################## +ECHO: +SET /A "_line=0" +IF NOT EXIST user.js ( + CALL :message "user.js not detected in the current directory." +) ELSE ( + FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( + SET /A "_line+=1" + IF !_line! GEQ 4 ( GOTO exitloop ) + IF !_line! EQU 1 ( SET _name=%%H ) + IF !_line! EQU 2 ( SET _date=%%H ) + IF !_line! EQU 3 ( SET _version=%%G ) + ) + :exitloop + IF !_line! GEQ 4 ( + IF /I NOT "!_name!"=="!_name:ghacks=!" ( + CALL :message "ghacks user.js !_version:~2!,!_date!" + ) ELSE ( + CALL :message "Current user.js version not recognised." + ) + ) ELSE ( + CALL :message "Current user.js version not recognised." + ) +) +ECHO: +IF NOT DEFINED _ua ( + CALL :message "This batch should be run from your Firefox profile directory." + ECHO: It will download the latest version of ghacks user.js from github and then + CALL :message "append any of your own changes from user-overrides.js to it." + CALL :message "Visit the wiki for more detailed information." + ECHO: + TIMEOUT 1 /nobreak >nul + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 ( EXIT /B ) + IF ERRORLEVEL 2 ( GOTO :showhelp ) +) +IF DEFINED _log ( + CALL :log >>user.js-update-log.txt 2>&1 + IF DEFINED _logp ( START user.js-update-log.txt ) + EXIT /B + :log + ECHO:################################################################## + CALL :message "%date%, %time%" +) +IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) +IF EXIST user.js ( + IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) + REN user.js user.js.bak + CALL :message "Current user.js file backed up." +) +CALL :message "Retrieving latest user.js file from github repository..." +( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" +) >nul 2>&1 +IF EXIST user.js ( + IF DEFINED _multi ( + FORFILES /P user.js-overrides /M *.js >nul 2>&1 + IF NOT ERRORLEVEL 1 ( + IF DEFINED _merge ( + CALL :message "Merging..." + COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + CALL :merge user-overrides-merged.js + COPY /B /V /Y user.js+user-overrides-merged.js user.js + CALL :merge user.js + ) ELSE ( + CALL :message "Appending..." + COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js + ) + ) ELSE ( CALL :message "No override files found." ) + ECHO: + ) ELSE ( + IF EXIST "user-overrides.js" ( + COPY /B /V /Y user.js+"user-overrides.js" "user.js" + IF DEFINED _merge ( + CALL :message "Merging user-overrides.js..." + CALL :merge user.js + ) ELSE ( + CALL :message "user-overrides.js appended." + ) + ) ELSE ( CALL :message "user-overrides.js not found." ) + ECHO: + ) + CALL :message "Handling backups..." + SET "changed=" + IF EXIST user.js.bak ( + FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" + ) + ECHO: + IF "!changed!"=="true" ( + IF EXIST user.js.old.bak DEL /F user.js.old.bak + CALL :message "Update complete." + ) ELSE ( + IF "!changed!"=="false" ( + DEL /F user.js.bak + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + CALL :message "Update completed without changes." + ) ELSE ( CALL :message "Update complete." ) + ) + ECHO: +) ELSE ( + IF EXIST user.js.bak ( REN user.js.bak user.js ) + IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) + CALL :message "Update failed. Make sure PowerShell is allowed internet access." + CALL :message "No changes were made." +) +IF NOT DEFINED _log ( + IF NOT DEFINED _ua ( PAUSE ) +) +EXIT /B + +REM ########### Message Function ########### +:message +SETLOCAL DisableDelayedExpansion +ECHO: +ECHO: %~1 +ECHO: +ENDLOCAL +GOTO :EOF +REM ############ Merge function ############ +:merge +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( + IF ""=="%%J" ( + ECHO: + ) ELSE ( + FOR /F "delims=," %%K IN ("%%J") DO ( + IF NOT [user_pref("_user.js.parrot"]==[%%K] ( + IF DEFINED %%K ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("!%%K!") DO ( + ENDLOCAL + IF NOT "%%L"=="ALREADY MERGED" ( + ECHO:%%K,%%L + SET "%%K=ALREADY MERGED" + ) + ) + ) ELSE ( + ECHO:%%J + ) + ) ELSE ( + ECHO:%%J + ) + ) + ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,38 +CLS +CALL :message "Available switches (case-insensitive):" +CALL :message " -log" +ECHO: Writes the console output to a logfile (user.js-update-log.txt) +CALL :message " -logP" +ECHO: Like log, but also opens the logfile after updating. +CALL :message " -merge" +ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot +ECHO: lines are appended normally. Overrides for inactive (commented out) +ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used +ECHO: together, a user-overrides-merged.js file is also generated in the root +ECHO: directory for quick reference. It contains only the merged data from +ECHO: override files and can be safely discarded after updating, or used as the +ECHO: new user-overrides.js. When there are conflicting records for the same +ECHO: pref, the value of the last one declared will be used. +CALL :message " -multiOverrides" +ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: instead of the default user-overrides.js file. Files are appended in +ECHO: alphabetical order. +CALL :message " -updatebatch" +ECHO: The script will update itself on execution. +CALL :message "" +PAUSE +CLS +MODE 80,25 +GOTO :begin +REM ##################################### From 88b08d4ac5fd9287089067e3a22940ee11d3326b Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:24:19 +0100 Subject: [PATCH 0559/1961] Delete updater.bat --- updater.bat | 262 ---------------------------------------------------- 1 file changed, 262 deletions(-) delete mode 100644 updater.bat diff --git a/updater.bat b/updater.bat deleted file mode 100644 index 93b20b6..0000000 --- a/updater.bat +++ /dev/null @@ -1,262 +0,0 @@ -@ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE ghacks user.js updater - -REM ### ghacks-user.js updater for Windows -REM ## author: @claustromaniac -REM ## version: 4.0 - -SET _myname=%~n0 -SET _myparams=%* -:parse -IF "%~1"=="" ( GOTO endparse ) -IF /I "%~1"=="-unattended" ( SET _ua=1 ) -IF /I "%~1"=="-log" ( SET _log=1 ) -IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) -IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) -IF /I "%~1"=="-merge" ( SET _merge=1 ) -IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) -SHIFT -GOTO parse -:endparse -IF DEFINED _updateb ( - REM The normal flow here goes from phase 1 to phase 2 and then phase 3. - IF NOT "!_myname:~0,9!"=="[updated]" ( - IF EXIST "[updated]!_myname!.bat" ( - REM ## Phase 3 ##: The new script, with the original name, will: - REM * Delete the [updated]*.bat script - REM * Begin the normal routine - REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" - DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^!" - TIMEOUT 3 >nul - CLS - GOTO begin - ) - REM ## Phase 1 ## - REM * Download new batch and name it [updated]*.bat - REM * Start that script in a new CMD window - REM * Exit - CALL :message "Updating script..." - REM Uncomment the next line and comment the powershell call for testing. - REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" - ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.new')" - ) >nul 2>&1 - IF EXIST "[updated]!_myname!.new" ( - TYPE "[updated]!_myname!.new" | FIND /V "" > "[updated]!_myname!.bat" - DEL /F "[updated]!_myname!.new" >nul - START /min CMD /C "[updated]!_myname!.bat" !_myparams! - EXIT /B - ) ELSE ( - CALL :message "Failed. Make sure PowerShell is allowed internet access." - TIMEOUT 120 >nul - EXIT /B - ) - ) ELSE ( - IF "!_myname!"=="[updated]" ( - CALL :message "The [updated] label is reserved. Rename this script and try again." - TIMEOUT 300 >nul - ) ELSE ( - REM ## Phase 2 ##: The [updated]*.bat script will: - REM * Copy itself overwriting the original batch - REM * Start that script in a new CMD instance - REM * Exit - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" - DEL /F "!_myname:~9!.bat.old" - ) - COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" - START CMD /C "!_myname:~9!.bat" !_myparams! - ) - EXIT /B - ) -) -:begin -ECHO: -ECHO: -ECHO: ######################################## -ECHO: #### user.js Updater for Windows #### -ECHO: #### by claustromaniac #### -ECHO: #### v4.1 #### -ECHO: ######################################## -ECHO: -SET /A "_line=0" -IF NOT EXIST user.js ( - CALL :message "user.js not detected in the current directory." -) ELSE ( - FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( - SET /A "_line+=1" - IF !_line! GEQ 4 ( GOTO exitloop ) - IF !_line! EQU 1 ( SET _name=%%H ) - IF !_line! EQU 2 ( SET _date=%%H ) - IF !_line! EQU 3 ( SET _version=%%G ) - ) - :exitloop - IF !_line! GEQ 4 ( - IF /I NOT "!_name!"=="!_name:ghacks=!" ( - CALL :message "ghacks user.js !_version:~2!,!_date!" - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) -) -ECHO: -IF NOT DEFINED _ua ( - CALL :message "This batch should be run from your Firefox profile directory." - ECHO: It will download the latest version of ghacks user.js from github and then - CALL :message "append any of your own changes from user-overrides.js to it." - CALL :message "Visit the wiki for more detailed information." - ECHO: - TIMEOUT 1 /nobreak >nul - CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" - CLS - IF ERRORLEVEL 3 ( EXIT /B ) - IF ERRORLEVEL 2 ( GOTO :showhelp ) -) -IF DEFINED _log ( - CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp ( START user.js-update-log.txt ) - EXIT /B - :log - ECHO:################################################################## - CALL :message "%date%, %time%" -) -IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) -IF EXIST user.js ( - IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) - REN user.js user.js.bak - CALL :message "Current user.js file backed up." -) -CALL :message "Retrieving latest user.js file from github repository..." -( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" -) >nul 2>&1 -IF EXIST user.js ( - IF DEFINED _multi ( - FORFILES /P user.js-overrides /M *.js >nul 2>&1 - IF NOT ERRORLEVEL 1 ( - IF DEFINED _merge ( - CALL :message "Merging..." - COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js - CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js+user-overrides-merged.js user.js - CALL :merge user.js - ) ELSE ( - CALL :message "Appending..." - COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js - ) - ) ELSE ( CALL :message "No override files found." ) - ECHO: - ) ELSE ( - IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js+"user-overrides.js" "user.js" - IF DEFINED _merge ( - CALL :message "Merging user-overrides.js..." - CALL :merge user.js - ) ELSE ( - CALL :message "user-overrides.js appended." - ) - ) ELSE ( CALL :message "user-overrides.js not found." ) - ECHO: - ) - CALL :message "Handling backups..." - SET "changed=" - IF EXIST user.js.bak ( - FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" - ) - ECHO: - IF "!changed!"=="true" ( - IF EXIST user.js.old.bak DEL /F user.js.old.bak - CALL :message "Update complete." - ) ELSE ( - IF "!changed!"=="false" ( - DEL /F user.js.bak - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak - CALL :message "Update completed without changes." - ) ELSE ( CALL :message "Update complete." ) - ) - ECHO: -) ELSE ( - IF EXIST user.js.bak ( REN user.js.bak user.js ) - IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) - CALL :message "Update failed. Make sure PowerShell is allowed internet access." - CALL :message "No changes were made." -) -IF NOT DEFINED _log ( - IF NOT DEFINED _ua ( PAUSE ) -) -EXIT /B - -REM ########### Message Function ########### -:message -SETLOCAL DisableDelayedExpansion -ECHO: -ECHO: %~1 -ECHO: -ENDLOCAL -GOTO :EOF -REM ############ Merge function ############ -:merge -SETLOCAL DisableDelayedExpansion -( - FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") - FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - IF ""=="%%J" ( - ECHO: - ) ELSE ( - FOR /F "delims=," %%K IN ("%%J") DO ( - IF NOT [user_pref("_user.js.parrot"]==[%%K] ( - IF DEFINED %%K ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("!%%K!") DO ( - ENDLOCAL - IF NOT "%%L"=="ALREADY MERGED" ( - ECHO:%%K,%%L - SET "%%K=ALREADY MERGED" - ) - ) - ) ELSE ( - ECHO:%%J - ) - ) ELSE ( - ECHO:%%J - ) - ) - ) - ) -)>updatertempfile -MOVE /Y updatertempfile "%~1" >nul -ENDLOCAL -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,38 -CLS -CALL :message "Available switches (case-insensitive):" -CALL :message " -log" -ECHO: Writes the console output to a logfile (user.js-update-log.txt) -CALL :message " -logP" -ECHO: Like log, but also opens the logfile after updating. -CALL :message " -merge" -ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot -ECHO: lines are appended normally. Overrides for inactive (commented out) -ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used -ECHO: together, a user-overrides-merged.js file is also generated in the root -ECHO: directory for quick reference. It contains only the merged data from -ECHO: override files and can be safely discarded after updating, or used as the -ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. -CALL :message " -multiOverrides" -ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides -ECHO: instead of the default user-overrides.js file. Files are appended in -ECHO: alphabetical order. -CALL :message " -updatebatch" -ECHO: The script will update itself on execution. -CALL :message "" -PAUSE -CLS -MODE 80,25 -GOTO :begin -REM ##################################### From 148daa94cfc42847c46c5a0b0c23fc4c7aef23cb Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:24:36 +0100 Subject: [PATCH 0560/1961] Delete updater2.bat --- updater2.bat | 262 --------------------------------------------------- 1 file changed, 262 deletions(-) delete mode 100644 updater2.bat diff --git a/updater2.bat b/updater2.bat deleted file mode 100644 index 602aeb2..0000000 --- a/updater2.bat +++ /dev/null @@ -1,262 +0,0 @@ -@ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE ghacks user.js updater - -REM ### ghacks-user.js updater for Windows -REM ## author: @claustromaniac -REM ## version: 4.0 - -SET _myname=%~n0 -SET _myparams=%* -:parse -IF "%~1"=="" ( GOTO endparse ) -IF /I "%~1"=="-unattended" ( SET _ua=1 ) -IF /I "%~1"=="-log" ( SET _log=1 ) -IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) -IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) -IF /I "%~1"=="-merge" ( SET _merge=1 ) -IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) -SHIFT -GOTO parse -:endparse -IF DEFINED _updateb ( - REM The normal flow here goes from phase 1 to phase 2 and then phase 3. - IF NOT "!_myname:~0,9!"=="[updated]" ( - IF EXIST "[updated]!_myname!.bat" ( - REM ## Phase 3 ##: The new script, with the original name, will: - REM * Delete the [updated]*.bat script - REM * Begin the normal routine - REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" - DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^!" - TIMEOUT 3 >nul - CLS - GOTO begin - ) - REM ## Phase 1 ## - REM * Download new batch and name it [updated]*.bat - REM * Start that script in a new CMD window - REM * Exit - CALL :message "Updating script..." - REM Uncomment the next line and comment the powershell call for testing. - REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" - ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.new')" - ) >nul 2>&1 - IF EXIST "[updated]!_myname!.new" ( - TYPE "[updated]!_myname!.new" | FIND /V "" > "[updated]!_myname!.bat" - DEL /F "[updated]!_myname!.new" >nul - START /min CMD /C "[updated]!_myname!.bat" !_myparams! - EXIT /B - ) ELSE ( - CALL :message "Failed. Make sure PowerShell is allowed internet access." - TIMEOUT 120 >nul - EXIT /B - ) - ) ELSE ( - IF "!_myname!"=="[updated]" ( - CALL :message "The [updated] label is reserved. Rename this script and try again." - TIMEOUT 300 >nul - ) ELSE ( - REM ## Phase 2 ##: The [updated]*.bat script will: - REM * Copy itself overwriting the original batch - REM * Start that script in a new CMD instance - REM * Exit - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" - DEL /F "!_myname:~9!.bat.old" - ) - COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" - START CMD /C "!_myname:~9!.bat" !_myparams! - ) - EXIT /B - ) -) -:begin -ECHO: -ECHO: -ECHO: ######################################## -ECHO: #### user.js Updater for Windows #### -ECHO: #### by claustromaniac #### -ECHO: #### v4.1 #### -ECHO: ######################################## -ECHO: -SET /A "_line=0" -IF NOT EXIST user.js ( - CALL :message "user.js not detected in the current directory." -) ELSE ( - FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( - SET /A "_line+=1" - IF !_line! GEQ 4 ( GOTO exitloop ) - IF !_line! EQU 1 ( SET _name=%%H ) - IF !_line! EQU 2 ( SET _date=%%H ) - IF !_line! EQU 3 ( SET _version=%%G ) - ) - :exitloop - IF !_line! GEQ 4 ( - IF /I NOT "!_name!"=="!_name:ghacks=!" ( - CALL :message "ghacks user.js !_version:~2!,!_date!" - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) -) -ECHO: -IF NOT DEFINED _ua ( - CALL :message "This batch should be run from your Firefox profile directory." - ECHO: It will download the latest version of ghacks user.js from github and then - CALL :message "append any of your own changes from user-overrides.js to it." - CALL :message "Visit the wiki for more detailed information." - ECHO: - TIMEOUT 1 /nobreak >nul - CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" - CLS - IF ERRORLEVEL 3 ( EXIT /B ) - IF ERRORLEVEL 2 ( GOTO :showhelp ) -) -IF DEFINED _log ( - CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp ( START user.js-update-log.txt ) - EXIT /B - :log - ECHO:################################################################## - CALL :message "%date%, %time%" -) -IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) -IF EXIST user.js ( - IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) - REN user.js user.js.bak - CALL :message "Current user.js file backed up." -) -CALL :message "Retrieving latest user.js file from github repository..." -( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" -) >nul 2>&1 -IF EXIST user.js ( - IF DEFINED _multi ( - FORFILES /P user.js-overrides /M *.js >nul 2>&1 - IF NOT ERRORLEVEL 1 ( - IF DEFINED _merge ( - CALL :message "Merging..." - COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js - CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js+user-overrides-merged.js user.js - CALL :merge user.js - ) ELSE ( - CALL :message "Appending..." - COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js - ) - ) ELSE ( CALL :message "No override files found." ) - ECHO: - ) ELSE ( - IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js+"user-overrides.js" "user.js" - IF DEFINED _merge ( - CALL :message "Merging user-overrides.js..." - CALL :merge user.js - ) ELSE ( - CALL :message "user-overrides.js appended." - ) - ) ELSE ( CALL :message "user-overrides.js not found." ) - ECHO: - ) - CALL :message "Handling backups..." - SET "changed=" - IF EXIST user.js.bak ( - FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" - ) - ECHO: - IF "!changed!"=="true" ( - IF EXIST user.js.old.bak DEL /F user.js.old.bak - CALL :message "Update complete." - ) ELSE ( - IF "!changed!"=="false" ( - DEL /F user.js.bak - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak - CALL :message "Update completed without changes." - ) ELSE ( CALL :message "Update complete." ) - ) - ECHO: -) ELSE ( - IF EXIST user.js.bak ( REN user.js.bak user.js ) - IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) - CALL :message "Update failed. Make sure PowerShell is allowed internet access." - CALL :message "No changes were made." -) -IF NOT DEFINED _log ( - IF NOT DEFINED _ua ( PAUSE ) -) -EXIT /B - -REM ########### Message Function ########### -:message -SETLOCAL DisableDelayedExpansion -ECHO: -ECHO: %~1 -ECHO: -ENDLOCAL -GOTO :EOF -REM ############ Merge function ############ -:merge -SETLOCAL DisableDelayedExpansion -( - FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") - FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - IF ""=="%%J" ( - ECHO: - ) ELSE ( - FOR /F "delims=," %%K IN ("%%J") DO ( - IF NOT [user_pref("_user.js.parrot"]==[%%K] ( - IF DEFINED %%K ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("!%%K!") DO ( - ENDLOCAL - IF NOT "%%L"=="ALREADY MERGED" ( - ECHO:%%K,%%L - SET "%%K=ALREADY MERGED" - ) - ) - ) ELSE ( - ECHO:%%J - ) - ) ELSE ( - ECHO:%%J - ) - ) - ) - ) -)>updatertempfile -MOVE /Y updatertempfile "%~1" >nul -ENDLOCAL -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,38 -CLS -CALL :message "Available switches (case-insensitive):" -CALL :message " -log" -ECHO: Writes the console output to a logfile (user.js-update-log.txt) -CALL :message " -logP" -ECHO: Like log, but also opens the logfile after updating. -CALL :message " -merge" -ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot -ECHO: lines are appended normally. Overrides for inactive (commented out) -ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used -ECHO: together, a user-overrides-merged.js file is also generated in the root -ECHO: directory for quick reference. It contains only the merged data from -ECHO: override files and can be safely discarded after updating, or used as the -ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. -CALL :message " -multiOverrides" -ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides -ECHO: instead of the default user-overrides.js file. Files are appended in -ECHO: alphabetical order. -CALL :message " -updatebatch" -ECHO: The script will update itself on execution. -CALL :message "" -PAUSE -CLS -MODE 80,25 -GOTO :begin -REM ##################################### From 13534e33bce60f3879f61196ff4c63f92305180b Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:25:14 +0100 Subject: [PATCH 0561/1961] Add files via upload --- updater.bat | 260 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 260 insertions(+) create mode 100644 updater.bat diff --git a/updater.bat b/updater.bat new file mode 100644 index 0000000..579170d --- /dev/null +++ b/updater.bat @@ -0,0 +1,260 @@ +@ECHO OFF & SETLOCAL EnableDelayedExpansion +TITLE ghacks user.js updater + +REM ### ghacks-user.js updater for Windows +REM ## author: @claustromaniac +REM ## version: 4.0 + +SET _myname=%~n0 +SET _myparams=%* +:parse +IF "%~1"=="" ( GOTO endparse ) +IF /I "%~1"=="-unattended" ( SET _ua=1 ) +IF /I "%~1"=="-log" ( SET _log=1 ) +IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) +IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) +IF /I "%~1"=="-merge" ( SET _merge=1 ) +IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) +SHIFT +GOTO parse +:endparse +IF DEFINED _updateb ( + REM The normal flow here goes from phase 1 to phase 2 and then phase 3. + IF NOT "!_myname:~0,9!"=="[updated]" ( + IF EXIST "[updated]!_myname!.bat" ( + REM ## Phase 3 ##: The new script, with the original name, will: + REM * Delete the [updated]*.bat script + REM * Begin the normal routine + REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" + DEL /F "[updated]!_myname!.bat.old" + CALL :message "Script updated^!" + TIMEOUT 3 >nul + CLS + GOTO begin + ) + REM ## Phase 1 ## + REM * Download new batch and name it [updated]*.bat + REM * Start that script in a new CMD window + REM * Exit + CALL :message "Updating script..." + REM Uncomment the next line and comment the powershell call for testing. + REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + ( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" + ) >nul 2>&1 + IF EXIST "[updated]!_myname!.bat" ( + START /min CMD /C "[updated]!_myname!.bat" !_myparams! + EXIT /B + ) ELSE ( + CALL :message "Failed. Make sure PowerShell is allowed internet access." + TIMEOUT 120 >nul + EXIT /B + ) + ) ELSE ( + IF "!_myname!"=="[updated]" ( + CALL :message "The [updated] label is reserved. Rename this script and try again." + TIMEOUT 300 >nul + ) ELSE ( + REM ## Phase 2 ##: The [updated]*.bat script will: + REM * Copy itself overwriting the original batch + REM * Start that script in a new CMD instance + REM * Exit + IF EXIST "!_myname:~9!.bat" ( + REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" + DEL /F "!_myname:~9!.bat.old" + ) + COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + START CMD /C "!_myname:~9!.bat" !_myparams! + ) + EXIT /B + ) +) +:begin +ECHO: +ECHO: +ECHO: ######################################## +ECHO: #### user.js Updater for Windows #### +ECHO: #### by claustromaniac #### +ECHO: #### v4.0 #### +ECHO: ######################################## +ECHO: +SET /A "_line=0" +IF NOT EXIST user.js ( + CALL :message "user.js not detected in the current directory." +) ELSE ( + FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( + SET /A "_line+=1" + IF !_line! GEQ 4 ( GOTO exitloop ) + IF !_line! EQU 1 ( SET _name=%%H ) + IF !_line! EQU 2 ( SET _date=%%H ) + IF !_line! EQU 3 ( SET _version=%%G ) + ) + :exitloop + IF !_line! GEQ 4 ( + IF /I NOT "!_name!"=="!_name:ghacks=!" ( + CALL :message "ghacks user.js !_version:~2!,!_date!" + ) ELSE ( + CALL :message "Current user.js version not recognised." + ) + ) ELSE ( + CALL :message "Current user.js version not recognised." + ) +) +ECHO: +IF NOT DEFINED _ua ( + CALL :message "This batch should be run from your Firefox profile directory." + ECHO: It will download the latest version of ghacks user.js from github and then + CALL :message "append any of your own changes from user-overrides.js to it." + CALL :message "Visit the wiki for more detailed information." + ECHO: + TIMEOUT 1 /nobreak >nul + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 ( EXIT /B ) + IF ERRORLEVEL 2 ( GOTO :showhelp ) +) +IF DEFINED _log ( + CALL :log >>user.js-update-log.txt 2>&1 + IF DEFINED _logp ( START user.js-update-log.txt ) + EXIT /B + :log + ECHO:################################################################## + CALL :message "%date%, %time%" +) +IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) +IF EXIST user.js ( + IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) + REN user.js user.js.bak + CALL :message "Current user.js file backed up." +) +CALL :message "Retrieving latest user.js file from github repository..." +( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" +) >nul 2>&1 +IF EXIST user.js ( + IF DEFINED _multi ( + FORFILES /P user.js-overrides /M *.js >nul 2>&1 + IF NOT ERRORLEVEL 1 ( + IF DEFINED _merge ( + CALL :message "Merging..." + COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + CALL :merge user-overrides-merged.js + COPY /B /V /Y user.js+user-overrides-merged.js user.js + CALL :merge user.js + ) ELSE ( + CALL :message "Appending..." + COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js + ) + ) ELSE ( CALL :message "No override files found." ) + ECHO: + ) ELSE ( + IF EXIST "user-overrides.js" ( + COPY /B /V /Y user.js+"user-overrides.js" "user.js" + IF DEFINED _merge ( + CALL :message "Merging user-overrides.js..." + CALL :merge user.js + ) ELSE ( + CALL :message "user-overrides.js appended." + ) + ) ELSE ( CALL :message "user-overrides.js not found." ) + ECHO: + ) + CALL :message "Handling backups..." + SET "changed=" + IF EXIST user.js.bak ( + FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" + ) + ECHO: + IF "!changed!"=="true" ( + IF EXIST user.js.old.bak DEL /F user.js.old.bak + CALL :message "Update complete." + ) ELSE ( + IF "!changed!"=="false" ( + DEL /F user.js.bak + IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + CALL :message "Update completed without changes." + ) ELSE ( CALL :message "Update complete." ) + ) + ECHO: +) ELSE ( + IF EXIST user.js.bak ( REN user.js.bak user.js ) + IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) + CALL :message "Update failed. Make sure PowerShell is allowed internet access." + CALL :message "No changes were made." +) +IF NOT DEFINED _log ( + IF NOT DEFINED _ua ( PAUSE ) +) +EXIT /B + +REM ########### Message Function ########### +:message +SETLOCAL DisableDelayedExpansion +ECHO: +ECHO: %~1 +ECHO: +ENDLOCAL +GOTO :EOF +REM ############ Merge function ############ +:merge +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( + IF ""=="%%J" ( + ECHO: + ) ELSE ( + FOR /F "delims=," %%K IN ("%%J") DO ( + IF NOT [user_pref("_user.js.parrot"]==[%%K] ( + IF DEFINED %%K ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("!%%K!") DO ( + ENDLOCAL + IF NOT "%%L"=="ALREADY MERGED" ( + ECHO:%%K,%%L + SET "%%K=ALREADY MERGED" + ) + ) + ) ELSE ( + ECHO:%%J + ) + ) ELSE ( + ECHO:%%J + ) + ) + ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,38 +CLS +CALL :message "Available switches (case-insensitive):" +CALL :message " -log" +ECHO: Writes the console output to a logfile (user.js-update-log.txt) +CALL :message " -logP" +ECHO: Like log, but also opens the logfile after updating. +CALL :message " -merge" +ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot +ECHO: lines are appended normally. Overrides for inactive (commented out) +ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used +ECHO: together, a user-overrides-merged.js file is also generated in the root +ECHO: directory for quick reference. It contains only the merged data from +ECHO: override files and can be safely discarded after updating, or used as the +ECHO: new user-overrides.js. When there are conflicting records for the same +ECHO: pref, the value of the last one declared will be used. +CALL :message " -multiOverrides" +ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: instead of the default user-overrides.js file. Files are appended in +ECHO: alphabetical order. +CALL :message " -updatebatch" +ECHO: The script will update itself on execution. +CALL :message "" +PAUSE +CLS +MODE 80,25 +GOTO :begin +REM ##################################### From b74b79f11c32504d7cdea525fe6c3ad6c68d5a41 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:26:39 +0100 Subject: [PATCH 0562/1961] Delete prefsCleaner.bat --- prefsCleaner.bat | 115 ----------------------------------------------- 1 file changed, 115 deletions(-) delete mode 100644 prefsCleaner.bat diff --git a/prefsCleaner.bat b/prefsCleaner.bat deleted file mode 100644 index 5f4b2e8..0000000 --- a/prefsCleaner.bat +++ /dev/null @@ -1,115 +0,0 @@ -@ECHO OFF -TITLE prefs.js cleaner - -REM ### prefs.js cleaner for Windows -REM ## author: @claustromaniac -REM ## version: 1.0 - -SETLOCAL EnableDelayedExpansion -:begin -ECHO: -ECHO: -ECHO ######################################## -ECHO #### prefs.js cleaner for Windows #### -ECHO #### author: @claustromaniac #### -ECHO #### version: 1.0 #### -ECHO ######################################## -ECHO: -CALL :message "This script should be run from your Firefox profile directory." -ECHO It will remove any entries from prefs.js that also exist in user.js. -CALL :message "This will allow inactive preferences to be reset to their default values." -ECHO This Firefox profile shouldn't be in use during the process. -CALL :message "" -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 ( EXIT /B ) -IF ERRORLEVEL 2 ( GOTO :showhelp ) -IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) -IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) -CALL :FFcheck -CALL :message "Backing up prefs.js..." -COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" -CALL :message "Cleaning prefs.js... -CALL :cleanup -CLS -CALL :message "All done." -TIMEOUT 5 >nul -EXIT /B - -REM ########## Abort Function ########### -:abort -CALL :message %1 -TIMEOUT %~2 >nul -EXIT -REM ########## Message Function ######### -:message -ECHO: -ECHO: %~1 -ECHO: -GOTO :EOF -REM ####### Firefox Check Function ###### -:FFcheck -TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL -IF NOT ERRORLEVEL 1 ( - CLS - CALL :message "Firefox is still running." - ECHO If you're not currently using this profile you can continue, otherwise - ECHO: - ECHO close Firefox first^^! - ECHO: - ECHO: - PAUSE - CLS - CALL :message "Resuming..." - TIMEOUT 5 /nobreak >nul -) -GOTO :EOF -REM ######### Cleanup Function ########## -:cleanup -SETLOCAL DisableDelayedExpansion -( - FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( - SET "_line=%%H" - SETLOCAL EnableDelayedExpansion - SET "_pref=!_line: =!" - IF /I "user_pref"=="!_pref:~0,9!" ( - FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" user.js >nul - IF ERRORLEVEL 1 ( - ECHO:!_line! - ) - ) ELSE ( - ECHO:!_line! - ) - ENDLOCAL - ) -)>tempcleanedprefs -ENDLOCAL -MOVE /Y tempcleanedprefs prefs.js -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,34 -CLS -CALL :message "This script creates a backup of your prefs.js file before doing anything." -ECHO It should be safe, but you can follow these steps if something goes wrong: -ECHO: -CALL :message " 1. Make sure Firefox is closed." -ECHO 2. Delete prefs.js in your profile folder. -CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." -ECHO 4. Rename or copy your latest backup to prefs.js. -CALL :message " 5. Run Firefox and see if you notice anything wrong with it." -ECHO 6. If you do notice something wrong, especially with your extensions, -CALL :message " and/or with the UI, go to about:support, and restart Firefox with" -ECHO add-ons disabled. Then, restart it again normally, and see if the -CALL :message " problems were solved." -ECHO: -CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. -ECHO: -ECHO: -PAUSE -CLS -GOTO :begin -REM ##################################### From 48861e57e10386bdbf7e776ed18f538e1ce61354 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:26:58 +0100 Subject: [PATCH 0563/1961] Add files via upload --- prefsCleaner.bat | 115 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 prefsCleaner.bat diff --git a/prefsCleaner.bat b/prefsCleaner.bat new file mode 100644 index 0000000..fd40ac4 --- /dev/null +++ b/prefsCleaner.bat @@ -0,0 +1,115 @@ +@ECHO OFF +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 1.0 + +SETLOCAL EnableDelayedExpansion +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### author: @claustromaniac #### +ECHO #### version: 1.0 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 ( EXIT /B ) +IF ERRORLEVEL 2 ( GOTO :showhelp ) +IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) +IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" +CALL :message "Cleaning prefs.js... +CALL :cleanup +CLS +CALL :message "All done." +TIMEOUT 5 >nul +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + ECHO: + ECHO close Firefox first^^! + ECHO: + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( + SET "_line=%%H" + SETLOCAL EnableDelayedExpansion + SET "_pref=!_line: =!" + IF /I "user_pref"=="!_pref:~0,9!" ( + FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) + SET _pref=!_pref:"=""! + FIND /I "!_pref!" user.js >nul + IF ERRORLEVEL 1 ( + ECHO:!_line! + ) + ) ELSE ( + ECHO:!_line! + ) + ENDLOCAL + ) +)>tempcleanedprefs +ENDLOCAL +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### From ffae671b27b907a7c2509add77f5c8eb98d4abe2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:29:36 +0100 Subject: [PATCH 0564/1961] Delete prefsCleaner.bat --- prefsCleaner.bat | 115 ----------------------------------------------- 1 file changed, 115 deletions(-) delete mode 100644 prefsCleaner.bat diff --git a/prefsCleaner.bat b/prefsCleaner.bat deleted file mode 100644 index fd40ac4..0000000 --- a/prefsCleaner.bat +++ /dev/null @@ -1,115 +0,0 @@ -@ECHO OFF -TITLE prefs.js cleaner - -REM ### prefs.js cleaner for Windows -REM ## author: @claustromaniac -REM ## version: 1.0 - -SETLOCAL EnableDelayedExpansion -:begin -ECHO: -ECHO: -ECHO ######################################## -ECHO #### prefs.js cleaner for Windows #### -ECHO #### author: @claustromaniac #### -ECHO #### version: 1.0 #### -ECHO ######################################## -ECHO: -CALL :message "This script should be run from your Firefox profile directory." -ECHO It will remove any entries from prefs.js that also exist in user.js. -CALL :message "This will allow inactive preferences to be reset to their default values." -ECHO This Firefox profile shouldn't be in use during the process. -CALL :message "" -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 ( EXIT /B ) -IF ERRORLEVEL 2 ( GOTO :showhelp ) -IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) -IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) -CALL :FFcheck -CALL :message "Backing up prefs.js..." -COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" -CALL :message "Cleaning prefs.js... -CALL :cleanup -CLS -CALL :message "All done." -TIMEOUT 5 >nul -EXIT /B - -REM ########## Abort Function ########### -:abort -CALL :message %1 -TIMEOUT %~2 >nul -EXIT -REM ########## Message Function ######### -:message -ECHO: -ECHO: %~1 -ECHO: -GOTO :EOF -REM ####### Firefox Check Function ###### -:FFcheck -TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL -IF NOT ERRORLEVEL 1 ( - CLS - CALL :message "Firefox is still running." - ECHO If you're not currently using this profile you can continue, otherwise - ECHO: - ECHO close Firefox first^^! - ECHO: - ECHO: - PAUSE - CLS - CALL :message "Resuming..." - TIMEOUT 5 /nobreak >nul -) -GOTO :EOF -REM ######### Cleanup Function ########## -:cleanup -SETLOCAL DisableDelayedExpansion -( - FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( - SET "_line=%%H" - SETLOCAL EnableDelayedExpansion - SET "_pref=!_line: =!" - IF /I "user_pref"=="!_pref:~0,9!" ( - FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) - SET _pref=!_pref:"=""! - FIND /I "!_pref!" user.js >nul - IF ERRORLEVEL 1 ( - ECHO:!_line! - ) - ) ELSE ( - ECHO:!_line! - ) - ENDLOCAL - ) -)>tempcleanedprefs -ENDLOCAL -MOVE /Y tempcleanedprefs prefs.js -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,34 -CLS -CALL :message "This script creates a backup of your prefs.js file before doing anything." -ECHO It should be safe, but you can follow these steps if something goes wrong: -ECHO: -CALL :message " 1. Make sure Firefox is closed." -ECHO 2. Delete prefs.js in your profile folder. -CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." -ECHO 4. Rename or copy your latest backup to prefs.js. -CALL :message " 5. Run Firefox and see if you notice anything wrong with it." -ECHO 6. If you do notice something wrong, especially with your extensions, -CALL :message " and/or with the UI, go to about:support, and restart Firefox with" -ECHO add-ons disabled. Then, restart it again normally, and see if the -CALL :message " problems were solved." -ECHO: -CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. -ECHO: -ECHO: -PAUSE -CLS -GOTO :begin -REM ##################################### From 4170529e397f6656d5bb36a67cbb82303965fa87 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 17:31:49 +0100 Subject: [PATCH 0565/1961] Add files via upload --- prefsCleaner.bat | 115 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 prefsCleaner.bat diff --git a/prefsCleaner.bat b/prefsCleaner.bat new file mode 100644 index 0000000..fd40ac4 --- /dev/null +++ b/prefsCleaner.bat @@ -0,0 +1,115 @@ +@ECHO OFF +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 1.0 + +SETLOCAL EnableDelayedExpansion +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### author: @claustromaniac #### +ECHO #### version: 1.0 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 ( EXIT /B ) +IF ERRORLEVEL 2 ( GOTO :showhelp ) +IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) +IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" +CALL :message "Cleaning prefs.js... +CALL :cleanup +CLS +CALL :message "All done." +TIMEOUT 5 >nul +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + ECHO: + ECHO close Firefox first^^! + ECHO: + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( + SET "_line=%%H" + SETLOCAL EnableDelayedExpansion + SET "_pref=!_line: =!" + IF /I "user_pref"=="!_pref:~0,9!" ( + FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) + SET _pref=!_pref:"=""! + FIND /I "!_pref!" user.js >nul + IF ERRORLEVEL 1 ( + ECHO:!_line! + ) + ) ELSE ( + ECHO:!_line! + ) + ENDLOCAL + ) +)>tempcleanedprefs +ENDLOCAL +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### From 490d81657fc851bb74affa270b2ed37cbb8dcbac Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Dec 2017 18:37:24 +0100 Subject: [PATCH 0566/1961] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8eee826..5c3690b 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ The `ghacks user.js` is a **template**, which, as provided, aims to provide as m Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. +Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22) + ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... From 0938d7bab229311461e9107d7e7883cc1355ddfa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 22 Dec 2017 02:02:57 +1300 Subject: [PATCH 0567/1961] add license --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5c3690b..8f8af41 100644 --- a/README.md +++ b/README.md @@ -17,3 +17,6 @@ Literally thousands of sources, references and suggestions. That said... * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. + +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) license +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) From a1cae1ae74418ee1c4b92c21952d230a43976d61 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 22 Dec 2017 02:03:42 +1300 Subject: [PATCH 0568/1961] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 8f8af41..a6206fd 100644 --- a/README.md +++ b/README.md @@ -18,5 +18,4 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) license [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) From 987c996cce3bcd77edd68c320930c67e57af1b63 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 22 Dec 2017 02:04:37 +1300 Subject: [PATCH 0569/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6206fd..f928b1f 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,4 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) From dbe0056c95e75c690620a68db76789b9ba8632a9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Dec 2017 03:32:02 +1300 Subject: [PATCH 0570/1961] 4500: canvas site permissions --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index b53372a..e99112e 100644 --- a/user.js +++ b/user.js @@ -1586,6 +1586,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) + In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ***/ From 52efb2af7a351132b02978e44212fa9554ecd467 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:27:47 +1300 Subject: [PATCH 0571/1961] url change --- .../ghacks-clear-all-up-to-57-[the-rest-inactive].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js index ba3f039..8b62def 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js @@ -12,7 +12,7 @@ These have been broken into two scripts for convenience For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ From 99016960faddf8ad5524d968ecfad777f4eccf15 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:28:33 +1300 Subject: [PATCH 0572/1961] url change --- .../ghacks-clear-all-up-to-57-[the-rest-active].js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js index ff8d551..bea6d38 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js @@ -12,8 +12,8 @@ These have been broken into two scripts for convenience For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] - + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + ***/ (function() { From 83de87b18dfb59066c8c5a7ee0ed3e332984b262 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:28:58 +1300 Subject: [PATCH 0573/1961] url change --- scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js index 5603fa6..3adc242 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js @@ -4,7 +4,7 @@ from the ghacks user.js up to and including release 57-alpha For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ From 3ffdd679046391e543a463ed1a9f65c3a5aeb3c0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:29:18 +1300 Subject: [PATCH 0574/1961] url change --- scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js index bd3dc0d..39efa9e 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js @@ -6,7 +6,7 @@ It is in reverse order, so feel free to remove sections that do not apply For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ From db5706d949303a71776662b97b3675dfd25423d5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:29:36 +1300 Subject: [PATCH 0575/1961] url change --- .../ghacks-clear-all-up-to-57-[RFP-alternatives].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js index f972fee..8979edd 100644 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js +++ b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js @@ -5,7 +5,7 @@ or they conlfict with, privacy.resistFingerprinting if you have that enabled. For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ From 68efac4cc86df3c7876be1dd908e7a6eb94e090d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Dec 2017 16:30:53 +1300 Subject: [PATCH 0576/1961] url change --- scratchpad-scripts/ghacks-clear-57-[changes-only].js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-57-[changes-only].js b/scratchpad-scripts/ghacks-clear-57-[changes-only].js index b3ab65f..47b80d9 100644 --- a/scratchpad-scripts/ghacks-clear-57-[changes-only].js +++ b/scratchpad-scripts/ghacks-clear-57-[changes-only].js @@ -1,4 +1,9 @@ -/* see https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Bulk-Pref-Resetting-[Scratchpad] */ +/*** + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + +***/ (function() { let ops = [ From b9266bba1d178194dcc41e587562dfde26ef5df3 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 24 Dec 2017 16:49:33 +0000 Subject: [PATCH 0577/1961] 4.1 - added missing -unattended switch to the list of switches - other minor changes --- updater.bat | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/updater.bat b/updater.bat index 579170d..0d995ca 100644 --- a/updater.bat +++ b/updater.bat @@ -1,9 +1,10 @@ @ECHO OFF & SETLOCAL EnableDelayedExpansion TITLE ghacks user.js updater -REM ### ghacks-user.js updater for Windows +REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.0 +REM ## version: 4.1 +REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts SET _myname=%~n0 SET _myparams=%* @@ -75,7 +76,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.0 #### +ECHO: #### v4.1 #### ECHO: ######################################## ECHO: SET /A "_line=0" @@ -230,26 +231,29 @@ ENDLOCAL GOTO :EOF REM ############### Help ################## :showhelp -MODE 80,38 +MODE 80,43 CLS -CALL :message "Available switches (case-insensitive):" +CALL :message "Available arguments (case-insensitive):" CALL :message " -log" ECHO: Writes the console output to a logfile (user.js-update-log.txt) CALL :message " -logP" ECHO: Like log, but also opens the logfile after updating. CALL :message " -merge" -ECHO: Merges overrides instead of appending them. Comments and _user.js.parrot -ECHO: lines are appended normally. Overrides for inactive (commented out) +ECHO: Merges overrides instead of appending them. One-line comments and +ECHO: _user.js.parrot lines are appended normally. Overrides for inactive ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used ECHO: together, a user-overrides-merged.js file is also generated in the root ECHO: directory for quick reference. It contains only the merged data from ECHO: override files and can be safely discarded after updating, or used as the ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. +ECHO: pref, the value of the last one declared will be used. Visit the GitHub +ECHO: repository for usage examples and more detailed information. CALL :message " -multiOverrides" -ECHO: uses any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: Uses any and all .js files in a user.js-overrides sub-folder as overrides ECHO: instead of the default user-overrides.js file. Files are appended in ECHO: alphabetical order. +CALL :message " -unattended" +ECHO: Skips user input. CALL :message " -updatebatch" ECHO: The script will update itself on execution. CALL :message "" From 94bbb6bab400c734226664dafe831554471fc505 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 24 Dec 2017 16:55:17 +0000 Subject: [PATCH 0578/1961] minor change --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 0d995ca..f9a00f8 100644 --- a/updater.bat +++ b/updater.bat @@ -246,8 +246,8 @@ ECHO: together, a user-overrides-merged.js file is also generated in the roo ECHO: directory for quick reference. It contains only the merged data from ECHO: override files and can be safely discarded after updating, or used as the ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. Visit the GitHub -ECHO: repository for usage examples and more detailed information. +ECHO: pref, the value of the last one declared will be used. Visit the wiki +ECHO: for usage examples and more detailed information. CALL :message " -multiOverrides" ECHO: Uses any and all .js files in a user.js-overrides sub-folder as overrides ECHO: instead of the default user-overrides.js file. Files are appended in From 4f22afac7faf31035ed67b11464c400a389b0c03 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 25 Dec 2017 00:51:56 +0000 Subject: [PATCH 0579/1961] rewording --- updater.bat | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index f9a00f8..ba49a4b 100644 --- a/updater.bat +++ b/updater.bat @@ -235,11 +235,11 @@ MODE 80,43 CLS CALL :message "Available arguments (case-insensitive):" CALL :message " -log" -ECHO: Writes the console output to a logfile (user.js-update-log.txt) +ECHO: Write the console output to a logfile (user.js-update-log.txt) CALL :message " -logP" -ECHO: Like log, but also opens the logfile after updating. +ECHO: Like -log, but also open the logfile after updating. CALL :message " -merge" -ECHO: Merges overrides instead of appending them. One-line comments and +ECHO: Merge overrides instead of appending them. One-line comments and ECHO: _user.js.parrot lines are appended normally. Overrides for inactive ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used ECHO: together, a user-overrides-merged.js file is also generated in the root @@ -249,13 +249,13 @@ ECHO: new user-overrides.js. When there are conflicting records for the same ECHO: pref, the value of the last one declared will be used. Visit the wiki ECHO: for usage examples and more detailed information. CALL :message " -multiOverrides" -ECHO: Uses any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides ECHO: instead of the default user-overrides.js file. Files are appended in ECHO: alphabetical order. CALL :message " -unattended" -ECHO: Skips user input. +ECHO: Run without user input. CALL :message " -updatebatch" -ECHO: The script will update itself on execution. +ECHO: Update the script itself on execution, before the normal routine. CALL :message "" PAUSE CLS From 018fb2a321dc0f5201efcdbed5245d6e70de7526 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 25 Dec 2017 03:33:36 +0000 Subject: [PATCH 0580/1961] cosmetic stuff --- updater.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index ba49a4b..4ecc7fa 100644 --- a/updater.bat +++ b/updater.bat @@ -165,7 +165,6 @@ IF EXIST user.js ( IF EXIST user.js.bak ( FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" ) - ECHO: IF "!changed!"=="true" ( IF EXIST user.js.old.bak DEL /F user.js.old.bak CALL :message "Update complete." @@ -181,7 +180,7 @@ IF EXIST user.js ( IF EXIST user.js.bak ( REN user.js.bak user.js ) IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) CALL :message "Update failed. Make sure PowerShell is allowed internet access." - CALL :message "No changes were made." + ECHO: No changes were made. ) IF NOT DEFINED _log ( IF NOT DEFINED _ua ( PAUSE ) @@ -191,9 +190,9 @@ EXIT /B REM ########### Message Function ########### :message SETLOCAL DisableDelayedExpansion -ECHO: +IF NOT DEFINED _log (ECHO:) ECHO: %~1 -ECHO: +IF NOT DEFINED _log (ECHO:) ENDLOCAL GOTO :EOF REM ############ Merge function ############ From daff5f6fa6732f9eec5c6f2fc0262e33e0a80941 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 25 Dec 2017 03:48:39 +0000 Subject: [PATCH 0581/1961] cosmetic fix + formatting the fix in question just removes the extra space in the version + date output (line 91) --- updater.bat | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/updater.bat b/updater.bat index 4ecc7fa..1307958 100644 --- a/updater.bat +++ b/updater.bat @@ -9,13 +9,13 @@ REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Upd SET _myname=%~n0 SET _myparams=%* :parse -IF "%~1"=="" ( GOTO endparse ) -IF /I "%~1"=="-unattended" ( SET _ua=1 ) -IF /I "%~1"=="-log" ( SET _log=1 ) -IF /I "%~1"=="-logp" ( SET _log=1 & SET _logp=1 ) -IF /I "%~1"=="-multioverrides" ( SET _multi=1 ) -IF /I "%~1"=="-merge" ( SET _merge=1 ) -IF /I "%~1"=="-updatebatch" ( SET _updateb=1 ) +IF "%~1"=="" (GOTO endparse) +IF /I "%~1"=="-unattended" (SET _ua=1) +IF /I "%~1"=="-log" (SET _log=1) +IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) +IF /I "%~1"=="-multioverrides" (SET _multi=1) +IF /I "%~1"=="-merge" (SET _merge=1) +IF /I "%~1"=="-updatebatch" (SET _updateb=1) SHIFT GOTO parse :endparse @@ -85,10 +85,10 @@ IF NOT EXIST user.js ( ) ELSE ( FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( SET /A "_line+=1" - IF !_line! GEQ 4 ( GOTO exitloop ) - IF !_line! EQU 1 ( SET _name=%%H ) - IF !_line! EQU 2 ( SET _date=%%H ) - IF !_line! EQU 3 ( SET _version=%%G ) + IF !_line! GEQ 4 (GOTO exitloop) + IF !_line! EQU 1 (SET _name=%%H) + IF !_line! EQU 2 (SET _date=%%H) + IF !_line! EQU 3 (SET _version=%%G) ) :exitloop IF !_line! GEQ 4 ( @@ -111,20 +111,20 @@ IF NOT DEFINED _ua ( TIMEOUT 1 /nobreak >nul CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" CLS - IF ERRORLEVEL 3 ( EXIT /B ) - IF ERRORLEVEL 2 ( GOTO :showhelp ) + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) ) IF DEFINED _log ( CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp ( START user.js-update-log.txt ) + IF DEFINED _logp (START user.js-update-log.txt) EXIT /B :log ECHO:################################################################## CALL :message "%date%, %time%" ) -IF EXIST user.js.old.bak ( DEL /F user.js.old.bak ) +IF EXIST user.js.old.bak (DEL /F user.js.old.bak) IF EXIST user.js ( - IF EXIST user.js.bak ( REN user.js.bak user.js.old.bak ) + IF EXIST user.js.bak (REN user.js.bak user.js.old.bak) REN user.js user.js.bak CALL :message "Current user.js file backed up." ) @@ -146,7 +146,7 @@ IF EXIST user.js ( CALL :message "Appending..." COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js ) - ) ELSE ( CALL :message "No override files found." ) + ) ELSE (CALL :message "No override files found.") ECHO: ) ELSE ( IF EXIST "user-overrides.js" ( @@ -157,7 +157,7 @@ IF EXIST user.js ( ) ELSE ( CALL :message "user-overrides.js appended." ) - ) ELSE ( CALL :message "user-overrides.js not found." ) + ) ELSE (CALL :message "user-overrides.js not found.") ECHO: ) CALL :message "Handling backups..." @@ -173,17 +173,17 @@ IF EXIST user.js ( DEL /F user.js.bak IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak CALL :message "Update completed without changes." - ) ELSE ( CALL :message "Update complete." ) + ) ELSE (CALL :message "Update complete.") ) ECHO: ) ELSE ( - IF EXIST user.js.bak ( REN user.js.bak user.js ) - IF EXIST user.js.old.bak ( REN user.js.old.bak user.js.bak ) + IF EXIST user.js.bak (REN user.js.bak user.js) + IF EXIST user.js.old.bak (REN user.js.old.bak user.js.bak) CALL :message "Update failed. Make sure PowerShell is allowed internet access." ECHO: No changes were made. ) IF NOT DEFINED _log ( - IF NOT DEFINED _ua ( PAUSE ) + IF NOT DEFINED _ua (PAUSE) ) EXIT /B From 05ac6dd0ecdd7511285456e3b95c0bb78bf957c7 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 25 Dec 2017 08:18:41 +0000 Subject: [PATCH 0582/1961] autoparrot --- updater.bat | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/updater.bat b/updater.bat index 1307958..fc7a0e7 100644 --- a/updater.bat +++ b/updater.bat @@ -146,6 +146,10 @@ IF EXIST user.js ( CALL :message "Appending..." COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js ) + ( + ECHO: + ECHO:user_pref("_user-overrides.js.parrot", "Parrot successfully overridden"); + )>>user.js ) ELSE (CALL :message "No override files found.") ECHO: ) ELSE ( @@ -157,6 +161,10 @@ IF EXIST user.js ( ) ELSE ( CALL :message "user-overrides.js appended." ) + ( + ECHO: + ECHO:user_pref("_user-overrides.js.parrot", "Parrot successfully overridden"); + )>>user.js ) ELSE (CALL :message "user-overrides.js not found.") ECHO: ) From 643206a3da61e8bfcb12eca40db3f5aebf7156ca Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 25 Dec 2017 15:30:09 +0000 Subject: [PATCH 0583/1961] autoparrot - second try --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index fc7a0e7..4cba82e 100644 --- a/updater.bat +++ b/updater.bat @@ -148,7 +148,7 @@ IF EXIST user.js ( ) ( ECHO: - ECHO:user_pref("_user-overrides.js.parrot", "Parrot successfully overridden"); + ECHO:user_pref("_user.js.parrot", "Parrot successfully overridden"); )>>user.js ) ELSE (CALL :message "No override files found.") ECHO: @@ -163,7 +163,7 @@ IF EXIST user.js ( ) ( ECHO: - ECHO:user_pref("_user-overrides.js.parrot", "Parrot successfully overridden"); + ECHO:user_pref("_user.js.parrot", "Parrot successfully overridden"); )>>user.js ) ELSE (CALL :message "user-overrides.js not found.") ECHO: From 65b64f44b61130a288aaef5989fdace96880eb18 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 26 Dec 2017 00:16:27 +0100 Subject: [PATCH 0584/1961] Update updater.bat --- updater.bat | 8 -------- 1 file changed, 8 deletions(-) diff --git a/updater.bat b/updater.bat index 4cba82e..1307958 100644 --- a/updater.bat +++ b/updater.bat @@ -146,10 +146,6 @@ IF EXIST user.js ( CALL :message "Appending..." COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js ) - ( - ECHO: - ECHO:user_pref("_user.js.parrot", "Parrot successfully overridden"); - )>>user.js ) ELSE (CALL :message "No override files found.") ECHO: ) ELSE ( @@ -161,10 +157,6 @@ IF EXIST user.js ( ) ELSE ( CALL :message "user-overrides.js appended." ) - ( - ECHO: - ECHO:user_pref("_user.js.parrot", "Parrot successfully overridden"); - )>>user.js ) ELSE (CALL :message "user-overrides.js not found.") ECHO: ) From 68a44bcbb42fca7f2d6b00d3783abd2c9ecffeb4 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 26 Dec 2017 17:29:11 +0000 Subject: [PATCH 0585/1961] cosmetic fix for calls to :message before the script begins logging (with -log) --- updater.bat | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 1307958..760d17d 100644 --- a/updater.bat +++ b/updater.bat @@ -119,6 +119,7 @@ IF DEFINED _log ( IF DEFINED _logp (START user.js-update-log.txt) EXIT /B :log + SET _log=2 ECHO:################################################################## CALL :message "%date%, %time%" ) @@ -190,9 +191,9 @@ EXIT /B REM ########### Message Function ########### :message SETLOCAL DisableDelayedExpansion -IF NOT DEFINED _log (ECHO:) +IF NOT "2"=="%_log%" (ECHO:) ECHO: %~1 -IF NOT DEFINED _log (ECHO:) +IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF REM ############ Merge function ############ From 2ad3fbdbd31fe0d0eec3c610ea7c17042bce96db Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 26 Dec 2017 19:37:39 +0000 Subject: [PATCH 0586/1961] Update updater.bat --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 760d17d..b9c0c68 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.1 +REM ## version: 4.2 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts SET _myname=%~n0 @@ -76,7 +76,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.1 #### +ECHO: #### v4.2 #### ECHO: ######################################## ECHO: SET /A "_line=0" From 74f18db85a0ced38df16fed52d306674065aa45e Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 26 Dec 2017 20:04:57 +0000 Subject: [PATCH 0587/1961] 1.1 --- prefsCleaner.bat | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index fd40ac4..2bf7e9d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 1.0 +REM ## version: 1.1 SETLOCAL EnableDelayedExpansion :begin @@ -12,7 +12,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### author: @claustromaniac #### -ECHO #### version: 1.0 #### +ECHO #### version: 1.1 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -20,19 +20,20 @@ ECHO It will remove any entries from prefs.js that also exist in user.js. CALL :message "This will allow inactive preferences to be reset to their default values." ECHO This Firefox profile shouldn't be in use during the process. CALL :message "" +TIMEOUT 1 /nobreak >nul CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" CLS -IF ERRORLEVEL 3 ( EXIT /B ) -IF ERRORLEVEL 2 ( GOTO :showhelp ) -IF NOT EXIST "user.js" ( CALL :abort "user.js not found in the current directory." 30 ) -IF NOT EXIST "prefs.js" ( CALL :abort "prefs.js not found in the current directory." 30 ) +IF ERRORLEVEL 3 (EXIT /B) +IF ERRORLEVEL 2 (GOTO :showhelp) +IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) +IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :FFcheck CALL :message "Backing up prefs.js..." COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" CALL :message "Cleaning prefs.js... CALL :cleanup CLS -CALL :message "All done." +CALL :message "All done^!" TIMEOUT 5 >nul EXIT /B @@ -43,9 +44,11 @@ TIMEOUT %~2 >nul EXIT REM ########## Message Function ######### :message +SETLOCAL DisableDelayedExpansion ECHO: ECHO: %~1 ECHO: +ENDLOCAL GOTO :EOF REM ####### Firefox Check Function ###### :FFcheck @@ -54,9 +57,7 @@ IF NOT ERRORLEVEL 1 ( CLS CALL :message "Firefox is still running." ECHO If you're not currently using this profile you can continue, otherwise - ECHO: - ECHO close Firefox first^^! - ECHO: + CALL :message "close Firefox first^!" ECHO: PAUSE CLS @@ -68,12 +69,13 @@ REM ######### Cleanup Function ########## :cleanup SETLOCAL DisableDelayedExpansion ( - FOR /F "tokens=1,* delims=:" %%G IN ( 'FINDSTR /N "^" prefs.js' ) DO ( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( SET "_line=%%H" SETLOCAL EnableDelayedExpansion SET "_pref=!_line: =!" + SET "_pref=!_line: =!" IF /I "user_pref"=="!_pref:~0,9!" ( - FOR /F "delims=," %%X IN ("!_pref!") DO ( SET "_pref=%%X" ) + FOR /F "delims=," %%X IN ("!_pref!") DO (SET "_pref=%%X") SET _pref=!_pref:"=""! FIND /I "!_pref!" user.js >nul IF ERRORLEVEL 1 ( From a1f10513eadf483f20b85e0a3c34afe2d265f56a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 26 Dec 2017 20:06:41 +0000 Subject: [PATCH 0588/1961] 1.2 --- prefsCleaner.bat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 2bf7e9d..8768f05 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 1.1 +REM ## version: 1.2 SETLOCAL EnableDelayedExpansion :begin @@ -12,7 +12,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### author: @claustromaniac #### -ECHO #### version: 1.1 #### +ECHO #### version: 1.2 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -30,7 +30,7 @@ IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current director CALL :FFcheck CALL :message "Backing up prefs.js..." COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" -CALL :message "Cleaning prefs.js... +CALL :message "Cleaning prefs.js..." CALL :cleanup CLS CALL :message "All done^!" From 7cd2c650cbeaacba42fedd5962fdf6e3b4d86095 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 27 Dec 2017 03:32:58 +0000 Subject: [PATCH 0589/1961] fix for previous commit Take it or leave it. Up to you, as always. --- prefsCleaner.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 8768f05..c424628 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -73,7 +73,7 @@ SETLOCAL DisableDelayedExpansion SET "_line=%%H" SETLOCAL EnableDelayedExpansion SET "_pref=!_line: =!" - SET "_pref=!_line: =!" + SET "_pref=!_pref: =!" IF /I "user_pref"=="!_pref:~0,9!" ( FOR /F "delims=," %%X IN ("!_pref!") DO (SET "_pref=%%X") SET _pref=!_pref:"=""! From c0f9e6ab2b7bce4751542eedc0e71a0977721f56 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 27 Dec 2017 04:59:24 +0100 Subject: [PATCH 0590/1961] Update prefsCleaner.bat --- prefsCleaner.bat | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index c424628..b478e54 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 1.2 +REM ## version: 1.1 SETLOCAL EnableDelayedExpansion :begin @@ -12,7 +12,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### author: @claustromaniac #### -ECHO #### version: 1.2 #### +ECHO #### version: 1.1 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -72,10 +72,8 @@ SETLOCAL DisableDelayedExpansion FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( SET "_line=%%H" SETLOCAL EnableDelayedExpansion - SET "_pref=!_line: =!" - SET "_pref=!_pref: =!" - IF /I "user_pref"=="!_pref:~0,9!" ( - FOR /F "delims=," %%X IN ("!_pref!") DO (SET "_pref=%%X") + IF /I "user_pref"=="!_line:~0,9!" ( + FOR /F "delims=," %%X IN ("!_line!") DO (SET "_pref=%%X") SET _pref=!_pref:"=""! FIND /I "!_pref!" user.js >nul IF ERRORLEVEL 1 ( From 73811e49be7b3979310233b5f928aea238587ddc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Dec 2017 20:13:41 +1300 Subject: [PATCH 0591/1961] 2700's section revamp #235 --- user.js | 66 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/user.js b/user.js index e99112e..b4a26dd 100644 --- a/user.js +++ b/user.js @@ -1418,11 +1418,42 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); -/* 2705: disable DOM (Document Object Model) Storage +/* 2705: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) + * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ +user_pref("network.cookie.leave-secure-alone", true); +/* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2706: disable Storage API +/* 2711: clear localStorage and UUID when an extension is uninstalled + * [NOTE] Both preferences must be the same + * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ +user_pref("extensions.webextensions.keepStorageOnUninstall", false); +user_pref("extensions.webextensions.keepUuidOnUninstall", false); +/* 2720: disable JS storing data permanently [SETUP] + * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extension that required IndexedDB + * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 + * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ + // user_pref("dom.indexedDB.enabled", false); +/* 2730: disable offline cache ***/ +user_pref("browser.cache.offline.enable", false); +/* 2731: enforce websites to ask to store data for offline use + * [1] https://support.mozilla.org/questions/1098540 + * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ +user_pref("offline-apps.allow_by_default", false); +/* 2732: display a notification when websites ask to store data for offline use + * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... + * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ +user_pref("browser.offline-apps.notify", true); +/* 2733: set size of warning quota for offline cache (default 51200) + * Offline cache is only used in rare cases to store data locally. FF will store small amounts + * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ + // user_pref("offline-apps.quota.warn", 51200); +/* 2740: disable service workers cache and cache storage + * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ +user_pref("dom.caches.enabled", false); +/* 2750: disable Storage API * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. @@ -1433,37 +1464,6 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ user_pref("dom.storageManager.enabled", false); // (FF51+) user_pref("browser.storageManager.enabled", false); // (FF53+) -/* 2707: clear localStorage and UUID when an extension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) - * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ -user_pref("network.cookie.leave-secure-alone", true); -/* 2710: disable JS storing data permanently [SETUP] - * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions - * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 - * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ - // user_pref("dom.indexedDB.enabled", false); -/* 2715: disable service workers cache and cache storage - * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ -user_pref("dom.caches.enabled", false); -/* 2720: disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); -/* 2721: enforce websites to ask to store data for offline use - * [1] https://support.mozilla.org/questions/1098540 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ -user_pref("offline-apps.allow_by_default", false); -/* 2722: display a notification when websites ask to store data for offline use - * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... - * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ -user_pref("browser.offline-apps.notify", true); -/* 2723: set size of warning quota for offline cache (default 51200) - * Offline cache is only used in rare cases to store data locally. FF will store small amounts - * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ - // user_pref("offline-apps.quota.warn", 51200); /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From 8f02a5bc4000be784c5252c81881b481f65401bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Dec 2017 20:21:54 +1300 Subject: [PATCH 0592/1961] 2720->2730 reference --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b4a26dd..8334389 100644 --- a/user.js +++ b/user.js @@ -1458,7 +1458,7 @@ user_pref("dom.caches.enabled", false); * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" - * section, which also requires Offline Cache (2720) enabled to function + * section, which also requires Offline Cache (2730) enabled to function * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ From 31ec621d3f6442890081530b6366171775075449 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Dec 2017 20:23:27 +1300 Subject: [PATCH 0593/1961] typos --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8334389..cd6921c 100644 --- a/user.js +++ b/user.js @@ -1432,7 +1432,7 @@ user_pref("network.cookie.leave-secure-alone", true); user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2720: disable JS storing data permanently [SETUP] - * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extension that required IndexedDB + * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); From c1c368bce9822ddffdee99e9308b887c207f2411 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Fri, 29 Dec 2017 20:14:08 +0000 Subject: [PATCH 0594/1961] 1.2 - Search string made case-sensitive, because Firefox preferences are. - The script now uses regex, which allows it to understand user.js files formatted using single quotes, spaces, or tabs. Trade-off: it can no longer reset preferences that include some special characters in their names. Not an issue for now, just something to remember. --- prefsCleaner.bat | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index b478e54..33146df 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 1.1 +REM ## version: 1.2 SETLOCAL EnableDelayedExpansion :begin @@ -11,8 +11,8 @@ ECHO: ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### -ECHO #### author: @claustromaniac #### -ECHO #### version: 1.1 #### +ECHO #### by claustromaniac #### +ECHO #### v1.2 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -73,11 +73,9 @@ SETLOCAL DisableDelayedExpansion SET "_line=%%H" SETLOCAL EnableDelayedExpansion IF /I "user_pref"=="!_line:~0,9!" ( - FOR /F "delims=," %%X IN ("!_line!") DO (SET "_pref=%%X") - SET _pref=!_pref:"=""! - FIND /I "!_pref!" user.js >nul - IF ERRORLEVEL 1 ( - ECHO:!_line! + FOR /F tokens^=2^ delims^=^" %%I IN ("!_line:.=\.!") DO ( + FINDSTR /R /C:"user_pref[ ]*\([ ]*[\"']%%I[\"'][ ]*," user.js >nul + IF ERRORLEVEL 1 (ECHO:!_line!) ) ) ELSE ( ECHO:!_line! From dd29583735642ee5d4fbc51e0e8dd4be2fe5363c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 30 Dec 2017 19:33:25 +0100 Subject: [PATCH 0595/1961] Update .gitattributes --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index 44c1eeb..d6d1095 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,6 +4,7 @@ *.md text=auto *.yml text=auto *.txt text=auto +*.sh text=auto *.bat eol=crlf *.png binary From c82d6f70feb0f4f69b024158dab43471aa2be705 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Jan 2018 12:56:16 +1300 Subject: [PATCH 0596/1961] start 58 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index cd6921c..cd050fb 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 20 November 2017 -* version 57: I Love Rock 'n' Pants -* "Singing, I love rock and pants. So put another dime in the jukebox, baby" +* date: 1 January 2018 +* version 58-beta: Pantslide +* "I took my pants, took em down, I climbed a mountain and I turned around" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 04c7ed94daccfa182e910d235b5064406f74d409 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Jan 2018 13:30:59 +1300 Subject: [PATCH 0597/1961] add license --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index cd050fb..442ce73 100644 --- a/user.js +++ b/user.js @@ -5,6 +5,7 @@ * "I took my pants, took em down, I climbed a mountain and I turned around" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js +* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt * releases: These are end-of-stable-life-cycle legacy archives. *Always* use the master branch user.js for a current up-to-date version. From d89e9834ffc214ab03fea0dc35dfa4932d25f1a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Jan 2018 00:29:24 +1300 Subject: [PATCH 0598/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f928b1f..997ff27 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ The `ghacks user.js` is a **template**, which, as provided, aims to provide as m Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. -Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22) +Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments Literally thousands of sources, references and suggestions. That said... From d82791a93347799898487adcabe827807abda753 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Jan 2018 09:02:59 +1300 Subject: [PATCH 0599/1961] 1241->active: block mixed passive content #326 --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 442ce73..5411c30 100644 --- a/user.js +++ b/user.js @@ -775,9 +775,8 @@ user_pref("network.stricttransportsecurity.preloadlist", true); /* 1240: disable insecure active content on https pages - mixed content * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ user_pref("security.mixed_content.block_active_content", true); -/* 1241: disable insecure passive content (such as images) on https pages - mixed context - * [WARNING] When set to true, this will visually break many sites (March 2017) ***/ - // user_pref("security.mixed_content.block_display_content", true); +/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ +user_pref("security.mixed_content.block_display_content", true); /* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because From 2a2b80902aa7d55d3468f9b1d19171edd5b15db5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Jan 2018 12:23:56 +1300 Subject: [PATCH 0600/1961] fixes/info to issues in FF58+59 FYI, the bugzilla for the fix in the header about cookies being needed for extensions + IDB is https://bugzilla.mozilla.org/show_bug.cgi?id=1406675 --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 5411c30..c3e313f 100644 --- a/user.js +++ b/user.js @@ -20,8 +20,8 @@ 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-installing updates for Firefox and extensions are disabled (section 0302's) * Some user data is erased on close (section 2800), namely history (browsing, form, download) - * Cookies are denied by default (2701), we use site exceptions. This breaks extensions - that use IndexedDB, so you need to allow exceptions for those as well: see [1] below + * Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks + extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) @@ -1433,7 +1433,7 @@ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2720: disable JS storing data permanently [SETUP] * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB - * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 + * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); /* 2730: disable offline cache ***/ @@ -1531,10 +1531,10 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data:, about: URLs (FF55+) - NOTE: FPI has some unresolved issues - ** 1381197 - extensions cannot control cookies with FPI Origin Attributes - ** 1418931 - IndexedDB (Offline Website Data) with FPI Origin Attributes + NOTE: FPI has some issues depending on your Firefox release + ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes are not removed with "Clear All/Recent History" or "On Close" + ** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) From c5374b60d81f93f091191e994d4bab17640c3586 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 6 Jan 2018 12:09:30 +1300 Subject: [PATCH 0601/1961] workers/service workers uM workaround #326 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index c3e313f..32de01a 100644 --- a/user.js +++ b/user.js @@ -1095,7 +1095,8 @@ user_pref("dom.disable_beforeunload", true); communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). - It is recommended that you use a separate profile for these sorts of sites. + [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301) and service workers (2302) + #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker From 978e51b5155054fa71e31dd8fb5d9543268fe46e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 8 Jan 2018 02:24:16 +1300 Subject: [PATCH 0602/1961] 1603: add warning, fixes #332 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 32de01a..a76d3ef 100644 --- a/user.js +++ b/user.js @@ -905,7 +905,8 @@ user_pref("network.http.sendRefererHeader", 2); user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer [SETUP] * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/ + * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage + * [WARNING] Reset to default 0 if you have issues accessing your modem/router ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ From 1069915372e2d2bc64aaa1d8d77f932b738d5c0d Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 9 Jan 2018 16:03:46 +0100 Subject: [PATCH 0603/1961] Create troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 243 +++++++++++++++++++++++++++ 1 file changed, 243 insertions(+) create mode 100644 scratchpad-scripts/troubleshooter.js diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js new file mode 100644 index 0000000..49bdf59 --- /dev/null +++ b/scratchpad-scripts/troubleshooter.js @@ -0,0 +1,243 @@ + +(function() { + + function reapply(arr) { + for (let i = 0, len = arr.length; i < len; i++) { + switch (arr[i].type) { + case 32: // string + Services.prefs.setCharPref(arr[i].name, arr[i].value); + break; + case 64: // int + Services.prefs.setIntPref(arr[i].name, arr[i].value); + break; + case 128: // boolean + Services.prefs.setBoolPref(arr[i].name, arr[i].value); + break; + default: + console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen + } + } + } + + function myreset(arr) { + for (let i = 0, len = arr.length; i < len; i++) { + Services.prefs.clearUserPref(arr[i].name); + } + } + + let ops = [ + 'accessibility.force_disabled', + 'beacon.enabled', + 'browser.cache.disk.capacity', + 'browser.cache.disk.enable', + 'browser.cache.disk.smart_size.enabled', + 'browser.cache.disk.smart_size.first_run', + 'browser.cache.disk_cache_ssl', + 'browser.cache.offline.enable', + 'browser.display.use_document_fonts', + 'browser.download.hide_plugins_without_extensions', + 'browser.download.manager.addToRecentDocs', + 'browser.download.useDownloadDir', + 'browser.fixup.alternate.enabled', + 'browser.formfill.enable', + 'browser.link.open_newwindow.restriction', + 'browser.search.geoip.url', + 'browser.search.geoSpecificDefaults', + 'browser.search.geoSpecificDefaults.url', + 'browser.search.suggest.enabled', + 'browser.send_pings.require_same_host', + 'browser.sessionhistory.max_entries', + 'browser.sessionstore.interval', + 'browser.sessionstore.max_tabs_undo', + 'browser.sessionstore.max_windows_undo', + 'browser.sessionstore.privacy_level', + 'browser.sessionstore.resume_from_crash', + 'browser.shell.shortcutFavicons', + 'browser.storageManager.enabled', + 'browser.tabs.remote.allowLinkedWebInFileUriProcess', + 'browser.taskbar.lists.enabled', + 'browser.taskbar.lists.frequent.enabled', + 'browser.taskbar.lists.tasks.enabled', + 'browser.urlbar.autocomplete.enabled', + 'browser.urlbar.autoFill', + 'browser.urlbar.autoFill.typed', + 'browser.urlbar.decodeURLsOnCopy', + 'browser.urlbar.oneOffSearches', + 'browser.urlbar.speculativeConnect.enabled', + 'browser.urlbar.suggest.searches', + 'browser.urlbar.trimURLs', + 'camera.control.face_detection.enabled', + 'canvas.capturestream.enabled', + 'captivedetect.canonicalURL', + 'dom.caches.enabled', + 'dom.disable_beforeunload', + 'dom.disable_window_move_resize', + 'dom.disable_window_open_feature.close', + 'dom.disable_window_open_feature.menubar', + 'dom.disable_window_open_feature.minimizable', + 'dom.disable_window_open_feature.personalbar', + 'dom.disable_window_open_feature.titlebar', + 'dom.disable_window_open_feature.toolbar', + 'dom.event.clipboardevents.enabled', + 'dom.idle-observers-api.enabled', + 'dom.IntersectionObserver.enabled', + 'dom.popup_allowed_events', + 'dom.popup_maximum', + 'dom.push.connection.enabled', + 'dom.push.enabled', + 'dom.push.serverURL', + 'dom.serviceWorkers.enabled', + 'dom.storageManager.enabled', + 'dom.vibrator.enabled', + 'dom.webaudio.enabled', + 'dom.webnotifications.enabled', + 'dom.webnotifications.serviceworker.enabled', + 'font.blacklist.underline_offset', + 'full-screen-api.enabled', + 'geo.wifi.uri', + 'gfx.downloadable_fonts.woff2.enabled', + 'gfx.font_rendering.graphite.enabled', + 'gfx.font_rendering.opentype_svg.enabled', + 'intl.accept_languages', + 'javascript.options.asmjs', + 'javascript.options.wasm', + 'keyword.enabled', + 'layout.css.font-loading-api.enabled', + 'layout.css.visited_links_enabled', + 'mathml.disabled', + 'media.autoplay.enabled', + 'media.eme.enabled', + 'media.getusermedia.screensharing.allowed_domains', + 'media.getusermedia.screensharing.enabled', + 'media.gmp.trial-create.enabled', + 'media.gmp-manager.url', + 'media.gmp-provider.enabled', + 'media.gmp-widevinecdm.enabled', + 'media.gmp-widevinecdm.visible', + 'media.navigator.enabled', + 'media.navigator.video.enabled', + 'media.ondevicechange.enabled', + 'media.peerconnection.enabled', + 'media.peerconnection.ice.default_address_only', + 'media.peerconnection.ice.no_host', + 'media.peerconnection.ice.tcp', + 'media.peerconnection.identity.enabled', + 'media.peerconnection.identity.timeout', + 'media.peerconnection.turn.disable', + 'media.peerconnection.use_document_iceservers', + 'media.peerconnection.video.enabled', + 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'network.captive-portal-service.enabled', + 'network.cookie.thirdparty.sessionOnly', + 'network.dns.disablePrefetch', + 'network.http.altsvc.enabled', + 'network.http.altsvc.oe', + 'network.http.redirection-limit', + 'network.http.referer.hideOnionSource', + 'network.http.referer.XOriginPolicy', + 'network.http.spdy.enabled', + 'network.http.spdy.enabled.deps', + 'network.http.spdy.enabled.http2', + 'network.http.speculative-parallel-limit', + 'network.IDN_show_punycode', + 'network.predictor.enabled', + 'network.prefetch-next', + 'network.protocol-handler.external.ms-windows-store', + 'network.proxy.socks_remote_dns', + 'offline-apps.allow_by_default', + 'permissions.manager.defaultsUrl', + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.scan.plid.all', + 'plugin.sessionPermissionNow.intervalInMinutes', + 'security.ask_for_password', + 'security.cert_pinning.enforcement_level', + 'security.csp.experimentalEnabled', + 'security.data_uri.block_toplevel_data_uri_navigations', + 'security.dialog_enable_delay', + 'security.family_safety.mode', + 'security.mixed_content.block_display_content', + 'security.mixed_content.use_hsts', + 'security.OCSP.require', + 'security.pki.sha1_enforcement_level', + 'security.ssl.treat_unsafe_negotiation_as_broken', + 'security.tls.enable_0rtt_data', + 'security.tls.version.max', + 'security.tls.version.min', + 'security.xpconnect.plugin.unrestricted', + 'signon.autofillForms', + 'signon.formlessCapture.enabled', + 'webchannel.allowObject.urlWhitelist', + + /* known culprits */ + 'dom.workers.enabled', + 'network.cookie.cookieBehavior', + 'privacy.firstparty.isolate', + 'privacy.resistFingerprinting', + + 'last.one.without.comma' + ] + + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let aBACKUP = []; + let dummy = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + dummy = Services.prefs.getPrefType(ops[i]); + switch (dummy) { + case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31) + dummy = Services.prefs.getCharPref(ops[i]); + aBACKUP.push({'name':ops[i],'value': dummy,'type':32}); + break; + case 64: // int + dummy = Services.prefs.getIntPref(ops[i]); + aBACKUP.push({'name':ops[i],'value': dummy,'type':64}); + break; + case 128: // boolean + dummy = Services.prefs.getBoolPref(ops[i]); + aBACKUP.push({'name':ops[i],'value': dummy,'type':128}); + break; + default: + console.log("error detecting pref-type for '"+ops[i]+"' !"); + } + } + } + // console.log(aBACKUP.length, "user-set prefs from our list detected and value stored."); + + + myreset(aBACKUP); // resetting all detected prefs + + let myArr = aBACKUP + + focus(); + if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { + reapply(aBACKUP); + myreset(myArr.slice(0, parseInt(myArr.length/2))); + while (myArr.length >= 2) { + alert("NOW TEST AGAIN !"); + if (confirm("if the problem still exists click OK, otherwise click cancel.")) { + myArr = myArr.slice(parseInt(myArr.length/2)); + } else { + myArr = myArr.slice(0, parseInt(myArr.length/2)); + } + reapply(aBACKUP); + myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs + } + } + + reapply(aBACKUP); // re-apply all values + + let output = ""; + for (let i = 0, len = myArr.length; i < len; i++) { + output = output + myArr[i].name + "\n"; + } + alert("narrowed it down to:\n\n"+output); + + myreset(myArr); // reset the culprit + +})(); From ac16b9c77b0087976dea1104c9d660c47ff47a6b Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 9 Jan 2018 16:20:06 +0100 Subject: [PATCH 0604/1961] Update troubleshooter.js adding 'privacy.trackingprotection.enabled'. see https://github.com/ghacksuserjs/ghacks-user.js/issues/327 --- scratchpad-scripts/troubleshooter.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 49bdf59..91d607a 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -150,6 +150,7 @@ 'plugin.defaultXpi.state', 'plugin.scan.plid.all', 'plugin.sessionPermissionNow.intervalInMinutes', + 'privacy.trackingprotection.enabled', 'security.ask_for_password', 'security.cert_pinning.enforcement_level', 'security.csp.experimentalEnabled', From 3acef78f592e1e35706f80de983011890d9577bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 Jan 2018 12:44:52 +1300 Subject: [PATCH 0605/1961] 4500: RFP UA spoof add 1404608 info (OS spoof) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index a76d3ef..6ea71ab 100644 --- a/user.js +++ b/user.js @@ -1571,9 +1571,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) - ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+) + ** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 FF57+: The version number will match current ESR + FF59+: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From f820ecbacb2258fb03942bf317b69f8d401c2990 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 Jan 2018 05:08:36 +1300 Subject: [PATCH 0606/1961] 2420: asm.js info tweak, fixes #335 --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6ea71ab..e96ad75 100644 --- a/user.js +++ b/user.js @@ -1156,10 +1156,11 @@ user_pref("dom.idle-observers-api.enabled", false); /* 2418: disable full-screen API * false=block, true=ask ***/ user_pref("full-screen-api.enabled", false); -/* 2420: disable support for asm.js ( http://asmjs.org/ ) +/* 2420: disable asm.js (http://asmjs.org/) (FF22+) * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/ * [2] https://www.mozilla.org/security/advisories/mfsa2015-50/ - * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ + * [3] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 + * [4] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 * [WARNING] Causes the odd site issue and there is also a performance loss From b30b988137770a5b1274141e6b0a941ab5ce34db Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 Jan 2018 05:26:42 +1300 Subject: [PATCH 0607/1961] 1211+1212: OCSP info tweaking, fixes #334 --- user.js | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index e96ad75..8284a93 100644 --- a/user.js +++ b/user.js @@ -734,16 +734,19 @@ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true) * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); /* 1211: control use of OCSP responder servers to confirm current validity of certificates - * 0=disable, 1=validate only certificates that specify an OCSP service URL (default) - * 2=enable and use values in security.OCSP.URL and security.OCSP.signing. + * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) * It's a trade-off between security (checking) and privacy (leaking info to the CA) + * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); -/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently - * continues the connection. With OCSP revocation, Firefox terminates the connection instead. - * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage - * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ +/* 1212: set non-stapled OCSP to hard-fail + * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) + * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) + * For more info about the problems with soft/hard-fail (and OCSP in general) see [2] + * [NOTE] this pref is ignored if 'security.OCSP.enabled' is set to 0 + * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ + * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) From a3bffb83bd2e34dc0881692559c28b2e120f95d2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 14 Jan 2018 09:41:30 +0100 Subject: [PATCH 0608/1961] Update troubleshooter.js https://github.com/ghacksuserjs/ghacks-user.js/issues/339 --- scratchpad-scripts/troubleshooter.js | 68 ---------------------------- 1 file changed, 68 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 91d607a..a70baf6 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -27,57 +27,20 @@ let ops = [ 'accessibility.force_disabled', - 'beacon.enabled', - 'browser.cache.disk.capacity', - 'browser.cache.disk.enable', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.disk_cache_ssl', 'browser.cache.offline.enable', 'browser.display.use_document_fonts', - 'browser.download.hide_plugins_without_extensions', - 'browser.download.manager.addToRecentDocs', - 'browser.download.useDownloadDir', - 'browser.fixup.alternate.enabled', 'browser.formfill.enable', 'browser.link.open_newwindow.restriction', - 'browser.search.geoip.url', - 'browser.search.geoSpecificDefaults', - 'browser.search.geoSpecificDefaults.url', 'browser.search.suggest.enabled', - 'browser.send_pings.require_same_host', - 'browser.sessionhistory.max_entries', - 'browser.sessionstore.interval', - 'browser.sessionstore.max_tabs_undo', - 'browser.sessionstore.max_windows_undo', - 'browser.sessionstore.privacy_level', - 'browser.sessionstore.resume_from_crash', - 'browser.shell.shortcutFavicons', 'browser.storageManager.enabled', 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - 'browser.taskbar.lists.enabled', - 'browser.taskbar.lists.frequent.enabled', - 'browser.taskbar.lists.tasks.enabled', - 'browser.urlbar.autocomplete.enabled', 'browser.urlbar.autoFill', 'browser.urlbar.autoFill.typed', - 'browser.urlbar.decodeURLsOnCopy', 'browser.urlbar.oneOffSearches', - 'browser.urlbar.speculativeConnect.enabled', 'browser.urlbar.suggest.searches', - 'browser.urlbar.trimURLs', 'camera.control.face_detection.enabled', 'canvas.capturestream.enabled', - 'captivedetect.canonicalURL', 'dom.caches.enabled', - 'dom.disable_beforeunload', - 'dom.disable_window_move_resize', - 'dom.disable_window_open_feature.close', - 'dom.disable_window_open_feature.menubar', - 'dom.disable_window_open_feature.minimizable', - 'dom.disable_window_open_feature.personalbar', - 'dom.disable_window_open_feature.titlebar', - 'dom.disable_window_open_feature.toolbar', 'dom.event.clipboardevents.enabled', 'dom.idle-observers-api.enabled', 'dom.IntersectionObserver.enabled', @@ -106,56 +69,25 @@ 'layout.css.visited_links_enabled', 'mathml.disabled', 'media.autoplay.enabled', - 'media.eme.enabled', 'media.getusermedia.screensharing.allowed_domains', 'media.getusermedia.screensharing.enabled', - 'media.gmp.trial-create.enabled', - 'media.gmp-manager.url', - 'media.gmp-provider.enabled', - 'media.gmp-widevinecdm.enabled', - 'media.gmp-widevinecdm.visible', - 'media.navigator.enabled', - 'media.navigator.video.enabled', 'media.ondevicechange.enabled', - 'media.peerconnection.enabled', - 'media.peerconnection.ice.default_address_only', - 'media.peerconnection.ice.no_host', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'network.captive-portal-service.enabled', 'network.cookie.thirdparty.sessionOnly', - 'network.dns.disablePrefetch', 'network.http.altsvc.enabled', 'network.http.altsvc.oe', 'network.http.redirection-limit', - 'network.http.referer.hideOnionSource', 'network.http.referer.XOriginPolicy', - 'network.http.spdy.enabled', - 'network.http.spdy.enabled.deps', - 'network.http.spdy.enabled.http2', - 'network.http.speculative-parallel-limit', - 'network.IDN_show_punycode', - 'network.predictor.enabled', - 'network.prefetch-next', 'network.protocol-handler.external.ms-windows-store', - 'network.proxy.socks_remote_dns', - 'offline-apps.allow_by_default', 'permissions.manager.defaultsUrl', 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', 'plugin.sessionPermissionNow.intervalInMinutes', 'privacy.trackingprotection.enabled', - 'security.ask_for_password', 'security.cert_pinning.enforcement_level', 'security.csp.experimentalEnabled', 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.dialog_enable_delay', 'security.family_safety.mode', 'security.mixed_content.block_display_content', 'security.mixed_content.use_hsts', From 8c35bf5d1116a5ae8b8dca3470e21d99c5baf856 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 14 Jan 2018 10:41:16 +0100 Subject: [PATCH 0609/1961] 1212: note about pointlessness of soft-fail --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 8284a93..129eb11 100644 --- a/user.js +++ b/user.js @@ -743,6 +743,7 @@ user_pref("security.OCSP.enabled", 1); /* 1212: set non-stapled OCSP to hard-fail * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) + * OCSP fetching without hard-fail is completely pointless ("seat belts that break when they are needed most") * For more info about the problems with soft/hard-fail (and OCSP in general) see [2] * [NOTE] this pref is ignored if 'security.OCSP.enabled' is set to 0 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ From 48ec3da18d53c00af9b4bfc0093d38903ce06879 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Jan 2018 05:32:51 +1300 Subject: [PATCH 0610/1961] 0000: about:config warning Ready... Steady... turn off about:config warning... GO!! Welcome to Firefox prefs 101 :) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 129eb11..333dcf2 100644 --- a/user.js +++ b/user.js @@ -44,6 +44,8 @@ * [1] https://en.wikipedia.org/wiki/Dead_parrot * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); +/* 0000: disable about:config warning ***/ +user_pref("general.warnOnAboutConfig", false); /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode @@ -1719,7 +1721,6 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* 5001: disable annoying warnings ***/ -user_pref("general.warnOnAboutConfig", false); user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); user_pref("browser.tabs.warnOnOpen", false); From db97478cd1f247a279cec6cff76fbd8c2100cd08 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 Jan 2018 04:11:31 +1300 Subject: [PATCH 0611/1961] 1106: number of processes default --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 333dcf2..3375aba 100644 --- a/user.js +++ b/user.js @@ -667,7 +667,7 @@ user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); /* 1106: control number of extension processes ***/ - // user_pref("dom.ipc.processCount.extension", 1); + // user_pref("dom.ipc.processCount.extension", 4); /* 1107: control number of file processes ***/ // user_pref("dom.ipc.processCount.file", 1); /* 1108: block web content in file processes (FF55+) From d1ab8fd10cec818c3def5dbe06b114fcb17c654f Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 15 Jan 2018 17:06:22 +0100 Subject: [PATCH 0612/1961] troubleshooter v1.1 --- scratchpad-scripts/troubleshooter.js | 124 +++++++++++++++++---------- 1 file changed, 80 insertions(+), 44 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index a70baf6..85743c6 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,6 +1,40 @@ +/*** ghacks-user.js troubleshooter.js v1.1 ***/ + (function() { + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + function getMyList(arr) { + let aRet = []; + let dummy = 0; + for (let i = 0, len = arr.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(arr[i])) { + dummy = Services.prefs.getPrefType(arr[i]); + switch (dummy) { + case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31) + dummy = Services.prefs.getCharPref(arr[i]); + aRet.push({'name':arr[i],'value': dummy,'type':32}); + break; + case 64: // int + dummy = Services.prefs.getIntPref(arr[i]); + aRet.push({'name':arr[i],'value': dummy,'type':64}); + break; + case 128: // boolean + dummy = Services.prefs.getBoolPref(arr[i]); + aRet.push({'name':arr[i],'value': dummy,'type':128}); + break; + default: + console.log("error detecting pref-type for '"+arr[i]+"' !"); + } + } + } + return aRet; + } + function reapply(arr) { for (let i = 0, len = arr.length; i < len; i++) { switch (arr[i].type) { @@ -42,7 +76,9 @@ 'canvas.capturestream.enabled', 'dom.caches.enabled', 'dom.event.clipboardevents.enabled', + 'dom.event.contextmenu.enabled', 'dom.idle-observers-api.enabled', + 'dom.indexedDB.enabled', 'dom.IntersectionObserver.enabled', 'dom.popup_allowed_events', 'dom.popup_maximum', @@ -50,8 +86,9 @@ 'dom.push.enabled', 'dom.push.serverURL', 'dom.serviceWorkers.enabled', + 'dom.storage.enabled', 'dom.storageManager.enabled', - 'dom.vibrator.enabled', + 'dom.vr.enabled', 'dom.webaudio.enabled', 'dom.webnotifications.enabled', 'dom.webnotifications.serviceworker.enabled', @@ -69,21 +106,25 @@ 'layout.css.visited_links_enabled', 'mathml.disabled', 'media.autoplay.enabled', - 'media.getusermedia.screensharing.allowed_domains', - 'media.getusermedia.screensharing.enabled', + 'media.flac.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', 'media.ondevicechange.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.wmf.enabled', 'network.auth.subresource-img-cross-origin-http-auth-allow', 'network.cookie.thirdparty.sessionOnly', - 'network.http.altsvc.enabled', - 'network.http.altsvc.oe', 'network.http.redirection-limit', 'network.http.referer.XOriginPolicy', 'network.protocol-handler.external.ms-windows-store', - 'permissions.manager.defaultsUrl', 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', 'plugin.sessionPermissionNow.intervalInMinutes', + 'plugin.state.flash', 'privacy.trackingprotection.enabled', 'security.cert_pinning.enforcement_level', 'security.csp.experimentalEnabled', @@ -93,14 +134,22 @@ 'security.mixed_content.use_hsts', 'security.OCSP.require', 'security.pki.sha1_enforcement_level', + 'security.ssl.require_safe_negotiation', 'security.ssl.treat_unsafe_negotiation_as_broken', + 'security.ssl3.dhe_rsa_aes_128_sha', + 'security.ssl3.dhe_rsa_aes_256_sha', + 'security.ssl3.ecdhe_ecdsa_aes_128_sha', + 'security.ssl3.ecdhe_rsa_aes_128_sha', + 'security.ssl3.rsa_aes_128_sha', + 'security.ssl3.rsa_aes_256_sha', + 'security.ssl3.rsa_des_ede3_sha', 'security.tls.enable_0rtt_data', 'security.tls.version.max', 'security.tls.version.min', 'security.xpconnect.plugin.unrestricted', 'signon.autofillForms', 'signon.formlessCapture.enabled', - 'webchannel.allowObject.urlWhitelist', + 'svg.disabled', /* known culprits */ 'dom.workers.enabled', @@ -112,41 +161,18 @@ ] - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let aBACKUP = []; - let dummy = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - dummy = Services.prefs.getPrefType(ops[i]); - switch (dummy) { - case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31) - dummy = Services.prefs.getCharPref(ops[i]); - aBACKUP.push({'name':ops[i],'value': dummy,'type':32}); - break; - case 64: // int - dummy = Services.prefs.getIntPref(ops[i]); - aBACKUP.push({'name':ops[i],'value': dummy,'type':64}); - break; - case 128: // boolean - dummy = Services.prefs.getBoolPref(ops[i]); - aBACKUP.push({'name':ops[i],'value': dummy,'type':128}); - break; - default: - console.log("error detecting pref-type for '"+ops[i]+"' !"); - } - } - } - // console.log(aBACKUP.length, "user-set prefs from our list detected and value stored."); + // reset prefs that set the same value as FFs default value + let aTEMP = getMyList(ops); + myreset(aTEMP); + reapply(aTEMP); + let aBACKUP = getMyList(ops); + //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored."); myreset(aBACKUP); // resetting all detected prefs - let myArr = aBACKUP - + let myArr = aBACKUP; + let iFixed = -1; // to detect if a single pref is the culprit focus(); if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { reapply(aBACKUP); @@ -154,8 +180,10 @@ while (myArr.length >= 2) { alert("NOW TEST AGAIN !"); if (confirm("if the problem still exists click OK, otherwise click cancel.")) { + iFixed = 0; myArr = myArr.slice(parseInt(myArr.length/2)); } else { + iFixed = 1; myArr = myArr.slice(0, parseInt(myArr.length/2)); } reapply(aBACKUP); @@ -165,12 +193,20 @@ reapply(aBACKUP); // re-apply all values - let output = ""; - for (let i = 0, len = myArr.length; i < len; i++) { - output = output + myArr[i].name + "\n"; + switch(iFixed) { + case -1: // resetting all detected prefs didn't help + break; + case 0: + alert("unable to narrow it down to a single pref"); + break; + case 1: + let output = ""; + for (let i = 0, len = myArr.length; i < len; i++) { + output = output + myArr[i].name + "\n"; + } + alert("narrowed it down to:\n\n"+output); + myreset(myArr); // reset the culprit + break; } - alert("narrowed it down to:\n\n"+output); - - myreset(myArr); // reset the culprit })(); From 806d6edc6d358de32afc3b83746af21b4bdfbfa4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 Jan 2018 06:51:21 +1300 Subject: [PATCH 0613/1961] 1211+1212: clarify things better, fixes #334 --- user.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 3375aba..38f0cd8 100644 --- a/user.js +++ b/user.js @@ -735,19 +735,18 @@ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true) /* 1210: enable OCSP Stapling * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ user_pref("security.ssl.enable_ocsp_stapling", true); -/* 1211: control use of OCSP responder servers to confirm current validity of certificates +/* 1211: control when to use OCSP fetching (to confirm current validity of certificates) * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) * It's a trade-off between security (checking) and privacy (leaking info to the CA) * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); -/* 1212: set non-stapled OCSP to hard-fail +/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) - * OCSP fetching without hard-fail is completely pointless ("seat belts that break when they are needed most") - * For more info about the problems with soft/hard-fail (and OCSP in general) see [2] - * [NOTE] this pref is ignored if 'security.OCSP.enabled' is set to 0 + * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it + * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ user_pref("security.OCSP.require", true); From 6882a64bf235e9e414eb8e79bd9074241f12a5a2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 15 Jan 2018 20:19:34 +0100 Subject: [PATCH 0614/1961] troubleshooter v1.2 --- scratchpad-scripts/troubleshooter.js | 37 +++++++++------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 85743c6..c1656fd 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.1 ***/ +/*** ghacks-user.js troubleshooter.js v1.2 ***/ (function() { @@ -78,7 +78,6 @@ 'dom.event.clipboardevents.enabled', 'dom.event.contextmenu.enabled', 'dom.idle-observers-api.enabled', - 'dom.indexedDB.enabled', 'dom.IntersectionObserver.enabled', 'dom.popup_allowed_events', 'dom.popup_maximum', @@ -122,7 +121,6 @@ 'network.protocol-handler.external.ms-windows-store', 'plugin.default.state', 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', 'plugin.sessionPermissionNow.intervalInMinutes', 'plugin.state.flash', 'privacy.trackingprotection.enabled', @@ -130,7 +128,6 @@ 'security.csp.experimentalEnabled', 'security.data_uri.block_toplevel_data_uri_navigations', 'security.family_safety.mode', - 'security.mixed_content.block_display_content', 'security.mixed_content.use_hsts', 'security.OCSP.require', 'security.pki.sha1_enforcement_level', @@ -149,13 +146,15 @@ 'security.xpconnect.plugin.unrestricted', 'signon.autofillForms', 'signon.formlessCapture.enabled', - 'svg.disabled', /* known culprits */ + 'dom.indexedDB.enabled', 'dom.workers.enabled', 'network.cookie.cookieBehavior', 'privacy.firstparty.isolate', 'privacy.resistFingerprinting', + 'security.mixed_content.block_display_content', + 'svg.disabled', 'last.one.without.comma' ] @@ -166,13 +165,12 @@ myreset(aTEMP); reapply(aTEMP); - let aBACKUP = getMyList(ops); + const aBACKUP = getMyList(ops); //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored."); myreset(aBACKUP); // resetting all detected prefs let myArr = aBACKUP; - let iFixed = -1; // to detect if a single pref is the culprit focus(); if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { reapply(aBACKUP); @@ -180,33 +178,22 @@ while (myArr.length >= 2) { alert("NOW TEST AGAIN !"); if (confirm("if the problem still exists click OK, otherwise click cancel.")) { - iFixed = 0; myArr = myArr.slice(parseInt(myArr.length/2)); } else { - iFixed = 1; myArr = myArr.slice(0, parseInt(myArr.length/2)); } reapply(aBACKUP); myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs } + reapply(aBACKUP); + } else { + reapply(aBACKUP); + return; } - reapply(aBACKUP); // re-apply all values - - switch(iFixed) { - case -1: // resetting all detected prefs didn't help - break; - case 0: - alert("unable to narrow it down to a single pref"); - break; - case 1: - let output = ""; - for (let i = 0, len = myArr.length; i < len; i++) { - output = output + myArr[i].name + "\n"; - } - alert("narrowed it down to:\n\n"+output); - myreset(myArr); // reset the culprit - break; + if (myArr.length == 1) { + alert("narrowed it down to:\n\n"+myArr[0].name+"\n"); + myreset(myArr); // reset the culprit } })(); From e195aceb5434d49e7ace288b5e3075f262e00e09 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 15 Jan 2018 22:15:30 -0300 Subject: [PATCH 0615/1961] Updater 4.3 Changes: -The script doesn't touch the user.js file until it really has to. -The merge function is a bit smarter parsing files, at no significant cost. See examples below. -Minor syntactic changes here and there. Additions: -New -multiBackups argument. I personally intend to use it to compare files and quickly review changes. --- updater.bat | 101 ++++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 47 deletions(-) diff --git a/updater.bat b/updater.bat index b9c0c68..bab4d74 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.2 +REM ## version: 4.3 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts SET _myname=%~n0 @@ -16,6 +16,7 @@ IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) IF /I "%~1"=="-multioverrides" (SET _multi=1) IF /I "%~1"=="-merge" (SET _merge=1) IF /I "%~1"=="-updatebatch" (SET _updateb=1) +IF /I "%~1"=="-multibackups" (SET _multibackups=1) SHIFT GOTO parse :endparse @@ -76,14 +77,14 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.2 #### +ECHO: #### v4.3 #### ECHO: ######################################## ECHO: SET /A "_line=0" IF NOT EXIST user.js ( CALL :message "user.js not detected in the current directory." ) ELSE ( - FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO ( + FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO ( SET /A "_line+=1" IF !_line! GEQ 4 (GOTO exitloop) IF !_line! EQU 1 (SET _name=%%H) @@ -123,17 +124,12 @@ IF DEFINED _log ( ECHO:################################################################## CALL :message "%date%, %time%" ) -IF EXIST user.js.old.bak (DEL /F user.js.old.bak) -IF EXIST user.js ( - IF EXIST user.js.bak (REN user.js.bak user.js.old.bak) - REN user.js user.js.bak - CALL :message "Current user.js file backed up." -) +IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js.new')" ) >nul 2>&1 -IF EXIST user.js ( +IF EXIST user.js.new ( IF DEFINED _multi ( FORFILES /P user.js-overrides /M *.js >nul 2>&1 IF NOT ERRORLEVEL 1 ( @@ -141,45 +137,49 @@ IF EXIST user.js ( CALL :message "Merging..." COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js+user-overrides-merged.js user.js - CALL :merge user.js + COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new + CALL :merge user.js.new ) ELSE ( CALL :message "Appending..." - COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js + COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new ) ) ELSE (CALL :message "No override files found.") ECHO: ) ELSE ( IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js+"user-overrides.js" "user.js" + COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" IF DEFINED _merge ( CALL :message "Merging user-overrides.js..." - CALL :merge user.js + CALL :merge user.js.new ) ELSE ( CALL :message "user-overrides.js appended." ) ) ELSE (CALL :message "user-overrides.js not found.") ECHO: ) - CALL :message "Handling backups..." - SET "changed=" - IF EXIST user.js.bak ( - FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" + IF EXIST user.js ( + FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" ) - IF "!changed!"=="true" ( - IF EXIST user.js.old.bak DEL /F user.js.old.bak + IF "!_changed!"=="true" ( + CALL :message "Backing up..." + IF DEFINED _multibackups ( + MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul + ) ELSE ( + MOVE /Y user.js user.js.bak >nul + ) + REN user.js.new user.js CALL :message "Update complete." ) ELSE ( - IF "!changed!"=="false" ( - DEL /F user.js.bak - IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak + IF "!_changed!"=="false" ( + DEL /F user.js.new >nul CALL :message "Update completed without changes." - ) ELSE (CALL :message "Update complete.") + ) ELSE ( + REN user.js.new user.js + REN CALL :message "Update complete." + ) ) ECHO: ) ELSE ( - IF EXIST user.js.bak (REN user.js.bak user.js) - IF EXIST user.js.old.bak (REN user.js.old.bak user.js.bak) CALL :message "Update failed. Make sure PowerShell is allowed internet access." ECHO: No changes were made. ) @@ -200,27 +200,31 @@ REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion ( - FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H") + FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)" "%~1"') DO ( + IF NOT "%%G"=="" ( + IF NOT "%%H"=="" (SET "%%G=%%H") + ) + ) FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - IF ""=="%%J" ( - ECHO: + SET "_temp=%%J" + SETLOCAL EnableDelayedExpansion + IF "!_temp:)=!"=="!_temp!" ( + ENDLOCAL & ECHO:%%J ) ELSE ( - FOR /F "delims=," %%K IN ("%%J") DO ( - IF NOT [user_pref("_user.js.parrot"]==[%%K] ( - IF DEFINED %%K ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("!%%K!") DO ( - ENDLOCAL - IF NOT "%%L"=="ALREADY MERGED" ( - ECHO:%%K,%%L - SET "%%K=ALREADY MERGED" + IF NOT "!_temp:~0,9!"=="user_pref" ( + ENDLOCAL & ECHO:%%J + ) ELSE ( + ENDLOCAL + FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( + IF NOT "_user.js.parrot"=="%%K" ( + IF DEFINED %%K ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("!%%K!") DO ( + ENDLOCAL & ECHO:user_pref("%%K"%%L + SET "%%K=" ) ) - ) ELSE ( - ECHO:%%J - ) - ) ELSE ( - ECHO:%%J + ) ELSE (ECHO:%%J) ) ) ) @@ -231,7 +235,7 @@ ENDLOCAL GOTO :EOF REM ############### Help ################## :showhelp -MODE 80,43 +MODE 80,46 CLS CALL :message "Available arguments (case-insensitive):" CALL :message " -log" @@ -239,7 +243,7 @@ ECHO: Write the console output to a logfile (user.js-update-log.txt) CALL :message " -logP" ECHO: Like -log, but also open the logfile after updating. CALL :message " -merge" -ECHO: Merge overrides instead of appending them. One-line comments and +ECHO: Merge overrides instead of appending them. Single-line comments and ECHO: _user.js.parrot lines are appended normally. Overrides for inactive ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used ECHO: together, a user-overrides-merged.js file is also generated in the root @@ -248,6 +252,9 @@ ECHO: override files and can be safely discarded after updating, or used as ECHO: new user-overrides.js. When there are conflicting records for the same ECHO: pref, the value of the last one declared will be used. Visit the wiki ECHO: for usage examples and more detailed information. +CALL :message " -multiBackups" +ECHO: Don't overwrite previous backups. New backups are still created only +ECHO: when the updated user.js is different from the previous one. CALL :message " -multiOverrides" ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides ECHO: instead of the default user-overrides.js file. Files are appended in From a0ec17955d53666636c07db9bd98ad1b45b3f051 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 16 Jan 2018 01:27:36 -0300 Subject: [PATCH 0616/1961] tiny change --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index bab4d74..540fc25 100644 --- a/updater.bat +++ b/updater.bat @@ -200,7 +200,7 @@ REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion ( - FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)" "%~1"') DO ( + FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\).*;" "%~1"') DO ( IF NOT "%%G"=="" ( IF NOT "%%H"=="" (SET "%%G=%%H") ) From 343f77c5e9fde9190ec7a67f7acb9232e6ee37ee Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 16 Jan 2018 10:46:57 -0300 Subject: [PATCH 0617/1961] minor fix on the version check 'IF !_line! GEQ 4 (' is not reliable. --- updater.bat | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/updater.bat b/updater.bat index 540fc25..9e0546c 100644 --- a/updater.bat +++ b/updater.bat @@ -92,15 +92,11 @@ IF NOT EXIST user.js ( IF !_line! EQU 3 (SET _version=%%G) ) :exitloop - IF !_line! GEQ 4 ( + IF NOT "!_name!"=="" ( IF /I NOT "!_name!"=="!_name:ghacks=!" ( - CALL :message "ghacks user.js !_version:~2!,!_date!" - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) - ) ELSE ( - CALL :message "Current user.js version not recognised." - ) + CALL :message "!_name! !_version:~2!,!_date!" + ) ELSE (CALL :message "Current user.js version not recognised.") + ) ELSE (CALL :message "Current user.js version not recognised.") ) ECHO: IF NOT DEFINED _ua ( From c8d7694fd3c04e21eaa524d9019ab11388430f87 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 16 Jan 2018 11:13:07 -0300 Subject: [PATCH 0618/1961] I really don't like the online editor --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 9e0546c..9cec6ac 100644 --- a/updater.bat +++ b/updater.bat @@ -171,7 +171,7 @@ IF EXIST user.js.new ( CALL :message "Update completed without changes." ) ELSE ( REN user.js.new user.js - REN CALL :message "Update complete." + CALL :message "Update complete." ) ) ECHO: From 7a3810f6ca74b21ceebf06e4abac1406f03393c6 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 16 Jan 2018 16:52:24 +0100 Subject: [PATCH 0619/1961] Update troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 155 ++++++++++++++++----------- 1 file changed, 95 insertions(+), 60 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index c1656fd..442d563 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.2 ***/ +/*** ghacks-user.js troubleshooter.js v1.3 ***/ (function() { @@ -60,73 +60,79 @@ } let ops = [ - 'accessibility.force_disabled', + + /* known culprits */ + 'network.cookie.cookieBehavior', + 'network.http.referer.XOriginPolicy', + 'privacy.firstparty.isolate', + 'privacy.resistFingerprinting', + 'security.mixed_content.block_display_content', + 'svg.disabled', + + /* Storage + Cache */ 'browser.cache.offline.enable', - 'browser.display.use_document_fonts', - 'browser.formfill.enable', - 'browser.link.open_newwindow.restriction', - 'browser.search.suggest.enabled', + 'dom.indexedDB.enabled', + 'dom.storage.enabled', 'browser.storageManager.enabled', - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - 'browser.urlbar.autoFill', - 'browser.urlbar.autoFill.typed', - 'browser.urlbar.oneOffSearches', - 'browser.urlbar.suggest.searches', - 'camera.control.face_detection.enabled', - 'canvas.capturestream.enabled', + 'dom.storageManager.enabled', + + /* Workers, Web + Push Notifications */ 'dom.caches.enabled', + 'dom.push.connection.enabled', + 'dom.push.enabled', + 'dom.push.serverURL', + 'dom.serviceWorkers.enabled', + 'dom.workers.enabled', + 'dom.webnotifications.enabled', + 'dom.webnotifications.serviceworker.enabled', + + /* Fonts */ + 'browser.display.use_document_fonts', + 'font.blacklist.underline_offset', + 'gfx.downloadable_fonts.woff2.enabled', + 'gfx.font_rendering.graphite.enabled', + 'gfx.font_rendering.opentype_svg.enabled', + 'layout.css.font-loading-api.enabled', + + /* Misc */ + 'browser.link.open_newwindow.restriction', + 'canvas.capturestream.enabled', 'dom.event.clipboardevents.enabled', 'dom.event.contextmenu.enabled', 'dom.idle-observers-api.enabled', 'dom.IntersectionObserver.enabled', 'dom.popup_allowed_events', - 'dom.popup_maximum', - 'dom.push.connection.enabled', - 'dom.push.enabled', - 'dom.push.serverURL', - 'dom.serviceWorkers.enabled', - 'dom.storage.enabled', - 'dom.storageManager.enabled', - 'dom.vr.enabled', - 'dom.webaudio.enabled', - 'dom.webnotifications.enabled', - 'dom.webnotifications.serviceworker.enabled', - 'font.blacklist.underline_offset', 'full-screen-api.enabled', 'geo.wifi.uri', - 'gfx.downloadable_fonts.woff2.enabled', - 'gfx.font_rendering.graphite.enabled', - 'gfx.font_rendering.opentype_svg.enabled', 'intl.accept_languages', 'javascript.options.asmjs', 'javascript.options.wasm', - 'keyword.enabled', - 'layout.css.font-loading-api.enabled', - 'layout.css.visited_links_enabled', - 'mathml.disabled', + 'network.cookie.thirdparty.sessionOnly', + 'security.csp.experimentalEnabled', + + /* Hardware */ + 'dom.vr.enabled', + 'media.ondevicechange.enabled', + + /* Audio + Video */ + 'dom.webaudio.enabled', 'media.autoplay.enabled', 'media.flac.enabled', 'media.mp4.enabled', 'media.ogg.enabled', - 'media.ondevicechange.enabled', 'media.opus.enabled', 'media.raw.enabled', 'media.wave.enabled', 'media.webm.enabled', 'media.wmf.enabled', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'network.cookie.thirdparty.sessionOnly', - 'network.http.redirection-limit', - 'network.http.referer.XOriginPolicy', - 'network.protocol-handler.external.ms-windows-store', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.sessionPermissionNow.intervalInMinutes', - 'plugin.state.flash', - 'privacy.trackingprotection.enabled', + + /* Forms */ + 'browser.formfill.enable', + 'signon.autofillForms', + 'signon.formlessCapture.enabled', + + /* HTTPS */ 'security.cert_pinning.enforcement_level', - 'security.csp.experimentalEnabled', - 'security.data_uri.block_toplevel_data_uri_navigations', 'security.family_safety.mode', 'security.mixed_content.use_hsts', 'security.OCSP.require', @@ -143,18 +149,32 @@ 'security.tls.enable_0rtt_data', 'security.tls.version.max', 'security.tls.version.min', - 'security.xpconnect.plugin.unrestricted', - 'signon.autofillForms', - 'signon.formlessCapture.enabled', - /* known culprits */ - 'dom.indexedDB.enabled', - 'dom.workers.enabled', - 'network.cookie.cookieBehavior', - 'privacy.firstparty.isolate', - 'privacy.resistFingerprinting', - 'security.mixed_content.block_display_content', - 'svg.disabled', + /* Plugins + Flash */ + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.sessionPermissionNow.intervalInMinutes', + 'plugin.state.flash', + 'security.xpconnect.plugin.unrestricted', + + /* unlikely to cause problems */ + 'browser.tabs.remote.allowLinkedWebInFileUriProcess', + 'dom.popup_maximum', + 'layout.css.visited_links_enabled', + 'mathml.disabled', + 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'network.http.redirection-limit', + 'network.protocol-handler.external.ms-windows-store', + 'privacy.trackingprotection.enabled', + 'security.data_uri.block_toplevel_data_uri_navigations', + + /* FF User-Interface */ + 'browser.search.suggest.enabled', + 'browser.urlbar.autoFill', + 'browser.urlbar.autoFill.typed', + 'browser.urlbar.oneOffSearches', + 'browser.urlbar.suggest.searches', + 'keyword.enabled', 'last.one.without.comma' ] @@ -168,32 +188,47 @@ const aBACKUP = getMyList(ops); //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored."); - myreset(aBACKUP); // resetting all detected prefs - let myArr = aBACKUP; + let found = false; + let aDbg = []; focus(); + myreset(aBACKUP); // reset all detected prefs if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { + aDbg = myArr; reapply(aBACKUP); myreset(myArr.slice(0, parseInt(myArr.length/2))); while (myArr.length >= 2) { alert("NOW TEST AGAIN !"); if (confirm("if the problem still exists click OK, otherwise click cancel.")) { myArr = myArr.slice(parseInt(myArr.length/2)); + if (myArr.length == 1) { + alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); + break; + } } else { myArr = myArr.slice(0, parseInt(myArr.length/2)); + aDbg = myArr; + if (myArr.length == 1) { found = true; break; } } reapply(aBACKUP); myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs } reapply(aBACKUP); - } else { + } + else { reapply(aBACKUP); return; } - if (myArr.length == 1) { + if (found) { alert("narrowed it down to:\n\n"+myArr[0].name+"\n"); myreset(myArr); // reset the culprit } + else { + console.log("the problem is caused by a combination of the following prefs:"); + for (let i = 0, len = aDbg.length; i < len; i++) { + console.log(aDbg[i].name); + } + } })(); From e5c14eb70040c1f7ad58141423c909d05bf8dbd2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Jan 2018 16:40:39 +1300 Subject: [PATCH 0620/1961] tidy up info on prefs that require a restart this is not all prefs, just some that we already documented --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 38f0cd8..ce2e2f2 100644 --- a/user.js +++ b/user.js @@ -594,7 +594,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] Not recommended unless you know what you're doing * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); -/* 1006: disable permissions manager from writing to disk (requires restart) +/* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) @@ -638,7 +638,7 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); -/*** 1100: MULTI-PROCESS (e10s) +/*** 1100: MULTI-PROCESS (e10s) [RESTART] We recommend you let Firefox handle this. Until e10s is enforced, if - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s @@ -757,7 +757,7 @@ user_pref("security.OCSP.require", true); * 2=detect Family Safety mode and import the root * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1221: disable intermediate certificate caching (fingerprinting attack vector) +/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. @@ -865,7 +865,7 @@ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); -/* 1407: disable special underline handling for a few fonts which you will probably never use. +/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); @@ -873,7 +873,7 @@ user_pref("font.blacklist.underline_offset", ""); * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] +/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, @@ -998,7 +998,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content -user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required +user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART] /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) @@ -1329,7 +1329,7 @@ user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type (FF42+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/ user_pref("network.jar.block-remote-files", true); -/* 2630: prevent accessibility services from accessing your browser +/* 2630: prevent accessibility services from accessing your browser [RESTART] * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); From 48f95f2ac7f1975b5e1d2b925f71811ca0446f40 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Jan 2018 17:21:06 +1300 Subject: [PATCH 0621/1961] 2706: set 3rd party HTTP cookies as session-only --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index ce2e2f2..36693da 100644 --- a/user.js +++ b/user.js @@ -1429,6 +1429,9 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2705: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); +/* 2706: set third party non-secure (i.e HTTP) cookies as session only (FF58+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1160368 ***/ +user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ From 50053767423f0c85a08949f8c2429c58a13472e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Jan 2018 17:33:45 +1300 Subject: [PATCH 0622/1961] 0417: disable SB data sharing --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 36693da..173d91e 100644 --- a/user.js +++ b/user.js @@ -276,6 +276,9 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); +/* 0417: disable data sharing (FF58+) ***/ +user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); +user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ From 4fb3040042a2a0d2463f37563c8718d225f1277a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 17 Jan 2018 12:30:02 -0300 Subject: [PATCH 0623/1961] replaced -multibackups with -singlebackup also minor changes to the merge function. --- updater.bat | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/updater.bat b/updater.bat index 9cec6ac..7a9ff83 100644 --- a/updater.bat +++ b/updater.bat @@ -16,7 +16,7 @@ IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) IF /I "%~1"=="-multioverrides" (SET _multi=1) IF /I "%~1"=="-merge" (SET _merge=1) IF /I "%~1"=="-updatebatch" (SET _updateb=1) -IF /I "%~1"=="-multibackups" (SET _multibackups=1) +IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) SHIFT GOTO parse :endparse @@ -158,10 +158,10 @@ IF EXIST user.js.new ( ) IF "!_changed!"=="true" ( CALL :message "Backing up..." - IF DEFINED _multibackups ( - MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul - ) ELSE ( + IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul + ) ELSE ( + MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul ) REN user.js.new user.js CALL :message "Update complete." @@ -196,18 +196,14 @@ REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion ( - FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\).*;" "%~1"') DO ( - IF NOT "%%G"=="" ( - IF NOT "%%H"=="" (SET "%%G=%%H") - ) - ) + FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)[ ]*;" "%~1"') DO (IF NOT "%%H"=="" (SET "%%G=%%H")) FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( SET "_temp=%%J" SETLOCAL EnableDelayedExpansion - IF "!_temp:)=!"=="!_temp!" ( + IF NOT "!_temp:~0,9!"=="user_pref" ( ENDLOCAL & ECHO:%%J ) ELSE ( - IF NOT "!_temp:~0,9!"=="user_pref" ( + IF "!_temp:;=!"=="!_temp!" ( ENDLOCAL & ECHO:%%J ) ELSE ( ENDLOCAL From 6becf50fe6ac2dd4026c6457f7d1626709b9a82f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Jan 2018 15:55:57 +1300 Subject: [PATCH 0624/1961] 4500: RFP keyboard events FF59+ --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 173d91e..1c85bc2 100644 --- a/user.js +++ b/user.js @@ -1604,6 +1604,9 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) + ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) + Spoofing mimics the content language of the document. Currently it only supports en-US. + Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected. ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 22198d420a5cce2bf97dc0a7eee2f91b1eb17ae7 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 18 Jan 2018 01:18:05 -0300 Subject: [PATCH 0625/1961] forgot to update the showhelp function --- updater.bat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/updater.bat b/updater.bat index 7a9ff83..6e06a61 100644 --- a/updater.bat +++ b/updater.bat @@ -244,15 +244,15 @@ ECHO: override files and can be safely discarded after updating, or used as ECHO: new user-overrides.js. When there are conflicting records for the same ECHO: pref, the value of the last one declared will be used. Visit the wiki ECHO: for usage examples and more detailed information. -CALL :message " -multiBackups" -ECHO: Don't overwrite previous backups. New backups are still created only -ECHO: when the updated user.js is different from the previous one. CALL :message " -multiOverrides" ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides ECHO: instead of the default user-overrides.js file. Files are appended in ECHO: alphabetical order. CALL :message " -unattended" ECHO: Run without user input. +CALL :message " -singleBackup" +ECHO: Use a single backup file and overwrite it on new updates, instead of +ECHO: cumulative backups. This was the default behaviour before v4.3. CALL :message " -updatebatch" ECHO: Update the script itself on execution, before the normal routine. CALL :message "" From 91c8da5f124d4228eedfc9fd035fe4ba7a45de87 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Jan 2018 20:26:49 +1300 Subject: [PATCH 0626/1961] 2706->2702 merge: 3rd party cookies + sessionOnly --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 1c85bc2..d5cbedc 100644 --- a/user.js +++ b/user.js @@ -1418,10 +1418,14 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 2); -/* 2702: set third-party cookies (if enabled, see above pref) to session-only +/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only + and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only + [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and + .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); +user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until @@ -1432,9 +1436,6 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); /* 2705: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); -/* 2706: set third party non-secure (i.e HTTP) cookies as session only (FF58+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1160368 ***/ -user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ From 6a0f162d64e91982930577425deff2436003a528 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 19 Jan 2018 11:06:02 +0100 Subject: [PATCH 0627/1961] Update troubleshooter.js dom.idle-observers-api.enabled not used anymore since at least FF38 security.xpconnect.plugin.unrestricted not used anymore since at least FF10 --- scratchpad-scripts/troubleshooter.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 442d563..566f0a0 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -99,7 +99,6 @@ 'canvas.capturestream.enabled', 'dom.event.clipboardevents.enabled', 'dom.event.contextmenu.enabled', - 'dom.idle-observers-api.enabled', 'dom.IntersectionObserver.enabled', 'dom.popup_allowed_events', 'full-screen-api.enabled', @@ -155,7 +154,6 @@ 'plugin.defaultXpi.state', 'plugin.sessionPermissionNow.intervalInMinutes', 'plugin.state.flash', - 'security.xpconnect.plugin.unrestricted', /* unlikely to cause problems */ 'browser.tabs.remote.allowLinkedWebInFileUriProcess', From 0da73d606bd95ac946d1020491f73cbace43113a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Jan 2018 10:13:28 +1300 Subject: [PATCH 0628/1961] 0351: crash reports pref name change --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index d5cbedc..e0e1e8d 100644 --- a/user.js +++ b/user.js @@ -192,7 +192,8 @@ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+) +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); From 14c1620994f10e4a4d34f515a6ba22b5b725e058 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Jan 2018 18:49:39 +1300 Subject: [PATCH 0629/1961] 0205: intl.locale.requested FF59+ --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e0e1e8d..2ee5e2f 100644 --- a/user.js +++ b/user.js @@ -94,6 +94,9 @@ user_pref("browser.search.geoip.url", ""); user_pref("intl.locale.matchOS", false); /* 0204: set APP locale ***/ user_pref("general.useragent.locale", "en-US"); +/* 0205: set OS & APP locale (replaces 0203 + 0204) (FF59+) + * If set to empty, the OS locales are used. If not set at all, default locale is used ***/ +user_pref("intl.locale.requested", "en-US"); // (hidden pref) /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); @@ -827,7 +830,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default) + * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages @@ -1724,7 +1727,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.platform.override", "Win32"); // (hidden pref) /* 4706: navigator.oscpu leaks in JS ***/ // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 4707: general.useragent.locale (related, see 0204) ***/ +/* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/ /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users From 91521dbc84dd43e2f6b75ae43ff2056ed9a742c2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 24 Jan 2018 00:31:01 +0100 Subject: [PATCH 0630/1961] 1106: fix mistake default is 1! https://dxr.mozilla.org/mozilla-release/source/modules/libpref/init/all.js#3327 >1 breaks extensions apparently: https://github.com/ghacksuserjs/ghacks-user.js/issues/346 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2ee5e2f..d9b4bf1 100644 --- a/user.js +++ b/user.js @@ -674,7 +674,7 @@ user_pref("browser.tabs.remote.separateFileUriProcess", true); /* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/ user_pref("dom.ipc.shims.enabledWarnings", true); /* 1106: control number of extension processes ***/ - // user_pref("dom.ipc.processCount.extension", 4); + // user_pref("dom.ipc.processCount.extension", 1); /* 1107: control number of file processes ***/ // user_pref("dom.ipc.processCount.file", 1); /* 1108: block web content in file processes (FF55+) From 0a11a87fd0c512593a2351ebec30d17a9038cd2e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 Jan 2018 04:06:00 +1300 Subject: [PATCH 0631/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 997ff27..c02799f 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators -* [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) +* [12bytes](http://12bytes.org/tech/firefox-mozilla-based-browser-tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From c399bb1d2d33f41642d76c0564fc786938ce755d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 Jan 2018 04:25:39 +1300 Subject: [PATCH 0632/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c02799f..90bdea3 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators -* [12bytes](http://12bytes.org/tech/firefox-mozilla-based-browser-tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) +* [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From c83670f7081c70da4b06e91b04d1974d585afb9c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Jan 2018 01:25:14 +1300 Subject: [PATCH 0633/1961] 1100's: goodbye e10s section --- user.js | 50 ++++---------------------------------------------- 1 file changed, 4 insertions(+), 46 deletions(-) diff --git a/user.js b/user.js index d9b4bf1..d2e4289 100644 --- a/user.js +++ b/user.js @@ -645,52 +645,6 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); -/*** 1100: MULTI-PROCESS (e10s) [RESTART] - We recommend you let Firefox handle this. Until e10s is enforced, if - - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s - - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s - - any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled - [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ -***/ -user_pref("_user.js.parrot", "1100 syntax error: the parrot's bought the farm!"); -/* 1101: start the browser in e10s mode (FF48+) - * about:support>Application Basics>Multiprocess Windows ***/ - // user_pref("browser.tabs.remote.autostart", true); - // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref) - // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref) - // user_pref("extensions.e10sBlocksEnabling", false); -/* 1102: control number of content rendering processes - * [SETTING] Options>General>Performance>Custom>Content process limit - * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/ - // user_pref("dom.ipc.processCount", 4); -/* 1103: enable extension code to run in a separate process (webext-oop) (FF53+) - * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/ - // user_pref("extensions.webextensions.remote", true); -/* 1104: enforce separate content process for file://URLs (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 - * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/ -user_pref("browser.tabs.remote.separateFileUriProcess", true); -/* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/ -user_pref("dom.ipc.shims.enabledWarnings", true); -/* 1106: control number of extension processes ***/ - // user_pref("dom.ipc.processCount.extension", 1); -/* 1107: control number of file processes ***/ - // user_pref("dom.ipc.processCount.file", 1); -/* 1108: block web content in file processes (FF55+) - * [WARNING] [SETUP] You may want to disable this for corporate or developer environments - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play - * with them. The values are integers, but the code below deliberately contains a data mismatch - * [1] https://wiki.mozilla.org/Security/Sandbox - * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/ - // user_pref("security.sandbox.content.level", "donotuse"); - // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse"); - // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse"); -/* 1111: enable sandbox logging ***/ - // user_pref("security.sandbox.logging.enabled", true); - /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack vector, see [1] (It's quite technical but the first part is easy to understand @@ -1145,6 +1099,10 @@ user_pref("dom.push.userAgentID", ""); /*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); +/* 2401: block web content in file processes (FF55+) + * [WARNING] [SETUP] You may want to disable this for corporate or developer environments + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with From 622b70aa376ab0eaafa67b70d09666e3a851a4ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Jan 2018 12:55:01 +0000 Subject: [PATCH 0634/1961] whoops.. relocate old 1108 to 2600's not 2400s --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index d2e4289..2e37608 100644 --- a/user.js +++ b/user.js @@ -1099,10 +1099,6 @@ user_pref("dom.push.userAgentID", ""); /*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -/* 2401: block web content in file processes (FF55+) - * [WARNING] [SETUP] You may want to disable this for corporate or developer environments - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with @@ -1298,6 +1294,10 @@ user_pref("network.jar.block-remote-files", true); * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); +/* 2631: block web content in file processes (FF55+) + * [WARNING] [SETUP] You may want to disable this for corporate or developer environments + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. From bc371c8c9d37a2cf199659d1aff961f60d3e94d7 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 29 Jan 2018 14:05:13 +0100 Subject: [PATCH 0635/1961] Update user.js --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 2e37608..bf72979 100644 --- a/user.js +++ b/user.js @@ -44,6 +44,7 @@ * [1] https://en.wikipedia.org/wiki/Dead_parrot * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); + /* 0000: disable about:config warning ***/ user_pref("general.warnOnAboutConfig", false); From 93c3457d187d4e07d09d5d7dda8b5a573ba1011d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Jan 2018 13:35:20 +0000 Subject: [PATCH 0636/1961] 2427: js shared memory MZ are flipping and a flopping on the value for a while now, lets enforce as false, specially since Spectre --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index bf72979..723be29 100644 --- a/user.js +++ b/user.js @@ -1145,6 +1145,10 @@ user_pref("javascript.options.wasm", false); * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); +/* 2427: disable Shared Memory (Spectre mitigation) + * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md + * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/ +user_pref("javascript.options.shared_memory", false); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From ff77f7260c7e6288aa28cb945e43cd8de55d4ddf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Jan 2018 14:37:36 +0000 Subject: [PATCH 0637/1961] remove 2513: Presentaion API fixes #325 --- user.js | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/user.js b/user.js index 723be29..62844bd 100644 --- a/user.js +++ b/user.js @@ -1175,16 +1175,6 @@ user_pref("dom.webaudio.enabled", false); * [1] https://developer.mozilla.org/docs/Web/Events/devicechange * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); -/* 2513: disable Presentation API - * [WARNING] [SETUP] Optional protection depending on your connected devices - * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI - * [2] https://www.w3.org/TR/presentation-api/ ***/ - // user_pref("dom.presentation.enabled", false); - // user_pref("dom.presentation.controller.enabled", false); - // user_pref("dom.presentation.discoverable", false); - // user_pref("dom.presentation.discovery.enabled", false); - // user_pref("dom.presentation.receiver.enabled", false); - // user_pref("dom.presentation.session_transport.data_channel.enable", false); /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1566,7 +1556,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ** 1382545 - reduce fingerprinting in Animation API (FF57+) ** 1354633 - limit MediaError.message to a whitelist (FF57+) - ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) + ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+) From 0ebe5d0fa860f48f15561e76b78c0fc3a56629af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 31 Jan 2018 13:57:34 +0000 Subject: [PATCH 0638/1961] 1405: WOFF2 info https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face - see Compat table --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 62844bd..80ef112 100644 --- a/user.js +++ b/user.js @@ -822,7 +822,7 @@ user_pref("gfx.downloadable_fonts.enabled", true); /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1405: disable WOFF2 (Web Open Font Format) ***/ +/* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ From ea6e9be7876a24c1dade8dfd8f176063237bf386 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Feb 2018 02:17:20 +0000 Subject: [PATCH 0639/1961] added 2024: default permissions camera/mic --- user.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/user.js b/user.js index 80ef112..3409745 100644 --- a/user.js +++ b/user.js @@ -1006,6 +1006,12 @@ user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); /* 2023: disable camera stuff ***/ user_pref("camera.control.face_detection.enabled", false); +/* 2024: set a default permission for Camera/Microphone (FF58+) + * 0=always ask (default), 1=allow, 2=block + * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone + * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Camera/Microphone>Settings ***/ + // user_pref("permissions.default.camera", 2); + // user_pref("permissions.default.microphone", 2); /* 2026: disable canvas capture stream * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); From a4eaf9494ed95294a4405e8863b7b801fded83c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Feb 2018 02:32:51 +0000 Subject: [PATCH 0640/1961] added 4612: default permission location --- user.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3409745..5cd20dd 100644 --- a/user.js +++ b/user.js @@ -1556,7 +1556,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+) + ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) @@ -1654,6 +1654,12 @@ user_pref("media.video_stats.enabled", false); // [2] https://trac.torproject.org/projects/tor/ticket/10286 // user_pref("dom.w3c_touch_events.enabled", 0); // * * * / +// FF58+ +// 4612: [new] set a default permission for Location (FF58+) + // [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location + // [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings + // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block +// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 3405bae6d845bec9a5909f72e1a0b5b2b9da6603 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Feb 2018 03:38:06 +0000 Subject: [PATCH 0641/1961] added 2632: block sites overriding FF KB shortcuts Note: I tested the value of 1 when changing from 2-block to make sure that it actually changed to allow in the panel. Am keeping my eye on the delete and backspace keys and will remove the line when it is fixed --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 5cd20dd..3fcae2c 100644 --- a/user.js +++ b/user.js @@ -1299,6 +1299,10 @@ user_pref("accessibility.force_disabled", 1); * [WARNING] [SETUP] You may want to disable this for corporate or developer environments * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); +/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+) + * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts + * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ + // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block /* 2662: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. From 2969ab5b13bee198107d4b7371e100410d88c9c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Feb 2018 03:56:16 +0000 Subject: [PATCH 0642/1961] added 2305: default permission Notifications --- user.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 3fcae2c..dd1889b 100644 --- a/user.js +++ b/user.js @@ -1091,11 +1091,14 @@ user_pref("dom.workers.enabled", false); * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable web notifications - * [NOTE] You can still override individual domains under site permissions (FF44+) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ -user_pref("dom.webnotifications.enabled", false); -user_pref("dom.webnotifications.serviceworker.enabled", false); -/* 2305: disable push notifications (FF44+) +user_pref("dom.webnotifications.enabled", false); // (FF22+) +user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) +/* 2305: set a default permission for Notifications (see 2304) (FF58+) + * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications + * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Notifications>Settings ***/ + // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block +/* 2306: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ From 3ef5ba3ac78c49ba9b784df1a8d0efd3324fb280 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 3 Feb 2018 14:21:57 +0100 Subject: [PATCH 0643/1961] v1.4 - removed `network.cookie.thirdparty.sessionOnly` because it can't break sites - added `permissions.default.shortcuts` --- scratchpad-scripts/troubleshooter.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 566f0a0..3c8d96a 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.3 ***/ +/*** ghacks-user.js troubleshooter.js v1.4 ***/ (function() { @@ -106,7 +106,7 @@ 'intl.accept_languages', 'javascript.options.asmjs', 'javascript.options.wasm', - 'network.cookie.thirdparty.sessionOnly', + 'permissions.default.shortcuts', 'security.csp.experimentalEnabled', /* Hardware */ From 1738f9efb178904382122498dc40e0b825268c2f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Feb 2018 00:20:36 +0000 Subject: [PATCH 0644/1961] 58-alpha release --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index dd1889b..83ef477 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 1 January 2018 -* version 58-beta: Pantslide +* date: 3 February 2018 +* version 58: Pantslide * "I took my pants, took em down, I climbed a mountain and I turned around" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From d924c015182e3fc9a08a4f53018e275ae8fa53af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Feb 2018 01:10:45 +0000 Subject: [PATCH 0645/1961] ESR deprecated rewording --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 83ef477..32701bd 100644 --- a/user.js +++ b/user.js @@ -2018,7 +2018,7 @@ user_pref("dom.telephony.enabled", false); user_pref("dom.battery.enabled", false); // ***/ -/* ESR52 still needs all the following prefs +/* ESR52.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x // FF53 // 1265: block rc4 fallback From a290b3ad3d48c1e16952174be8a28b885760e5bd Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 6 Feb 2018 20:09:11 +0100 Subject: [PATCH 0646/1961] 1600 cleanup and header-rewrite --- user.js | 45 ++++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 32701bd..61336ad 100644 --- a/user.js +++ b/user.js @@ -843,16 +843,14 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) -/*** 1600: HEADERS / REFERERS [SETUP] - Except for DNT (Do Not Track), referers are best controlled by an extension. - It is important to realize that it is *cross domain* referers that need - controlling, and this is best handled by EITHER 1603 or 1604, not both. - - Option 1: Recommended: Use an extension to block all referers, and then whitelist - sites on a granular, per domain level. - Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage) - or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 - Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 +/*** 1600: HEADERS / REFERERS + Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. + Thus we enforce the default values for 1601, 1602, 1605 and 1606 to minimize breakage, + and only tweak 1603 (+1604). + Our default settings provide the best balance between protection and amount of breakage. + To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). + To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, + use the site and then change the values back. If you visit those sites regularly, use an extension. full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+path+port: https://example.com:8888/foo/bar.html @@ -862,32 +860,29 @@ user_pref("gfx.font_rendering.graphite.enabled", false); ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer - * 0=never, 1=send only when links are clicked, 2=for links and images (default) - * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/ + * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ user_pref("network.http.sendRefererHeader", 2); /* 1602: ALL: control the amount of information to send - * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port - * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests - * is rather pointless. Recommended left at default for zero same origin breakage ***/ + * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/ user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer [SETUP] - * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage - * [WARNING] Reset to default 0 if you have issues accessing your modem/router ***/ + * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) - * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/ + * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer - * Spoofing increases your exposure to cross-site request forgeries ***/ + * [WARNING] Spoofing effectively disables the anti-CSRF protections that some sites may rely on ***/ user_pref("network.http.referer.spoofSource", false); -/* 1606: ALL: set the default Referrer Policy (FF53+) - * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin - * 3=no-referrer-when-downgrade (default) +/* 1606: ALL: set the default Referrer Policy + * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy * [1] https://www.w3.org/TR/referrer-policy/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/ -user_pref("network.http.referer.userControlPolicy", 3); + * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy + * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/ +user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 +user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 +user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * TBB (Tor Browser Bundle) which is specifically designed for the dark web From ca11a88189d3d055862618b93a44324803967721 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Feb 2018 23:50:30 +0000 Subject: [PATCH 0647/1961] minor edits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 61336ad..ea9bb7a 100644 --- a/user.js +++ b/user.js @@ -844,9 +844,9 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // user_pref("font.system.whitelist", ""); // (hidden pref) /*** 1600: HEADERS / REFERERS - Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. - Thus we enforce the default values for 1601, 1602, 1605 and 1606 to minimize breakage, - and only tweak 1603 (+1604). + Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce + the default values for 1601, 1602, 1605 and 1606 to minimize breakage, and only tweak 1603 and 1604. + Our default settings provide the best balance between protection and amount of breakage. To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, From 4fdf32219332220e4ac3d07cdd4fadf4456ffeee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Feb 2018 23:57:34 +0000 Subject: [PATCH 0648/1961] CSRF acronym --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ea9bb7a..7664e04 100644 --- a/user.js +++ b/user.js @@ -872,7 +872,7 @@ user_pref("network.http.referer.XOriginPolicy", 1); * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer - * [WARNING] Spoofing effectively disables the anti-CSRF protections that some sites may rely on ***/ + * [WARNING] Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on ***/ user_pref("network.http.referer.spoofSource", false); /* 1606: ALL: set the default Referrer Policy * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade From 08a5410b88b9ae5a71614ed7dffb4bd2d805e6a5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Feb 2018 00:49:58 +0000 Subject: [PATCH 0649/1961] 1407: restart info duplicity --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7664e04..e214995 100644 --- a/user.js +++ b/user.js @@ -828,7 +828,7 @@ user_pref("gfx.downloadable_fonts.woff2.enabled", false); * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); /* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] - * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. + * Any of these fonts on your system can be enumerated for fingerprinting. * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default From 95251e98da7e44366419882cadad516733241973 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Feb 2018 15:33:05 +0000 Subject: [PATCH 0650/1961] spelling mistake --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e214995..80ddf33 100644 --- a/user.js +++ b/user.js @@ -1821,7 +1821,7 @@ user_pref("network.websocket.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101 // user_pref("privacy.donottrackheader.value", 1); // 2023: (37+) disable camera autofocus callback - // The API will be superceded by the WebRTC Capture and Stream API + // The API will be superseded by the WebRTC Capture and Stream API // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); From a6fd4d1db1fe9b6105a8d236a2e7e5dc450135a0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Feb 2018 07:13:59 +0000 Subject: [PATCH 0651/1961] 2421: baseline JIT update info --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 80ddf33..46b1216 100644 --- a/user.js +++ b/user.js @@ -1133,9 +1133,11 @@ user_pref("full-screen-api.enabled", false); * [3] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 * [4] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 ***/ user_pref("javascript.options.asmjs", false); -/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817 +/* 2421: disable Ion and baseline JIT to help harden JS against exploits + * see: CVE-2015-0817 (FF36 1145255), CVE-2017-5375 (FF51 1325200), CVE-2017-5400 (FF52 1334933) * [WARNING] Causes the odd site issue and there is also a performance loss - * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ + * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 + * [2] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly for now (FF52+) From 0473c7386065d1872ddaa8091e3a48c555f54ccb Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 16 Feb 2018 18:39:01 +0100 Subject: [PATCH 0652/1961] 2420 + 2421 --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 46b1216..71b8ca1 100644 --- a/user.js +++ b/user.js @@ -1127,17 +1127,17 @@ user_pref("dom.idle-observers-api.enabled", false); /* 2418: disable full-screen API * false=block, true=ask ***/ user_pref("full-screen-api.enabled", false); -/* 2420: disable asm.js (http://asmjs.org/) (FF22+) - * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/ - * [2] https://www.mozilla.org/security/advisories/mfsa2015-50/ - * [3] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 - * [4] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 ***/ +/* 2420: disable asm.js (FF22+) + * [1] http://asmjs.org/ + * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/ + * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/ + * [4] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 + * [5] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 + * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits - * see: CVE-2015-0817 (FF36 1145255), CVE-2017-5375 (FF51 1325200), CVE-2017-5400 (FF52 1334933) * [WARNING] Causes the odd site issue and there is also a performance loss - * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 - * [2] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ + * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly for now (FF52+) From 542b81481472ba778af463d5ea46ff1cf225fcb2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Feb 2018 02:19:20 +0000 Subject: [PATCH 0653/1961] remove 5024+5025: media.* #360 --- user.js | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/user.js b/user.js index 71b8ca1..2983814 100644 --- a/user.js +++ b/user.js @@ -1773,24 +1773,6 @@ user_pref("browser.tabs.loadDivertedInBackground", false); /* 5023: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); -/* 5024: enable/disable MSE (Media Source Extensions) - * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/ - // user_pref("media.mediasource.enabled", false); - // user_pref("media.mediasource.mp4.enabled", false); - // user_pref("media.mediasource.webm.audio.enabled", false); - // user_pref("media.mediasource.webm.enabled", false); -/* 5025: enable/disable various media types ***/ - // user_pref("media.mp4.enabled", false); - // user_pref("media.flac.enabled", false); // (FF51+) - // user_pref("media.ogg.enabled", false); - // user_pref("media.ogg.flac.enabled", false); // (FF51+) - // user_pref("media.opus.enabled", false); - // user_pref("media.raw.enabled", false); - // user_pref("media.wave.enabled", false); - // user_pref("media.webm.enabled", false); - // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries - // user_pref("media.wmf.amd.vp9.enabled", true); // (FF57+) - // user_pref("media.wmf.vp9.enabled", false); /* 5026: disable "Reader View" ***/ // user_pref("reader.parse-on-load.enabled", false); /* 5027: decode URLs on copy from the urlbar (FF53+) From 3d5276484a5a278b9881867852c9ce67be7e1494 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 19 Feb 2018 11:40:53 +0100 Subject: [PATCH 0654/1961] 0370 fixup data: works perfectly fine here. No need to use https and no need to connect to localhost because something could be listening there. data is the fastest and best solution. --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 2983814..16dfb41 100644 --- a/user.js +++ b/user.js @@ -205,9 +205,8 @@ user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) - * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ -user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); +user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness From 17fe261170e064b94a9eb52e366084c0a2f521cb Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 19 Feb 2018 11:49:40 +0100 Subject: [PATCH 0655/1961] default values cleanup These default values are the same in all OSes and all current Firefox versions (ESR, Release, Beta, Nightly). Apart from alerts.showFavicons these defaults are most likely never gonna change --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 16dfb41..dd5e865 100644 --- a/user.js +++ b/user.js @@ -643,7 +643,7 @@ user_pref("browser.shell.shortcutFavicons", false); // user_pref("browser.chrome.site_icons", false); // user_pref("browser.chrome.favicons", false); /* 1032: disable favicons in web notifications ***/ -user_pref("alerts.showFavicons", false); +user_pref("alerts.showFavicons", false); // default: false /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack @@ -817,7 +817,7 @@ user_pref("browser.display.use_document_fonts", 0); // user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New /* 1403: enable icon fonts (glyphs) (FF41+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ -user_pref("gfx.downloadable_fonts.enabled", true); +user_pref("gfx.downloadable_fonts.enabled", true); // default: true /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); @@ -1277,13 +1277,13 @@ user_pref("security.fileuri.strict_origin_policy", true); /* 2624: enable Subresource Integrity (SRI) (FF43+) * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ -user_pref("security.sri.enable", true); +user_pref("security.sri.enable", true); // default: true /* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ user_pref("network.dns.blockDotOnion", true); -/* 2626: disable optional user agent token, default is false, included for completeness +/* 2626: disable optional user agent token * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ -user_pref("general.useragent.compatMode.firefox", false); +user_pref("general.useragent.compatMode.firefox", false); // default: false /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); @@ -1354,9 +1354,9 @@ user_pref("security.block_script_with_wrong_mime", true); * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2673: enable CSP (Content Security Policy) (default is true) +/* 2673: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ -user_pref("security.csp.enable", true); +user_pref("security.csp.enable", true); // default: true /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ @@ -1399,9 +1399,9 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); -/* 2705: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+) +/* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ -user_pref("network.cookie.leave-secure-alone", true); +user_pref("network.cookie.leave-secure-alone", true); // default: true /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ From 5385b8c4abc98647dad38e6cfbe03cde1609bf7a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Feb 2018 12:24:28 +0000 Subject: [PATCH 0656/1961] remove 5017: ui.submenuDelay #360 #337 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 16dfb41..4d3c8aa 100644 --- a/user.js +++ b/user.js @@ -1746,9 +1746,6 @@ user_pref("network.manage-offline-status", false); // user_pref("toolkit.cosmeticAnimations.enabled", false); /* 5016: disable reload/stop animation (FF56+) ***/ // user_pref("browser.stopReloadAnimation.enabled", true); -/* 5017: set submenu delay in milliseconds. 0=instant while a small number allows - * a mouse pass over menu items without any submenus alarmingly shooting out ***/ -user_pref("ui.submenuDelay", 150); // (hidden pref) /* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); /* 5020: control urlbar click behaviour (with defaults) ***/ From e8b9f728857376ee4ae520741cf169e880f2700b Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Fri, 23 Feb 2018 06:47:38 +0000 Subject: [PATCH 0657/1961] Fix updater URLs before someone bitches about it /raw/master/ URLs are no longer working on my end. That's it. Yes, really. --- updater.bat | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index 6e06a61..5cdd5fe 100644 --- a/updater.bat +++ b/updater.bat @@ -42,7 +42,7 @@ IF DEFINED _updateb ( REM Uncomment the next line and comment the powershell call for testing. REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')" + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! @@ -123,7 +123,7 @@ IF DEFINED _log ( IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js.new')" + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" ) >nul 2>&1 IF EXIST user.js.new ( IF DEFINED _multi ( @@ -140,7 +140,6 @@ IF EXIST user.js.new ( COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new ) ) ELSE (CALL :message "No override files found.") - ECHO: ) ELSE ( IF EXIST "user-overrides.js" ( COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" @@ -151,7 +150,6 @@ IF EXIST user.js.new ( CALL :message "user-overrides.js appended." ) ) ELSE (CALL :message "user-overrides.js not found.") - ECHO: ) IF EXIST user.js ( FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" @@ -174,10 +172,9 @@ IF EXIST user.js.new ( CALL :message "Update complete." ) ) - ECHO: ) ELSE ( CALL :message "Update failed. Make sure PowerShell is allowed internet access." - ECHO: No changes were made. + ECHO: No changes were made. ) IF NOT DEFINED _log ( IF NOT DEFINED _ua (PAUSE) From 2980073bca61de74113aa5491718f812a9c02afb Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Fri, 23 Feb 2018 07:02:11 +0000 Subject: [PATCH 0658/1961] increased revision number OK that's it. This time it's for reals. --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 5cdd5fe..c6c8d16 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.3 +REM ## version: 4.4 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts SET _myname=%~n0 @@ -77,7 +77,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.3 #### +ECHO: #### v4.4 #### ECHO: ######################################## ECHO: SET /A "_line=0" From 5e08ad8c6089d56580b05cb5d0a66f5ba97a91fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Feb 2018 10:53:04 +0000 Subject: [PATCH 0659/1961] 0330: use `data:,` for toolkit.telemetry.server see https://github.com/ghacksuserjs/ghacks-user.js/commit/3d5276484a5a278b9881867852c9ce67be7e1494#commitcomment-27760142 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index a0e23cf..4edd620 100644 --- a/user.js +++ b/user.js @@ -173,7 +173,7 @@ user_pref("extensions.webservice.discoverURL", ""); * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ -user_pref("toolkit.telemetry.server", ""); +user_pref("toolkit.telemetry.server", "data:"); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.cachedClientID", ""); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) From 4dafbb89df9178b22bdc3f13ff86368111f8b59f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Feb 2018 10:54:16 +0000 Subject: [PATCH 0660/1961] 0330: missing comma --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4edd620..85eec26 100644 --- a/user.js +++ b/user.js @@ -173,7 +173,7 @@ user_pref("extensions.webservice.discoverURL", ""); * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ -user_pref("toolkit.telemetry.server", "data:"); +user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.cachedClientID", ""); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) From 09e2b181e4de024913c8467c36fc0a78b4f76894 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Feb 2018 11:31:03 +0000 Subject: [PATCH 0661/1961] 4500 RFP stuff --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 85eec26..1d3effa 100644 --- a/user.js +++ b/user.js @@ -1546,14 +1546,16 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) ** 1330890 - spoof timezone as UTC 0 (FF55+) + FF58: Date.toLocaleFormat deprecated (818634) + FF60: Date.toLocaleDateString and Intl.DateTimeFormat fixed (1409973) ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+) This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) ** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 - FF57+: The version number will match current ESR - FF59+: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) + FF57: The version number will match current ESR + FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) @@ -1568,7 +1570,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) - In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+) + FF59: Added to the site permissions panel (1413780) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) From 0260176fef67b6a56de0b447b45a99fd3a73ff01 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Feb 2018 11:59:37 +0000 Subject: [PATCH 0662/1961] 4500: RFP canvas stuff --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 1d3effa..37d4900 100644 --- a/user.js +++ b/user.js @@ -1571,6 +1571,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) FF59: Added to the site permissions panel (1413780) + FF60: Only prompt for canvas data extraction when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) From cc166b8091aa57ef16a0b225e8f77aff4b6dce7e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Feb 2018 12:47:06 +0000 Subject: [PATCH 0663/1961] 4500 RFP keyboard stuff --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 37d4900..a32e453 100644 --- a/user.js +++ b/user.js @@ -1577,6 +1577,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected. + FF60: Fixes keydown/keyup events (1438795) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 8996071cd03e394115ad7a752d42283c9bff5bcc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Feb 2018 13:56:08 +0000 Subject: [PATCH 0664/1961] start 59 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index a32e453..db6c8e7 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 3 February 2018 -* version 58: Pantslide -* "I took my pants, took em down, I climbed a mountain and I turned around" +* date: 27 February 2018 +* version 59-beta: Sweet Dreams (Are Made of Pants) +* "Sweet dreams are made of pants. Who are you to disagree?" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 7f1a82365c6869618a3ed32d4b68bc685906e2a1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 28 Feb 2018 12:10:05 +0000 Subject: [PATCH 0665/1961] 4500: RFP UA spoof stuff Cleaning up the UA spoof stuff in the sticky, as a ticket was just closed (52 is now a temporary hard-coded value: 1418672 - I guess they're running out of time), so also cleaning up the info, and consistent layout Two issues: The code to determine the ESR number is out of whack (by one) since the next ESR is 60. 59 stable is almost here. So they have decided to hard-code the value as 52, for now. The second issue is that Aurora/Nightly are ahead of stable/ESR and can thus unmask themselves as Aurora/Nightly. The hard-coded value for now also solves this. If you follow the sticky for RFP, you will see there is a ticket for using the update channel information (eg stable, beta, dev, nightly etc) to determine when and how calculate the version spoof in future, and they'll also rejig the numbering algorithm to account for ESR being out by one. These are tickets https://bugzilla.mozilla.org/show_bug.cgi?id=1418162 and https://bugzilla.mozilla.org/show_bug.cgi?id=1428111 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index db6c8e7..5b44fa2 100644 --- a/user.js +++ b/user.js @@ -1552,10 +1552,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) - ** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+) + ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 - FF57: The version number will match current ESR - FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) + FF57: The version number will match current ESR (1393283, 1418672) + FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From 887e93a4f2c6c02162cada1e2562a75db9994afd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 28 Feb 2018 12:19:36 +0000 Subject: [PATCH 0666/1961] 4500: RFP WebGL stuff --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5b44fa2..1348221 100644 --- a/user.js +++ b/user.js @@ -1564,7 +1564,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) - ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) + ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) ** 1382545 - reduce fingerprinting in Animation API (FF57+) ** 1354633 - limit MediaError.message to a whitelist (FF57+) ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) From 9892c3cbb74c8548613ea5bc752a3ee1212cf01f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Mar 2018 04:32:12 +0000 Subject: [PATCH 0667/1961] 4500: RFP canvas 1376865 was back ported to 59, so canvas prompt fatigue will be reduced. Note: the default for non-prompts is the same as if you clicked "Don't Allow" - i.e it serves up a 10x10px white square --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 1348221..f2871ee 100644 --- a/user.js +++ b/user.js @@ -1570,8 +1570,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) - FF59: Added to the site permissions panel (1413780) - FF60: Only prompt for canvas data extraction when triggered by user input (1376865) + FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) From 50186412e4de5ed96340f9adf414c8f026019d66 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 1 Mar 2018 12:09:09 +0100 Subject: [PATCH 0668/1961] 2621 - default info added default is true in all current versions (ESR, Release, Beta, Nightly) and OSes --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f2871ee..1ec2505 100644 --- a/user.js +++ b/user.js @@ -1265,7 +1265,7 @@ user_pref("middlemouse.contentLoadURL", false); * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ // user_pref("network.dns.disableIPv6", true); - // user_pref("network.http.fast-fallback-to-IPv4", true); + // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true /* 2622: enforce a security delay when installing extensions (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox From 40391a26a249462dd92d032321f1cef8b09f6d69 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 1 Mar 2018 12:12:24 +0100 Subject: [PATCH 0669/1961] 2629 - link added link [1] is the ticket where the pref was initially added in FF42 with default `false`. The new link details the changes to the pref since then. --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 1ec2505..e2cbb88 100644 --- a/user.js +++ b/user.js @@ -1288,7 +1288,8 @@ user_pref("general.useragent.compatMode.firefox", false); // default: false user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type (FF42+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/ + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 + * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ user_pref("network.jar.block-remote-files", true); /* 2630: prevent accessibility services from accessing your browser [RESTART] * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser From 2de13258ff968b72708cdbc08dddc0fb02ff8ae5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Mar 2018 12:26:10 +0000 Subject: [PATCH 0670/1961] 4609 + 4612: move back to 0200s geolocation blocking via RFP will be removed (see https://bugzilla.mozilla.org/show_bug.cgi?id=1441295), and since either way you look at it (those who use RFP or not) the user.js blocks geo, so we might as well move this stuff back to section 0200 --- user.js | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index e2cbb88..df48b2f 100644 --- a/user.js +++ b/user.js @@ -84,6 +84,9 @@ user_pref("browser.shell.checkDefaultBrowser", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); +/* 0201: disable Location-Aware Browsing + * [1] https://www.mozilla.org/firefox/geolocation/ ***/ +user_pref("geo.enabled", false); /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 @@ -114,6 +117,10 @@ user_pref("intl.regional_prefs.use_os_locales", false); * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) +/* 0211: set a default permission for Location (FF58+) + * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location + * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings ***/ + // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). @@ -1562,7 +1569,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+) + ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201, 0211) (FF56+) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) @@ -1661,12 +1668,6 @@ user_pref("media.video_stats.enabled", false); // [2] https://trac.torproject.org/projects/tor/ticket/10286 // user_pref("dom.w3c_touch_events.enabled", 0); // * * * / -// FF58+ -// 4612: [new] set a default permission for Location (FF58+) - // [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location - // [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings - // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block -// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 2dd2f5febe92d995172c3c3454f9b30c092f5421 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Mar 2018 12:48:31 +0000 Subject: [PATCH 0671/1961] 0409: it is now 0201: see previous commit whoops .. missed removing this part: overworked, underpaid, poor pants needs a beer --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index df48b2f..da28c6a 100644 --- a/user.js +++ b/user.js @@ -1651,9 +1651,6 @@ user_pref("dom.netinfo.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API user_pref("media.webspeech.synth.enabled", false); -// 4609: [0201] disable Location-Aware Browsing - // [1] https://www.mozilla.org/firefox/geolocation/ -user_pref("geo.enabled", false); // * * * / // FF57+ // 4610: [2506] disable video statistics - JS performance fingerprinting (FF25+) From 11bcf46063262c433e593e4eafd4b83b485cff52 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 1 Mar 2018 19:15:10 +0000 Subject: [PATCH 0672/1961] Update updater.bat --- updater.bat | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index c6c8d16..0df74bb 100644 --- a/updater.bat +++ b/updater.bat @@ -31,7 +31,6 @@ IF DEFINED _updateb ( DEL /F "[updated]!_myname!.bat.old" CALL :message "Script updated^!" TIMEOUT 3 >nul - CLS GOTO begin ) REM ## Phase 1 ## @@ -46,11 +45,9 @@ IF DEFINED _updateb ( ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! - EXIT /B ) ELSE ( CALL :message "Failed. Make sure PowerShell is allowed internet access." TIMEOUT 120 >nul - EXIT /B ) ) ELSE ( IF "!_myname!"=="[updated]" ( @@ -68,10 +65,11 @@ IF DEFINED _updateb ( COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! ) - EXIT /B ) + EXIT /B ) :begin +CLS ECHO: ECHO: ECHO: ######################################## @@ -118,7 +116,7 @@ IF DEFINED _log ( :log SET _log=2 ECHO:################################################################## - CALL :message "%date%, %time%" + ECHO: %date%, %time% ) IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." @@ -254,7 +252,6 @@ CALL :message " -updatebatch" ECHO: Update the script itself on execution, before the normal routine. CALL :message "" PAUSE -CLS MODE 80,25 GOTO :begin REM ##################################### From 77a5894fa0c71469d854c1bcfa6ace342a03ac0f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Mar 2018 20:57:45 +0000 Subject: [PATCH 0673/1961] remove 5021* #360 These are all at default values, no need to enforce. As for removing them, we're de-cluttering the section and these just aren't that important. Anyone who wants to play with tab ordering/focus/etc could probably use an extension (API's?) and/or easily find these and look them up --- user.js | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/user.js b/user.js index da28c6a..b432423 100644 --- a/user.js +++ b/user.js @@ -1753,21 +1753,6 @@ user_pref("browser.bookmarks.max_backups", 2); /* 5020: control urlbar click behaviour (with defaults) ***/ user_pref("browser.urlbar.clickSelectsAll", true); user_pref("browser.urlbar.doubleClickSelectsAll", false); -/* 5021a: control tab behaviours (with defaults) - * open links in a new tab immediately to the right of parent tab, not far right ***/ -user_pref("browser.tabs.insertRelatedAfterCurrent", true); -/* 5021b: switch to the parent tab (if it has one) on close, rather than - * to the adjacent right tab if it exists or to the adjacent left tab if it doesn't. - * [NOTE] Requires browser.link.open_newwindow set to 3 (see pref 5007) ***/ -user_pref("browser.tabs.selectOwnerOnClose", true); -/* 5021c: stay on the parent tab when opening links in a new tab - * [SETTING] Options>General>Tabs>When you open a link in a new tab, switch to it immediately ***/ -user_pref("browser.tabs.loadInBackground", true); -/* 5021d: set behavior of pages normally meant to open in a new window (such as target="_blank" - * or from an external program), but that have instead been loaded in a new tab. - * true: load the new tab in the background, leaving focus on the current tab - * false: load the new tab in the foreground, taking the focus from the current tab. ***/ -user_pref("browser.tabs.loadDivertedInBackground", false); /* 5023: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); From 40da3653d36c72686b90a1dfbe46b4d61b524ae0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 1 Mar 2018 21:12:40 +0000 Subject: [PATCH 0674/1961] remove 5007 #360 the default value is 3 anyway, and there it has a UI checkbox setting - don't ask me why a checkbox which only allows two values (2 or 3) --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index b432423..443d319 100644 --- a/user.js +++ b/user.js @@ -1721,10 +1721,6 @@ user_pref("browser.backspace_action", 2); * [NOTE] Only applicable to Nightly and ESR (FF48+) * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ // user_pref("xpinstall.signatures.required", false); -/* 5007: open new windows in a new tab instead - * 1=current window, 2=new window, 3=most recent window - * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ -user_pref("browser.link.open_newwindow", 3); /* 5008: open bookmarks in a new tab (FF57+) * [NOTE] You can also use middle-click, cmd/ctl-click, and use the context menu ***/ // user_pref("browser.tabs.loadBookmarksInTabs", true); From 6b691ae7e3079035768a831d8a5fdeedf5566c3c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Mar 2018 02:39:45 +0000 Subject: [PATCH 0675/1961] remove 5016 #360 covered by 5015 and only designed as a temporary pref AFAIK until issues with its timing and use (too distracting) are sorted --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 443d319..8fdd359 100644 --- a/user.js +++ b/user.js @@ -1742,8 +1742,6 @@ user_pref("network.manage-offline-status", false); /* 5015: disable animations (FF55+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ // user_pref("toolkit.cosmeticAnimations.enabled", false); -/* 5016: disable reload/stop animation (FF56+) ***/ - // user_pref("browser.stopReloadAnimation.enabled", true); /* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); /* 5020: control urlbar click behaviour (with defaults) ***/ From ec687cad7555057e905032277d2e3f361f6c2813 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Mar 2018 03:13:39 +0000 Subject: [PATCH 0676/1961] remove 5020 #360 "remove 5020 because the values we set are the default values in Mac + Windows. Linux sets it the other way around: false+true instead of true+false" --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 8fdd359..c59139f 100644 --- a/user.js +++ b/user.js @@ -1744,9 +1744,6 @@ user_pref("network.manage-offline-status", false); // user_pref("toolkit.cosmeticAnimations.enabled", false); /* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/ user_pref("browser.bookmarks.max_backups", 2); -/* 5020: control urlbar click behaviour (with defaults) ***/ -user_pref("browser.urlbar.clickSelectsAll", true); -user_pref("browser.urlbar.doubleClickSelectsAll", false); /* 5023: enable "Find As You Type" * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ // user_pref("accessibility.typeaheadfind", true); From b93c7e026c360c46a4821bd71f2889057a36d838 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Mar 2018 16:53:39 +1300 Subject: [PATCH 0677/1961] revamp 5000 fixes #360 --- user.js | 78 +++++++++++++++++++-------------------------------------- 1 file changed, 26 insertions(+), 52 deletions(-) diff --git a/user.js b/user.js index c59139f..455b212 100644 --- a/user.js +++ b/user.js @@ -1699,61 +1699,35 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/ -/*** 5000: PERSONAL SETTINGS [SETUP] - Settings that are handy to migrate and/or are not in the Options interface. Users - can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ +/*** 5000: PERSONAL [SETUP] + Non-project related but useful. If any of these interest you, add them to your overrides ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); -/* 5001: disable annoying warnings ***/ -user_pref("browser.tabs.warnOnClose", false); -user_pref("browser.tabs.warnOnCloseOtherTabs", false); -user_pref("browser.tabs.warnOnOpen", false); -/* 5002: disable warning when a domain requests full screen - * [1] https://developer.mozilla.org/docs/Web/API/Fullscreen_API ***/ +/* WARNINGS ***/ + // user_pref("browser.tabs.warnOnClose", false); + // user_pref("browser.tabs.warnOnCloseOtherTabs", false); + // user_pref("browser.tabs.warnOnOpen", false); // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); -/* 5003: disable closing browser with last tab ***/ -user_pref("browser.tabs.closeWindowWithLastTab", false); -/* 5004: disable backspace (0=previous page, 1=scroll up, 2=do nothing) ***/ -user_pref("browser.backspace_action", 2); -/* 5005: disable autocopy default [LINUX] ***/ - // user_pref("clipboard.autocopy", false); -/* 5006: disable enforced extension signing (FF43+) - * [NOTE] Only applicable to Nightly and ESR (FF48+) - * [1] https://wiki.mozilla.org/Add-ons/Extension_Signing#Documentation ***/ - // user_pref("xpinstall.signatures.required", false); -/* 5008: open bookmarks in a new tab (FF57+) - * [NOTE] You can also use middle-click, cmd/ctl-click, and use the context menu ***/ - // user_pref("browser.tabs.loadBookmarksInTabs", true); -/* 5010: enable ctrl-tab previews ***/ -user_pref("browser.ctrlTab.previews", true); -/* 5011: don't open "page/selection source" in a tab. The window used instead is cleaner - * and easier to use and move around (e.g. developers/multi-screen). ***/ -user_pref("view_source.tab", false); -/* 5012: control spellchecking: 0=none, 1-multi-line controls, 2=multi-line & single-line controls ***/ -user_pref("layout.spellcheckDefault", 1); -/* 5013: disable automatic "Work Offline" status - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472 - * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/ -user_pref("network.manage-offline-status", false); -/* 5014: control download button visibility (FF57+) - * true = the button is automatically shown/hidden based on whether the session has downloads or not - * false = the button is always visible ***/ - // user_pref("browser.download.autohideButton", false); -/* 5015: disable animations (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/ - // user_pref("toolkit.cosmeticAnimations.enabled", false); -/* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/ -user_pref("browser.bookmarks.max_backups", 2); -/* 5023: enable "Find As You Type" - * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/ - // user_pref("accessibility.typeaheadfind", true); -/* 5026: disable "Reader View" ***/ - // user_pref("reader.parse-on-load.enabled", false); -/* 5027: decode URLs on copy from the urlbar (FF53+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/ -user_pref("browser.urlbar.decodeURLsOnCopy", true); -/* 5028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/ - // user_pref("general.autoScroll", false); +/* APPEARANCE ***/ + // user_pref("browser.download.autohideButton", false); // (FF57+) + // user_pref("toolkit.cosmeticAnimations.enabled", false); // (FF55+) +/* CONTENT BEHAVIOR ***/ + // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" + // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] + // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line +/* UX BEHAVIOR ***/ + // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing + // user_pref("browser.ctrlTab.previews", true); + // user_pref("browser.tabs.closeWindowWithLastTab", false); + // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab (FF57+) + // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) + // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] + // user_pref("view_source.tab", false); // open "page/selection source" in a new window +/* OTHER ***/ + // user_pref("browser.bookmarks.max_backups", 2); + // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 + // user_pref("reader.parse-on-load.enabled", false); // "Reader View" + // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, From 61d2b46a02ad13194ea9b8f1ab45a238483ead54 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Mar 2018 05:09:29 +0000 Subject: [PATCH 0678/1961] 5000: identity.fxaccounts.enabled, fixes #366 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 455b212..0ef357a 100644 --- a/user.js +++ b/user.js @@ -1725,6 +1725,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("view_source.tab", false); // open "page/selection source" in a new window /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); + // user_pref("identity.fxaccounts.enabled", false); disable and hide Firefox Accounts and Sync (FF60+) [RESTART] // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) From 19c40eeb18b9f619d84f703cf9eccf80278791bf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Mar 2018 05:10:11 +0000 Subject: [PATCH 0679/1961] fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0ef357a..54153f4 100644 --- a/user.js +++ b/user.js @@ -1725,7 +1725,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("view_source.tab", false); // open "page/selection source" in a new window /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); - // user_pref("identity.fxaccounts.enabled", false); disable and hide Firefox Accounts and Sync (FF60+) [RESTART] + // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync (FF60+) [RESTART] // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) From 3812aed9e967459c6a1489924bd21e418915873b Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 5 Mar 2018 14:19:34 +0100 Subject: [PATCH 0680/1961] Update troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 3c8d96a..0e751ca 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.4 ***/ +/*** ghacks-user.js troubleshooter.js v1.5 ***/ (function() { @@ -116,14 +116,6 @@ /* Audio + Video */ 'dom.webaudio.enabled', 'media.autoplay.enabled', - 'media.flac.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.wmf.enabled', /* Forms */ 'browser.formfill.enable', @@ -166,14 +158,6 @@ 'privacy.trackingprotection.enabled', 'security.data_uri.block_toplevel_data_uri_navigations', - /* FF User-Interface */ - 'browser.search.suggest.enabled', - 'browser.urlbar.autoFill', - 'browser.urlbar.autoFill.typed', - 'browser.urlbar.oneOffSearches', - 'browser.urlbar.suggest.searches', - 'keyword.enabled', - 'last.one.without.comma' ] From 205d64ab29834a8be96327351d4bfb897b1daf1c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Mar 2018 00:54:47 +0000 Subject: [PATCH 0681/1961] 4500: RFP keyboard ctrl key --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 54153f4..f27df85 100644 --- a/user.js +++ b/user.js @@ -1581,9 +1581,9 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) - ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) + ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. - Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected. + Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60: Fixes keydown/keyup events (1438795) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); From 92585ecd93165f7bff9e6baeed4e98be96272b92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Mar 2018 08:00:20 +0000 Subject: [PATCH 0682/1961] browser.link.open_newwindow #371 adding this back in (so it is not missing for release changes), section will get a makeover, see linked issue --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index f27df85..5d38ade 100644 --- a/user.js +++ b/user.js @@ -1062,6 +1062,10 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload * [2] https://support.mozilla.org/questions/1043508 ***/ user_pref("dom.disable_beforeunload", true); +/* 2206: open new windows in a new tab instead + * 1=current window, 2=new window, 3=most recent window + * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ + user_pref("browser.link.open_newwindow", 3); /*** 2300: WEB WORKERS [SETUP] A worker is a JS "background task" running in a global context, i.e. it is different from From 1469e13df81d57f59a97c6f2110b4e0754768986 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Mar 2018 09:04:54 +0000 Subject: [PATCH 0683/1961] section 0700 #368 This is a start to reducing section 2600 (which I renamed it to just miscellaneous). We can always revisit this new section and add to it down the track if required. Note: added a second ref [2] under 0703. Note: re-numbered & re-positioned deprecated prefs for SPDY --- user.js | 93 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 48 insertions(+), 45 deletions(-) diff --git a/user.js b/user.js index 5d38ade..7537bd5 100644 --- a/user.js +++ b/user.js @@ -442,6 +442,47 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); +/*** 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ +user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); +/* 0701: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) + * This is all about covert channels such as MAC addresses being included/abused in the + * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way + * to do it. It's 2016, IPv6 is here. Here are some old links + * 2010: https://christopher-parsons.com/ipv6-and-the-future-of-privacy/ + * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6/ + * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ + * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection + * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ + // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true +/* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) + * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance + * privacy, and in fact opens up a number of server-side fingerprinting opportunities + * [1] https://http2.github.io/faq/ + * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html + * [3] https://queue.acm.org/detail.cfm?id=2716278 + * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ +user_pref("network.http.spdy.enabled", false); +user_pref("network.http.spdy.enabled.deps", false); +user_pref("network.http.spdy.enabled.http2", false); +/* 0703: disable HTTP Alternative Services (FF37+) + * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 + * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ +user_pref("network.http.altsvc.enabled", false); +user_pref("network.http.altsvc.oe", false); +/* 0704: enforce the proxy server to do any DNS lookups when using SOCKS + * e.g. in TOR, this stops your local DNS server from knowing your Tor destination + * as a remote Tor node will handle the DNS request + * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns + * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ +user_pref("network.proxy.socks_remote_dns", true); +/* 0705: disable DNS requests for hostnames with a .onion TLD (FF45+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ +user_pref("network.dns.blockDotOnion", true); +/* 0706: remove paths when sending URLs to PAC scripts (FF51+) + * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ +user_pref("network.proxy.autoconfig_url.include_path", false); + /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private (restricted access), and the device is secure when unattended (locked, encrypted, forensic @@ -1192,7 +1233,7 @@ user_pref("dom.webaudio.enabled", false); * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ user_pref("media.ondevicechange.enabled", false); -/*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/ +/*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ @@ -1227,16 +1268,6 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2614: disable HTTP2 (which was based on SPDY which is now deprecated) - * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance - * privacy, and in fact opens up a number of server-side fingerprinting opportunities - * [1] https://http2.github.io/faq/ - * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html - * [3] https://queue.acm.org/detail.cfm?id=2716278 - * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ -user_pref("network.http.spdy.enabled", false); -user_pref("network.http.spdy.enabled.deps", false); -user_pref("network.http.spdy.enabled.http2", false); /* 2617: enable Firefox's built-in PDF reader [SETUP] * [SETTING-56+] Options>General>Applications>Portable Document Format (PDF) * [SETTING-ESR] Options>Applications>Portable Document Format (PDF) @@ -1252,12 +1283,6 @@ user_pref("network.http.spdy.enabled.http2", false); * [NOTE] * See 2662, and JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); -/* 2618: enforce the proxy server to do any DNS lookups when using SOCKS - * e.g. in TOR, this stops your local DNS server from knowing your Tor destination - * as a remote Tor node will handle the DNS request - * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns - * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ -user_pref("network.proxy.socks_remote_dns", true); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ @@ -1266,17 +1291,6 @@ user_pref("network.http.redirection-limit", 10); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2621: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) - * This is all about covert channels such as MAC addresses being included/abused in the - * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way - * to do it. It's 2016, IPv6 is here. Here are some old links - * 2010: https://christopher-parsons.com/ipv6-and-the-future-of-privacy/ - * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6/ - * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ - * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection - * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ - // user_pref("network.dns.disableIPv6", true); - // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true /* 2622: enforce a security delay when installing extensions (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox @@ -1289,9 +1303,6 @@ user_pref("security.fileuri.strict_origin_policy", true); * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); // default: true -/* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ -user_pref("network.dns.blockDotOnion", true); /* 2626: disable optional user agent token * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); // default: false @@ -1329,10 +1340,6 @@ user_pref("mathml.disabled", true); user_pref("device.storage.enabled", false); /* 2665: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2666: disable HTTP Alternative Services - * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/ -user_pref("network.http.altsvc.enabled", false); -user_pref("network.http.altsvc.oe", false); /* 2667: disable various developer tools in browser context * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ @@ -1343,10 +1350,6 @@ user_pref("devtools.chrome.enabled", false); * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -/* 2669: remove paths when sending URLs to PAC scripts (FF51+) - * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ -user_pref("network.proxy.autoconfig_url.include_path", false); /* 2670: disable "image/" mime types bypassing CSP (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); @@ -1769,12 +1772,12 @@ user_pref("browser.safebrowsing.reportGenericURL", ""); // removed user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed user_pref("browser.safebrowsing.reportURL", ""); // removed +// 0702: (41+) disable HTTP2 (draft) + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 +user_pref("network.http.spdy.enabled.http2draft", false); // 1804: (41+) disable plugin enumeration // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 user_pref("plugins.enumerable_names", ""); -// 2614: (41+) disable HTTP2 (draft) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 -user_pref("network.http.spdy.enabled.http2draft", false); // 2803: (42+) clear passwords on shutdown // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 // user_pref("privacy.clearOnShutdown.passwords", false); @@ -1910,6 +1913,9 @@ user_pref("security.ssl3.rsa_rc4_128_sha", false); user_pref("plugins.update.url", ""); // ***/ /* FF51 +// 0702: disable SPDY + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 +user_pref("network.http.spdy.enabled.v3-1", false); // 1851: delay play of videos until they're visible // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053 @@ -1917,9 +1923,6 @@ user_pref("media.block-play-until-visible", true); // 2504: disable virtual reality devices // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244 user_pref("dom.vr.oculus050.enabled", false); -// 2614: disable SPDY - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 -user_pref("network.http.spdy.enabled.v3-1", false); // ***/ /* FF52 // 1601: disable referer from an SSL Website From 2a402310cc4e3af5d3aed20dfb511d4a6a364778 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Mar 2018 09:23:17 +0000 Subject: [PATCH 0684/1961] fixup: missing line break --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 7537bd5..3eea41b 100644 --- a/user.js +++ b/user.js @@ -453,7 +453,8 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ - // user_pref("network.dns.disableIPv6", true); // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true + // user_pref("network.dns.disableIPv6", true); + // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities From 3192027f52dc204cf3f28817ec32600eb61b88d4 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 13 Mar 2018 17:52:14 +0100 Subject: [PATCH 0685/1961] 59 deprecated/removed prefs [part 1] --- user.js | 60 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/user.js b/user.js index 3eea41b..0d7c112 100644 --- a/user.js +++ b/user.js @@ -188,12 +188,8 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) -/* 0333a: disable health report ***/ +/* 0333: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) - * If you have disabled health reports, then this about page is useless - disable it - * If you want to see what health data is present, then this must be set at default ***/ -user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); /* 0334: disable new data submission, master kill switch (FF41+) * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ @@ -359,12 +355,6 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0511: disable FlyWeb (FF49+) - * Flyweb is a set of APIs for advertising and discovering local-area web servers - * [1] https://flyweb.github.io/ - * [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios - * [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/ -user_pref("dom.flyweb.enabled", false); /* 0512: disable Shield (FF53+) * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" * [1] https://wiki.mozilla.org/Firefox/Shield @@ -792,14 +782,6 @@ user_pref("network.stricttransportsecurity.preloadlist", true); user_pref("security.mixed_content.block_active_content", true); /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ user_pref("security.mixed_content.block_display_content", true); -/* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) - * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list - * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because - * those may cause noticeable delays e.g. requests time out or are not handled well by servers - * [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 ***/ -user_pref("security.mixed_content.use_hsts", true); -user_pref("security.mixed_content.send_hsts_priming", false); /** CIPHERS [see the section 1200 intro] ***/ /* 1260: disable or limit SHA-1 * 0=all SHA1 certs are allowed @@ -982,8 +964,6 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ // user_pref("plugin.state.flash", 0); -/* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/ -user_pref("security.xpconnect.plugin.unrestricted", false); /* 1805: disable scanning for plugins [WINDOWS] * [1] http://kb.mozillazine.org/Plugin_scanning * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. @@ -1047,8 +1027,6 @@ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.screensharing.allowed_domains", ""); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); -/* 2023: disable camera stuff ***/ -user_pref("camera.control.face_detection.enabled", false); /* 2024: set a default permission for Camera/Microphone (FF58+) * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone @@ -1174,8 +1152,6 @@ user_pref("dom.popup_maximum", 3); * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); -/* 2416: disable idle observation ***/ -user_pref("dom.idle-observers-api.enabled", false); /* 2418: disable full-screen API * false=block, true=ask ***/ user_pref("full-screen-api.enabled", false); @@ -1829,7 +1805,7 @@ user_pref("dom.workers.sharedWorkers.enabled", false); user_pref("browser.sessionstore.privacy_level_deferred", 2); // ***/ /* FF46 -// 0333a: disable health report +// 0333: disable health report // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) @@ -2061,6 +2037,38 @@ user_pref("browser.casting.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); // * * * / +// FF59 +// 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) + // If you have disabled health reports, then this about page is useless - disable it + // If you want to see what health data is present, then this must be set at default + // [-] https://bugzilla.mozilla.org/1352497 +user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); +// 0511: disable FlyWeb (FF49+) + // Flyweb is a set of APIs for advertising and discovering local-area web servers + // [1] https://flyweb.github.io/ + // [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios + // [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ + // [-] https://bugzilla.mozilla.org/1374574 +user_pref("dom.flyweb.enabled", false); +// 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) + // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list + // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because + // those may cause noticeable delays e.g. requests time out or are not handled well by servers + // [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true + // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 + // [-] https://bugzilla.mozilla.org/1424917 +user_pref("security.mixed_content.use_hsts", true); +user_pref("security.mixed_content.send_hsts_priming", false); +// 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect + // [-] (part8) https://bugzilla.mozilla.org/1416703 +user_pref("security.xpconnect.plugin.unrestricted", false); +// 2023: disable camera stuff + // [-] (part7) https://bugzilla.mozilla.org/1416703 +user_pref("camera.control.face_detection.enabled", false); +// 2416: disable idle observation + // [-] (part7) https://bugzilla.mozilla.org/1416703 +user_pref("dom.idle-observers-api.enabled", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From d4083e6a3eeba3055b4fa7dcea692ad10f20f285 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Mar 2018 18:56:22 +0000 Subject: [PATCH 0686/1961] 59 deprecated/removed prefs [part 2] Note: I moved the (part`x`) bit to the end of the bugzilla from previous commit as I like the https* bit to all be in line = visually easier to parse IMO --- user.js | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index 0d7c112..32c382c 100644 --- a/user.js +++ b/user.js @@ -94,11 +94,7 @@ user_pref("geo.enabled", false); user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) user_pref("browser.search.geoip.url", ""); -/* 0203: disable using OS locale, force APP locale ***/ -user_pref("intl.locale.matchOS", false); -/* 0204: set APP locale ***/ -user_pref("general.useragent.locale", "en-US"); -/* 0205: set OS & APP locale (replaces 0203 + 0204) (FF59+) +/* 0205: set OS & APP locale (FF59+) * If set to empty, the OS locales are used. If not set at all, default locale is used ***/ user_pref("intl.locale.requested", "en-US"); // (hidden pref) /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" @@ -910,7 +906,6 @@ user_pref("network.http.referer.spoofSource", false); * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/ -user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) @@ -1024,7 +1019,6 @@ user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); -user_pref("media.getusermedia.screensharing.allowed_domains", ""); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); /* 2024: set a default permission for Camera/Microphone (FF58+) @@ -1068,7 +1062,6 @@ user_pref("dom.disable_window_open_feature.close", true); user_pref("dom.disable_window_open_feature.minimizable", true); user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.disable_window_status_change", true); user_pref("dom.allow_scripts_to_close_windows", false); /* 2204: disable links opening in a new window * This is to stop malicious window sizes and screen res leaks etc in conjunction @@ -1681,7 +1674,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.platform.override", "Win32"); // (hidden pref) /* 4706: navigator.oscpu leaks in JS ***/ // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/ +/* 4707: general.useragent.locale (related, see 0204-deprecated FF59+) ***/ /*** 5000: PERSONAL [SETUP] Non-project related but useful. If any of these interest you, add them to your overrides ***/ @@ -2038,6 +2031,12 @@ user_pref("browser.casting.enabled", false); user_pref("browser.bookmarks.showRecentlyBookmarked", false); // * * * / // FF59 +// 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested + // [-] https://bugzilla.mozilla.org/1414390 +user_pref("intl.locale.matchOS", false); +// 0204: set APP locale - replaced by intl.locale.requested + // [-] https://bugzilla.mozilla.org/1414390 +user_pref("general.useragent.locale", "en-US"); // 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) // If you have disabled health reports, then this about page is useless - disable it // If you want to see what health data is present, then this must be set at default @@ -2059,14 +2058,23 @@ user_pref("dom.flyweb.enabled", false); // [-] https://bugzilla.mozilla.org/1424917 user_pref("security.mixed_content.use_hsts", true); user_pref("security.mixed_content.send_hsts_priming", false); +// 1606: set the default Referrer Policy - replaced by network.http.referer.defaultPolicy + // [-] https://bugzilla.mozilla.org/587523 +user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 // 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect - // [-] (part8) https://bugzilla.mozilla.org/1416703 + // [-] https://bugzilla.mozilla.org/1416703 (part8) user_pref("security.xpconnect.plugin.unrestricted", false); +// 2022: disable screensharing domain whitelist + // [-] https://bugzilla.mozilla.org/1411742 (part3) +user_pref("media.getusermedia.screensharing.allowed_domains", ""); // 2023: disable camera stuff - // [-] (part7) https://bugzilla.mozilla.org/1416703 + // [-] https://bugzilla.mozilla.org/1416703 (part7) user_pref("camera.control.face_detection.enabled", false); +// 2203: disable [popup window] scripts hiding or disabling the following + // [-] https://bugzilla.mozilla.org/1425999 +user_pref("dom.disable_window_status_change", true); // 2416: disable idle observation - // [-] (part7) https://bugzilla.mozilla.org/1416703 + // [-] https://bugzilla.mozilla.org/1416703 (part7) user_pref("dom.idle-observers-api.enabled", false); // * * * / // ***/ From 6fd415eab23ae8274508af037a4c02845b36df3b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Mar 2018 19:26:39 +0000 Subject: [PATCH 0687/1961] 59 RFP Alternatives --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 32c382c..5fd2d28 100644 --- a/user.js +++ b/user.js @@ -1198,10 +1198,6 @@ user_pref("layers.acceleration.disabled", true); /* 2510: disable Web Audio API (FF51+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ user_pref("dom.webaudio.enabled", false); -/* 2511: disable MediaDevices change detection (FF51+) (enabled by default starting FF52+) - * [1] https://developer.mozilla.org/docs/Web/Events/devicechange - * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/ -user_pref("media.ondevicechange.enabled", false); /*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1556,7 +1552,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) - ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) + ** 1372073 - spoof/block fingerprinting in MediaDevices API (see 4612) (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. @@ -1642,6 +1638,12 @@ user_pref("media.video_stats.enabled", false); // [2] https://trac.torproject.org/projects/tor/ticket/10286 // user_pref("dom.w3c_touch_events.enabled", 0); // * * * / +// FF59+ +// 4612: [2511] disable MediaDevices change detection (FF51+) + // [1] https://developer.mozilla.org/docs/Web/Events/devicechange + // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange +user_pref("media.ondevicechange.enabled", false); +// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 7f7282a975c5ca9395aa803efc14e69647d80d54 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Mar 2018 11:05:37 +0000 Subject: [PATCH 0688/1961] 59 deprecated tweaks --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 5fd2d28..9d20997 100644 --- a/user.js +++ b/user.js @@ -2064,19 +2064,19 @@ user_pref("security.mixed_content.send_hsts_priming", false); // [-] https://bugzilla.mozilla.org/587523 user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 // 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect - // [-] https://bugzilla.mozilla.org/1416703 (part8) + // [-] (part8) https://bugzilla.mozilla.org/1416703#c21 user_pref("security.xpconnect.plugin.unrestricted", false); // 2022: disable screensharing domain whitelist - // [-] https://bugzilla.mozilla.org/1411742 (part3) + // [-] https://bugzilla.mozilla.org/1411742 user_pref("media.getusermedia.screensharing.allowed_domains", ""); // 2023: disable camera stuff - // [-] https://bugzilla.mozilla.org/1416703 (part7) + // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("camera.control.face_detection.enabled", false); // 2203: disable [popup window] scripts hiding or disabling the following // [-] https://bugzilla.mozilla.org/1425999 user_pref("dom.disable_window_status_change", true); // 2416: disable idle observation - // [-] https://bugzilla.mozilla.org/1416703 (part7) + // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("dom.idle-observers-api.enabled", false); // * * * / // ***/ From 517e40703ff06ad143f4283b8c460bfab96175c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Mar 2018 11:19:09 +0000 Subject: [PATCH 0689/1961] reference: http->https --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9d20997..bede39a 100644 --- a/user.js +++ b/user.js @@ -445,7 +445,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities * [1] https://http2.github.io/faq/ - * [2] http://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html + * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://queue.acm.org/detail.cfm?id=2716278 * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ user_pref("network.http.spdy.enabled", false); From 14456b5a29c785cd85e1ad6b7559b11afe8a234a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 15 Mar 2018 02:22:58 +1300 Subject: [PATCH 0690/1961] bugzilla ref changes #375 note: picked up a leading space on 2206. Please double check for any errors or missed opportunities (I scanned it three times), 1221 is about the only one that's a bit messy I think --- user.js | 265 +++++++++++++++++++++++++++----------------------------- 1 file changed, 127 insertions(+), 138 deletions(-) diff --git a/user.js b/user.js index bede39a..0bbef8d 100644 --- a/user.js +++ b/user.js @@ -104,10 +104,10 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); /* 0207: set language to match ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/ + * [1] https://bugzilla.mozilla.org/867501 ***/ user_pref("javascript.use_us_english_locale", true); // (hidden pref) /* 0209: use APP locale over OS locale in regional preferences (FF56+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1379420 [also 1364789] ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789 ***/ user_pref("intl.regional_prefs.use_os_locales", false); /* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled * Optionally enable logging to the console (defaults to false) ***/ @@ -188,7 +188,7 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) user_pref("datareporting.healthreport.uploadEnabled", false); /* 0334: disable new data submission, master kill switch (FF41+) * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1195552 ***/ + * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); @@ -277,7 +277,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // /* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked * bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ + * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); /* 0417: disable data sharing (FF58+) ***/ user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); @@ -301,7 +301,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ + * [2] https://bugzilla.mozilla.org/1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); @@ -310,8 +310,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true); * Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list * [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows * This is included for people who want to completely disable Tracking Protection. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170190 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1141814 ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); @@ -377,7 +376,7 @@ user_pref("browser.library.activity-stream.enabled", false); // (FF57+) * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] * [1] https://wiki.mozilla.org/Firefox/Onboarding * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=863246#c154 ***/ + * [3] https://bugzilla.mozilla.org/863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Enable Profile Autofill @@ -463,11 +462,11 @@ user_pref("network.http.altsvc.oe", false); * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 0705: disable DNS requests for hostnames with a .onion TLD (FF45+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/ + * [1] https://bugzilla.mozilla.org/1228457 ***/ user_pref("network.dns.blockDotOnion", true); /* 0706: remove paths when sending URLs to PAC scripts (FF51+) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ + * [1] https://bugzilla.mozilla.org/1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] @@ -502,7 +501,7 @@ user_pref("browser.sessionhistory.max_entries", 10); * only in 'certain circumstances', also see latest comments in [2] * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * [1] https://dbaron.org/mozilla/visited-privacy - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=147777 + * [2] https://bugzilla.mozilla.org/147777 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs - SECURITY ***/ @@ -516,10 +515,10 @@ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0809: disable location bar suggesting "preloaded" top websites (FF54+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/ + * [1] https://bugzilla.mozilla.org/1211726 ***/ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0810: disable location bar making speculative connections (FF56+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/ + * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar autocomplete and suggestion types * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' @@ -548,7 +547,7 @@ user_pref("browser.urlbar.autoFill.typed", false); * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); /* 0850f: disable location bar suggesting local search history (FF57+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1181644 ***/ + * [1] https://bugzilla.mozilla.org/1181644 ***/ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions /* 0860: disable search and form history * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember search and form history @@ -597,7 +596,7 @@ user_pref("signon.autofillForms", false); * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ user_pref("signon.storeWhenAutocompleteOff", true); /* 0907: display warnings for logins on non-secure (non HTTPS) pages - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ + * [1] https://bugzilla.mozilla.org/1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); /* 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ @@ -606,12 +605,11 @@ user_pref("browser.fixup.hide_user_pass", true); user_pref("signon.formlessCapture.enabled", false); /* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 ***/ + * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); /* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt (FF55+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1357835 ***/ + * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); /*** 1000: CACHE [SETUP] ***/ @@ -638,7 +636,7 @@ user_pref("browser.cache.disk_cache_ssl", false); // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ + * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) /* 1007: disable randomized FF HTTP cache decay experiments * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ @@ -665,7 +663,7 @@ user_pref("browser.sessionstore.resume_from_crash", false); * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: * i.e. the longer the interval the more chance a quick tab open/close won't be captured. * This longer interval *may* affect history but we cannot replicate any history not recorded - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1304389 ***/ + * [1] https://bugzilla.mozilla.org/1304389 ***/ user_pref("browser.sessionstore.interval", 30000); /** FAVICONS ***/ /* 1030: disable favicons in shortcuts @@ -715,7 +713,7 @@ user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1 * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking * [1] https://tools.ietf.org/html/rfc5077 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=967977 ***/ + * [2] https://bugzilla.mozilla.org/967977 ***/ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) /* 1204: disable SSL Error Reporting * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ @@ -758,8 +756,8 @@ user_pref("security.family_safety.mode", 0); * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. * [TEST] https://fiprinca.0x90.eu/poc/ - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 - related bug - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 - related bug (see comment 9) ***/ + * [1] https://bugzilla.mozilla.org/1334485 - related bug + * [2] https://bugzilla.mozilla.org/1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // (hidden pref) /* 1222: enforce strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict @@ -843,7 +841,7 @@ user_pref("browser.display.use_document_fonts", 0); // user_pref("font.name.monospace.x-unicode", "Lucida Console"); // user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New /* 1403: enable icon fonts (glyphs) (FF41+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/ + * [1] https://bugzilla.mozilla.org/789788 ***/ user_pref("gfx.downloadable_fonts.enabled", true); // default: true /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ @@ -866,7 +864,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, * privacy.resistFingerprinting (see 4500) may cover this, and 1401 can be relaxed. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ + * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) /*** 1600: HEADERS / REFERERS @@ -911,7 +909,7 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * TBB (Tor Browser Bundle) which is specifically designed for the dark web - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/ + * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined. @@ -930,7 +928,7 @@ user_pref("privacy.donottrackheader.enabled", false); ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable Container Tabs setting in preferences (see 1702) (FF50+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1279029 ***/ + * [1] https://bugzilla.mozilla.org/1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) * [SETTING-56+] Options>Privacy & Security>Tabs>Enable Container Tabs @@ -942,7 +940,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * 0=disables long press, 1=when clicked, the menu is shown * 2=the menu is shown after X milliseconds * [NOTE] The menu does not contain a non-container tab option - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1328756 ***/ + * [1] https://bugzilla.mozilla.org/1328756 ***/ // user_pref("privacy.userContext.longPressBehavior", 2); /*** 1800: PLUGINS ***/ @@ -997,9 +995,8 @@ user_pref("media.peerconnection.turn.disable", true); user_pref("media.peerconnection.ice.tcp", false); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416 - * [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 + * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) user_pref("media.peerconnection.ice.no_host", true); // (FF51+) /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions @@ -1011,7 +1008,7 @@ user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); /* 2011: disable WebGL debug info being available to websites - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 + * [1] https://bugzilla.mozilla.org/1171228 * [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info ***/ user_pref("webgl.enable-debug-renderer-info", false); /* 2012: disable two more webgl preferences (FF51+) ***/ @@ -1078,7 +1075,7 @@ user_pref("dom.disable_beforeunload", true); /* 2206: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ - user_pref("browser.link.open_newwindow", 3); +user_pref("browser.link.open_newwindow", 3); /*** 2300: WEB WORKERS [SETUP] A worker is a JS "background task" running in a global context, i.e. it is different from @@ -1135,7 +1132,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! user_pref("dom.event.clipboardevents.enabled", false); /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) * this disables document.execCommand("cut"/"copy") to protect your clipboard - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/ + * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); @@ -1170,7 +1167,7 @@ user_pref("javascript.options.wasm", false); * ad network API for "ad viewability checks" down to a pixel level * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API * [2] https://w3c.github.io/IntersectionObserver/ - * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/ + * [3] https://bugzilla.mozilla.org/1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); /* 2427: disable Shared Memory (Spectre mitigation) * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md @@ -1196,7 +1193,7 @@ user_pref("media.navigator.enabled", false); // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); /* 2510: disable Web Audio API (FF51+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/ + * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); /*** 2600: MISCELLANEOUS ***/ @@ -1210,7 +1207,7 @@ user_pref("browser.download.folderList", 2); /* 2603: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=302433 ***/ + * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2605: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); @@ -1223,8 +1220,7 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) user_pref("network.jar.open-unsafe-types", false); /* 2609: disable exposure of system colors to CSS or canvas (FF44+) * [NOTE] see [2] bug may cause black on black for elements with undefined colors - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) /* 2610: remove special permissions for certain mozilla domains (FF35+) * [1] resource://app/defaults/permissions ***/ @@ -1276,7 +1272,7 @@ user_pref("general.useragent.compatMode.firefox", false); // default: false user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type (FF42+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 + * [1] https://bugzilla.mozilla.org/1173171 * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ user_pref("network.jar.block-remote-files", true); /* 2630: prevent accessibility services from accessing your browser [RESTART] @@ -1285,7 +1281,7 @@ user_pref("network.jar.block-remote-files", true); user_pref("accessibility.force_disabled", 1); /* 2631: block web content in file processes (FF55+) * [WARNING] [SETUP] You may want to disable this for corporate or developer environments - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/ + * [1] https://bugzilla.mozilla.org/1343184 ***/ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts @@ -1295,11 +1291,11 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. * [SETUP] This may interfere with some users' workflow or methods - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281959 ***/ + * [1] https://bugzilla.mozilla.org/1281959 ***/ user_pref("browser.download.forbid_open_with", true); /* 2663: disable MathML (Mathematical Markup Language) (FF51+) * [TEST] http://browserspy.dk/mathml.php - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173199 ***/ + * [1] https://bugzilla.mozilla.org/1173199 ***/ user_pref("mathml.disabled", true); /* 2664: disable DeviceStorage API * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ @@ -1317,12 +1313,12 @@ user_pref("devtools.chrome.enabled", false); user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); /* 2670: disable "image/" mime types bypassing CSP (FF51+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ + * [1] https://bugzilla.mozilla.org/1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage * including youtube player controls. Best left for "hardened" or specific profiles. - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/ + * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing security risk * Firefox has *some* protections to mitigate the risk, but it is better to be safe @@ -1339,11 +1335,10 @@ user_pref("network.IDN_show_punycode", true); * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // default: true /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); /* 2675: block top level window data: URIs (FF56+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1331351 + * [1] https://bugzilla.mozilla.org/1331351 * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); @@ -1355,7 +1350,7 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); indexedDB : profile\storage\default appCache : profile\OfflineCache serviceWorkers : -***/ + ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension @@ -1390,7 +1385,7 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true /* 2711: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/ + * [2] https://bugzilla.mozilla.org/1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2720: disable JS storing data permanently [SETUP] @@ -1402,7 +1397,7 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); user_pref("browser.cache.offline.enable", false); /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 - * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/ + * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2732: display a notification when websites ask to store data for offline use * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... @@ -1501,11 +1496,11 @@ user_pref("privacy.sanitize.timeSpan", 0); user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) * [WARNING] May break cross-domain logins and site functionality until perfected - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/ + * [1] https://bugzilla.mozilla.org/1260931 ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener (FF54+) * [NOTE] Setting this to false may reduce the breakage in 4001 - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ + * [1] https://bugzilla.mozilla.org/1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); /*** 4500: privacy.resistFingerprinting (RFP) @@ -1517,7 +1512,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/1216800 [NOTE] This will probably make your values pretty unique until you resize or snap the inner window width + height into standard/common resolutions (such as 1366x768) To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit @@ -1561,17 +1556,17 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ + * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) /* 4502: set new window sizes to round to hundreds (FF55+) [SETUP] * [NOTE] Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 + * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1384330 ***/ + * [1] https://bugzilla.mozilla.org/1384330 ***/ // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) /*** 4600: RFP (4500) ALTERNATIVES [SETUP] @@ -1585,7 +1580,7 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan // FF55+ // 4601: [2514] spoof (or limit?) number of CPU cores (FF48+) // [WARNING] *may* affect core chrome/Firefox performance, will affect content. - // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 + // [1] https://bugzilla.mozilla.org/1008453 // [2] https://trac.torproject.org/projects/tor/ticket/21675 // [3] https://trac.torproject.org/projects/tor/ticket/22127 // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency @@ -1601,8 +1596,7 @@ user_pref("dom.enable_performance", false); // [WARNING] [SETUP] Optional protection depending on your device // [1] https://trac.torproject.org/projects/tor/ticket/15758 // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733 - // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 + // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 // user_pref("device.sensors.enabled", false); // 4605: [2515] disable site specific zoom // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using @@ -1617,7 +1611,7 @@ user_pref("browser.zoom.siteSpecific", false); // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API // [2] https://wicg.github.io/netinfo/ - // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 + // [3] https://bugzilla.mozilla.org/960426 user_pref("dom.netinfo.enabled", false); // 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API @@ -1628,7 +1622,7 @@ user_pref("media.webspeech.synth.enabled", false); // FF57+ // 4610: [2506] disable video statistics - JS performance fingerprinting (FF25+) // [1] https://trac.torproject.org/projects/tor/ticket/15757 - // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 + // [2] https://bugzilla.mozilla.org/654550 user_pref("media.video_stats.enabled", false); // 4611: [2509] disable touch events // fingerprinting attack vector - leaks screen res & actual screen coordinates @@ -1666,7 +1660,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); // (hidden pref) /* 4702: navigator.buildID (see gecko.buildID in about:config) reveals build time * down to the second which defeats user agent spoofing and can compromise OS etc - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/ + * [1] https://bugzilla.mozilla.org/583181 ***/ // user_pref("general.buildID.override", "20100101"); // (hidden pref) /* 4703: navigator.appName ***/ // user_pref("general.appname.override", "Netscape"); // (hidden pref) @@ -1720,101 +1714,101 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* FF42 and older // 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811 + // [-] https://bugzilla.mozilla.org/897811 user_pref("pageThumbs.enabled", false); // 2503: (31+) disable network API - replaced by dom.netinfo.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 + // [-] https://bugzilla.mozilla.org/960426 user_pref("dom.network.enabled", false); // 2620: (35+) disable WebSockets - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1091016 + // [-] https://bugzilla.mozilla.org/1091016 user_pref("network.websocket.enabled", false); // 1610: (36+) set DNT "value" to "not be tracked" (FF21+) // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101 + // [-] https://bugzilla.mozilla.org/1042135#c101 // user_pref("privacy.donottrackheader.value", 1); // 2023: (37+) disable camera autofocus callback // The API will be superseded by the WebRTC Capture and Stream API // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683 + // [-] https://bugzilla.mozilla.org/1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); // 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475 + // [-] https://bugzilla.mozilla.org/1109475 user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL user_pref("browser.safebrowsing.reportGenericURL", ""); // removed user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed user_pref("browser.safebrowsing.reportURL", ""); // removed // 0702: (41+) disable HTTP2 (draft) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1132357 + // [-] https://bugzilla.mozilla.org/1132357 user_pref("network.http.spdy.enabled.http2draft", false); // 1804: (41+) disable plugin enumeration - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945 + // [-] https://bugzilla.mozilla.org/1169945 user_pref("plugins.enumerable_names", ""); // 2803: (42+) clear passwords on shutdown - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184 + // [-] https://bugzilla.mozilla.org/1102184 // user_pref("privacy.clearOnShutdown.passwords", false); // 5002: (42+) disable warning when a domain requests full screen // replaced by setting full-screen-api.warning.timeout to zero - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017 + // [-] https://bugzilla.mozilla.org/1160017 // user_pref("full-screen-api.approval-required", false); // ***/ /* FF43 // 0410's: disable safebrowsing urls & updates - replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // [-] https://bugzilla.mozilla.org/1107372 // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL // 0420's: disable tracking protection - replaced by various - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372 + // [-] https://bugzilla.mozilla.org/1107372 // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL // 1803: remove plugin finder service // [1] http://kb.mozillazine.org/Pfs.datasource.url - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193 + // [-] https://bugzilla.mozilla.org/1202193 user_pref("pfs.datasource.url", ""); // 5003: disable new search panel UI - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250 + // [-] https://bugzilla.mozilla.org/1119250 // user_pref("browser.search.showOneOffButtons", false); // ***/ /* FF44 // 0414: disable safebrowsing's real-time binary checking (google) (FF43+) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 + // [-] https://bugzilla.mozilla.org/1237103 user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL // 1200's: block rc4 whitelist - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796 + // [-] https://bugzilla.mozilla.org/1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // 2301: disable SharedWorkers // [1] https://trac.torproject.org/projects/tor/ticket/15562 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635 + // [-] https://bugzilla.mozilla.org/1207635 user_pref("dom.workers.sharedWorkers.enabled", false); // 2403: disable scripts changing images // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 // [WARNING] Will break some sites such as Google Maps and a lot of web apps - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429 + // [-] https://bugzilla.mozilla.org/773429 // user_pref("dom.disable_image_src_set", true); // ***/ /* FF45 // 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none // extra session data contains contents of forms, scrollbar positions, cookies and POST data - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379 + // [-] https://bugzilla.mozilla.org/1235379 user_pref("browser.sessionstore.privacy_level_deferred", 2); // ***/ /* FF46 // 0333: disable health report - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 + // [-] https://bugzilla.mozilla.org/1234526 user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) // 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522 + // [-] https://bugzilla.mozilla.org/1234522 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587 + // [-] https://bugzilla.mozilla.org/1239587 user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check // 0420: disable polaris (part of Tracking Protection, never used in stable) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565 + // [-] https://bugzilla.mozilla.org/1235565 // user_pref("browser.polaris.enabled", false); // 0510: disable "Pocket" - replaced by extensions.pocket.* - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694 + // [-] https://bugzilla.mozilla.org/1215694 user_pref("browser.pocket.enabled", false); user_pref("browser.pocket.api", ""); user_pref("browser.pocket.site", ""); @@ -1823,14 +1817,14 @@ user_pref("browser.pocket.oAuthConsumerKey", ""); /* FF47 // 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 + // [-] https://bugzilla.mozilla.org/1236580 user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) // 0333b: disable about:healthreport page UNIFIED - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 + // [-] https://bugzilla.mozilla.org/1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); // 0807: disable history manipulation // [1] https://developer.mozilla.org/docs/Web/API/History_API - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542 + // [-] https://bugzilla.mozilla.org/1249542 user_pref("browser.history.allowPopState", false); user_pref("browser.history.allowPushState", false); user_pref("browser.history.allowReplaceState", false); @@ -1838,14 +1832,14 @@ user_pref("browser.history.allowReplaceState", false); /* FF48 // 0806: disable 'unified complete': 'Search with [default search engine]' // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078 + // [-] https://bugzilla.mozilla.org/1181078 user_pref("browser.urlbar.unifiedcomplete", false); // ***/ /* FF49 // 0372: disable "Hello" // [1] https://www.mozilla.org/privacy/archive/hello/2016-03/ // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827 + // [-] https://bugzilla.mozilla.org/1287827 user_pref("loop.enabled", false); user_pref("loop.server", ""); user_pref("loop.feedback.formURL", ""); @@ -1856,72 +1850,71 @@ user_pref("loop.facebook.fallbackUrl", ""); user_pref("loop.facebook.shareUrl", ""); user_pref("loop.logDomains", false); // 2202: disable new window scrollbars being hidden - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1257887 + // [-] https://bugzilla.mozilla.org/1257887 user_pref("dom.disable_window_open_feature.scrollbars", true); // 2303: disable push notification (UDP wake-up) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1265914 + // [-] https://bugzilla.mozilla.org/1265914 user_pref("dom.push.udp.wakeupEnabled", false); // ***/ /* FF50 // 0101: disable Windows10 intro on startup [WINDOWS] - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633 + // [-] https://bugzilla.mozilla.org/1274633 user_pref("browser.usedOnWindows10.introURL", ""); // 0308: disable plugin update notifications - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 + // [-] https://bugzilla.mozilla.org/1277905 user_pref("plugins.update.notifyUser", false); // 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 + // [-] https://bugzilla.mozilla.org/1025965 // user_pref("browser.safebrowsing.enabled", false); // 1266: disable rc4 ciphers // [1] https://trac.torproject.org/projects/tor/ticket/17369 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728 + // [-] https://bugzilla.mozilla.org/1268728 // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); user_pref("security.ssl3.rsa_rc4_128_md5", false); user_pref("security.ssl3.rsa_rc4_128_sha", false); // 1809: remove Mozilla's plugin update URL - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905 + // [-] https://bugzilla.mozilla.org/1277905 user_pref("plugins.update.url", ""); // ***/ /* FF51 // 0702: disable SPDY - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197 + // [-] https://bugzilla.mozilla.org/1248197 user_pref("network.http.spdy.enabled.v3-1", false); // 1851: delay play of videos until they're visible - // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053 + // [1] https://bugzilla.mozilla.org/1180563 + // [-] https://bugzilla.mozilla.org/1262053 user_pref("media.block-play-until-visible", true); // 2504: disable virtual reality devices - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244 + // [-] https://bugzilla.mozilla.org/1250244 user_pref("dom.vr.oculus050.enabled", false); // ***/ /* FF52 // 1601: disable referer from an SSL Website - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 + // [-] https://bugzilla.mozilla.org/1308725 user_pref("network.http.sendSecureXSiteReferrer", false); // 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) // [1] https://trac.torproject.org/projects/tor/ticket/16285 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329538 // FF52 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1337121 // FF52 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329543 // FF53 + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 // FF52 + // [-] https://bugzilla.mozilla.org/1329543 // FF53 user_pref("media.gmp-eme-adobe.enabled", false); user_pref("media.gmp-eme-adobe.visible", false); user_pref("media.gmp-eme-adobe.autoupdate", false); // 2405: disable WebTelephony API // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719 + // [-] https://bugzilla.mozilla.org/1309719 user_pref("dom.telephony.enabled", false); // 2502: disable Battery Status API // Initially a Linux issue (high precision readout) that was fixed. // However, it is still another metric for fingerprinting, used to raise entropy. // e.g. do you have a battery or not, current charging status, charge level, times remaining etc // [1] https://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 + // [2] https://bugzilla.mozilla.org/1124127 // [3] https://www.w3.org/TR/battery-status/ // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online // [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 + // [-] https://bugzilla.mozilla.org/1313580 user_pref("dom.battery.enabled", false); // ***/ @@ -1929,57 +1922,54 @@ user_pref("dom.battery.enabled", false); // [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x // FF53 // 1265: block rc4 fallback - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670 + // [-] https://bugzilla.mozilla.org/1130670 user_pref("security.tls.unrestricted_rc4_fallback", false); // 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317109 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317110 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317108 + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1317108,1317109,1317110 user_pref("plugin.scan.Acrobat", "99999"); user_pref("plugin.scan.Quicktime", "99999"); user_pref("plugin.scan.WindowsMediaPlayer", "99999"); // 2022: disable screensharing - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329562 + // [-] https://bugzilla.mozilla.org/1329562 user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // 2507: disable keyboard fingerprinting - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736 + // [-] https://bugzilla.mozilla.org/1322736 user_pref("dom.beforeAfterKeyboardEvent.enabled", false); // * * * / // FF54 // 0415: disable reporting URLs (safe browsing) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633 + // [-] https://bugzilla.mozilla.org/1288633 user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); // 1830: block websites detecting DRM is disabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321 + // [-] https://bugzilla.mozilla.org/1242321 user_pref("media.eme.apiVisible", false); // 2425: disable Archive Reader API // i.e. reading archive contents directly in the browser, through DOM file objects - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 + // [-] https://bugzilla.mozilla.org/1342361 user_pref("dom.archivereader.enabled", false); // * * * / // FF55 // 0209: disable geolocation on non-secure origins (FF54+) - // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1269531 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1269531,1072859 user_pref("geo.security.allowinsecure", false); // 0336: disable "Heartbeat" (Mozilla user rating telemetry) (FF37+) // [1] https://trac.torproject.org/projects/tor/ticket/18738 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1361578 + // [-] https://bugzilla.mozilla.org/1361578 user_pref("browser.selfsupport.enabled", false); // (hidden pref) user_pref("browser.selfsupport.url", ""); // 0360: disable new tab "pings" - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1241390 + // [-] https://bugzilla.mozilla.org/1241390 user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); // 0861: disable saving form history on secure websites - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1361220 + // [-] https://bugzilla.mozilla.org/1361220 user_pref("browser.formfill.saveHttpsForms", false); // 0863: disable Form Autofill (FF54+) - replaced by extensions.formautofill.* - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1364334 + // [-] https://bugzilla.mozilla.org/1364334 user_pref("browser.formautofill.enabled", false); // 2410: disable User Timing API // [1] https://trac.torproject.org/projects/tor/ticket/16336 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1344669 + // [-] https://bugzilla.mozilla.org/1344669 user_pref("dom.enable_user_timing", false); // 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on @@ -1988,28 +1978,27 @@ user_pref("dom.enable_user_timing", false); // [WARNING] Don't use if Android + physical keyboard // [1] https://developer.mozilla.org/docs/Web/API/KeyboardEvent/code // [2] https://www.privacy-handbuch.de/handbuch_21v.htm - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352949 + // [-] https://bugzilla.mozilla.org/1352949 user_pref("dom.keyboardevent.code.enabled", false); // 5015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 + // [-] https://bugzilla.mozilla.org/1352069 user_pref("browser.tabs.animate", false); // 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 + // [-] https://bugzilla.mozilla.org/1352069 user_pref("browser.fullscreen.animate", false); // * * * / // FF56 // 0515: disable Screenshots (rollout pref only) (FF54+) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1386333 + // [-] https://bugzilla.mozilla.org/1386333 // user_pref("extensions.screenshots.system-disabled", true); // 0517: disable Form Autofill (FF55+) - replaced by extensions.formautofill.available - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1385201 + // [-] https://bugzilla.mozilla.org/1385201 user_pref("extensions.formautofill.experimental", false); // * * * / // FF57 // 0374: disable "social" integration // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1388902 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1406193 (leftover prefs removed in FF58) + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388902,1406193 (some leftovers were removed in FF58) user_pref("social.whitelist", ""); user_pref("social.toast-notifications.enabled", false); user_pref("social.shareDirectory", ""); @@ -2018,18 +2007,18 @@ user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // (hidden pref) // 1830: disable DRM's EME WideVineAdapter - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1395468 + // [-] https://bugzilla.mozilla.org/1395468 user_pref("media.eme.chromium-api.enabled", false); // (FF55+) // 2611: disable WebIDE extension downloads (Valence) // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393497 + // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); // 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393582 + // [-] https://bugzilla.mozilla.org/1393582 user_pref("browser.casting.enabled", false); // 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1401238 + // [-] https://bugzilla.mozilla.org/1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); // * * * / // FF59 @@ -2056,7 +2045,7 @@ user_pref("dom.flyweb.enabled", false); // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because // those may cause noticeable delays e.g. requests time out or are not handled well by servers // [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true - // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 + // [1] https://bugzilla.mozilla.org/1246540#c145 // [-] https://bugzilla.mozilla.org/1424917 user_pref("security.mixed_content.use_hsts", true); user_pref("security.mixed_content.send_hsts_priming", false); From b83d53e6810607efe692d418edc1422778b34543 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Mar 2018 14:03:04 +0000 Subject: [PATCH 0691/1961] bugzilla ref changes fixups #375 --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0bbef8d..5bf9915 100644 --- a/user.js +++ b/user.js @@ -1219,7 +1219,7 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) /* 2608: disable JAR from opening Unsafe File Types ***/ user_pref("network.jar.open-unsafe-types", false); /* 2609: disable exposure of system colors to CSS or canvas (FF44+) - * [NOTE] see [2] bug may cause black on black for elements with undefined colors + * [NOTE] see second listed bug: may cause black on black for elements with undefined colors * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) /* 2610: remove special permissions for certain mozilla domains (FF35+) @@ -1951,7 +1951,8 @@ user_pref("dom.archivereader.enabled", false); // * * * / // FF55 // 0209: disable geolocation on non-secure origins (FF54+) - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1269531,1072859 + // [1] https://bugzilla.mozilla.org/1269531 + // [-] https://bugzilla.mozilla.org/1072859 user_pref("geo.security.allowinsecure", false); // 0336: disable "Heartbeat" (Mozilla user rating telemetry) (FF37+) // [1] https://trac.torproject.org/projects/tor/ticket/18738 From 089f0826cfdd7680986bfe1e570e498b5aeff79b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Mar 2018 15:00:13 +0000 Subject: [PATCH 0692/1961] 0330: more telemetry --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 5bf9915..9ad06c4 100644 --- a/user.js +++ b/user.js @@ -184,6 +184,7 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) +user_pref("toolkit.telemetry.hybridContent.enabled", true); // (FF59+) /* 0333: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0334: disable new data submission, master kill switch (FF41+) From d4a20165efbc9dbdb46a77ab4b5839419f1cc9d2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Mar 2018 15:08:33 +0000 Subject: [PATCH 0693/1961] 0330: telemetry fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9ad06c4..15afd47 100644 --- a/user.js +++ b/user.js @@ -184,7 +184,7 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) -user_pref("toolkit.telemetry.hybridContent.enabled", true); // (FF59+) +user_pref("toolkit.telemetry.hybridContent.enabled", false); // (FF59+) /* 0333: disable health report ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0334: disable new data submission, master kill switch (FF41+) From 0b3395b52017a30377bb429bc377cb119674f4ed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Mar 2018 01:53:23 +0000 Subject: [PATCH 0694/1961] 2516: disable PointerEvents --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 15afd47..97904d5 100644 --- a/user.js +++ b/user.js @@ -1196,6 +1196,9 @@ user_pref("layers.acceleration.disabled", true); /* 2510: disable Web Audio API (FF51+) * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); +/* 2516: disable PointerEvents + * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ +user_pref("dom.w3c_pointer_events.enabled", false); /*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From ffced9b4c00082d329f0d39d53e5d116ea968563 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Mar 2018 02:27:39 +0000 Subject: [PATCH 0695/1961] 2676: disable CSP security violation events --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 97904d5..3dfe9fc 100644 --- a/user.js +++ b/user.js @@ -1346,6 +1346,9 @@ user_pref("security.csp.experimentalEnabled", true); * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); +/* 2676: disable CSP security violation events + * [1] https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent ***/ +user_pref("security.csp.enable_violation_events", false); /*** 2700: PERSISTENT STORAGE Data SET by websites including From f90193ab763eefa1b8a227263bf5e151bd1e15ba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Mar 2018 02:56:36 +0000 Subject: [PATCH 0696/1961] 1600s: vimeo reference fixes #373 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3dfe9fc..5466b77 100644 --- a/user.js +++ b/user.js @@ -875,7 +875,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); Our default settings provide the best balance between protection and amount of breakage. To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, - use the site and then change the values back. If you visit those sites regularly, use an extension. + use the site and then change the values back. If you visit those sites regularly (e.g. Vimeo), use an extension. full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+path+port: https://example.com:8888/foo/bar.html From 09aca71822d1db5bbb0eff29c89c7bb3c5b8fc55 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 17 Mar 2018 05:32:40 +0100 Subject: [PATCH 0697/1961] 2676 fixup --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 5466b77..bec0d80 100644 --- a/user.js +++ b/user.js @@ -1346,8 +1346,8 @@ user_pref("security.csp.experimentalEnabled", true); * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2676: disable CSP security violation events - * [1] https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent ***/ +/* 2676: disable CSP violation events + * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ user_pref("security.csp.enable_violation_events", false); /*** 2700: PERSISTENT STORAGE From 457611f0793ed0d12bd448ad235f914a5978e17c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Mar 2018 05:06:15 +0000 Subject: [PATCH 0698/1961] 59-alpha release --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bec0d80..91880e2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 27 February 2018 -* version 59-beta: Sweet Dreams (Are Made of Pants) +* date: 16 March 2018 +* version 59: Sweet Dreams (Are Made of Pants) * "Sweet dreams are made of pants. Who are you to disagree?" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From e8c02278eb6b37a81060a798ca703d8416601fed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Mar 2018 06:36:08 +0000 Subject: [PATCH 0699/1961] 2676: forgot FF version --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 91880e2..a560964 100644 --- a/user.js +++ b/user.js @@ -1346,7 +1346,7 @@ user_pref("security.csp.experimentalEnabled", true); * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2676: disable CSP violation events +/* 2676: disable CSP violation events (FF59+) * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ user_pref("security.csp.enable_violation_events", false); From 53a69ff5bc1551aef99f03819cdf556db1107322 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Mar 2018 14:13:00 +0000 Subject: [PATCH 0700/1961] [SETTING] fixups --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a560964..2e086c9 100644 --- a/user.js +++ b/user.js @@ -115,7 +115,7 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) /* 0211: set a default permission for Location (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location - * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /*** 0300: QUIET FOX @@ -292,7 +292,7 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true // user_pref("privacy.trackingprotection.enabled", true); // default false -/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection +/* 0421: enable more Tracking Protection choices under Options>Privacy & Security>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! @@ -1022,7 +1022,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2024: set a default permission for Camera/Microphone (FF58+) * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone - * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Camera/Microphone>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2026: disable canvas capture stream @@ -1112,7 +1112,7 @@ user_pref("dom.webnotifications.enabled", false); // (FF22+) user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) /* 2305: set a default permission for Notifications (see 2304) (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications - * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Notifications>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block /* 2306: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or From 04f14490035d12c059f4a07a124681be1c843c68 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Mar 2018 03:57:18 +0000 Subject: [PATCH 0701/1961] 0512: shield pref name changes 60+ https://bugzilla.mozilla.org/show_bug.cgi?id=1436113 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 2e086c9..47e7934 100644 --- a/user.js +++ b/user.js @@ -357,6 +357,8 @@ user_pref("extensions.pocket.enabled", false); * [2] https://github.com/mozilla/normandy ***/ user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); +user_pref("app.normandy.enabled", false); // (FF60+) +user_pref("app.normandy.api_url", ""); // (FF60+) /* 0513: disable Follow On Search (FF53+) * Just DELETE the XPI file in your system extensions directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ From c38ae562326b849b1f73335b4fe31cd72eb96255 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Mar 2018 05:42:05 +0000 Subject: [PATCH 0702/1961] 0333: [setting] info --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 47e7934..23c571b 100644 --- a/user.js +++ b/user.js @@ -185,7 +185,8 @@ user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) user_pref("toolkit.telemetry.hybridContent.enabled", false); // (FF59+) -/* 0333: disable health report ***/ +/* 0333: disable health report + * [SETTING] Options>Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0334: disable new data submission, master kill switch (FF41+) * If disabled, no policy is shown or upload takes place, ever From 6cb27ca78c01dbd123a3df3a78eed2a228e59cc3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Mar 2018 05:47:04 +0000 Subject: [PATCH 0703/1961] 0351: [setting] info --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 23c571b..80cf122 100644 --- a/user.js +++ b/user.js @@ -194,7 +194,8 @@ user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); -/* 0351: disable sending of crash reports (FF44+) ***/ +/* 0351: disable sending of crash reports (FF44+) + * [SETTING] Options>Privacy & Security/Firefox Data Collection & Use/Allow Firefox to send crash reports ***/ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) From 682e12fe57d934242e6b1352038de3247be0f6c4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Mar 2018 12:54:10 +0000 Subject: [PATCH 0704/1961] 4500: RFP ctrl key info Sorry, the patch for 59 was backed out, so RFP users will have to put up with CTRL key issues until 60 lands --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 80cf122..1698fb5 100644 --- a/user.js +++ b/user.js @@ -1560,10 +1560,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (see 4612) (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) - ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) + ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. - Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. - FF60: Fixes keydown/keyup events (1438795) + Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected. + FF60: Don't spoof/suppress CTRL key (1433592) Fix keydown/keyup events (1438795) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From bc17b4e450ca4de944f89817e1f5fc6f07bb57eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Mar 2018 15:29:37 +0000 Subject: [PATCH 0705/1961] 0500s: shield->normandy info, fixes #381 --- user.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 1698fb5..c71139b 100644 --- a/user.js +++ b/user.js @@ -342,6 +342,13 @@ user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); +/* 0503: disable Normandy/Shield (FF60+) + * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" + * [1] https://wiki.mozilla.org/Firefox/Shield + * [2] https://github.com/mozilla/normandy ***/ +user_pref("app.normandy.enabled", false); +user_pref("app.normandy.api_url", ""); +user_pref("app.shield.optoutstudies.enabled", false); /* 0505: block URL used for system extension updates (FF44+) * [NOTE] You will not get any system extension updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.url", ""); @@ -353,14 +360,12 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0512: disable Shield (FF53+) +/* 0512: disable Shield (FF53-FF59) - replaced internally by Normandy (see 0503) * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" * [1] https://wiki.mozilla.org/Firefox/Shield * [2] https://github.com/mozilla/normandy ***/ user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); -user_pref("app.normandy.enabled", false); // (FF60+) -user_pref("app.normandy.api_url", ""); // (FF60+) /* 0513: disable Follow On Search (FF53+) * Just DELETE the XPI file in your system extensions directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ From 062dd6c023b2ac15f4cbb725ef7d2a2b0106f4f3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 20 Mar 2018 16:53:53 +0100 Subject: [PATCH 0706/1961] 0500s: System Add-ons not system extensions they're still called System Add-ons: https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html Thanks! --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index c71139b..cd000ec 100644 --- a/user.js +++ b/user.js @@ -317,12 +317,12 @@ user_pref("privacy.trackingprotection.ui.enabled", true); // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); -/*** 0500: SYSTEM EXTENSIONS / EXPERIMENTS - System extensions are a method for shipping extensions, considered to be +/*** 0500: SYSTEM ADD-ONS / EXPERIMENTS + System Add-ons are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. - To view your system extensions go to about:support, they are listed under "Firefox Features" + To view your System Add-ons go to about:support, they are listed under "Firefox Features" - Some system extensions have no on-off prefs. Instead you can manually remove them. Note that app + Some System Add-ons have no on-off prefs. Instead you can manually remove them. Note that app updates will restore them. They may also be updated and possibly restored automatically (see 0505) * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) @@ -349,10 +349,10 @@ user_pref("network.allow-experiments", false); user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); -/* 0505: block URL used for system extension updates (FF44+) - * [NOTE] You will not get any system extension updates except when you update Firefox ***/ +/* 0505: block URL used for System Add-on updates (FF44+) + * [NOTE] You will not get any System Add-on updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.url", ""); -/* 0506: disable PingCentre telemetry (used in several system extensions) (FF57+) +/* 0506: disable PingCentre telemetry (used in several System Add-ons) (FF57+) * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ user_pref("browser.ping-centre.telemetry", false); /* 0510: disable Pocket (FF39+) @@ -367,7 +367,7 @@ user_pref("extensions.pocket.enabled", false); user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); /* 0513: disable Follow On Search (FF53+) - * Just DELETE the XPI file in your system extensions directory + * Just DELETE the XPI file in your System Add-ons directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, From 3675a68009907be0afbb52d3d77d3d16054f40d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Mar 2018 09:53:52 +0000 Subject: [PATCH 0707/1961] 2201+2205=>2400's #371 new numbers 2401 and 2404 do not exist anymore in the user.js so safe to use --- user.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index cd000ec..1221806 100644 --- a/user.js +++ b/user.js @@ -1050,12 +1050,8 @@ user_pref("media.autoplay.enabled", false); * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); -/*** 2200: UI MEDDLING - see http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ +/*** 2200: WINDOW MEDDLING/LEAKS & POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: disable website control over browser right-click context menu - * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ - // user_pref("dom.event.contextmenu.enabled", false); /* 2202: disable [new window] scripts hiding or disabling the following ***/ user_pref("dom.disable_window_open_feature.location", true); user_pref("dom.disable_window_open_feature.menubar", true); @@ -1077,11 +1073,6 @@ user_pref("dom.allow_scripts_to_close_windows", false); * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 2205: disable "Confirm you want to leave" dialog on page close - * Does not prevent JS leaks of the page close event. - * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload - * [2] https://support.mozilla.org/questions/1043508 ***/ -user_pref("dom.disable_beforeunload", true); /* 2206: open new windows in a new tab instead * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ @@ -1134,6 +1125,9 @@ user_pref("dom.push.userAgentID", ""); /*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); +/* 2401: disable website control over browser right-click context menu +* [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ + // user_pref("dom.event.contextmenu.enabled", false); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with @@ -1144,6 +1138,11 @@ user_pref("dom.event.clipboardevents.enabled", false); * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); // (hidden pref) +/* 2404: disable "Confirm you want to leave" dialog on page close + * Does not prevent JS leaks of the page close event. + * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload + * [2] https://support.mozilla.org/questions/1043508 ***/ +user_pref("dom.disable_beforeunload", true); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); /* 2415: set max popups from a single non-click event - default is 20! ***/ From 715fff06cf95273e101a8895f19c25cad723018a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Mar 2018 10:07:27 +0000 Subject: [PATCH 0708/1961] clean up 2202+2203 #371 --- user.js | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 1221806..f7c0f32 100644 --- a/user.js +++ b/user.js @@ -1052,20 +1052,21 @@ user_pref("media.block-autoplay-until-in-foreground", true); /*** 2200: WINDOW MEDDLING/LEAKS & POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2202: disable [new window] scripts hiding or disabling the following ***/ -user_pref("dom.disable_window_open_feature.location", true); -user_pref("dom.disable_window_open_feature.menubar", true); -user_pref("dom.disable_window_open_feature.resizable", true); -user_pref("dom.disable_window_open_feature.status", true); -user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2203: disable [popup window] scripts hiding or disabling the following ***/ -user_pref("dom.disable_window_flip", true); // window z-order -user_pref("dom.disable_window_move_resize", true); +/* 2202: prevent websites from disabling new window features + * [1] http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("dom.disable_window_open_feature.close", true); +user_pref("dom.disable_window_open_feature.location", true); // default: true +user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.minimizable", true); user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar +user_pref("dom.disable_window_open_feature.resizable", true); // default: true +user_pref("dom.disable_window_open_feature.status", true); // status bar - default: true user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.allow_scripts_to_close_windows", false); +user_pref("dom.disable_window_open_feature.toolbar", true); +/* 2203: disable meddling with open windows ***/ +user_pref("dom.allow_scripts_to_close_windows", false); // default: false +user_pref("dom.disable_window_flip", true); // window z-order - default: true +user_pref("dom.disable_window_move_resize", true); /* 2204: disable links opening in a new window * This is to stop malicious window sizes and screen res leaks etc in conjunction * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false From e18bd0f32c43c0ec54fac974152c318511c38e35 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Mar 2018 10:50:52 +0000 Subject: [PATCH 0709/1961] 2750: stop hiding Storage Manager UI #379 pref will be removed, 99% sure it was just a pref used internally to hide it from stable during testing in beta/nightly - see https://bugzilla.mozilla.org/show_bug.cgi?id=1428306. Makes zero sense to hide this new UI section since we will be turning SM on anyway (the section is important for end users to exist and be working esp thru QuotaManager and Storage v2 changes etc). --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index f7c0f32..6492157 100644 --- a/user.js +++ b/user.js @@ -1430,13 +1430,11 @@ user_pref("dom.caches.enabled", false); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" - * section, which also requires Offline Cache (2730) enabled to function + * [NOTE] Requires Offline Cache (2730) enabled to function * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ user_pref("dom.storageManager.enabled", false); // (FF51+) -user_pref("browser.storageManager.enabled", false); // (FF53+) /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From 2037449fbdbb86bea396f0247e98618535d543b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Mar 2018 10:56:49 +0000 Subject: [PATCH 0710/1961] 2750: rethinking it #379 add `browser.storageManager.enabled` back but enforce it as true - otherwise people may never pick up on the fact we dropped it and may never reset it, and never see their shiny new UI section. When it's deprecated, *then* we can remove it --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 6492157..7dca2c4 100644 --- a/user.js +++ b/user.js @@ -1435,6 +1435,7 @@ user_pref("dom.caches.enabled", false); * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ user_pref("dom.storageManager.enabled", false); // (FF51+) +user_pref("browser.storageManager.enabled", true); // make sure the new UI is visible (FF53+) /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From 6a98aa7ba0c04ba9f43b6da9d33265418fdaed31 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Mar 2018 12:59:49 +0000 Subject: [PATCH 0711/1961] 2750+2730: enable appcache + storage #379 --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 7dca2c4..c6113c9 100644 --- a/user.js +++ b/user.js @@ -1409,8 +1409,9 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); -/* 2730: disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); +/* 2730: disable offline cache + * [NOTE] This is required 'true' for Storage API (2750) ***/ + // user_pref("browser.cache.offline.enable", false); /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ @@ -1430,12 +1431,12 @@ user_pref("dom.caches.enabled", false); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] Requires Offline Cache (2730) enabled to function + * [NOTE] If Storage API is enabled, then Offline Cache (2730) must be also be enabled * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ -user_pref("dom.storageManager.enabled", false); // (FF51+) -user_pref("browser.storageManager.enabled", true); // make sure the new UI is visible (FF53+) + // user_pref("dom.storageManager.enabled", false); // (FF51+) + // user_pref("browser.storageManager.enabled", false); // controls "Site Data" UI visibility (FF53+) /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From 383b8ca9436bf88450aba174b5d525feeb322cc8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 20:34:02 +1300 Subject: [PATCH 0712/1961] revamp 2400s: fixes #371 --- user.js | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index c6113c9..c1e1a4a 100644 --- a/user.js +++ b/user.js @@ -1067,17 +1067,32 @@ user_pref("dom.disable_window_open_feature.toolbar", true); user_pref("dom.allow_scripts_to_close_windows", false); // default: false user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); -/* 2204: disable links opening in a new window - * This is to stop malicious window sizes and screen res leaks etc in conjunction - * with 2203 dom.disable_window_move_resize=true | 2418 full-screen-api.enabled=false - * [NOTE] You can still right click a link and select open in a new window - * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html - * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ -user_pref("browser.link.open_newwindow.restriction", 0); -/* 2206: open new windows in a new tab instead +/* 2204: open new windows in a new tab instead + * [NOTE] A value of 3 is required for 2205 to work properly * 1=current window, 2=new window, 3=most recent window * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ user_pref("browser.link.open_newwindow", 3); +/* 2205: disable links opening in a new window + * You can still right click a link and open in a new window. This is to stop malicious window + * sizes in conjunction with 2204 + 2206 + 2203's dom.disable_window_move_resize=true. + * [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks + * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html + * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ +user_pref("browser.link.open_newwindow.restriction", 0); +/* 2206: disable Fullscreen API [SETUP] + * [NOTE] You can still manually toggle the browser's fullscreen state (F11), + * but this pref will disable embedded video/game fullscreen controls, e.g. youtube + * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ +user_pref("full-screen-api.enabled", false); +/* 2207: block popup windows + * [SETTING] Options>Privacy & Security>Permissions>Block pop-up windows ***/ +user_pref("dom.disable_open_during_load", true); +/* 2208 set max popups from a single non-click event - default is 20! ***/ +user_pref("dom.popup_maximum", 3); +/* 2209: limit events that can cause a popup + * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" + * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ +user_pref("dom.popup_allowed_events", "click dblclick"); /*** 2300: WEB WORKERS [SETUP] A worker is a JS "background task" running in a global context, i.e. it is different from @@ -1146,15 +1161,6 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref) user_pref("dom.disable_beforeunload", true); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); -/* 2415: set max popups from a single non-click event - default is 20! ***/ -user_pref("dom.popup_maximum", 3); -/* 2415b: limit events that can cause a popup - * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" - * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ -user_pref("dom.popup_allowed_events", "click dblclick"); -/* 2418: disable full-screen API - * false=block, true=ask ***/ -user_pref("full-screen-api.enabled", false); /* 2420: disable asm.js (FF22+) * [1] http://asmjs.org/ * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/ From 3fcad909969c2ad372a1b0fdb87ef582314b39ac Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 26 Mar 2018 18:01:30 +0200 Subject: [PATCH 0713/1961] 2200s: tweaks --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index c1e1a4a..52e697b 100644 --- a/user.js +++ b/user.js @@ -1079,17 +1079,17 @@ user_pref("browser.link.open_newwindow", 3); * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 2206: disable Fullscreen API [SETUP] +/* 2206: disable Fullscreen API to prevent screen-resolution leaks [SETUP] * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ user_pref("full-screen-api.enabled", false); -/* 2207: block popup windows +/* 2210: block popup windows * [SETTING] Options>Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); -/* 2208 set max popups from a single non-click event - default is 20! ***/ +/* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); -/* 2209: limit events that can cause a popup +/* 2212: limit events that can cause a popup * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); @@ -1142,7 +1142,7 @@ user_pref("dom.push.userAgentID", ""); /*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2401: disable website control over browser right-click context menu -* [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ + * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ // user_pref("dom.event.contextmenu.enabled", false); /* 2402: disable website access to clipboard events/content * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress From 3ad6ed465e556e30b56a0b9c9fe7388459acfa23 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 26 Mar 2018 19:04:31 +0200 Subject: [PATCH 0714/1961] 2200s: more tweaks --- user.js | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 52e697b..85df823 100644 --- a/user.js +++ b/user.js @@ -1050,9 +1050,9 @@ user_pref("media.autoplay.enabled", false); * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); -/*** 2200: WINDOW MEDDLING/LEAKS & POPUPS ***/ +/*** 2200: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2202: prevent websites from disabling new window features +/* 2201: prevent websites from disabling new window features * [1] http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("dom.disable_window_open_feature.close", true); user_pref("dom.disable_window_open_feature.location", true); // default: true @@ -1063,23 +1063,19 @@ user_pref("dom.disable_window_open_feature.resizable", true); // default: true user_pref("dom.disable_window_open_feature.status", true); // status bar - default: true user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2203: disable meddling with open windows ***/ +/* 2202: disable meddling with open windows ***/ user_pref("dom.allow_scripts_to_close_windows", false); // default: false user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); -/* 2204: open new windows in a new tab instead - * [NOTE] A value of 3 is required for 2205 to work properly - * 1=current window, 2=new window, 3=most recent window - * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/ -user_pref("browser.link.open_newwindow", 3); -/* 2205: disable links opening in a new window - * You can still right click a link and open in a new window. This is to stop malicious window - * sizes in conjunction with 2204 + 2206 + 2203's dom.disable_window_move_resize=true. +/* 2203: enforce links targeting new windows to open in a new tab instead + * This stops malicious window sizes and some screen resolution leaks. + * You can still right-click a link and open in a new window. * [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ +user_pref("browser.link.open_newwindow", 3); // 1=current, 2=new, 3=most recent user_pref("browser.link.open_newwindow.restriction", 0); -/* 2206: disable Fullscreen API to prevent screen-resolution leaks [SETUP] +/* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ @@ -1871,7 +1867,7 @@ user_pref("loop.facebook.enabled", false); user_pref("loop.facebook.fallbackUrl", ""); user_pref("loop.facebook.shareUrl", ""); user_pref("loop.logDomains", false); -// 2202: disable new window scrollbars being hidden +// 2201: disable new window scrollbars being hidden // [-] https://bugzilla.mozilla.org/1257887 user_pref("dom.disable_window_open_feature.scrollbars", true); // 2303: disable push notification (UDP wake-up) @@ -2084,7 +2080,7 @@ user_pref("media.getusermedia.screensharing.allowed_domains", ""); // 2023: disable camera stuff // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("camera.control.face_detection.enabled", false); -// 2203: disable [popup window] scripts hiding or disabling the following +// 2202: prevent scripts from changing the status text // [-] https://bugzilla.mozilla.org/1425999 user_pref("dom.disable_window_status_change", true); // 2416: disable idle observation From 72e1858926d830601dad8d4f6c99b28505ad644f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 17:13:46 +0000 Subject: [PATCH 0715/1961] how did this get left behind --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 85df823..410b633 100644 --- a/user.js +++ b/user.js @@ -1069,7 +1069,7 @@ user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); /* 2203: enforce links targeting new windows to open in a new tab instead * This stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window. + * You can still right-click a link and open in a new window (or middle-click). * [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ From 30fbaba4dff5e4b48ef9d3c0c1441803e9096603 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 19:33:46 +0000 Subject: [PATCH 0716/1961] 2203: undo sh*t This is so wrong: It is better to inform users that 3 **must** be used than rely on zero info as well as removing useful info on what the values do. All future issues with this will be directed to earthlng. Remove RFP info as RFP users should know this stuff if they turned it on. Non RFP users, who we told they can bypass it, will not have a reference to RFP now. Enforce will now be banned as a word because, "reasons". --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 410b633..6b7f131 100644 --- a/user.js +++ b/user.js @@ -1067,13 +1067,12 @@ user_pref("dom.disable_window_open_feature.toolbar", true); user_pref("dom.allow_scripts_to_close_windows", false); // default: false user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); -/* 2203: enforce links targeting new windows to open in a new tab instead +/* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window (or middle-click). - * [NOTE] RFP (4500) already resizes new windows to cover screen resolution leaks * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=current, 2=new, 3=most recent +user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] * [NOTE] You can still manually toggle the browser's fullscreen state (F11), From b3e92ab7cc80cb52dfcb9b41b9088afd45d8152a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 19:44:15 +0000 Subject: [PATCH 0717/1961] fixup // default syntax --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 6b7f131..9ffe032 100644 --- a/user.js +++ b/user.js @@ -292,8 +292,8 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true - // user_pref("privacy.trackingprotection.enabled", true); // default false + // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default: true + // user_pref("privacy.trackingprotection.enabled", true); /* 0421: enable more Tracking Protection choices under Options>Privacy & Security>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); @@ -845,11 +845,11 @@ user_pref("browser.display.use_document_fonts", 0); * [SETTING-ESR] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); - // user_pref("font.name.serif.x-western", "Georgia"); // default Times New Roman + // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman // user_pref("font.name.sans-serif.x-unicode", "Arial"); - // user_pref("font.name.sans-serif.x-western", "Arial"); // default Arial + // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial // user_pref("font.name.monospace.x-unicode", "Lucida Console"); - // user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New + // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New /* 1403: enable icon fonts (glyphs) (FF41+) * [1] https://bugzilla.mozilla.org/789788 ***/ user_pref("gfx.downloadable_fonts.enabled", true); // default: true From fd1aa74ff34d1a468c23ec31eccf873d8efaf039 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Mar 2018 08:49:39 +1300 Subject: [PATCH 0718/1961] Options> and [settings] (#388) * Options> and [settings] While I'm at it, I'm changing the 21 instances of - `[SETTING-56+]` to just `[SETTING]` - `[SETTING-ESR]` to `[SETTING-ESR52]` because we'll leave those in until 62 (yes I know they may apply to earlier ESRs, but people should be upgraded). Thus no ambiguity with ESR60 vs ESR52 users for the overlap --- user.js | 123 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 61 insertions(+), 62 deletions(-) diff --git a/user.js b/user.js index 9ffe032..cb3f886 100644 --- a/user.js +++ b/user.js @@ -49,8 +49,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong user_pref("general.warnOnAboutConfig", false); /* 0001: start Firefox in PB (Private Browsing) mode - * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode - * [SETTING-ESR] Options>Privacy>History>Custom Settings>Always use private browsing mode + * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode + * [SETTING-ESR52] Privacy>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or @@ -77,7 +77,7 @@ user_pref("startup.homepage_override_url", ""); // what's new page after updates user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) - * [SETTING] Options>General>Startup>When Firefox starts ***/ + * [SETTING] General>Startup>When Firefox starts ***/ // user_pref("browser.startup.page", 0); /* 0103: set your "home" page (see 0102) ***/ // user_pref("browser.startup.homepage", "https://www.example.com/"); @@ -115,7 +115,7 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) /* 0211: set a default permission for Location (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ + * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /*** 0300: QUIET FOX @@ -126,23 +126,23 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable auto-update checks for Firefox * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal - * [SETTING-56+] Options>General>Firefox Updates>Never check for updates - * [SETTING-ESR] Options>Advanced>Update>Never check for updates ***/ + * [SETTING] General>Firefox Updates>Never check for updates + * [SETTING-ESR52] Advanced>Update>Never check for updates ***/ // user_pref("app.update.enabled", false); /* 0301b: disable auto-update checks for extensions * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.enabled", false); /* 0302a: disable auto update installing for Firefox (after the check in 0301a) - * [SETTING-56+] Options>General>Firefox Updates>Check for updates but let you choose... - * [SETTING-ESR] Options>Advanced>Update>Check for updates but let you choose... + * [SETTING] General>Firefox Updates>Check for updates but let you choose... + * [SETTING-ESR52] Advanced>Update>Check for updates but let you choose... * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ user_pref("app.update.auto", false); /* 0302b: disable auto update installing for extensions (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] - * [SETTING-56+] Options>General>Firefox Updates>Use a background service to install updates - * [SETTING-ESR] Options>Advanced>Update>Use a background service to install updates ***/ + * [SETTING] General>Firefox Updates>Use a background service to install updates + * [SETTING-ESR52] Advanced>Update>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); /* 0304: disable background update staging ***/ user_pref("app.update.staging.enabled", false); @@ -155,8 +155,8 @@ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update - * [SETTING-56+] Options>General>Firefox Update>Automatically update search engines - * [SETTING-ESR] Options>Advanced>Update>Automatically update: Search Engines ***/ + * [SETTING] General>Firefox Update>Automatically update search engines + * [SETTING-ESR52] Advanced>Update>Automatically update: Search Engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -186,7 +186,7 @@ user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Han user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) user_pref("toolkit.telemetry.hybridContent.enabled", false); // (FF59+) /* 0333: disable health report - * [SETTING] Options>Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0334: disable new data submission, master kill switch (FF41+) * If disabled, no policy is shown or upload takes place, ever @@ -195,7 +195,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) - * [SETTING] Options>Privacy & Security/Firefox Data Collection & Use/Allow Firefox to send crash reports ***/ + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send crash reports ***/ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) @@ -249,14 +249,14 @@ user_pref("services.blocklist.signing.enforced", true); cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410: disable "Block dangerous and deceptive content" (under Options>Security) +/* 0410: disable "Block dangerous and deceptive content" (under Options>Privacy & Security) * This covers deceptive sites such as phishing and social engineering ***/ // user_pref("browser.safebrowsing.malware.enabled", false); // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -/* 0411: disable "Block dangerous downloads" (under Options>Security) +/* 0411: disable "Block dangerous downloads" (under Options>Privacy & Security) * This covers malware and PUPs (potentially unwanted programs) ***/ // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Security) (FF48+) ***/ +/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Privacy & Security) (FF48+) ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) @@ -298,8 +298,8 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! - * [SETTING-56+] Options>Privacy & Security>Tracking Protection>Change Block List - * [SETTING-ESR] Options>Privacy>Use Tracking Protection>Change Block List ***/ + * [SETTING] Privacy & Security>Tracking Protection>Change Block List + * [SETTING-ESR52] Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) @@ -389,8 +389,8 @@ user_pref("browser.library.activity-stream.enabled", false); // (FF57+) * [3] https://bugzilla.mozilla.org/863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) - * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Enable Profile Autofill - * [SETTING-ESR] Options>Privacy>Forms & Passwords>Enable Profile Autofill + * [SETTING] Privacy & Security>Forms & Passwords>Enable Profile Autofill + * [SETTING-ESR52] Privacy>Forms & Passwords>Enable Profile Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill @@ -517,11 +517,11 @@ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); /* 0807: disable search bar LIVE search suggestions - PRIVACY - * [SETTING] Options>Search>Provide search suggestions ***/ + * [SETTING] Search>Provide search suggestions ***/ user_pref("browser.search.suggest.enabled", false); /* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY * Also disable the location bar prompt to enable/disable or learn more about it. - * [SETTING] Options>Search>Show search suggestions in address bar results ***/ + * [SETTING] Search>Show search suggestions in address bar results ***/ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) /* 0809: disable location bar suggesting "preloaded" top websites (FF54+) @@ -534,8 +534,8 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true - * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest - * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest + * [SETTING-ESR52] Privacy>Location Bar>When using the location bar, suggest * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/ user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); @@ -560,13 +560,13 @@ user_pref("browser.urlbar.oneOffSearches", false); * [1] https://bugzilla.mozilla.org/1181644 ***/ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions /* 0860: disable search and form history - * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember search and form history - * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember search and form history + * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history + * [SETTING-ESR52] Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember my browsing and download history - * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember my browsing and download history + * [SETTING] Privacy & Security>History>Custom Settings>Remember my browsing and download history + * [SETTING-ESR52] Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ @@ -580,14 +580,14 @@ user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Remember logins and passwords for sites - * [SETTING-ESR] Options>Security>Logins>Remember logins for sites + * [SETTING] Privacy & Security>Forms & Passwords>Remember logins and passwords for sites + * [SETTING-ESR52] Security>Logins>Remember logins for sites * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. - * [SETTING-56+] Options>Privacy & Security>Forms & Passwords>Use a master password - * [SETTING-ESR] Options>Security>Logins>Use a master password + * [SETTING] Privacy & Security>Forms & Passwords>Use a master password + * [SETTING-ESR52] Security>Logins>Use a master password * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ @@ -836,13 +836,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. - * [SETTING-56+] Options>General>Language and Appearance>Advanced>Allow pages to choose... - * [SETTING-ESR] Options>Content>Font & Colors>Advanced>Allow pages to choose... + * [SETTING] General>Language and Appearance>Advanced>Allow pages to choose... + * [SETTING-ESR52] Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts [SETUP] - * [SETTING-56+] Options>General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [SETTING-ESR] Options>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETTING-ESR52] Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman @@ -925,8 +925,8 @@ user_pref("network.http.referer.hideOnionSource", true); * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined. * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy. * Sending a DNT header *highly likely* raises entropy, especially in standard windows. - * [SETTING-56+] Options>Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... - * [SETTING-ESR] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings + * [SETTING] Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... + * [SETTING-ESR52] Privacy>Use Tracking Protecting>manage your Do Not Track settings * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (e.g. in default PB Mode) * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ user_pref("privacy.donottrackheader.enabled", false); @@ -941,8 +941,8 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * [1] https://bugzilla.mozilla.org/1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) - * [SETTING-56+] Options>Privacy & Security>Tabs>Enable Container Tabs - * [SETTING-ESR] Options>Privacy>Container Tabs>Enable Container Tabs ***/ + * [SETTING] Privacy & Security>Tabs>Enable Container Tabs + * [SETTING-ESR52] Privacy>Container Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); @@ -985,8 +985,8 @@ user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ -user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content -user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART] +user_pref("media.eme.enabled", false); // [SETTING] General>DRM Content>Play DRM-controlled content +user_pref("browser.eme.ui.enabled", false); // hides "Play DRM-controlled content" checkbox [RESTART] /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) @@ -1031,7 +1031,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2024: set a default permission for Camera/Microphone (FF58+) * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ + * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2026: disable canvas capture stream @@ -1080,7 +1080,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ user_pref("full-screen-api.enabled", false); /* 2210: block popup windows - * [SETTING] Options>Privacy & Security>Permissions>Block pop-up windows ***/ + * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); @@ -1123,7 +1123,7 @@ user_pref("dom.webnotifications.enabled", false); // (FF22+) user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) /* 2305: set a default permission for Notifications (see 2304) (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ + * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block /* 2306: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or @@ -1197,7 +1197,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting - * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available + * [SETTING] General>Performance>Custom>Use hardware acceleration when available * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ @@ -1216,7 +1216,7 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); /* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) - * [NOTE] To set your default "downloads": Options>General>Downloads>Save files to ***/ + * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ user_pref("browser.download.folderList", 2); /* 2603: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); @@ -1225,7 +1225,7 @@ user_pref("browser.download.useDownloadDir", false); user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2605: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); -/* 2606: disable hiding mime types (Options>Applications) not associated with a plugin ***/ +/* 2606: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); /* 2607: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ @@ -1245,8 +1245,8 @@ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); /* 2617: enable Firefox's built-in PDF reader [SETUP] - * [SETTING-56+] Options>General>Applications>Portable Document Format (PDF) - * [SETTING-ESR] Options>Applications>Portable Document Format (PDF) + * [SETTING] General>Applications>Portable Document Format (PDF) + * [SETTING-ESR52] Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * [WHY USE false=default=view PDFs in Firefox] @@ -1290,7 +1290,7 @@ user_pref("browser.uitour.url", ""); * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ user_pref("network.jar.block-remote-files", true); /* 2630: prevent accessibility services from accessing your browser [RESTART] - * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser + * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); /* 2631: block web content in file processes (FF55+) @@ -1372,8 +1372,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin /* 2701: disable cookies on all sites [SETUP] * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie - * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites - * [SETTING-ESR] Options>Privacy>History>Custom Settings>Accept cookies from sites + * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites + * [SETTING-ESR52] Privacy>History>Custom Settings>Accept cookies from sites * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 2); @@ -1387,8 +1387,8 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until - * [SETTING-ESR] Options>Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ + * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until + * [SETTING-ESR52] Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); @@ -1418,8 +1418,7 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2732: display a notification when websites ask to store data for offline use - * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks... - * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/ + * [SETTING-ESR52] Advanced>Network>Tell me when a website asks to store data for offline use ***/ user_pref("browser.offline-apps.notify", true); /* 2733: set size of warning quota for offline cache (default 51200) * Offline cache is only used in rare cases to store data locally. FF will store small amounts @@ -1447,12 +1446,12 @@ user_pref("dom.caches.enabled", false); ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown - * [SETTING-56+] Options>Privacy & Security>History>Clear history when Firefox closes - * [SETTING-ESR] Options>Privacy>Clear history when Firefox closes ***/ + * [SETTING] Privacy & Security>History>Clear history when Firefox closes + * [SETTING-ESR52] Privacy>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what history items to clear on shutdown - * [SETTING-56+] Options>Privacy & Security>History>Clear history when Firefox closes>Settings - * [SETTING-ESR] Options>Privacy>Clear history when Firefox closes>Settings + * [SETTING] Privacy & Security>History>Clear history when Firefox closes>Settings + * [SETTING-ESR52] Privacy>Clear history when Firefox closes>Settings * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these From 8b4e6c95aadcec4dcbf00145fd9406e8e871e1eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 20:23:06 +0000 Subject: [PATCH 0719/1961] xpinstall.whitelist.required, fixes #375 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index cb3f886..9e32562 100644 --- a/user.js +++ b/user.js @@ -1267,6 +1267,9 @@ user_pref("network.http.redirection-limit", 10); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); +/* 2621: enable warning when websites try to install extensions + * [SETTING] Privacy & Security>Permissions>Warn when websites try... ***/ +user_pref("xpinstall.whitelist.required", true); // default: true /* 2622: enforce a security delay when installing extensions (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox From 48901d156a9452795459b5741fa20e3f7b08df03 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Mar 2018 21:03:53 +0000 Subject: [PATCH 0720/1961] 2621: add [SETTING-ESR] --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9e32562..7fac53e 100644 --- a/user.js +++ b/user.js @@ -1268,7 +1268,8 @@ user_pref("network.http.redirection-limit", 10); * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); /* 2621: enable warning when websites try to install extensions - * [SETTING] Privacy & Security>Permissions>Warn when websites try... ***/ + * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons + * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true /* 2622: enforce a security delay when installing extensions (milliseconds) * default=1000, This also covers the delay in "Save" on downloading files. From 871e7ed87b282514e7682e80f05063e209e82093 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 26 Mar 2018 23:08:20 +0200 Subject: [PATCH 0721/1961] minor edits, settings info --- user.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 7fac53e..f36f9fb 100644 --- a/user.js +++ b/user.js @@ -842,7 +842,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts [SETUP] * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [SETTING-ESR52] Fonts & Colors>Advanced>Serif|Sans-serif|Monospace + * [SETTING-ESR52] Content>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman @@ -1069,18 +1069,19 @@ user_pref("dom.disable_window_flip", true); // window z-order - default: true user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window (or middle-click). + * You can still right-click a link and open in a new window. * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] - * [NOTE] You can still manually toggle the browser's fullscreen state (F11), + * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ user_pref("full-screen-api.enabled", false); /* 2210: block popup windows - * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ + * [SETTING] Privacy & Security>Permissions>Block pop-up windows + * [SETTING-ESR52] Content>Pop-ups>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); @@ -1198,6 +1199,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] General>Performance>Custom>Use hardware acceleration when available + * [SETTING-ESR52] Advanced>General>Use hardware acceleration when available * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ From d24419843826bc8451f4438878e0fa690dae3b10 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Mar 2018 17:03:36 +0000 Subject: [PATCH 0722/1961] RFP: CTRL key fix backported to 59.0.2 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index f36f9fb..9360ace 100644 --- a/user.js +++ b/user.js @@ -1571,10 +1571,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (see 4612) (FF59+) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) - ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+) + ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. - Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected. - FF60: Don't spoof/suppress CTRL key (1433592) Fix keydown/keyup events (1438795) + Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. + FF60: Fix keydown/keyup events (1438795) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From aa91ea16806a989199f5b6fe9e2f8a1836ff1f1b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 27 Mar 2018 23:03:53 +0000 Subject: [PATCH 0723/1961] 4000: FPI indexedDB info --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 9360ace..471776f 100644 --- a/user.js +++ b/user.js @@ -1498,6 +1498,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences user_pref("privacy.sanitize.timeSpan", 0); /*** 4000: FIRST PARTY ISOLATION (FPI) + ** 1278037 - isolate indexedDB (FF51+) ** 1277803 - isolate favicons (FF52+) ** 1264562 - isolate OCSP cache (FF52+) ** 1268726 - isolate Shared Workers (FF52+) From 3bae3ed5ba515a02879edf2bec06c4ce85f20997 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 30 Mar 2018 16:20:56 +0000 Subject: [PATCH 0724/1961] move 2711 to 2600s 2711 is about web extension data and does not fit in the 2700s is all about websites' persistent data, i.e items that sanitizing and Storage Manager deal with. Dumping in 2600's which is getting a revamp later --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 471776f..f25e56b 100644 --- a/user.js +++ b/user.js @@ -1285,6 +1285,12 @@ user_pref("security.fileuri.strict_origin_policy", true); * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ user_pref("security.sri.enable", true); // default: true +/* 2625: clear localStorage and UUID when an extension is uninstalled + * [NOTE] Both preferences must be the same + * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local + * [2] https://bugzilla.mozilla.org/1213990 ***/ +user_pref("extensions.webextensions.keepStorageOnUninstall", false); +user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2626: disable optional user agent token * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); // default: false @@ -1405,12 +1411,6 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2711: clear localStorage and UUID when an extension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2720: disable JS storing data permanently [SETUP] * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 From c62bff5c708995a39f117f6ddaaf837beb0f3a3c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Apr 2018 10:14:15 +0000 Subject: [PATCH 0725/1961] end of v59 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f25e56b..6a7cc57 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: ghacks user.js -* date: 16 March 2018 +* date: 4 April 2018 * version 59: Sweet Dreams (Are Made of Pants) * "Sweet dreams are made of pants. Who are you to disagree?" * authors: v52+ github | v51- www.ghacks.net From 1e5e2ca418d862825b1ca339bdf99e91c69f4cd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Apr 2018 10:18:23 +0000 Subject: [PATCH 0726/1961] start 60 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6a7cc57..f96f479 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 4 April 2018 -* version 59: Sweet Dreams (Are Made of Pants) -* "Sweet dreams are made of pants. Who are you to disagree?" +* version 60-alpha: Call Me Pants, Maybe +* "Your stare was holding, ripped JEANS, skin was showin'" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 61e706641ecd8e0f652ae5f4e8dd2223ea7988b6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Apr 2018 10:21:40 +0000 Subject: [PATCH 0727/1961] 2800 section header info --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index f96f479..96bec28 100644 --- a/user.js +++ b/user.js @@ -1446,9 +1446,11 @@ user_pref("dom.caches.enabled", false); /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear - browsing, download and form history, but not cookies (we expect you to use an extension). - [NOTE] In both 2803 + 2804, the 'download' and 'history' prefs are combined in the - Firefox interface as "Browsing & Download History" and their values will be synced + browsing, download and form history, but not cookies (use exceptions or an extension). + - "Offline Website Data" includes appCache (2730), localStorage (2710), + Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) + - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the + Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown From acce87130848b2b3570a552b95d1fb46fe7266f9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Apr 2018 10:42:52 +0000 Subject: [PATCH 0728/1961] 2701: cookies role in persistent data, fixes #390 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 96bec28..89fa555 100644 --- a/user.js +++ b/user.js @@ -1386,7 +1386,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites * [SETTING-ESR52] Privacy>History>Custom Settings>Accept cookies from sites - * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache + * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. + * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 2); /* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only From e373a0f6e10b5727368d6d2b5f5ce9117f5dffb7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 5 Apr 2018 18:57:08 +0000 Subject: [PATCH 0729/1961] 1273: add "Not Secure" text on HTTP https://bugzilla.mozilla.org/show_bug.cgi?id=1335970 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 89fa555..790b14a 100644 --- a/user.js +++ b/user.js @@ -827,9 +827,11 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1273: display HTTP sites as insecure (FF59+) ***/ +/* 1273: display "insecure" icon (FF59+) and "Not Secure" text (FF60+) on HTTP sites ***/ user_pref("security.insecure_connection_icon.enabled", true); // all windows +user_pref("security.insecure_connection_text.enabled", true); // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only + // user_pref("security.insecure_connection_text.pbmode.enabled", true); /*** 1400: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From c6e3c013e0c223b77e821aef231dd4240a408dfe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 10 Apr 2018 17:25:23 +0000 Subject: [PATCH 0730/1961] 4500: RFP info on plugins/mimetypes --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 790b14a..41c3ca0 100644 --- a/user.js +++ b/user.js @@ -1549,6 +1549,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); [TEST] http://browserspy.dk/screen.php ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) ** 1330890 - spoof timezone as UTC 0 (FF55+) FF58: Date.toLocaleFormat deprecated (818634) FF60: Date.toLocaleDateString and Intl.DateTimeFormat fixed (1409973) From d04ff8457e49877ed8e5f50fffde57a9af3e1e3d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Apr 2018 17:38:22 +0000 Subject: [PATCH 0731/1961] 2730b: disable appCache on insecure sites FF60+ --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 41c3ca0..22b68b9 100644 --- a/user.js +++ b/user.js @@ -1422,6 +1422,9 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true /* 2730: disable offline cache * [NOTE] This is required 'true' for Storage API (2750) ***/ // user_pref("browser.cache.offline.enable", false); +/* 2730b: disable offline cache on insecure sites (FF60+) + * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ +user_pref("browser.cache.offline.insecure.enable", false); /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ From 6309822d336011a05ba454d544abcfdbf35176bb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 13 Apr 2018 17:19:31 +0000 Subject: [PATCH 0732/1961] 0352: browser error reporter --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index 22b68b9..7a28406 100644 --- a/user.js +++ b/user.js @@ -200,6 +200,11 @@ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) +/* 0352: disable Browser Error Reporter (FF60+) + * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection + * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ +user_pref("browser.chrome.errorReporter.enabled", false); +user_pref("browser.chrome.errorReporter.submitUrl", ""); /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); From 6ee25c2bf55dd86f4bdcb179496ea7203049a85a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 13 Apr 2018 17:27:45 +0000 Subject: [PATCH 0733/1961] change last commit to number 0380 note to self: listen to earthlng more --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 7a28406..374ef28 100644 --- a/user.js +++ b/user.js @@ -200,11 +200,6 @@ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) -/* 0352: disable Browser Error Reporter (FF60+) - * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection - * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ -user_pref("browser.chrome.errorReporter.enabled", false); -user_pref("browser.chrome.errorReporter.submitUrl", ""); /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); @@ -214,6 +209,11 @@ user_pref("browser.newtabpage.introShown", true); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); +/* 0380: disable Browser Error Reporter (FF60+) + * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection + * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ +user_pref("browser.chrome.errorReporter.enabled", false); +user_pref("browser.chrome.errorReporter.submitUrl", ""); /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness From e25137ce94a4074ae283ce436f3e126c0042eff6 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 18 Apr 2018 16:18:43 +0000 Subject: [PATCH 0734/1961] v2 Mostly a bump in performance. --- prefsCleaner.bat | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 33146df..605aff8 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -1,18 +1,17 @@ -@ECHO OFF +@ECHO OFF & SETLOCAL DisableDelayedExpansion TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 1.2 +REM ## version: 2.0 -SETLOCAL EnableDelayedExpansion :begin ECHO: ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v1.2 #### +ECHO #### v2.0 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -29,12 +28,14 @@ IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory. IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :FFcheck CALL :message "Backing up prefs.js..." -COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js" +SET "_time=%time: =0%" +COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" CALL :message "Cleaning prefs.js..." CALL :cleanup CLS CALL :message "All done^!" TIMEOUT 5 >nul +ENDLOCAL EXIT /B REM ########## Abort Function ########### @@ -44,11 +45,9 @@ TIMEOUT %~2 >nul EXIT REM ########## Message Function ######### :message -SETLOCAL DisableDelayedExpansion ECHO: ECHO: %~1 ECHO: -ENDLOCAL GOTO :EOF REM ####### Firefox Check Function ###### :FFcheck @@ -67,23 +66,16 @@ IF NOT ERRORLEVEL 1 ( GOTO :EOF REM ######### Cleanup Function ########## :cleanup -SETLOCAL DisableDelayedExpansion ( + FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^'\"]*user_pref[^;]*\)[ ]*;" "user.js"') DO (SET "[%%G]=1") FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - SET "_line=%%H" - SETLOCAL EnableDelayedExpansion - IF /I "user_pref"=="!_line:~0,9!" ( - FOR /F tokens^=2^ delims^=^" %%I IN ("!_line:.=\.!") DO ( - FINDSTR /R /C:"user_pref[ ]*\([ ]*[\"']%%I[\"'][ ]*," user.js >nul - IF ERRORLEVEL 1 (ECHO:!_line!) + FOR /F tokens^=2^ delims^=^" %%I IN ("%%H") DO ( + IF NOT DEFINED [%%I] ( + ECHO:%%H ) - ) ELSE ( - ECHO:!_line! ) - ENDLOCAL ) )>tempcleanedprefs -ENDLOCAL MOVE /Y tempcleanedprefs prefs.js GOTO :EOF REM ############### Help ################## From 3d2b0703bedee1c12b86cd508757e0a27802482c Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 18 Apr 2018 18:49:36 +0000 Subject: [PATCH 0735/1961] actually working v2 --- prefsCleaner.bat | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 605aff8..46abc15 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -33,7 +33,7 @@ COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" CALL :message "Cleaning prefs.js..." CALL :cleanup CLS -CALL :message "All done^!" +CALL :message "All done!" TIMEOUT 5 >nul ENDLOCAL EXIT /B @@ -56,7 +56,7 @@ IF NOT ERRORLEVEL 1 ( CLS CALL :message "Firefox is still running." ECHO If you're not currently using this profile you can continue, otherwise - CALL :message "close Firefox first^!" + CALL :message "close Firefox first!" ECHO: PAUSE CLS @@ -67,10 +67,12 @@ GOTO :EOF REM ######### Cleanup Function ########## :cleanup ( - FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^'\"]*user_pref[^;]*\)[ ]*;" "user.js"') DO (SET "[%%G]=1") + FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R ^^[^^\^"^']*user_pref user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") + ) FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - FOR /F tokens^=2^ delims^=^" %%I IN ("%%H") DO ( - IF NOT DEFINED [%%I] ( + FOR /F tokens^=1^,2^ delims^=^" %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] ( ECHO:%%H ) ) From 824dec4f9e14ad503d71e47705349ae0691a969c Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 18 Apr 2018 20:29:39 +0000 Subject: [PATCH 0736/1961] Update prefsCleaner.bat --- prefsCleaner.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 46abc15..3964b6d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -67,7 +67,7 @@ GOTO :EOF REM ######### Cleanup Function ########## :cleanup ( - FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R ^^[^^\^"^']*user_pref user.js') DO ( + FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( IF NOT ""=="%%G" (SET "[%%G]=1") ) FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( From 64d08dd6bc8a53078ed56d0f1c7d898c16c4cbef Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 18 Apr 2018 20:33:39 +0000 Subject: [PATCH 0737/1961] Update updater.bat --- updater.bat | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 0df74bb..baa96cc 100644 --- a/updater.bat +++ b/updater.bat @@ -66,7 +66,7 @@ IF DEFINED _updateb ( START CMD /C "!_myname:~9!.bat" !_myparams! ) ) - EXIT /B + EXIT /B ) :begin CLS @@ -157,7 +157,8 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul + SET "_time=!time: =0!" + MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul ) REN user.js.new user.js CALL :message "Update complete." From b0fb59f735b23466824d66878a50fcc76d5a72ca Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 18 Apr 2018 22:42:06 +0000 Subject: [PATCH 0738/1961] shit is so fast I can't even read --- prefsCleaner.bat | 1 - 1 file changed, 1 deletion(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 3964b6d..b74317f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -32,7 +32,6 @@ SET "_time=%time: =0%" COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" CALL :message "Cleaning prefs.js..." CALL :cleanup -CLS CALL :message "All done!" TIMEOUT 5 >nul ENDLOCAL From 8fa3a9db6b0bc212cbe04539354c511c976adc7c Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sat, 21 Apr 2018 14:34:08 +0000 Subject: [PATCH 0739/1961] fix for missing empty lines --- prefsCleaner.bat | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index b74317f..b5ff0dc 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -70,9 +70,13 @@ REM ######### Cleanup Function ########## IF NOT ""=="%%G" (SET "[%%G]=1") ) FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - FOR /F tokens^=1^,2^ delims^=^" %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] ( - ECHO:%%H + IF ""=="%%H" ( + ECHO: + ) ELSE ( + FOR /F tokens^=1^,2^ delims^=^" %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] ( + ECHO:%%H + ) ) ) ) From 17d83c1a1a474ce32b9181892d7d45533e8d499d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Apr 2018 16:22:04 +0000 Subject: [PATCH 0740/1961] 1600 info: fixes #404 , refixes #332 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 374ef28..c0b1e2b 100644 --- a/user.js +++ b/user.js @@ -890,7 +890,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); Our default settings provide the best balance between protection and amount of breakage. To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). - To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, + To fix broken sites (including your modem/router), temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, use the site and then change the values back. If you visit those sites regularly (e.g. Vimeo), use an extension. full URI: https://example.com:8888/foo/bar.html?id=1234 From 27f87240ecbbb95de56aa9d6cfe66a2cd34a9cc1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Apr 2018 16:33:35 +0000 Subject: [PATCH 0741/1961] 0514: Activity Stream, fixes #396 AS is out of control. No master switch in FF60+, and in order to 100% sure nothing is collected locally (or external connections made), there are now some 28 prefs (including those coming in FF61). This is re-DICK-ulous. We're not going to bother tracking all that, let alone the labyrinth of code. All users are advised to just make sure they remove the XPI every time they update FF. --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c0b1e2b..dafcf31 100644 --- a/user.js +++ b/user.js @@ -375,8 +375,11 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * Just DELETE the XPI file in your System Add-ons directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) - * Activity Stream replaces "New Tab" with one based on metadata and browsing behavior, - * and includes telemetry as well as web content such as snippets and "spotlight" + * Activity Stream is the default homepage/newtab, based on metadata and browsing behavior, + * and includes telemetry and web content such as snippets, top stories (pocket), top sites, etc. + * - ONE: make sure to set your "home" and "newtab" to about:blank (or use an extension to control them) + * - TWO: DELETE the XPI file in your System Add-ons directory (note this get reinstalled on app updates) + * And/or you can try to control the ever-growing, ever-changing "browser.newtabpage.activity-stream.*" prefs * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.newtabpage.activity-stream.enabled", false); From d055560f6f80150b7b2e2cbe5de7647d68543456 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Apr 2018 17:26:12 +0000 Subject: [PATCH 0742/1961] 0514: tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index dafcf31..8bd8f63 100644 --- a/user.js +++ b/user.js @@ -375,7 +375,7 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * Just DELETE the XPI file in your System Add-ons directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) - * Activity Stream is the default homepage/newtab, based on metadata and browsing behavior, + * Activity Stream is the default homepage/newtab in FF57+. It is based on metadata and browsing behavior, * and includes telemetry and web content such as snippets, top stories (pocket), top sites, etc. * - ONE: make sure to set your "home" and "newtab" to about:blank (or use an extension to control them) * - TWO: DELETE the XPI file in your System Add-ons directory (note this get reinstalled on app updates) From fdac8fba6a59d05800dd5a4cd0605fec764136ae Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 22 Apr 2018 01:34:48 +0000 Subject: [PATCH 0743/1961] Update prefsCleaner.bat --- prefsCleaner.bat | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index b5ff0dc..91a81a5 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -65,18 +65,16 @@ IF NOT ERRORLEVEL 1 ( GOTO :EOF REM ######### Cleanup Function ########## :cleanup +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") +) ( - FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( - IF NOT ""=="%%G" (SET "[%%G]=1") - ) FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( IF ""=="%%H" ( ECHO: ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^" %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] ( - ECHO:%%H - ) + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] (ECHO:%%H) ) ) ) From b4f1b4dbbfdf3d38e51dc4f5c72a79aa04fc2895 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 24 Apr 2018 12:47:50 +0000 Subject: [PATCH 0744/1961] prefsCleaner.sh (for Linux/Mac) (#405) Port of the prefsCleaner.bat for anything(?) with a bash shell. --- prefsCleaner.sh | 99 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 prefsCleaner.sh diff --git a/prefsCleaner.sh b/prefsCleaner.sh new file mode 100644 index 0000000..edd8b41 --- /dev/null +++ b/prefsCleaner.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +## prefs.js cleaner for Linux/Mac +## author: @claustromaniac +## version: 1.0 + +## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh + +currdir=$(pwd) + +## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) +sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) + +## fallback for Macs without coreutils +if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi + +## change directory to the Firefox profile directory +cd "$(dirname "${sfp}")" + +fQuit() { + ## change directory back to the original working directory + cd "${currdir}" + echo -e "\n$2" + exit $1 +} + +fFF_check() { + # there are many ways to see if firefox is running or not, some more reliable than others + # this isn't elegant and might not be future-proof but should at least be compatible with any environment + while [ -e webappsstore.sqlite-shm ]; do + echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" + read -p "Press any key to continue." + done +} + +fClean() { + # the magic happens here + prefs="@@" + prefexp="user_pref[ ]*\([ ]*[\"']([^\"']*)[\"'][ ]*," + while read -r line; do + if [[ "$line" =~ $prefexp && $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then + prefs="${prefs}${BASH_REMATCH[1]}@@" + fi + done <<< "`grep -E \"$prefexp\" user.js`" + + while IFS='' read -r line || [[ -n "$line" ]]; do + if [[ "$line" =~ ^$prefexp ]]; then + if [[ $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then + echo "$line" + fi + else + echo "$line" + fi + done < "$1" > prefs.js +} + +echo -e "\n\n" +echo " ╔══════════════════════════╗" +echo " ║ prefs.js cleaner ║" +echo " ║ by claustromaniac ║" +echo " ║ v1.0 ║" +echo " ╚══════════════════════════╝" +echo -e "\nThis script should be run from your Firefox profile directory.\n" +echo "It will remove any entries from prefs.js that also exist in user.js." +echo "This will allow inactive preferences to be reset to their default values." +echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" +select option in Start Help Exit; do + case $option in + Start) + if [ ! -e user.js ]; then + fQuit 1 "user.js not found in the current directory." + elif [ ! -e prefs.js ]; then + fQuit 1 "prefs.js not found in the current directory." + fi + + fFF_check + bakfile="prefs.js.backup.$(date +"%Y-%m-%d_%H%M")" + mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile" + echo -e "\nprefs.js backed up: $bakfile" + echo "Cleaning prefs.js..." + fClean "$bakfile" + fQuit 0 "All done!" + ;; + Help) + echo -e "\nThis script creates a backup of your prefs.js file before doing anything." + echo -e "It should be safe, but you can follow these steps if something goes wrong:\n" + echo "1. Make sure Firefox is closed." + echo "2. Delete prefs.js in your profile folder." + echo "3. Delete Invalidprefs.js if you have one in the same folder." + echo "4. Rename or copy your latest backup to prefs.js." + echo "5. Run Firefox and see if you notice anything wrong with it." + echo "6. If you do notice something wrong, especially with your extensions, and/or with the UI, go to about:support, and restart Firefox with add-ons disabled. Then, restart it again normally, and see if the problems were solved." + echo -e "If you are able to identify the cause of your issues, please bring it up on ghacks-user.js GitHub repository.\n" + ;; + Exit) + fQuit 0 + ;; + esac +done From bb4bf835b099777038b525e494a1ac4755e6faba Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 25 Apr 2018 02:22:14 +0200 Subject: [PATCH 0745/1961] v2.1 - fix TABs in regex for some unknown reason the tabs got replaced with spaces --- prefsCleaner.bat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 91a81a5..6e0875d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.0 +REM ## version: 2.1 :begin ECHO: @@ -11,7 +11,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.0 #### +ECHO #### v2.1 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -65,7 +65,7 @@ IF NOT ERRORLEVEL 1 ( GOTO :EOF REM ######### Cleanup Function ########## :cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( IF NOT ""=="%%G" (SET "[%%G]=1") ) ( From 94f86465e642eb2d4985499c9ec0324f965afaa5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 25 Apr 2018 21:28:09 +0200 Subject: [PATCH 0746/1961] updater for Windows v4.5 (#407) support commenting-out active user-prefs with the merge function --- updater.bat | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/updater.bat b/updater.bat index baa96cc..21c83a2 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.4 +REM ## version: 4.5 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts SET _myname=%~n0 @@ -75,7 +75,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.4 #### +ECHO: #### v4.5 #### ECHO: ######################################## ECHO: SET /A "_line=0" @@ -191,8 +191,9 @@ GOTO :EOF REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion +FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") +FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") ( - FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)[ ]*;" "%~1"') DO (IF NOT "%%H"=="" (SET "%%G=%%H")) FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( SET "_temp=%%J" SETLOCAL EnableDelayedExpansion @@ -205,11 +206,15 @@ SETLOCAL DisableDelayedExpansion ENDLOCAL FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( IF NOT "_user.js.parrot"=="%%K" ( - IF DEFINED %%K ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("!%%K!") DO ( - ENDLOCAL & ECHO:user_pref("%%K"%%L - SET "%%K=" + IF DEFINED __unset__%%K ( + ECHO://%%J + ) ELSE ( + IF DEFINED [%%K] ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("![%%K]!") DO ( + ENDLOCAL & ECHO:user_pref("%%K"%%L + SET "[%%K]=" + ) ) ) ) ELSE (ECHO:%%J) From 71adc43d17f616d88dce7f0de912bc470ad306be Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 25 Apr 2018 20:56:54 +0000 Subject: [PATCH 0747/1961] v1.1 regex fix (#409) --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index edd8b41..360c2ea 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.0 +## version: 1.1 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -36,7 +36,7 @@ fFF_check() { fClean() { # the magic happens here prefs="@@" - prefexp="user_pref[ ]*\([ ]*[\"']([^\"']*)[\"'][ ]*," + prefexp="user_pref[ ]*\([ ]*[\"']([^\"']+)[\"'][ ]*," while read -r line; do if [[ "$line" =~ $prefexp && $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then prefs="${prefs}${BASH_REMATCH[1]}@@" @@ -58,7 +58,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.0 ║" +echo " ║ v1.1 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 94c06653431a3f641ab7af81beda01adeb7ff1b2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Apr 2018 07:30:47 +0000 Subject: [PATCH 0748/1961] fix wiki test info on SB --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8bd8f63..a22d055 100644 --- a/user.js +++ b/user.js @@ -284,7 +284,7 @@ user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) /* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked * bypasses the block for that session. This is a means for admins to enforce SB - * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 + * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); /* 0417: disable data sharing (FF58+) ***/ From 75534b4e6c6b4dfad135710fcf0b01cb6d6e7118 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Apr 2018 13:42:02 +0000 Subject: [PATCH 0749/1961] 0515: uploading to Screenshots server --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index a22d055..02a3435 100644 --- a/user.js +++ b/user.js @@ -385,9 +385,11 @@ user_pref("extensions.shield-recipe-client.api_url", ""); user_pref("browser.newtabpage.activity-stream.enabled", false); user_pref("browser.library.activity-stream.enabled", false); // (FF57+) /* 0515: disable Screenshots (FF55+) + * alternatively in FF60+, disable uploading to the Screenshots server * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ // user_pref("extensions.screenshots.disabled", true); + // user_pref("extensions.screenshots.upload-disabled", true); // (FF60+) /* 0516: disable Onboarding (FF55+) * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page From e67fdc2ce4d05f2195350388a3a4171d21a0e170 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Apr 2018 19:21:58 +0000 Subject: [PATCH 0750/1961] 5000s: ui.key.menuAccessKey --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 02a3435..354408a 100644 --- a/user.js +++ b/user.js @@ -1738,6 +1738,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("view_source.tab", false); // open "page/selection source" in a new window + // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync (FF60+) [RESTART] From 041e14a4d59d154a69f898c5b64c1f28eda80267 Mon Sep 17 00:00:00 2001 From: overdodactyl <33071129+overdodactyl@users.noreply.github.com> Date: Thu, 3 May 2018 12:49:43 +0000 Subject: [PATCH 0751/1961] ghacks-user.js updater for Mac/Linux v1.3 (#406) * updated shebang * The script now compares its version number to the one online. If there is a newer version of `updater.sh` online it ask the user if he wants to download and run it. * 2 parameters are supported: `-donotupdate` to disable the update-check and `-update` to auto-download and run the new version without asking * Backup files are now saved to the directory `userjs_backups` instead of causing more bloat in the profile directory. --- updater.sh | 121 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 91 insertions(+), 30 deletions(-) mode change 100644 => 100755 updater.sh diff --git a/updater.sh b/updater.sh old mode 100644 new mode 100755 index d9548ea..ddf623a --- a/updater.sh +++ b/updater.sh @@ -1,12 +1,14 @@ -#!/bin/bash +#!/usr/bin/env bash ### ghacks-user.js updater for Mac/Linux ## author: @overdodactyl -## version: 1.2 +## version: 1.3 + +## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in check_for_update() ) ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" - -echo -e "\nThis script should be run from your Firefox profile directory.\n" +updater="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh" +update_pref=${1:--ask} currdir=$(pwd) @@ -19,40 +21,99 @@ if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi ## change directory to the Firefox profile directory cd "$(dirname "${sfp}")" -echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n" +## Used to check if a new version of updater.sh is available +update_available="no" +check_for_update () { + online_version="$(curl -s ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')" + path_to_script="$(dirname "${sfp}")/updater.sh" + current_version="$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$path_to_script")" + if [[ "$current_version" < "$online_version" ]]; then + update_available="yes" + fi +} -if [ -e user.js ]; then - echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." - echo -e "\nIf currently using the ghacks user.js, please compare versions:" - echo " Available online: $(curl -s ${ghacksjs} | sed -n '4p')" - echo " Currently using: $(sed -n '4p' user.js)" -else - echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded." -fi +## Used to backup the current script, and download and execute the latest version of updater.sh +update_script () { + echo -e "This script will be backed up and the latest version of updater.sh will be executed.\n" + mv updater.sh "updater.sh.backup.$(date +"%Y-%m-%d_%H%M")" + curl -O ${updater} && echo -e "\nThe latest updater script has been downloaded\n" + + # make new file executable + chmod +x updater.sh -echo -e "\nIf a user-overrides.js file exists in this profile, it will be appended to the user.js.\n" + # execute new updater script + ./updater.sh -donotupdate -read -p "Continue Y/N? " -n 1 -r -echo -e "\n\n" + # exit script + exit 1 +} + + +main () { + ## create backup folder if it doesn't exist + mkdir -p userjs_backups; + + echo -e "\nThis script should be run from your Firefox profile directory.\n" + + echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n" -if [[ $REPLY =~ ^[Yy]$ ]]; then if [ -e user.js ]; then - # backup current user.js - bakfile="user.js.backup.$(date +"%Y-%m-%d_%H%M")" - mv user.js "${bakfile}" && echo "Your previous user.js file was backed up: ${bakfile}" + echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." + echo -e "\nIf currently using the ghacks user.js, please compare versions:" + echo " Available online: $(curl -s ${ghacksjs} | sed -n '4p')" + echo " Currently using: $(sed -n '4p' user.js)" + else + echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded." fi - # download latest ghacks user.js - echo "downloading latest ghacks user.js file" - curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded" + echo -e "\nIf a user-overrides.js file exists in this profile, it will be appended to the user.js.\n" - if [ -e user-overrides.js ]; then - echo "user-overrides.js file found" - cat user-overrides.js >> user.js && echo "user-overrides.js has been appended to user.js" + read -p "Continue Y/N? " -n 1 -r + echo -e "\n\n" + + if [[ $REPLY =~ ^[Yy]$ ]]; then + if [ -e user.js ]; then + # backup current user.js + bakfile="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" + mv user.js "${bakfile}" && echo "Your previous user.js file was backed up: ${bakfile}" + fi + + # download latest ghacks user.js + echo "downloading latest ghacks user.js file" + curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded" + + if [ -e user-overrides.js ]; then + echo "user-overrides.js file found" + cat user-overrides.js >> user.js && echo "user-overrides.js has been appended to user.js" + fi + else + echo "Process aborted" fi + + ## change directory back to the original working directory + cd "${currdir}" +} + +update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')" +if [ $update_pref = "-donotupdate" ]; then + main else - echo "Process aborted" + check_for_update + if [ $update_available = "no" ]; then + main + else + ## there is an update available + if [ $update_pref = "-update" ]; then + ## update without asking + update_script + else + read -p "There is a newer version of updater.sh available. Download and execute? Y/N? " -n 1 -r + echo -e "\n\n" + if [[ $REPLY =~ ^[Yy]$ ]]; then + update_script + else + main + fi + fi + fi fi - -## change directory back to the original working directory -cd "${currdir}" From 40db113d07733df58872d54b269505f571a9243d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 16:08:20 +0000 Subject: [PATCH 0752/1961] 2706: same-site cookies --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index 354408a..e1e31e1 100644 --- a/user.js +++ b/user.js @@ -1420,6 +1420,11 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); // default: true +/* 2706: enable support for same-site cookies (FF60+) + * [1] https://bugzilla.mozilla.org/795346 + * [2] https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ + * [3] https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ ***/ + // user_pref("network.cookie.same-site.enabled", true); // default: true /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ From d10c8598f7f150672b9cabd539db0ff5bb000455 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 16:56:14 +0000 Subject: [PATCH 0753/1961] 60 deprecated/removed prefs --- user.js | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index e1e31e1..e5a173d 100644 --- a/user.js +++ b/user.js @@ -202,10 +202,7 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-5 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) /* 0360: disable new tab tile ads & preload & marketing junk ***/ user_pref("browser.newtab.preload", false); -user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enabled", false); -user_pref("browser.newtabpage.enhanced", false); -user_pref("browser.newtabpage.introShown", true); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); @@ -382,7 +379,6 @@ user_pref("extensions.shield-recipe-client.api_url", ""); * And/or you can try to control the ever-growing, ever-changing "browser.newtabpage.activity-stream.*" prefs * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ -user_pref("browser.newtabpage.activity-stream.enabled", false); user_pref("browser.library.activity-stream.enabled", false); // (FF57+) /* 0515: disable Screenshots (FF55+) * alternatively in FF60+, disable uploading to the Screenshots server @@ -1109,7 +1105,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). - [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301) and service workers (2302) + [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API @@ -1120,9 +1116,6 @@ user_pref("dom.popup_allowed_events", "click dblclick"); [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 ***/ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -/* 2301: disable workers - * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/ -user_pref("dom.workers.enabled", false); /* 2302: disable service workers * Service workers essentially act as proxy servers that sit between web apps, and the browser * and network, are event driven, and can control the web page/site it is associated with, @@ -1825,7 +1818,7 @@ user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safe // 1200's: block rc4 whitelist // [-] https://bugzilla.mozilla.org/1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2301: disable SharedWorkers +// 2300s: disable SharedWorkers // [1] https://trac.torproject.org/projects/tor/ticket/15562 // [-] https://bugzilla.mozilla.org/1207635 user_pref("dom.workers.sharedWorkers.enabled", false); @@ -1967,7 +1960,7 @@ user_pref("dom.battery.enabled", false); // ***/ /* ESR52.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x +// [NOTE] replace the * with a slash in the line above to re-enable them // FF53 // 1265: block rc4 fallback // [-] https://bugzilla.mozilla.org/1130670 @@ -2117,6 +2110,23 @@ user_pref("dom.disable_window_status_change", true); // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("dom.idle-observers-api.enabled", false); // * * * / +// FF60 +// 0360: disable new tab tile ads & preload & marketing junk + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133 +user_pref("browser.newtabpage.directory.source", "data:text/plain,"); +user_pref("browser.newtabpage.enhanced", false); +user_pref("browser.newtabpage.introShown", true); +// 0514: disable Activity Stream (FF54+) + // [-] https://bugzilla.mozilla.org/1433324 +user_pref("browser.newtabpage.activity-stream.enabled", false); +// 2301: disable workers + // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) + // [-] https://bugzilla.mozilla.org/1434934 +user_pref("dom.workers.enabled", false); +// 5000s: open "page/selection source" in a new window + // [-] https://bugzilla.mozilla.org/1418403 + // user_pref("view_source.tab", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From c4a1583e99355364a6b1c831aee9b4a2a03503f1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 17:11:34 +0000 Subject: [PATCH 0754/1961] 60 RFP Alternatives --- user.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index e5a173d..36da984 100644 --- a/user.js +++ b/user.js @@ -1025,10 +1025,6 @@ user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); -/* 2011: disable WebGL debug info being available to websites - * [1] https://bugzilla.mozilla.org/1171228 - * [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info ***/ -user_pref("webgl.enable-debug-renderer-info", false); /* 2012: disable two more webgl preferences (FF51+) ***/ user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); @@ -1678,6 +1674,12 @@ user_pref("media.video_stats.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); // * * * / +// FF60+ +// 4613: [2011] disable WebGL debug info being available to websites + // [1] https://bugzilla.mozilla.org/1171228 + // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info +user_pref("webgl.enable-debug-renderer-info", false); +// * * * / // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING From 13164a2d0d4cbe861798e80229286f22ec7c92e5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 17:23:26 +0000 Subject: [PATCH 0755/1961] 4500s: RFP disable WebGL debug renderer info (60+) --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 36da984..61c5f5b 100644 --- a/user.js +++ b/user.js @@ -1589,6 +1589,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60: Fix keydown/keyup events (1438795) + ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 8b6eec2b4673a5a357cca66a1596b304fbf70a17 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 18:30:44 +0000 Subject: [PATCH 0756/1961] RFP ESR version spoof info The last one-off ESR cycle of 8 releases is now behind us, new algorithm for FF60+ is back to 7 releases per ESR numbering, starting at 60... 67... etc. Note: This does not do anything for Aurora or Nightly spoofing the next ESR early (but we have until Nightly 67 before this becomes a problem). The ticket 1418162 was meant to cover this but instead was just used for the new algorithm. There is currently no ticket for the Aurora/Nightly issue - but never fear, Pants is here!! It is not forgotten, and I have emails with Tom Ritter et al on it --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 61c5f5b..8e6631e 100644 --- a/user.js +++ b/user.js @@ -1566,7 +1566,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 - FF57: The version number will match current ESR (1393283, 1418672) + FF57: The version number will match current ESR (1393283, 1418672, 1418162) FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) From 7d65d8c17369793aa338a4afc6c5fc0daca4d33a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 21:18:45 +0000 Subject: [PATCH 0757/1961] 4503 mozAddonManager => active --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8e6631e..8d7023e 100644 --- a/user.js +++ b/user.js @@ -1603,8 +1603,10 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) - * [1] https://bugzilla.mozilla.org/1384330 ***/ - // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) + * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need + * to sanitize or clear extensions.webextensions.restrictedDomains (see 2613) to keep that side-effect + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) /*** 4600: RFP (4500) ALTERNATIVES [SETUP] * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, From 8f2b674910e646780c0fca2e01281f6c9618df99 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 21:42:47 +0000 Subject: [PATCH 0758/1961] 60 deprecated/removed part2 --- user.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 8d7023e..ed1e14d 100644 --- a/user.js +++ b/user.js @@ -362,12 +362,6 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0512: disable Shield (FF53-FF59) - replaced internally by Normandy (see 0503) - * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" - * [1] https://wiki.mozilla.org/Firefox/Shield - * [2] https://github.com/mozilla/normandy ***/ -user_pref("extensions.shield-recipe-client.enabled", false); -user_pref("extensions.shield-recipe-client.api_url", ""); /* 0513: disable Follow On Search (FF53+) * Just DELETE the XPI file in your System Add-ons directory * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ @@ -2121,6 +2115,13 @@ user_pref("dom.idle-observers-api.enabled", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); +// 0512: disable Shield (FF53-FF59) - replaced internally by Normandy (see 0503) + // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" + // [1] https://wiki.mozilla.org/Firefox/Shield + // [2] https://github.com/mozilla/normandy + // [-] https://bugzilla.mozilla.org/1436113 +user_pref("extensions.shield-recipe-client.enabled", false); +user_pref("extensions.shield-recipe-client.api_url", ""); // 0514: disable Activity Stream (FF54+) // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); From cd322f39a4f0212d53fb935b6c31eb179f989d2c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 May 2018 21:55:51 +0000 Subject: [PATCH 0759/1961] 2613: restrictedDomains --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index ed1e14d..942fc7a 100644 --- a/user.js +++ b/user.js @@ -1241,6 +1241,9 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); +/* 2613: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ + // user_pref("extensions.webextensions.restrictedDomains", ""); /* 2617: enable Firefox's built-in PDF reader [SETUP] * [SETTING] General>Applications>Portable Document Format (PDF) * [SETTING-ESR52] Applications>Portable Document Format (PDF) From c5a1a038d2dc1051ce4510faad54210234d83c17 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 5 May 2018 14:40:20 +0200 Subject: [PATCH 0760/1961] 5000: remove view_source.tab (moved to 9999) --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 942fc7a..eb8fb23 100644 --- a/user.js +++ b/user.js @@ -1737,7 +1737,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab (FF57+) // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] - // user_pref("view_source.tab", false); // open "page/selection source" in a new window // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); From 149aab6b1e0f6a1458dd3fd23c3df04fb483243c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 5 May 2018 18:21:21 +0200 Subject: [PATCH 0761/1961] 2600: security regroup (#416) * 2600: security regroup * fixup --- user.js | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index eb8fb23..8107e4d 100644 --- a/user.js +++ b/user.js @@ -1271,18 +1271,6 @@ user_pref("middlemouse.contentLoadURL", false); * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true -/* 2622: enforce a security delay when installing extensions (milliseconds) - * default=1000, This also covers the delay in "Save" on downloading files. - * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 700); -/* 2623: enable Strict File Origin Policy on local files - * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ -user_pref("security.fileuri.strict_origin_policy", true); -/* 2624: enable Subresource Integrity (SRI) (FF43+) - * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity - * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ -user_pref("security.sri.enable", true); // default: true /* 2625: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local @@ -1336,9 +1324,6 @@ user_pref("devtools.chrome.enabled", false); * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -/* 2670: disable "image/" mime types bypassing CSP (FF51+) - * [1] https://bugzilla.mozilla.org/1288361 ***/ -user_pref("security.block_script_with_wrong_mime", true); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage * including youtube player controls. Best left for "hardened" or specific profiles. @@ -1355,20 +1340,35 @@ user_pref("security.block_script_with_wrong_mime", true); * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2673: enable CSP (Content Security Policy) +/* 2680: disable "image/" mime types bypassing CSP (FF51+) + * [1] https://bugzilla.mozilla.org/1288361 ***/ +user_pref("security.block_script_with_wrong_mime", true); +/* 2681: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // default: true -/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) +/* 2682: disable CSP violation events (FF59+) + * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ +user_pref("security.csp.enable_violation_events", false); +/* 2683: enable CSP 1.1 experimental hash-source directive (FF29+) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); -/* 2675: block top level window data: URIs (FF56+) +/* 2684: block top level window data: URIs (FF56+) * [1] https://bugzilla.mozilla.org/1331351 * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2676: disable CSP violation events (FF59+) - * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ -user_pref("security.csp.enable_violation_events", false); +/* 2685: enforce a delay for security dialogs + * fe. when installing extensions or downloading files. + * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox + * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ +user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) +/* 2686: enable Strict File Origin Policy on local files + * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ +user_pref("security.fileuri.strict_origin_policy", true); +/* 2687: enable Subresource Integrity (SRI) (FF43+) + * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity + * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ +user_pref("security.sri.enable", true); // default: true /*** 2700: PERSISTENT STORAGE Data SET by websites including From 517b8665c0ac637225a2febe45d3f43a5399c98e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 May 2018 17:01:09 +0000 Subject: [PATCH 0762/1961] 2685 fixup --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 8107e4d..91cbf08 100644 --- a/user.js +++ b/user.js @@ -1357,8 +1357,7 @@ user_pref("security.csp.experimentalEnabled", true); * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2685: enforce a delay for security dialogs - * fe. when installing extensions or downloading files. +/* 2685: enforce a security delay on install and save dialogs * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) From 36c11cb5d40e04e7af92064db7f791cca669f4a7 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 5 May 2018 20:14:57 +0200 Subject: [PATCH 0763/1961] 2600: downloads + extensions regroup (#417) * 2600: downloads + extensions regroup * fixup --- user.js | 73 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/user.js b/user.js index 91cbf08..44b43ed 100644 --- a/user.js +++ b/user.js @@ -1212,18 +1212,9 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta /* 2601: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); -/* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) - * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ -user_pref("browser.download.folderList", 2); -/* 2603: enforce user interaction for security by always asking the user where to download ***/ -user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable adding downloads to the system's "recent documents" list ***/ -user_pref("browser.download.manager.addToRecentDocs", false); -/* 2606: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ -user_pref("browser.download.hide_plugins_without_extensions", false); /* 2607: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) @@ -1241,9 +1232,6 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2613: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ - // user_pref("extensions.webextensions.restrictedDomains", ""); /* 2617: enable Firefox's built-in PDF reader [SETUP] * [SETTING] General>Applications>Portable Document Format (PDF) * [SETTING-ESR52] Applications>Portable Document Format (PDF) @@ -1267,16 +1255,6 @@ user_pref("network.http.redirection-limit", 10); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2621: enable warning when websites try to install extensions - * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons - * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ -user_pref("xpinstall.whitelist.required", true); // default: true -/* 2625: clear localStorage and UUID when an extension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2626: disable optional user agent token * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); // default: false @@ -1299,12 +1277,6 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block -/* 2662: disable "open with" in download dialog (FF50+) - * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) - * in such a way that it is forbidden to run external applications. - * [SETUP] This may interfere with some users' workflow or methods - * [1] https://bugzilla.mozilla.org/1281959 ***/ -user_pref("browser.download.forbid_open_with", true); /* 2663: disable MathML (Mathematical Markup Language) (FF51+) * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ @@ -1318,12 +1290,6 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -/* 2668: lock down allowed extension directories - * [WARNING] This will break extensions that do not use the default XPI directories - * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] archived: https://archive.is/DYjAM ***/ -user_pref("extensions.enabledScopes", 1); // (hidden pref) -user_pref("extensions.autoDisableScopes", 15); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage * including youtube player controls. Best left for "hardened" or specific profiles. @@ -1340,6 +1306,43 @@ user_pref("extensions.autoDisableScopes", 15); * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); +/** DOWNLOADS ***/ +/* 2640: discourage downloading to desktop (0=desktop 1=downloads 2=last used) + * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ +user_pref("browser.download.folderList", 2); +/* 2641: enforce user interaction for security by always asking the user where to download ***/ +user_pref("browser.download.useDownloadDir", false); +/* 2642: disable adding downloads to the system's "recent documents" list ***/ +user_pref("browser.download.manager.addToRecentDocs", false); +/* 2643: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ +user_pref("browser.download.hide_plugins_without_extensions", false); +/* 2644: disable "open with" in download dialog (FF50+) + * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) + * in such a way that it is forbidden to run external applications. + * [SETUP] This may interfere with some users' workflow or methods + * [1] https://bugzilla.mozilla.org/1281959 ***/ +user_pref("browser.download.forbid_open_with", true); +/** EXTENSIONS ***/ +/* 2650: lock down allowed extension directories + * [WARNING] This will break extensions that do not use the default XPI directories + * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ + * [1] archived: https://archive.is/DYjAM ***/ +user_pref("extensions.enabledScopes", 1); // (hidden pref) +user_pref("extensions.autoDisableScopes", 15); +/* 2651: clear localStorage and UUID when an extension is uninstalled + * [NOTE] Both preferences must be the same + * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local + * [2] https://bugzilla.mozilla.org/1213990 ***/ +user_pref("extensions.webextensions.keepStorageOnUninstall", false); +user_pref("extensions.webextensions.keepUuidOnUninstall", false); +/* 2652: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ + // user_pref("extensions.webextensions.restrictedDomains", ""); +/* 2653: enable warning when websites try to install add-ons + * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons + * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ +user_pref("xpinstall.whitelist.required", true); // default: true +/** SECURITY ***/ /* 2680: disable "image/" mime types bypassing CSP (FF51+) * [1] https://bugzilla.mozilla.org/1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); @@ -1600,7 +1603,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need - * to sanitize or clear extensions.webextensions.restrictedDomains (see 2613) to keep that side-effect + * to sanitize or clear extensions.webextensions.restrictedDomains (see 2652) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) From cf269c982bcc38eaa14a3f91e061edf573be1b16 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 May 2018 18:26:33 +0000 Subject: [PATCH 0764/1961] fixup number ref --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 44b43ed..36e7976 100644 --- a/user.js +++ b/user.js @@ -1245,7 +1245,7 @@ user_pref("devtools.webide.enabled", false); * [WHY USE true=open with or save to disk] * If you think a particular external app is more secure... * [NOTE] - * See 2662, and JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ + * See 2644, and JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) From 88b08c79cd6a645f6d1c9c0e80e7bce86ecce7ce Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 May 2018 18:44:52 +0000 Subject: [PATCH 0765/1961] 2685 tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 36e7976..b281baa 100644 --- a/user.js +++ b/user.js @@ -1360,7 +1360,7 @@ user_pref("security.csp.experimentalEnabled", true); * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2685: enforce a security delay on install and save dialogs +/* 2685: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) From 459396ed5b23889fe4053d2f7dca0a10b4cde291 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 10:00:13 +0000 Subject: [PATCH 0766/1961] 2626: remove useragent.compatMode #368 I see no point in keeping this to enforce a default that FF itself doesn't use - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox - "... is an optional compatibility token that some Gecko-based browsers may choose to incorporate, to achieve maximum compatibility with websites that expect Firefox" --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index b281baa..07f1742 100644 --- a/user.js +++ b/user.js @@ -1255,9 +1255,6 @@ user_pref("network.http.redirection-limit", 10); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2626: disable optional user agent token - * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ -user_pref("general.useragent.compatMode.firefox", false); // default: false /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); From 78dc31f6d6e61a7faa7918d2a0070a0f453785b1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 12:30:40 +0000 Subject: [PATCH 0767/1961] remove 5 prefs #418 --- user.js | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/user.js b/user.js index 07f1742..7b6b46d 100644 --- a/user.js +++ b/user.js @@ -775,11 +775,6 @@ user_pref("security.family_safety.mode", 0); * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); -/* 1223: enforce HSTS preload list (default is true) - * The list is compiled into Firefox and used to always load those domains over HTTPS - * [1] https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ - * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/ -user_pref("network.stricttransportsecurity.preloadlist", true); /** MIXED CONTENT ***/ /* 1240: disable insecure active content on https pages - mixed content * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ @@ -1278,9 +1273,6 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ user_pref("mathml.disabled", true); -/* 2664: disable DeviceStorage API - * [1] https://wiki.mozilla.org/WebAPI/DeviceStorageAPI ***/ -user_pref("device.storage.enabled", false); /* 2665: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2667: disable various developer tools in browser context @@ -1340,9 +1332,6 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true /** SECURITY ***/ -/* 2680: disable "image/" mime types bypassing CSP (FF51+) - * [1] https://bugzilla.mozilla.org/1288361 ***/ -user_pref("security.block_script_with_wrong_mime", true); /* 2681: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // default: true @@ -1361,13 +1350,6 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) -/* 2686: enable Strict File Origin Policy on local files - * [1] http://kb.mozillazine.org/Security.fileuri.strict_origin_policy ***/ -user_pref("security.fileuri.strict_origin_policy", true); -/* 2687: enable Subresource Integrity (SRI) (FF43+) - * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity - * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/ -user_pref("security.sri.enable", true); // default: true /*** 2700: PERSISTENT STORAGE Data SET by websites including From 772fa4e06ef74edb64ddedbd172ccc3676146a25 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 13:10:30 +0000 Subject: [PATCH 0768/1961] geo changes, fixes #415 NOTE: RFP still blocks geo, but this will be reverted at some stage: see https://bugzilla.mozilla.org/show_bug.cgi?id=1441295 --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 7b6b46d..9de0862 100644 --- a/user.js +++ b/user.js @@ -86,7 +86,11 @@ user_pref("browser.shell.checkDefaultBrowser", false); user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable Location-Aware Browsing * [1] https://www.mozilla.org/firefox/geolocation/ ***/ -user_pref("geo.enabled", false); + // user_pref("geo.enabled", false); +/* 0201b: set a default permission for Location (FF58+) + * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location + * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Location>Settings ***/ +user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 @@ -113,10 +117,6 @@ user_pref("intl.regional_prefs.use_os_locales", false); * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) -/* 0211: set a default permission for Location (FF58+) - * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location - * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Location>Settings ***/ - // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /*** 0300: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). From 6e6a99349403ef558d9019868d123060993ce171 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 16:57:00 +0000 Subject: [PATCH 0769/1961] 2672 punycode tweak #368 --- user.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 9de0862..6de9e41 100644 --- a/user.js +++ b/user.js @@ -1284,17 +1284,16 @@ user_pref("devtools.chrome.enabled", false); * including youtube player controls. Best left for "hardened" or specific profiles. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); -/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing security risk - * Firefox has *some* protections to mitigate the risk, but it is better to be safe - * than sorry. The downside: it will also display legitimate IDN's punycoded, which - * might be undesirable for users from countries with non-latin alphabets +/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing + * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also + * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) - * [1] http://kb.mozillazine.org/Network.IDN_show_punycode - * [2] https://wiki.mozilla.org/IDN_Display_Algorithm - * [3] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ - * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ + * [1] https://wiki.mozilla.org/IDN_Display_Algorithm + * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack + * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ + * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); + /** DOWNLOADS ***/ /* 2640: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ @@ -1311,6 +1310,7 @@ user_pref("browser.download.hide_plugins_without_extensions", false); * [SETUP] This may interfere with some users' workflow or methods * [1] https://bugzilla.mozilla.org/1281959 ***/ user_pref("browser.download.forbid_open_with", true); + /** EXTENSIONS ***/ /* 2650: lock down allowed extension directories * [WARNING] This will break extensions that do not use the default XPI directories @@ -1331,6 +1331,7 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true + /** SECURITY ***/ /* 2681: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ From 5e7258ba2d2c78e8b716d1db11520c4b85e43b50 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 17:07:09 +0000 Subject: [PATCH 0770/1961] remove 0705, fixes #418 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 6de9e41..c822d28 100644 --- a/user.js +++ b/user.js @@ -471,9 +471,6 @@ user_pref("network.http.altsvc.oe", false); * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0705: disable DNS requests for hostnames with a .onion TLD (FF45+) - * [1] https://bugzilla.mozilla.org/1228457 ***/ -user_pref("network.dns.blockDotOnion", true); /* 0706: remove paths when sending URLs to PAC scripts (FF51+) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/1255474 ***/ From 47cf0e1640d8702b64cca2d76e1e3345f27253c8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 18:41:10 +0000 Subject: [PATCH 0771/1961] 2617 pdfjs tweak #368 that trims 3 lines off with a little formatting --- user.js | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index c822d28..71ab963 100644 --- a/user.js +++ b/user.js @@ -1228,16 +1228,13 @@ user_pref("devtools.webide.enabled", false); * [SETTING] General>Applications>Portable Document Format (PDF) * [SETTING-ESR52] Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available - * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * [WHY USE false=default=view PDFs in Firefox] - * pdfjs is lightweight, open source and as secure as any pdf reader out there, certainly better and more - * vetted than most. Exploits are rare (1 serious case in 3 years), treated seriously and patched quickly. - * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It - * maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. - * [WHY USE true=open with or save to disk] - * If you think a particular external app is more secure... - * [NOTE] - * See 2644, and JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ + * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") + * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) + * Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. + * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). + * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. + * CONS: You may prefer a different pdf reader for security reasons + * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); /* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) From 35fd4e343c83944240f73bb81f719b69a017c583 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 May 2018 20:41:14 +0000 Subject: [PATCH 0772/1961] 2671 cleanup #368 --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 71ab963..529396c 100644 --- a/user.js +++ b/user.js @@ -1274,8 +1274,7 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) - * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage - * including youtube player controls. Best left for "hardened" or specific profiles. + * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing From b89e24726345014d3c8e64a609a82f0549d394c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 May 2018 14:57:42 +0000 Subject: [PATCH 0773/1961] 0707: DoH, fixes #410 --- user.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user.js b/user.js index 529396c..fb25210 100644 --- a/user.js +++ b/user.js @@ -475,6 +475,14 @@ user_pref("network.proxy.socks_remote_dns", true); * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/1255474 ***/ user_pref("network.proxy.autoconfig_url.include_path", false); +/* 0707: disable (or setup) DNS-over-HTTPS (DoH) (FF60+) + * TRR = Trusted Recursive Resolver + * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result + * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) + * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ ***/ + // user_pref("network.trr.mode", 0); + // user_pref("network.trr.bootstrapAddress", ""); + // user_pref("network.trr.uri", ""); /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private From 7eda26a1d098a4539d6e993a786d63d29320338b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 May 2018 15:51:50 +0000 Subject: [PATCH 0774/1961] 2600s numbering part1 --- user.js | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/user.js b/user.js index fb25210..f78f6ba 100644 --- a/user.js +++ b/user.js @@ -1296,16 +1296,16 @@ user_pref("devtools.chrome.enabled", false); user_pref("network.IDN_show_punycode", true); /** DOWNLOADS ***/ -/* 2640: discourage downloading to desktop (0=desktop 1=downloads 2=last used) +/* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ user_pref("browser.download.folderList", 2); -/* 2641: enforce user interaction for security by always asking the user where to download ***/ +/* 2651: enforce user interaction for security by always asking the user where to download ***/ user_pref("browser.download.useDownloadDir", false); -/* 2642: disable adding downloads to the system's "recent documents" list ***/ +/* 2652: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); -/* 2643: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ +/* 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); -/* 2644: disable "open with" in download dialog (FF50+) +/* 2654: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. * [SETUP] This may interfere with some users' workflow or methods @@ -1313,42 +1313,42 @@ user_pref("browser.download.hide_plugins_without_extensions", false); user_pref("browser.download.forbid_open_with", true); /** EXTENSIONS ***/ -/* 2650: lock down allowed extension directories +/* 2660: lock down allowed extension directories * [WARNING] This will break extensions that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -/* 2651: clear localStorage and UUID when an extension is uninstalled +/* 2661: clear localStorage and UUID when an extension is uninstalled * [NOTE] Both preferences must be the same * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local * [2] https://bugzilla.mozilla.org/1213990 ***/ user_pref("extensions.webextensions.keepStorageOnUninstall", false); user_pref("extensions.webextensions.keepUuidOnUninstall", false); -/* 2652: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) +/* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -/* 2653: enable warning when websites try to install add-ons +/* 2663: enable warning when websites try to install add-ons * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true /** SECURITY ***/ -/* 2681: enable CSP (Content Security Policy) +/* 2680: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // default: true -/* 2682: disable CSP violation events (FF59+) +/* 2681: disable CSP violation events (FF59+) * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ user_pref("security.csp.enable_violation_events", false); -/* 2683: enable CSP 1.1 experimental hash-source directive (FF29+) +/* 2682: enable CSP 1.1 experimental hash-source directive (FF29+) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); -/* 2684: block top level window data: URIs (FF56+) +/* 2683: block top level window data: URIs (FF56+) * [1] https://bugzilla.mozilla.org/1331351 * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); -/* 2685: enforce a security delay on some confirmation dialogs such as install, open/save +/* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) @@ -1584,7 +1584,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need - * to sanitize or clear extensions.webextensions.restrictedDomains (see 2652) to keep that side-effect + * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) From 1b0c9f66d939a67b9240320ec8c43ce322224248 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 8 May 2018 04:13:53 +1200 Subject: [PATCH 0775/1961] 2600s renumber/reorder #368 --- user.js | 136 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/user.js b/user.js index f78f6ba..bc384f0 100644 --- a/user.js +++ b/user.js @@ -1209,30 +1209,80 @@ user_pref("dom.w3c_pointer_events.enabled", false); /*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); -/* 2601: disable sending additional analytics to web servers +/* 2601: prevent accessibility services from accessing your browser [RESTART] + * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser + * [1] https://support.mozilla.org/kb/accessibility-services ***/ +user_pref("accessibility.force_disabled", 1); +/* 2602: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); -/* 2604: remove temp files opened with an external application +/* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2607: disable page thumbnail collection +/* 2604: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) -/* 2608: disable JAR from opening Unsafe File Types ***/ -user_pref("network.jar.open-unsafe-types", false); -/* 2609: disable exposure of system colors to CSS or canvas (FF44+) - * [NOTE] see second listed bug: may cause black on black for elements with undefined colors - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ -user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) -/* 2610: remove special permissions for certain mozilla domains (FF35+) - * [1] resource://app/defaults/permissions ***/ -user_pref("permissions.manager.defaultsUrl", ""); -/* 2611: disable WebIDE to prevent remote debugging and extension downloads +/* 2605: block web content in file processes (FF55+) + * [WARNING] [SETUP] You may want to disable this for corporate or developer environments + * [1] https://bugzilla.mozilla.org/1343184 ***/ +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); +/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ +user_pref("browser.uitour.enabled", false); +user_pref("browser.uitour.url", ""); +/* 2607: disable various developer tools in browser context + * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes + * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ +user_pref("devtools.chrome.enabled", false); +/* 2608: disable WebIDE to prevent remote debugging and extension downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2617: enable Firefox's built-in PDF reader [SETUP] +/* 2609: disable MathML (Mathematical Markup Language) (FF51+) + * [TEST] http://browserspy.dk/mathml.php + * [1] https://bugzilla.mozilla.org/1173199 ***/ +user_pref("mathml.disabled", true); +/* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+) + * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. + * [1] https://bugzilla.mozilla.org/1216893 ***/ + // user_pref("svg.disabled", true); +/* 2611: disable middle mouse click opening links from clipboard + * [1] https://trac.torproject.org/projects/tor/ticket/10089 + * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ +user_pref("middlemouse.contentLoadURL", false); +/* 2612: disable remote JAR files being opened, regardless of content type (FF42+) + * [1] https://bugzilla.mozilla.org/1173171 + * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ +user_pref("network.jar.block-remote-files", true); +/* 2613: disable JAR from opening Unsafe File Types ***/ +user_pref("network.jar.open-unsafe-types", false); +/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) + * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) + * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ +user_pref("network.http.redirection-limit", 10); +/* 2615: disable websites overriding Firefox's keyboard shortcuts (FF58+) + * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts + * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ + // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block +/* 2616: remove special permissions for certain mozilla domains (FF35+) + * [1] resource://app/defaults/permissions ***/ +user_pref("permissions.manager.defaultsUrl", ""); +/* 2617: remove webchannel whitelist ***/ +user_pref("webchannel.allowObject.urlWhitelist", ""); +/* 2618: disable exposure of system colors to CSS or canvas (FF44+) + * [NOTE] see second listed bug: may cause black on black for elements with undefined colors + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ +user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) +/* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing + * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also + * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets + * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) + * [1] https://wiki.mozilla.org/IDN_Display_Algorithm + * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack + * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ + * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ +user_pref("network.IDN_show_punycode", true); +/* 2620: enable Firefox's built-in PDF reader [SETUP] * [SETTING] General>Applications>Portable Document Format (PDF) * [SETTING-ESR52] Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available @@ -1244,56 +1294,6 @@ user_pref("devtools.webide.enabled", false); * CONS: You may prefer a different pdf reader for security reasons * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ user_pref("pdfjs.disabled", false); -/* 2619: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) - * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ -user_pref("network.http.redirection-limit", 10); -/* 2620: disable middle mouse click opening links from clipboard - * [1] https://trac.torproject.org/projects/tor/ticket/10089 - * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ -user_pref("middlemouse.contentLoadURL", false); -/* 2628: disable UITour backend so there is no chance that a remote page can use it ***/ -user_pref("browser.uitour.enabled", false); -user_pref("browser.uitour.url", ""); -/* 2629: disable remote JAR files being opened, regardless of content type (FF42+) - * [1] https://bugzilla.mozilla.org/1173171 - * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ -user_pref("network.jar.block-remote-files", true); -/* 2630: prevent accessibility services from accessing your browser [RESTART] - * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser - * [1] https://support.mozilla.org/kb/accessibility-services ***/ -user_pref("accessibility.force_disabled", 1); -/* 2631: block web content in file processes (FF55+) - * [WARNING] [SETUP] You may want to disable this for corporate or developer environments - * [1] https://bugzilla.mozilla.org/1343184 ***/ -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+) - * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts - * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ - // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block -/* 2663: disable MathML (Mathematical Markup Language) (FF51+) - * [TEST] http://browserspy.dk/mathml.php - * [1] https://bugzilla.mozilla.org/1173199 ***/ -user_pref("mathml.disabled", true); -/* 2665: remove webchannel whitelist ***/ -user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2667: disable various developer tools in browser context - * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ -user_pref("devtools.chrome.enabled", false); -/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) - * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. - * [1] https://bugzilla.mozilla.org/1216893 ***/ - // user_pref("svg.disabled", true); -/* 2672: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing - * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also - * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets - * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) - * [1] https://wiki.mozilla.org/IDN_Display_Algorithm - * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ - * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ -user_pref("network.IDN_show_punycode", true); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) @@ -1738,13 +1738,13 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* FF42 and older -// 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled +// 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled // [-] https://bugzilla.mozilla.org/897811 user_pref("pageThumbs.enabled", false); // 2503: (31+) disable network API - replaced by dom.netinfo.enabled // [-] https://bugzilla.mozilla.org/960426 user_pref("dom.network.enabled", false); -// 2620: (35+) disable WebSockets +// 2600s: (35+) disable WebSockets // [-] https://bugzilla.mozilla.org/1091016 user_pref("network.websocket.enabled", false); // 1610: (36+) set DNT "value" to "not be tracked" (FF21+) @@ -2035,11 +2035,11 @@ user_pref("social.enabled", false); // (hidden pref) // 1830: disable DRM's EME WideVineAdapter // [-] https://bugzilla.mozilla.org/1395468 user_pref("media.eme.chromium-api.enabled", false); // (FF55+) -// 2611: disable WebIDE extension downloads (Valence) +// 2608: disable WebIDE extension downloads (Valence) // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); -// 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku +// 2600s: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 user_pref("browser.casting.enabled", false); From b880c9da61ce97eabd00d7599f69352737ccfda8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 11 May 2018 18:14:40 +0200 Subject: [PATCH 0776/1961] add network.ftp.enabled --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index bc384f0..bc74ae1 100644 --- a/user.js +++ b/user.js @@ -483,6 +483,9 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // user_pref("network.trr.mode", 0); // user_pref("network.trr.bootstrapAddress", ""); // user_pref("network.trr.uri", ""); +/* 0708: disable FTP (FF60+) + * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ + // user_pref("network.ftp.enabled", false); /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private From 67360332abd2f6bf8b56b5640eb95c71c44d7214 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 15:44:37 +0000 Subject: [PATCH 0777/1961] FF60+ parrot info --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index bc74ae1..f274582 100644 --- a/user.js +++ b/user.js @@ -40,9 +40,10 @@ ******/ /* START: internal custom pref to test for syntax errors (thanks earthling) - * Yes, this next pref setting is redundant, but we like it! - * [1] https://en.wikipedia.org/wiki/Dead_parrot - * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/ + * [NOTE] In FF60+, not all syntax errors cause parsing to abort i.e. reaching the last debug + * pref no longer necessarily means that all prefs have been applied. Check the console right + * after startup for any warnings/error messages related to non-applied prefs + * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0000: disable about:config warning ***/ From d6280d2d7a8a5026ffc794205753fb3b0b5bc230 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:41:43 +0000 Subject: [PATCH 0778/1961] Delete ghacks-clear-all-up-to-57-[RFP-alternatives].js --- ...s-clear-all-up-to-57-[RFP-alternatives].js | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js deleted file mode 100644 index 8979edd..0000000 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js +++ /dev/null @@ -1,60 +0,0 @@ -/*** - - This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js - up to and including release 57-alpha. These are the prefs that are no longer necessary, - or they conlfict with, privacy.resistFingerprinting if you have that enabled. - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* section 4600 */ - 'dom.maxHardwareConcurrency', - 'dom.enable_resource_timing', - 'dom.enable_performance', - 'device.sensors.enabled', - 'browser.zoom.siteSpecific', - 'dom.gamepad.enabled', - 'dom.netinfo.enabled', - 'media.webspeech.synth.enabled', - 'geo.enabled', - 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled', - /* section 4700 */ - 'general.useragent.override', - 'general.buildID.override', - 'general.appname.override', - 'general.appversion.override', - 'general.platform.override', - 'general.oscpu.override', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 45f1dfa9127480bb9c1679b264767e93eed86fd9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:42:00 +0000 Subject: [PATCH 0779/1961] Delete ghacks-clear-57-[changes-only].js --- .../ghacks-clear-57-[changes-only].js | 61 ------------------- 1 file changed, 61 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-57-[changes-only].js diff --git a/scratchpad-scripts/ghacks-clear-57-[changes-only].js b/scratchpad-scripts/ghacks-clear-57-[changes-only].js deleted file mode 100644 index 47b80d9..0000000 --- a/scratchpad-scripts/ghacks-clear-57-[changes-only].js +++ /dev/null @@ -1,61 +0,0 @@ -/*** - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* --- 57-alpha --- */ - /* commented out */ - 'browser.storageManager.enabled', - 'dom.storageManager.enabled', - /* removed from the user.js */ - 'browser.search.geoip.timeout', - 'geo.wifi.xhr.timeout', - 'gfx.layerscope.enabled', - 'media.webspeech.recognition.enable', - /* moved to RFP ALTERNATIVES */ - 'dom.w3c_touch_events.enabled', - 'media.video_stats.enabled', - /* moved to DEPRECATED/REMOVED */ - 'browser.bookmarks.showRecentlyBookmarked', - 'browser.casting.enabled', - 'devtools.webide.autoinstallFxdtAdapters', - 'media.eme.chromium-api.enabled', - 'social.directories', - 'social.enabled', - 'social.remote-install.enabled', - 'social.share.activationPanelEnabled', - 'social.shareDirectory', - 'social.toast-notifications.enabled', - 'social.whitelist', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 94abd71787858b1f5a88fc423832ec04b1bff054 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:42:13 +0000 Subject: [PATCH 0780/1961] Delete ghacks-clear-all-up-to-57-[deprecated].js --- .../ghacks-clear-all-up-to-57-[deprecated].js | 167 ------------------ 1 file changed, 167 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js deleted file mode 100644 index 39efa9e..0000000 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js +++ /dev/null @@ -1,167 +0,0 @@ -/*** - - This will reset the preferences that have been deprecated by Mozilla - and used in the ghacks user.js up to and including release 57-alpha - - It is in reverse order, so feel free to remove sections that do not apply - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* deprecated */ - - /* ESR52.x users can remove sections 53-57 but it is not - crucial as your user.js will reinstate them */ - /* 57 */ - 'social.whitelist', - 'social.toast-notifications.enabled', - 'social.shareDirectory', - 'social.remote-install.enabled', - 'social.directories', - 'social.share.activationPanelEnabled', - 'social.enabled', - 'media.eme.chromium-api.enabled', - 'devtools.webide.autoinstallFxdtAdapters', - 'browser.casting.enabled', - 'browser.bookmarks.showRecentlyBookmarked', - /* 56 */ - 'extensions.screenshots.system-disabled', - 'extensions.formautofill.experimental', - /* 55 */ - 'geo.security.allowinsecure', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.newtabpage.directory.ping', - 'browser.formfill.saveHttpsForms', - 'browser.formautofill.enabled', - 'dom.enable_user_timing', - 'dom.keyboardevent.code.enabled', - 'browser.tabs.animate', - 'browser.fullscreen.animate', - /* 54 */ - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'media.eme.apiVisible', - 'dom.archivereader.enabled', - /* 53 */ - 'security.tls.unrestricted_rc4_fallback', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'dom.beforeAfterKeyboardEvent.enabled', - /* End of ESR52.x section */ - - /* 52 */ - 'network.http.sendSecureXSiteReferrer', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'media.gmp-eme-adobe.autoupdate', - 'dom.telephony.enabled', - 'dom.battery.enabled', - /* 51 */ - 'media.block-play-until-visible', - 'dom.vr.oculus050.enabled', - 'network.http.spdy.enabled.v3-1', - /* 50 */ - 'browser.usedOnWindows10.introURL', - 'plugins.update.notifyUser', - 'browser.safebrowsing.enabled', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'plugins.update.url', - /* 49 */ - 'loop.enabled', - 'loop.server', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.logDomains', - 'dom.disable_window_open_feature.scrollbars', - 'dom.push.udp.wakeupEnabled', - /* 48 */ - 'browser.urlbar.unifiedcomplete', - /* 47 */ - 'toolkit.telemetry.unifiedIsOptIn', - 'datareporting.healthreport.about.reportUrlUnified', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - /* 46 */ - 'datareporting.healthreport.service.enabled', - 'datareporting.healthreport.documentServerURI', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'browser.safebrowsing.appRepURL', - 'browser.polaris.enabled', - 'browser.pocket.enabled', - 'browser.pocket.api', - 'browser.pocket.site', - 'browser.pocket.oAuthConsumerKey', - /* 45 */ - 'browser.sessionstore.privacy_level_deferred', - /* 44 */ - 'browser.safebrowsing.provider.google.appRepURL', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'dom.workers.sharedWorkers.enabled', - 'dom.disable_image_src_set', - /* 43 */ - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.updateURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'pfs.datasource.url', - 'browser.search.showOneOffButtons', - /* 42 and earlier */ - 'privacy.clearOnShutdown.passwords', // 42 - 'full-screen-api.approval-required', // 42 - 'browser.safebrowsing.reportErrorURL', // 41 - 'browser.safebrowsing.reportGenericURL', // 41 - 'browser.safebrowsing.reportMalwareErrorURL', // 41 - 'browser.safebrowsing.reportMalwareURL', // 41 - 'browser.safebrowsing.reportURL', // 41 - 'plugins.enumerable_names', // 41 - 'network.http.spdy.enabled.http2draft', // 41 - 'camera.control.autofocus_moving_callback.enabled', // 37 - 'privacy.donottrackheader.value', // 36 - 'network.websocket.enabled', // 35 - 'dom.network.enabled', // 31 - 'pageThumbs.enabled', // 25 - - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From f97c9a05a98f1071130a04bc19eddd6231261fb0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:42:30 +0000 Subject: [PATCH 0781/1961] Delete ghacks-clear-all-up-to-57-[removed].js --- .../ghacks-clear-all-up-to-57-[removed].js | 63 ------------------- 1 file changed, 63 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js deleted file mode 100644 index 3adc242..0000000 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js +++ /dev/null @@ -1,63 +0,0 @@ -/*** - - This will reset the preferences that have been removed completely - from the ghacks user.js up to and including release 57-alpha - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* removed in ghacks user.js v52-57 */ - /* 52-alpha */ - 'browser.search.reset.enabled', - 'browser.search.reset.whitelist', - /* 54-alpha */ - 'browser.migrate.automigrate.enabled', - 'services.sync.enabled', - 'webextensions.storage.sync.enabled', - 'webextensions.storage.sync.serverURL', - /* 55-alpha */ - 'dom.keyboardevent.dispatch_during_composition', // default is false anyway - 'dom.vr.oculus.enabled', // covered by dom.vr.enabled - 'dom.vr.openvr.enabled', // ditto - 'dom.vr.osvr.enabled', // ditto - 'extensions.pocket.api', // covered by extensions.pocket.enabled - 'extensions.pocket.oAuthConsumerKey', // ditto - 'extensions.pocket.site', // ditto - /* 56-alpha: none */ - /* 57-alpha */ - 'geo.wifi.xhr.timeout', // covered by geo.enabled - 'browser.search.geoip.timeout', // ditto - 'media.webspeech.recognition.enable', // default is false anyway - 'gfx.layerscope.enabled', // default is false anyway - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 33759ab604c809b42a9c2c58f4e1e39c420bf1d7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:42:46 +0000 Subject: [PATCH 0782/1961] Delete ghacks-clear-all-up-to-57-[the-rest-active].js --- ...ks-clear-all-up-to-57-[the-rest-active].js | 409 ------------------ 1 file changed, 409 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js deleted file mode 100644 index bea6d38..0000000 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js +++ /dev/null @@ -1,409 +0,0 @@ -/*** - - This will reset EVERYTHING that is ACTIVE in the ghacks user.js - release 57-alpha master, but excludes the following: - - prefs removed since publishing on github - - e10s section 1100 - - privacy.resistFingerprinting alternatives sections 4600 & 4700 - - deprecated section 9999 - - It does not matter if you clear everything, as a restart will reapply your user.js - Total 477 prefs from 57-alpha master: 118 inactive, 359 active - These have been broken into two scripts for convenience - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* 359 ACTIVE prefs in 57-alpha master */ - 'accessibility.force_disabled', - 'alerts.showFavicons', - 'app.update.auto', - 'app.update.service.enabled', - 'app.update.silent', - 'app.update.staging.enabled', - 'beacon.enabled', - 'breakpad.reportURL', - 'browser.aboutHomeSnippets.updateUrl', - 'browser.backspace_action', - 'browser.bookmarks.max_backups', - 'browser.cache.disk.capacity', - 'browser.cache.disk.enable', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.disk_cache_ssl', - 'browser.cache.frecency_experiment', - 'browser.cache.offline.enable', - 'browser.crashReports.unsubmittedCheck.autoSubmit', - 'browser.crashReports.unsubmittedCheck.enabled', - 'browser.ctrlTab.previews', - 'browser.display.use_document_fonts', - 'browser.download.folderList', - 'browser.download.forbid_open_with', - 'browser.download.hide_plugins_without_extensions', - 'browser.download.manager.addToRecentDocs', - 'browser.download.useDownloadDir', - 'browser.eme.ui.enabled', - 'browser.fixup.alternate.enabled', - 'browser.fixup.hide_user_pass', - 'browser.formfill.enable', - 'browser.helperApps.deleteTempFileOnExit', - 'browser.laterrun.enabled', - 'browser.library.activity-stream.enabled', - 'browser.link.open_newwindow', - 'browser.link.open_newwindow.restriction', - 'browser.newtab.preload', - 'browser.newtabpage.activity-stream.enabled', - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enabled', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'browser.offline-apps.notify', - 'browser.onboarding.enabled', - 'browser.pagethumbnails.capturing_disabled', - 'browser.ping-centre.telemetry', - 'browser.rights.3.shown', - 'browser.safebrowsing.downloads.remote.enabled', - 'browser.safebrowsing.downloads.remote.url', - 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google.reportURL', - 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google4.reportURL', - 'browser.safebrowsing.reportPhishURL', - 'browser.search.countryCode', - 'browser.search.geoip.url', - 'browser.search.geoSpecificDefaults', - 'browser.search.geoSpecificDefaults.url', - 'browser.search.region', - 'browser.search.suggest.enabled', - 'browser.search.update', - 'browser.send_pings', - 'browser.send_pings.require_same_host', - 'browser.sessionhistory.max_entries', - 'browser.sessionstore.interval', - 'browser.sessionstore.max_tabs_undo', - 'browser.sessionstore.max_windows_undo', - 'browser.sessionstore.privacy_level', - 'browser.sessionstore.resume_from_crash', - 'browser.shell.checkDefaultBrowser', - 'browser.shell.shortcutFavicons', - 'browser.slowStartup.maxSamples', - 'browser.slowStartup.notificationDisabled', - 'browser.slowStartup.samples', - 'browser.ssl_override_behavior', - 'browser.startup.homepage_override.mstone', - 'browser.tabs.closeWindowWithLastTab', - 'browser.tabs.crashReporting.sendReport', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.tabs.warnOnClose', - 'browser.tabs.warnOnCloseOtherTabs', - 'browser.tabs.warnOnOpen', - 'browser.taskbar.lists.enabled', - 'browser.taskbar.lists.frequent.enabled', - 'browser.taskbar.lists.recent.enabled', - 'browser.taskbar.lists.tasks.enabled', - 'browser.taskbar.previews.enable', - 'browser.uitour.enabled', - 'browser.uitour.url', - 'browser.urlbar.autoFill', - 'browser.urlbar.autoFill.typed', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.decodeURLsOnCopy', - 'browser.urlbar.doubleClickSelectsAll', - 'browser.urlbar.filter.javascript', - 'browser.urlbar.maxHistoricalSearchSuggestions', - 'browser.urlbar.oneOffSearches', - 'browser.urlbar.speculativeConnect.enabled', - // 'browser.urlbar.suggest.bookmark', // this may not get reset by your user.js - see issue #308 - // 'browser.urlbar.suggest.history', // ditto - // 'browser.urlbar.suggest.openpage', // ditto - 'browser.urlbar.suggest.searches', - 'browser.urlbar.trimURLs', - 'browser.urlbar.usepreloadedtopurls.enabled', - 'browser.urlbar.userMadeSearchSuggestionsChoice', - 'browser.xul.error_pages.expert_bad_cert', - 'camera.control.face_detection.enabled', - 'canvas.capturestream.enabled', - 'captivedetect.canonicalURL', - 'datareporting.healthreport.about.reportUrl', - 'datareporting.healthreport.uploadEnabled', - 'datareporting.policy.dataSubmissionEnabled', - 'device.storage.enabled', - 'devtools.chrome.enabled', - 'devtools.debugger.remote-enabled', - 'devtools.webide.autoinstallADBHelper', - 'devtools.webide.enabled', - 'dom.allow_cut_copy', - 'dom.allow_scripts_to_close_windows', - 'dom.caches.enabled', - 'dom.disable_beforeunload', - 'dom.disable_window_flip', - 'dom.disable_window_move_resize', - 'dom.disable_window_open_feature.close', - 'dom.disable_window_open_feature.location', - 'dom.disable_window_open_feature.menubar', - 'dom.disable_window_open_feature.minimizable', - 'dom.disable_window_open_feature.personalbar', - 'dom.disable_window_open_feature.resizable', - 'dom.disable_window_open_feature.status', - 'dom.disable_window_open_feature.titlebar', - 'dom.disable_window_open_feature.toolbar', - 'dom.disable_window_status_change', - 'dom.event.clipboardevents.enabled', - 'dom.flyweb.enabled', - 'dom.idle-observers-api.enabled', - 'dom.imagecapture.enabled', - 'dom.IntersectionObserver.enabled', - 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', - 'dom.ipc.plugins.reportCrashURL', - 'dom.popup_allowed_events', - 'dom.popup_maximum', - 'dom.push.connection.enabled', - 'dom.push.enabled', - 'dom.push.serverURL', - 'dom.push.userAgentID', - 'dom.serviceWorkers.enabled', - 'dom.vibrator.enabled', - 'dom.webaudio.enabled', - 'dom.webnotifications.enabled', - 'dom.webnotifications.serviceworker.enabled', - 'dom.workers.enabled', - 'experiments.activeExperiment', - 'experiments.enabled', - 'experiments.manifest.uri', - 'experiments.supported', - 'extensions.autoDisableScopes', - 'extensions.blocklist.enabled', - 'extensions.blocklist.url', - 'extensions.enabledScopes', - 'extensions.formautofill.addresses.enabled', - 'extensions.formautofill.available', - 'extensions.formautofill.creditCards.enabled', - 'extensions.formautofill.heuristics.enabled', - 'extensions.getAddons.cache.enabled', - 'extensions.getAddons.showPane', - 'extensions.pocket.enabled', - 'extensions.shield-recipe-client.api_url', - 'extensions.shield-recipe-client.enabled', - 'extensions.update.autoUpdateDefault', - 'extensions.webcompat-reporter.enabled', - 'extensions.webextensions.keepStorageOnUninstall', - 'extensions.webextensions.keepUuidOnUninstall', - 'extensions.webservice.discoverURL', - 'font.blacklist.underline_offset', - 'full-screen-api.enabled', - 'general.useragent.compatMode.firefox', - 'general.useragent.locale', - 'general.warnOnAboutConfig', - 'geo.wifi.uri', - 'gfx.downloadable_fonts.enabled', - 'gfx.downloadable_fonts.woff2.enabled', - 'gfx.font_rendering.graphite.enabled', - 'gfx.font_rendering.opentype_svg.enabled', - 'gfx.offscreencanvas.enabled', - 'intl.accept_languages', - 'intl.locale.matchOS', - 'intl.regional_prefs.use_os_locales', - 'javascript.options.asmjs', - 'javascript.options.wasm', - 'javascript.use_us_english_locale', - 'keyword.enabled', - 'layers.acceleration.disabled', - 'layout.css.font-loading-api.enabled', - 'layout.css.visited_links_enabled', - 'layout.spellcheckDefault', - 'lightweightThemes.update.enabled', - 'mathml.disabled', - 'media.autoplay.enabled', - 'media.block-autoplay-until-in-foreground', - 'media.eme.enabled', - 'media.getusermedia.audiocapture.enabled', - 'media.getusermedia.browser.enabled', - 'media.getusermedia.screensharing.allowed_domains', - 'media.getusermedia.screensharing.enabled', - 'media.gmp-gmpopenh264.autoupdate', - 'media.gmp-gmpopenh264.enabled', - 'media.gmp-manager.updateEnabled', - 'media.gmp-manager.url', - 'media.gmp-manager.url.override', - 'media.gmp-provider.enabled', - 'media.gmp-widevinecdm.autoupdate', - 'media.gmp-widevinecdm.enabled', - 'media.gmp-widevinecdm.visible', - 'media.gmp.trial-create.enabled', - 'media.navigator.enabled', - 'media.navigator.video.enabled', - 'media.ondevicechange.enabled', - 'media.peerconnection.enabled', - 'media.peerconnection.ice.default_address_only', - 'media.peerconnection.ice.no_host', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', - 'middlemouse.contentLoadURL', - 'network.allow-experiments', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'network.captive-portal-service.enabled', - 'network.cookie.cookieBehavior', - 'network.cookie.leave-secure-alone', - 'network.cookie.thirdparty.sessionOnly', - 'network.dns.blockDotOnion', - 'network.dns.disablePrefetch', - 'network.dns.disablePrefetchFromHTTPS', - 'network.http.altsvc.enabled', - 'network.http.altsvc.oe', - 'network.http.redirection-limit', - 'network.http.referer.hideOnionSource', - 'network.http.referer.spoofSource', - 'network.http.referer.trimmingPolicy', - 'network.http.referer.userControlPolicy', - 'network.http.referer.XOriginPolicy', - 'network.http.referer.XOriginTrimmingPolicy', - 'network.http.sendRefererHeader', - 'network.http.spdy.enabled', - 'network.http.spdy.enabled.deps', - 'network.http.spdy.enabled.http2', - 'network.http.speculative-parallel-limit', - 'network.IDN_show_punycode', - 'network.jar.block-remote-files', - 'network.jar.open-unsafe-types', - 'network.manage-offline-status', - 'network.predictor.enable-prefetch', - 'network.predictor.enabled', - 'network.prefetch-next', - 'network.protocol-handler.external.ms-windows-store', - 'network.proxy.autoconfig_url.include_path', - 'network.proxy.socks_remote_dns', - 'network.stricttransportsecurity.preloadlist', - 'offline-apps.allow_by_default', - 'pdfjs.disabled', - 'pdfjs.enableWebGL', - 'permissions.manager.defaultsUrl', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', - 'plugin.sessionPermissionNow.intervalInMinutes', - 'plugins.click_to_play', - 'privacy.clearOnShutdown.cache', - 'privacy.clearOnShutdown.cookies', - 'privacy.clearOnShutdown.downloads', - 'privacy.clearOnShutdown.formdata', - 'privacy.clearOnShutdown.history', - 'privacy.clearOnShutdown.offlineApps', - 'privacy.clearOnShutdown.sessions', - 'privacy.clearOnShutdown.siteSettings', - 'privacy.cpd.cache', - 'privacy.cpd.cookies', - 'privacy.cpd.formdata', - 'privacy.cpd.history', - 'privacy.cpd.offlineApps', - 'privacy.cpd.passwords', - 'privacy.cpd.sessions', - 'privacy.cpd.siteSettings', - 'privacy.donottrackheader.enabled', - 'privacy.firstparty.isolate', - 'privacy.firstparty.isolate.restrict_opener_access', - 'privacy.resistFingerprinting', - 'privacy.sanitize.sanitizeOnShutdown', - 'privacy.sanitize.timeSpan', - 'privacy.trackingprotection.ui.enabled', - 'security.ask_for_password', - 'security.block_script_with_wrong_mime', - 'security.cert_pinning.enforcement_level', - 'security.csp.enable', - 'security.csp.experimentalEnabled', - 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.dialog_enable_delay', - 'security.family_safety.mode', - 'security.fileuri.strict_origin_policy', - 'security.insecure_field_warning.contextual.enabled', - 'security.insecure_password.ui.enabled', - 'security.mixed_content.block_active_content', - 'security.mixed_content.send_hsts_priming', - 'security.mixed_content.use_hsts', - 'security.OCSP.enabled', - 'security.OCSP.require', - 'security.password_lifetime', - 'security.pki.sha1_enforcement_level', - 'security.sri.enable', - 'security.ssl.disable_session_identifiers', - 'security.ssl.enable_ocsp_stapling', - 'security.ssl.errorReporting.automatic', - 'security.ssl.errorReporting.enabled', - 'security.ssl.errorReporting.url', - 'security.ssl.treat_unsafe_negotiation_as_broken', - 'security.tls.enable_0rtt_data', - 'security.tls.version.fallback-limit', - 'security.tls.version.max', - 'security.tls.version.min', - 'security.xpconnect.plugin.unrestricted', - 'services.blocklist.signing.enforced', - 'services.blocklist.update_enabled', - 'signon.autofillForms', - 'signon.autofillForms.http', - 'signon.formlessCapture.enabled', - 'signon.storeWhenAutocompleteOff', - 'startup.homepage_override_url', - 'startup.homepage_welcome_url', - 'startup.homepage_welcome_url.additional', - 'toolkit.telemetry.archive.enabled', - 'toolkit.telemetry.bhrPing.enabled', - 'toolkit.telemetry.cachedClientID', - 'toolkit.telemetry.enabled', - 'toolkit.telemetry.firstShutdownPing.enabled', - 'toolkit.telemetry.newProfilePing.enabled', - 'toolkit.telemetry.server', - 'toolkit.telemetry.shutdownPingSender.enabled', - 'toolkit.telemetry.unified', - 'toolkit.telemetry.updatePing.enabled', - 'ui.submenuDelay', - 'ui.use_standins_for_native_colors', - 'view_source.tab', - 'webchannel.allowObject.urlWhitelist', - 'webgl.disable-extensions', - 'webgl.disable-fail-if-major-performance-caveat', - 'webgl.disabled', - 'webgl.dxgl.enabled', - 'webgl.enable-debug-renderer-info', - 'webgl.enable-webgl2', - 'webgl.min_capability_mode', - - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 9406f3219401941c05c232bc3f926e9cdbee3c1f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 17:43:01 +0000 Subject: [PATCH 0783/1961] Delete ghacks-clear-all-up-to-57-[the-rest-inactive].js --- ...-clear-all-up-to-57-[the-rest-inactive].js | 167 ------------------ 1 file changed, 167 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js diff --git a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js b/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js deleted file mode 100644 index 8b62def..0000000 --- a/scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js +++ /dev/null @@ -1,167 +0,0 @@ -/*** - - This will reset EVERYTHING that is INACTIVE in the ghacks user.js - release 57-alpha master, but excludes the following: - - prefs removed since publishing on github - - e10s section 1100 - - privacy.resistFingerprinting alternatives sections 4600 & 4700 - - deprecated section 9999 - - It does not matter if you clear everything, as a restart will reapply your user.js - Total 477 prefs from 57-alpha master: 118 inactive, 359 active - These have been broken into two scripts for convenience - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] - -***/ - -(function() { - let ops = [ - /* 118 INACTIVE prefs in 57-alpha master */ - 'accessibility.typeaheadfind', - 'app.update.enabled', - 'browser.cache.memory.capacity', - 'browser.cache.memory.enable', - 'browser.chrome.favicons', - 'browser.chrome.site_icons', - 'browser.download.autohideButton', - 'browser.privatebrowsing.autostart', - 'browser.safebrowsing.allowOverride', - 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.downloads.enabled', - 'browser.safebrowsing.downloads.remote.block_dangerous', - 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.downloads.remote.block_potentially_unwanted', - 'browser.safebrowsing.downloads.remote.block_uncommon', - 'browser.safebrowsing.malware.enabled', - 'browser.safebrowsing.phishing.enabled', - 'browser.safebrowsing.provider.google.gethashURL', - 'browser.safebrowsing.provider.google.updateURL', - 'browser.safebrowsing.provider.google4.gethashURL', - 'browser.safebrowsing.provider.google4.updateURL', - 'browser.safebrowsing.provider.mozilla.gethashURL', - 'browser.safebrowsing.provider.mozilla.updateURL', - 'browser.sessionhistory.max_total_viewers', - 'browser.startup.page', - 'browser.stopReloadAnimation.enabled', - 'browser.storageManager.enabled', - 'browser.tabs.loadBookmarksInTabs', - 'browser.urlbar.autocomplete.enabled', - 'browser.urlbar.maxRichResults', - 'clipboard.autocopy', - 'dom.event.contextmenu.enabled', - 'dom.indexedDB.enabled', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - 'dom.storage.enabled', - 'dom.storageManager.enabled', - 'dom.vr.enabled', - 'extensions.screenshots.disabled', - 'extensions.systemAddon.update.url', - 'extensions.update.enabled', - 'font.name.monospace.x-unicode', - 'font.name.monospace.x-western', - 'font.name.sans-serif.x-unicode', - 'font.name.sans-serif.x-western', - 'font.name.serif.x-unicode', - 'font.name.serif.x-western', - 'font.system.whitelist', - 'full-screen-api.warning.delay', - 'full-screen-api.warning.timeout', - 'general.autoScroll', - 'geo.wifi.logging.enabled', - 'gfx.direct2d.disabled', - 'javascript.options.baselinejit', - 'javascript.options.ion', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'network.cookie.lifetime.days', - 'network.cookie.lifetimePolicy', - 'network.dns.disableIPv6', - 'network.dnsCacheEntries', - 'network.dnsCacheExpiration', - 'network.http.fast-fallback-to-IPv4', - 'offline-apps.quota.warn', - 'permissions.memory_only', - 'places.history.enabled', - 'plugin.state.flash', - 'privacy.clearOnShutdown.openWindows', - 'privacy.cpd.downloads', - 'privacy.cpd.openWindows', - 'privacy.resistFingerprinting.block_mozAddonManager', - 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.enabled', - 'privacy.trackingprotection.lower_network_priority', - 'privacy.trackingprotection.pbmode.enabled', - 'privacy.usercontext.about_newtab_segregation.enabled', - 'privacy.userContext.enabled', - 'privacy.userContext.longPressBehavior', - 'privacy.userContext.ui.enabled', - 'privacy.window.maxInnerHeight', - 'privacy.window.maxInnerWidth', - 'reader.parse-on-load.enabled', - 'security.mixed_content.block_display_content', - 'security.nocertdb', - 'security.ssl.require_safe_negotiation', - 'security.ssl3.dhe_rsa_aes_128_sha', - 'security.ssl3.dhe_rsa_aes_256_sha', - 'security.ssl3.ecdhe_ecdsa_aes_128_sha', - 'security.ssl3.ecdhe_rsa_aes_128_sha', - 'security.ssl3.rsa_aes_128_sha', - 'security.ssl3.rsa_aes_256_sha', - 'security.ssl3.rsa_des_ede3_sha', - 'services.blocklist.addons.collection', - 'services.blocklist.gfx.collection', - 'services.blocklist.onecrl.collection', - 'services.blocklist.plugins.collection', - 'signon.rememberSignons', - 'svg.disabled', - 'toolkit.cosmeticAnimations.enabled', - 'urlclassifier.trackingTable', - 'xpinstall.signatures.required', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 9c7170fc2691f1e60bcdf5cc0a8eb2bcbf68f760 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 16 May 2018 07:28:32 +1200 Subject: [PATCH 0784/1961] Create ghacks-clear-FF60inclusive-[deprecated].js --- ...ghacks-clear-FF60inclusive-[deprecated].js | 188 ++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js new file mode 100644 index 0000000..8977a8d --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js @@ -0,0 +1,188 @@ +/*** + This will reset the preferences that have been deprecated by Mozilla + and used in the ghacks user.js up to and including release 60-beta + + It is in reverse order, so feel free to remove sections that do not apply + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* deprecated */ + + /* ESR52.x users can remove sections 53-60 but it is not + crucial as your user.js will reinstate them */ + /* 60 */ + 'browser.newtabpage.directory.source', + 'browser.newtabpage.enhanced', + 'browser.newtabpage.introShown', + 'extensions.shield-recipe-client.enabled', + 'extensions.shield-recipe-client.api_url', + 'browser.newtabpage.activity-stream.enabled', + 'dom.workers.enabled', + 'view_source.tab', + /* 59 */ + 'intl.locale.matchOS', + 'general.useragent.locale', + 'datareporting.healthreport.about.reportUrl', + 'dom.flyweb.enabled', + 'security.mixed_content.use_hsts', + 'security.mixed_content.send_hsts_priming', + 'network.http.referer.userControlPolicy', + 'security.xpconnect.plugin.unrestricted', + 'media.getusermedia.screensharing.allowed_domains', + 'camera.control.face_detection.enabled', + 'dom.disable_window_status_change', + 'dom.idle-observers-api.enabled', + /* 58 : nothing */ + /* 57 */ + 'social.whitelist', + 'social.toast-notifications.enabled', + 'social.shareDirectory', + 'social.remote-install.enabled', + 'social.directories', + 'social.share.activationPanelEnabled', + 'social.enabled', + 'media.eme.chromium-api.enabled', + 'devtools.webide.autoinstallFxdtAdapters', + 'browser.casting.enabled', + 'browser.bookmarks.showRecentlyBookmarked', + /* 56 */ + 'extensions.screenshots.system-disabled', + 'extensions.formautofill.experimental', + /* 55 */ + 'geo.security.allowinsecure', + 'browser.selfsupport.enabled', + 'browser.selfsupport.url', + 'browser.newtabpage.directory.ping', + 'browser.formfill.saveHttpsForms', + 'browser.formautofill.enabled', + 'dom.enable_user_timing', + 'dom.keyboardevent.code.enabled', + 'browser.tabs.animate', + 'browser.fullscreen.animate', + /* 54 */ + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'media.eme.apiVisible', + 'dom.archivereader.enabled', + /* 53 */ + 'security.tls.unrestricted_rc4_fallback', + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'dom.beforeAfterKeyboardEvent.enabled', + /* End of ESR52.x section */ + + /* 52 */ + 'network.http.sendSecureXSiteReferrer', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'media.gmp-eme-adobe.autoupdate', + 'dom.telephony.enabled', + 'dom.battery.enabled', + /* 51 */ + 'media.block-play-until-visible', + 'dom.vr.oculus050.enabled', + 'network.http.spdy.enabled.v3-1', + /* 50 */ + 'browser.usedOnWindows10.introURL', + 'plugins.update.notifyUser', + 'browser.safebrowsing.enabled', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'plugins.update.url', + /* 49 */ + 'loop.enabled', + 'loop.server', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', + 'loop.facebook.appId', + 'loop.facebook.enabled', + 'loop.facebook.fallbackUrl', + 'loop.facebook.shareUrl', + 'loop.logDomains', + 'dom.disable_window_open_feature.scrollbars', + 'dom.push.udp.wakeupEnabled', + /* 48 */ + 'browser.urlbar.unifiedcomplete', + /* 47 */ + 'toolkit.telemetry.unifiedIsOptIn', + 'datareporting.healthreport.about.reportUrlUnified', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + /* 46 */ + 'datareporting.healthreport.service.enabled', + 'datareporting.healthreport.documentServerURI', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'browser.safebrowsing.appRepURL', + 'browser.polaris.enabled', + 'browser.pocket.enabled', + 'browser.pocket.api', + 'browser.pocket.site', + 'browser.pocket.oAuthConsumerKey', + /* 45 */ + 'browser.sessionstore.privacy_level_deferred', + /* 44 */ + 'browser.safebrowsing.provider.google.appRepURL', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'dom.workers.sharedWorkers.enabled', + 'dom.disable_image_src_set', + /* 43 */ + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.updateURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'pfs.datasource.url', + 'browser.search.showOneOffButtons', + /* 42 and earlier */ + 'privacy.clearOnShutdown.passwords', // 42 + 'full-screen-api.approval-required', // 42 + 'browser.safebrowsing.reportErrorURL', // 41 + 'browser.safebrowsing.reportGenericURL', // 41 + 'browser.safebrowsing.reportMalwareErrorURL', // 41 + 'browser.safebrowsing.reportMalwareURL', // 41 + 'browser.safebrowsing.reportURL', // 41 + 'plugins.enumerable_names', // 41 + 'network.http.spdy.enabled.http2draft', // 41 + 'camera.control.autofocus_moving_callback.enabled', // 37 + 'privacy.donottrackheader.value', // 36 + 'network.websocket.enabled', // 35 + 'dom.network.enabled', // 31 + 'pageThumbs.enabled', // 25 + + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From de7a8650f76d4ae2dc46723f9dd103fa19f3faf2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 16 May 2018 07:29:11 +1200 Subject: [PATCH 0785/1961] Create ghacks-clear-FF60inclusive-[removed].js --- .../ghacks-clear-FF60inclusive-[removed].js | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js new file mode 100644 index 0000000..568e4ee --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js @@ -0,0 +1,115 @@ +/*** + This will reset the preferences that have been removed completely + from the ghacks user.js up to and including release 60-beta + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* removed in ghacks user.js v52-57 */ + /* 52-alpha */ + 'browser.search.reset.enabled', + 'browser.search.reset.whitelist', + /* 54-alpha */ + 'browser.migrate.automigrate.enabled', + 'services.sync.enabled', + 'webextensions.storage.sync.enabled', + 'webextensions.storage.sync.serverURL', + /* 55-alpha */ + 'dom.keyboardevent.dispatch_during_composition', // default is false anyway + 'dom.vr.oculus.enabled', // covered by dom.vr.enabled + 'dom.vr.openvr.enabled', // ditto + 'dom.vr.osvr.enabled', // ditto + 'extensions.pocket.api', // covered by extensions.pocket.enabled + 'extensions.pocket.oAuthConsumerKey', // ditto + 'extensions.pocket.site', // ditto + /* 56-alpha: none */ + /* 57-alpha */ + 'geo.wifi.xhr.timeout', // covered by geo.enabled + 'browser.search.geoip.timeout', // ditto + 'media.webspeech.recognition.enable', // default is false anyway + 'gfx.layerscope.enabled', // default is false anyway + /* 58-alpha */ + // excluding these e10 settings + // 'browser.tabs.remote.autostart', + // 'browser.tabs.remote.autostart.2', + // 'browser.tabs.remote.force-enable', + // 'browser.tabs.remote.separateFileUriProcess', + // 'extensions.e10sBlocksEnabling', + // 'extensions.webextensions.remote', + // 'dom.ipc.processCount', + // 'dom.ipc.shims.enabledWarnings', + // 'dom.ipc.processCount.extension', + // 'dom.ipc.processCount.file', + // 'security.sandbox.content.level', + // 'dom.ipc.plugins.sandbox-level.default', + // 'dom.ipc.plugins.sandbox-level.flash', + // 'security.sandbox.logging.enabled', + 'dom.presentation.controller.enabled', + 'dom.presentation.discoverable', + 'dom.presentation.discovery.enabled', + 'dom.presentation.enabled', + 'dom.presentation.receiver.enabled', + 'dom.presentation.session_transport.data_channel.enable', + /* 59-alpha */ + 'browser.stopReloadAnimation.enabled', + 'browser.tabs.insertRelatedAfterCurrent', + 'browser.tabs.loadDivertedInBackground', + 'browser.tabs.loadInBackground', + 'browser.tabs.selectOwnerOnClose', + 'browser.urlbar.clickSelectsAll', + 'browser.urlbar.doubleClickSelectsAll', + 'media.flac.enabled', + 'media.mediasource.enabled', + 'media.mediasource.mp4.enabled', + 'media.mediasource.webm.audio.enabled', + 'media.mediasource.webm.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', + 'media.ogg.flac.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.wmf.amd.vp9.enabled', + 'media.wmf.enabled', + 'media.wmf.vp9.enabled', + 'ui.submenuDelay', + /* 60-beta - these were all at default anyway */ + 'device.storage.enabled', + 'general.useragent.compatMode.firefox', + 'network.dns.blockDotOnion', + 'network.stricttransportsecurity.preloadlist', + 'security.block_script_with_wrong_mime', + 'security.fileuri.strict_origin_policy', + 'security.sri.enable', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 5fc48a10276e35ed30c67f6595877b9518992cd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 16 May 2018 07:29:33 +1200 Subject: [PATCH 0786/1961] Create ghacks-clear-FF60inclusive-[RFP-alternatives].js --- ...-clear-FF60inclusive-[RFP-alternatives].js | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js new file mode 100644 index 0000000..f23c568 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js @@ -0,0 +1,59 @@ +/*** + This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js + up to and including release 60-beta. These are the prefs that are no longer necessary, + or they conflict with, privacy.resistFingerprinting if you have that enabled. + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* section 4600 */ + 'dom.maxHardwareConcurrency', + 'dom.enable_resource_timing', + 'dom.enable_performance', + 'device.sensors.enabled', + 'browser.zoom.siteSpecific', + 'dom.gamepad.enabled', + 'dom.netinfo.enabled', + 'media.webspeech.synth.enabled', + 'media.video_stats.enabled', + 'dom.w3c_touch_events.enabled', + 'media.ondevicechange.enabled', + 'webgl.enable-debug-renderer-info', + /* section 4700 */ + 'general.useragent.override', + 'general.buildID.override', + 'general.appname.override', + 'general.appversion.override', + 'general.platform.override', + 'general.oscpu.override', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From e5d23f6b40959ad1c368dc6a3a85b6cbf986034b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 May 2018 20:40:12 +0000 Subject: [PATCH 0787/1961] 60-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index f274582..4983e32 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 4 April 2018 -* version 60-alpha: Call Me Pants, Maybe +* date: 15 May 2018 +* version 60-beta: Call Me Pants, Maybe * "Your stare was holding, ripped JEANS, skin was showin'" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 02bac31e6af0d73b1f9f71842a5e25460c877d04 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 16 May 2018 18:31:28 +0200 Subject: [PATCH 0788/1961] nits (#423) --- user.js | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 4983e32..f6983a1 100644 --- a/user.js +++ b/user.js @@ -90,7 +90,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease // user_pref("geo.enabled", false); /* 0201b: set a default permission for Location (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location - * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Location>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale @@ -475,7 +475,7 @@ user_pref("network.proxy.socks_remote_dns", true); /* 0706: remove paths when sending URLs to PAC scripts (FF51+) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/1255474 ***/ -user_pref("network.proxy.autoconfig_url.include_path", false); +user_pref("network.proxy.autoconfig_url.include_path", false); // default: false /* 0707: disable (or setup) DNS-over-HTTPS (DoH) (FF60+) * TRR = Trusted Recursive Resolver * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result @@ -613,7 +613,7 @@ user_pref("signon.autofillForms", false); * Don't let sites dictate use of saved logins and passwords. Increase security through * stronger password use. The trade-off is the convenience. Some sites should never be * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ -user_pref("signon.storeWhenAutocompleteOff", true); +user_pref("signon.storeWhenAutocompleteOff", true); // default: true /* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); @@ -1033,7 +1033,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2024: set a default permission for Camera/Microphone (FF58+) * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone - * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Camera/Microphone>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2026: disable canvas capture stream @@ -1123,7 +1123,7 @@ user_pref("dom.webnotifications.enabled", false); // (FF22+) user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) /* 2305: set a default permission for Notifications (see 2304) (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications - * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Notifications>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block /* 2306: disable push notifications (FF44+) * web apps can receive messages pushed to them from a server, whether or @@ -1303,7 +1303,9 @@ user_pref("pdfjs.disabled", false); /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ user_pref("browser.download.folderList", 2); -/* 2651: enforce user interaction for security by always asking the user where to download ***/ +/* 2651: enforce user interaction for security by always asking the user where to download + * [SETTING] General>Downloads>Always ask you where to save files + * [SETTING-ESR52] General>Downloads>Always ask me where to save files ***/ user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); @@ -1748,7 +1750,7 @@ user_pref("pageThumbs.enabled", false); // 2503: (31+) disable network API - replaced by dom.netinfo.enabled // [-] https://bugzilla.mozilla.org/960426 user_pref("dom.network.enabled", false); -// 2600s: (35+) disable WebSockets +// 2600's: (35+) disable WebSockets // [-] https://bugzilla.mozilla.org/1091016 user_pref("network.websocket.enabled", false); // 1610: (36+) set DNT "value" to "not be tracked" (FF21+) @@ -1806,7 +1808,7 @@ user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safe // 1200's: block rc4 whitelist // [-] https://bugzilla.mozilla.org/1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2300s: disable SharedWorkers +// 2300's: disable SharedWorkers // [1] https://trac.torproject.org/projects/tor/ticket/15562 // [-] https://bugzilla.mozilla.org/1207635 user_pref("dom.workers.sharedWorkers.enabled", false); @@ -2043,7 +2045,7 @@ user_pref("media.eme.chromium-api.enabled", false); // (FF55+) // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); -// 2600s: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku +// 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 user_pref("browser.casting.enabled", false); @@ -2104,7 +2106,7 @@ user_pref("dom.idle-observers-api.enabled", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield (FF53-FF59) - replaced internally by Normandy (see 0503) +// 0512: disable Shield (FF53+) - replaced internally by Normandy (see 0503) // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" // [1] https://wiki.mozilla.org/Firefox/Shield // [2] https://github.com/mozilla/normandy @@ -2118,7 +2120,7 @@ user_pref("browser.newtabpage.activity-stream.enabled", false); // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [-] https://bugzilla.mozilla.org/1434934 user_pref("dom.workers.enabled", false); -// 5000s: open "page/selection source" in a new window +// 5000's: open "page/selection source" in a new window // [-] https://bugzilla.mozilla.org/1418403 // user_pref("view_source.tab", false); // * * * / From a635ae5dfb0d3b2764c8855ac1ddc1032e07a9f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 08:55:19 +0000 Subject: [PATCH 0789/1961] 2730 + 2750: Storage API + Offline Cache https://bugzilla.mozilla.org/show_bug.cgi?id=1450448 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index f6983a1..a5db5f9 100644 --- a/user.js +++ b/user.js @@ -1410,7 +1410,7 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); /* 2730: disable offline cache - * [NOTE] This is required 'true' for Storage API (2750) ***/ + * [NOTE] For FF60 and under, this is required 'true' for Storage API (2750) ***/ // user_pref("browser.cache.offline.enable", false); /* 2730b: disable offline cache on insecure sites (FF60+) * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ @@ -1433,7 +1433,7 @@ user_pref("dom.caches.enabled", false); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] If Storage API is enabled, then Offline Cache (2730) must be also be enabled + * [NOTE] For FF60 and under, if Storage API is enabled, then Offline Cache (2730) must be also be enabled * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ From 3a77e18ae8fa6a2b5c0a01ac8aa1ebfeb8acfc25 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 11:07:06 +0000 Subject: [PATCH 0790/1961] RFP: OS locale & HTTP Accept-Language header https://bugzilla.mozilla.org/show_bug.cgi?id=1459089 . When/if it gets uplifted to 61, I'll update. --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index a5db5f9..4c969a0 100644 --- a/user.js +++ b/user.js @@ -1576,6 +1576,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) + ** 1459089 - disable OS locale in HTTP Accept-Language headers (FF62+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From d6a7531c677faa22ccffb114923c081117867e73 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 17:05:29 +0000 Subject: [PATCH 0791/1961] 1803: flash/java/npapi fixes #433 --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 4c969a0..df96c7f 100644 --- a/user.js +++ b/user.js @@ -968,11 +968,13 @@ user_pref("plugin.defaultXpi.state", 0); /* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example) - * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config +/* 1803: disable Flash, Java and other NPAPI plugins (Add-ons>Plugins) + * 0=deactivated, 1=ask, 2=enabled + * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ - // user_pref("plugin.state.flash", 0); +user_pref("plugin.state.flash", 0); +user_pref("plugin.state.java", 0); // check plugin.state* for other NPAPIs /* 1805: disable scanning for plugins [WINDOWS] * [1] http://kb.mozillazine.org/Plugin_scanning * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. From 87ce12925d5fa14dd4ae641a581058b732a35af6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 17:21:49 +0000 Subject: [PATCH 0792/1961] 1803: tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index df96c7f..f4568f3 100644 --- a/user.js +++ b/user.js @@ -968,7 +968,7 @@ user_pref("plugin.defaultXpi.state", 0); /* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: disable Flash, Java and other NPAPI plugins (Add-ons>Plugins) +/* 1803: disable NPAPI plugins (Add-ons>Plugins) * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions From a8051b88e43a1c32bbd9e97380b0683d0f979f93 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 17:41:25 +0000 Subject: [PATCH 0793/1961] 1803: 3rd time's a charm --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f4568f3..d4bea4d 100644 --- a/user.js +++ b/user.js @@ -971,10 +971,11 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: disable NPAPI plugins (Add-ons>Plugins) * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash + * [NOTE] ESR52 users should check plugin.state* for other installed NPAPI plugins * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ user_pref("plugin.state.flash", 0); -user_pref("plugin.state.java", 0); // check plugin.state* for other NPAPIs +user_pref("plugin.state.java", 0); /* 1805: disable scanning for plugins [WINDOWS] * [1] http://kb.mozillazine.org/Plugin_scanning * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. From 0a63b6545d3441f352c23b3caf17bd89f16b88e7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 May 2018 17:53:16 +0000 Subject: [PATCH 0794/1961] 4500: tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d4bea4d..57dcf32 100644 --- a/user.js +++ b/user.js @@ -1579,7 +1579,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) - ** 1459089 - disable OS locale in HTTP Accept-Language headers (FF62+) + ** 1459089 - disable OS locale in HTTP Accept-Language headers [ANDROID] (FF62+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From c66d1b08e7c634d3a8aa3da8134d1c364fe98a1b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 02:07:10 +0000 Subject: [PATCH 0795/1961] remove network.http.fast-fallback-to-IPv4 #433 the default is true anyway for ESR52.x and FF60+ (and I assume for FF52+) branches --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 57dcf32..e6b3b0b 100644 --- a/user.js +++ b/user.js @@ -450,7 +450,6 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ // user_pref("network.dns.disableIPv6", true); - // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities From 35a9d3d1e1f3409665f09f9ac6fe68dcdf28bf50 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 04:03:59 +0000 Subject: [PATCH 0796/1961] 0505: system add-on updates, fixes #172 Note: I am not 100% sure what happens with an app update. If this is divorced from that check now, you should be able to get FF updated without any system addons. We'll have to wait until 62 needs an update to test it. In the meantime I've edited the [NOTE]. I've also left this inactive (eg imagine if they pushed a critical update for formfill), so this is an end-user decision. Added to sticky to revisit this pref --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e6b3b0b..23614c5 100644 --- a/user.js +++ b/user.js @@ -352,8 +352,9 @@ user_pref("network.allow-experiments", false); user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); -/* 0505: block URL used for System Add-on updates (FF44+) - * [NOTE] You will not get any System Add-on updates except when you update Firefox ***/ +/* 0505: disable System Add-on updates + * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/ + // user_pref("extensions.systemAddon.update.enabled", false); // (FF62+) // user_pref("extensions.systemAddon.update.url", ""); /* 0506: disable PingCentre telemetry (used in several System Add-ons) (FF57+) * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ From 449e32a8ca8d46ff6499d27ee1bed01e4c525b2c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 04:28:03 +0000 Subject: [PATCH 0797/1961] 2202: cleanup #434 both these removed prefs are enforcing the default in ESR52.x and FF60+ (and I assume FF52+) branches --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 23614c5..b828d4a 100644 --- a/user.js +++ b/user.js @@ -1068,9 +1068,7 @@ user_pref("dom.disable_window_open_feature.resizable", true); // default: true user_pref("dom.disable_window_open_feature.status", true); // status bar - default: true user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2202: disable meddling with open windows ***/ -user_pref("dom.allow_scripts_to_close_windows", false); // default: false -user_pref("dom.disable_window_flip", true); // window z-order - default: true +/* 2202: prevent scripts moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. From f60a87f97f2d394441313bd4aa98dbc0a33de3be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 14:44:44 +0000 Subject: [PATCH 0798/1961] 2730s: cleanup/removal #434 2732 was just enforcing default since at least FF52, and 2733 has never been used, was only there for info. Offline Cache or appCache (2730) is already behind a prompt (2731), and is already limited (in FF60+) to HTTPS (2730b). --- user.js | 7 ------- 1 file changed, 7 deletions(-) diff --git a/user.js b/user.js index b828d4a..cfedbae 100644 --- a/user.js +++ b/user.js @@ -1420,13 +1420,6 @@ user_pref("browser.cache.offline.insecure.enable", false); * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2732: display a notification when websites ask to store data for offline use - * [SETTING-ESR52] Advanced>Network>Tell me when a website asks to store data for offline use ***/ -user_pref("browser.offline-apps.notify", true); -/* 2733: set size of warning quota for offline cache (default 51200) - * Offline cache is only used in rare cases to store data locally. FF will store small amounts - * (default <50MB) of data in the offline (application) cache without asking for permission. ***/ - // user_pref("offline-apps.quota.warn", 51200); /* 2740: disable service workers cache and cache storage * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ user_pref("dom.caches.enabled", false); From 8e60f412e47453c798e83c530e0bb2570386c143 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 14:52:22 +0000 Subject: [PATCH 0799/1961] Update ghacks-clear-FF60inclusive-[removed].js --- scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js index 568e4ee..46f3e23 100644 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js @@ -85,6 +85,12 @@ 'security.block_script_with_wrong_mime', 'security.fileuri.strict_origin_policy', 'security.sri.enable', + /* after 60-beta - there were inactive or at default anyway */ + 'browser.offline-apps.notify', + 'dom.allow_scripts_to_close_windows', + 'dom.disable_window_flip', + 'network.http.fast-fallback-to-IPv4', + 'offline-apps.quota.warn', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 6d4b49d061db707401d15cdea4c512c9cef87220 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 14:53:11 +0000 Subject: [PATCH 0800/1961] Update ghacks-clear-FF60inclusive-[removed].js --- scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js index 46f3e23..0d56b32 100644 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js @@ -85,7 +85,7 @@ 'security.block_script_with_wrong_mime', 'security.fileuri.strict_origin_policy', 'security.sri.enable', - /* after 60-beta - there were inactive or at default anyway */ + /* after 60-beta - these were inactive or at default anyway */ 'browser.offline-apps.notify', 'dom.allow_scripts_to_close_windows', 'dom.disable_window_flip', From 01bd2a4f6d414f0c877afefe69356444e050f08a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 May 2018 15:44:27 +0000 Subject: [PATCH 0801/1961] 0422: TP block lists: deduplicate, fixes #434 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index cfedbae..01bd2cd 100644 --- a/user.js +++ b/user.js @@ -300,11 +300,11 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /* 0421: enable more Tracking Protection choices under Options>Privacy & Security>Use Tracking Protection * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); -/* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE! +/* 0422: set which Tracking Protection block list to use + * [WARNING] We don't recommend enforcing this from here, as available block lists can change * [SETTING] Privacy & Security>Tracking Protection>Change Block List * [SETTING-ESR52] Privacy>Use Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/1237198 ***/ From fde8035332241c7621089f208d3f4994d9eed6eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 04:58:53 +1200 Subject: [PATCH 0802/1961] Delete ghacks-clear-FF60inclusive-[removed].js --- .../ghacks-clear-FF60inclusive-[removed].js | 121 ------------------ 1 file changed, 121 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js deleted file mode 100644 index 0d56b32..0000000 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js +++ /dev/null @@ -1,121 +0,0 @@ -/*** - This will reset the preferences that have been removed completely - from the ghacks user.js up to and including release 60-beta - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* removed in ghacks user.js v52-57 */ - /* 52-alpha */ - 'browser.search.reset.enabled', - 'browser.search.reset.whitelist', - /* 54-alpha */ - 'browser.migrate.automigrate.enabled', - 'services.sync.enabled', - 'webextensions.storage.sync.enabled', - 'webextensions.storage.sync.serverURL', - /* 55-alpha */ - 'dom.keyboardevent.dispatch_during_composition', // default is false anyway - 'dom.vr.oculus.enabled', // covered by dom.vr.enabled - 'dom.vr.openvr.enabled', // ditto - 'dom.vr.osvr.enabled', // ditto - 'extensions.pocket.api', // covered by extensions.pocket.enabled - 'extensions.pocket.oAuthConsumerKey', // ditto - 'extensions.pocket.site', // ditto - /* 56-alpha: none */ - /* 57-alpha */ - 'geo.wifi.xhr.timeout', // covered by geo.enabled - 'browser.search.geoip.timeout', // ditto - 'media.webspeech.recognition.enable', // default is false anyway - 'gfx.layerscope.enabled', // default is false anyway - /* 58-alpha */ - // excluding these e10 settings - // 'browser.tabs.remote.autostart', - // 'browser.tabs.remote.autostart.2', - // 'browser.tabs.remote.force-enable', - // 'browser.tabs.remote.separateFileUriProcess', - // 'extensions.e10sBlocksEnabling', - // 'extensions.webextensions.remote', - // 'dom.ipc.processCount', - // 'dom.ipc.shims.enabledWarnings', - // 'dom.ipc.processCount.extension', - // 'dom.ipc.processCount.file', - // 'security.sandbox.content.level', - // 'dom.ipc.plugins.sandbox-level.default', - // 'dom.ipc.plugins.sandbox-level.flash', - // 'security.sandbox.logging.enabled', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - /* 59-alpha */ - 'browser.stopReloadAnimation.enabled', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.doubleClickSelectsAll', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'ui.submenuDelay', - /* 60-beta - these were all at default anyway */ - 'device.storage.enabled', - 'general.useragent.compatMode.firefox', - 'network.dns.blockDotOnion', - 'network.stricttransportsecurity.preloadlist', - 'security.block_script_with_wrong_mime', - 'security.fileuri.strict_origin_policy', - 'security.sri.enable', - /* after 60-beta - these were inactive or at default anyway */ - 'browser.offline-apps.notify', - 'dom.allow_scripts_to_close_windows', - 'dom.disable_window_flip', - 'network.http.fast-fallback-to-IPv4', - 'offline-apps.quota.warn', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 4b8b2d81a00133f0a49e143ea9ecdb44284ef7a1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 05:00:04 +1200 Subject: [PATCH 0803/1961] Create ghacks-clear-[removed].js --- scratchpad-scripts/ghacks-clear-[removed].js | 122 +++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js new file mode 100644 index 0000000..546d685 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -0,0 +1,122 @@ +/*** + This will reset the preferences that have been removed completely from the ghacks user.js. + + Last updated: 25-May-2018 + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* removed in ghacks user.js v52-57 */ + /* 52-alpha */ + 'browser.search.reset.enabled', + 'browser.search.reset.whitelist', + /* 54-alpha */ + 'browser.migrate.automigrate.enabled', + 'services.sync.enabled', + 'webextensions.storage.sync.enabled', + 'webextensions.storage.sync.serverURL', + /* 55-alpha */ + 'dom.keyboardevent.dispatch_during_composition', // default is false anyway + 'dom.vr.oculus.enabled', // covered by dom.vr.enabled + 'dom.vr.openvr.enabled', // ditto + 'dom.vr.osvr.enabled', // ditto + 'extensions.pocket.api', // covered by extensions.pocket.enabled + 'extensions.pocket.oAuthConsumerKey', // ditto + 'extensions.pocket.site', // ditto + /* 56-alpha: none */ + /* 57-alpha */ + 'geo.wifi.xhr.timeout', // covered by geo.enabled + 'browser.search.geoip.timeout', // ditto + 'media.webspeech.recognition.enable', // default is false anyway + 'gfx.layerscope.enabled', // default is false anyway + /* 58-alpha */ + // excluding these e10 settings + // 'browser.tabs.remote.autostart', + // 'browser.tabs.remote.autostart.2', + // 'browser.tabs.remote.force-enable', + // 'browser.tabs.remote.separateFileUriProcess', + // 'extensions.e10sBlocksEnabling', + // 'extensions.webextensions.remote', + // 'dom.ipc.processCount', + // 'dom.ipc.shims.enabledWarnings', + // 'dom.ipc.processCount.extension', + // 'dom.ipc.processCount.file', + // 'security.sandbox.content.level', + // 'dom.ipc.plugins.sandbox-level.default', + // 'dom.ipc.plugins.sandbox-level.flash', + // 'security.sandbox.logging.enabled', + 'dom.presentation.controller.enabled', + 'dom.presentation.discoverable', + 'dom.presentation.discovery.enabled', + 'dom.presentation.enabled', + 'dom.presentation.receiver.enabled', + 'dom.presentation.session_transport.data_channel.enable', + /* 59-alpha */ + 'browser.stopReloadAnimation.enabled', + 'browser.tabs.insertRelatedAfterCurrent', + 'browser.tabs.loadDivertedInBackground', + 'browser.tabs.loadInBackground', + 'browser.tabs.selectOwnerOnClose', + 'browser.urlbar.clickSelectsAll', + 'browser.urlbar.doubleClickSelectsAll', + 'media.flac.enabled', + 'media.mediasource.enabled', + 'media.mediasource.mp4.enabled', + 'media.mediasource.webm.audio.enabled', + 'media.mediasource.webm.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', + 'media.ogg.flac.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.wmf.amd.vp9.enabled', + 'media.wmf.enabled', + 'media.wmf.vp9.enabled', + 'ui.submenuDelay', + /* 60-beta - these were all at default anyway */ + 'device.storage.enabled', + 'general.useragent.compatMode.firefox', + 'network.dns.blockDotOnion', + 'network.stricttransportsecurity.preloadlist', + 'security.block_script_with_wrong_mime', + 'security.fileuri.strict_origin_policy', + 'security.sri.enable', + /* 61-beta - these were inactive or at default anyway */ + 'browser.offline-apps.notify', + 'dom.allow_scripts_to_close_windows', + 'dom.disable_window_flip', + 'network.http.fast-fallback-to-IPv4', + 'offline-apps.quota.warn', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 3edf7af85eb6f0bf9690e17b2100c5ff62e3fa3d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 16:45:46 +0000 Subject: [PATCH 0804/1961] 0101: cleanup, see #434 --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 01bd2cd..f36bc5a 100644 --- a/user.js +++ b/user.js @@ -68,8 +68,6 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable "slow startup" options * warnings, disk history, welcomes, intros, EULA, default browser check ***/ user_pref("browser.slowStartup.notificationDisabled", true); -user_pref("browser.slowStartup.maxSamples", 0); -user_pref("browser.slowStartup.samples", 0); user_pref("browser.rights.3.shown", true); user_pref("browser.startup.homepage_override.mstone", "ignore"); user_pref("startup.homepage_welcome_url", ""); From 2bf238f38486f31986229b4c44e7728f8d32023c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 16:49:39 +0000 Subject: [PATCH 0805/1961] updated to 26-May-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 546d685..0d2cc51 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 25-May-2018 + Last updated: 26-May-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -86,12 +86,14 @@ 'security.block_script_with_wrong_mime', 'security.fileuri.strict_origin_policy', 'security.sri.enable', - /* 61-beta - these were inactive or at default anyway */ + /* 61-beta */ 'browser.offline-apps.notify', 'dom.allow_scripts_to_close_windows', 'dom.disable_window_flip', 'network.http.fast-fallback-to-IPv4', 'offline-apps.quota.warn', + 'browser.slowStartup.maxSamples' + 'browser.slowStartup.samples', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 3e5667fb3438bce37ad7e504f8625f6af7562acc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 18:48:38 +0000 Subject: [PATCH 0806/1961] 0101: more cleanup, #434 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index f36bc5a..c9bcf1b 100644 --- a/user.js +++ b/user.js @@ -67,7 +67,6 @@ user_pref("general.warnOnAboutConfig", false); user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable "slow startup" options * warnings, disk history, welcomes, intros, EULA, default browser check ***/ -user_pref("browser.slowStartup.notificationDisabled", true); user_pref("browser.rights.3.shown", true); user_pref("browser.startup.homepage_override.mstone", "ignore"); user_pref("startup.homepage_welcome_url", ""); From c92ece796091a49e05721d00c095eeb3ea6baebf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 May 2018 18:49:44 +0000 Subject: [PATCH 0807/1961] updated 26-May-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 0d2cc51..cd3923d 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -94,6 +94,7 @@ 'offline-apps.quota.warn', 'browser.slowStartup.maxSamples' 'browser.slowStartup.samples', + 'browser.slowStartup.notificationDisabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From f113cf84c33771ce6be58c06fccf75ef1468f248 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 May 2018 21:40:47 +0000 Subject: [PATCH 0808/1961] 0101: cleanup `rights.3` #434 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index c9bcf1b..996186b 100644 --- a/user.js +++ b/user.js @@ -67,7 +67,6 @@ user_pref("general.warnOnAboutConfig", false); user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable "slow startup" options * warnings, disk history, welcomes, intros, EULA, default browser check ***/ -user_pref("browser.rights.3.shown", true); user_pref("browser.startup.homepage_override.mstone", "ignore"); user_pref("startup.homepage_welcome_url", ""); user_pref("startup.homepage_welcome_url.additional", ""); From 9a4032f4cd5d585cd46e9424b3d8954a195e9125 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 May 2018 21:43:38 +0000 Subject: [PATCH 0809/1961] updated 27-May-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index cd3923d..b7860c0 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 26-May-2018 + Last updated: 27-May-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -95,6 +95,7 @@ 'browser.slowStartup.maxSamples' 'browser.slowStartup.samples', 'browser.slowStartup.notificationDisabled', + 'browser.rights.3.shown', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From acc5a1c2df5ed3cd12d551bfaf16505589f5d158 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 29 May 2018 02:25:54 +0000 Subject: [PATCH 0810/1961] 0101 welcomes+whatsnew -> 5000s #434 --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 996186b..e2cd923 100644 --- a/user.js +++ b/user.js @@ -65,12 +65,7 @@ user_pref("general.warnOnAboutConfig", false); /*** 0100: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); -/* 0101: disable "slow startup" options - * warnings, disk history, welcomes, intros, EULA, default browser check ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); -user_pref("startup.homepage_welcome_url", ""); -user_pref("startup.homepage_welcome_url.additional", ""); -user_pref("startup.homepage_override_url", ""); // what's new page after updates +/* 0101: disable some startup options ***/ user_pref("browser.laterrun.enabled", false); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) @@ -1697,6 +1692,11 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow /*** 5000: PERSONAL [SETUP] Non-project related but useful. If any of these interest you, add them to your overrides ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); +/* WELCOME & WHAT's NEW NOTICES ***/ + // user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch + // user_pref("startup.homepage_welcome_url", ""); + // user_pref("startup.homepage_welcome_url.additional", ""); + // user_pref("startup.homepage_override_url", ""); // What's New page after updates /* WARNINGS ***/ // user_pref("browser.tabs.warnOnClose", false); // user_pref("browser.tabs.warnOnCloseOtherTabs", false); From 9b1cf28e89d964e09de295d95639a8f25fb38f55 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 29 May 2018 16:09:02 +0000 Subject: [PATCH 0811/1961] 0101: cleanup `laterrun` #434 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e2cd923..3dd6a03 100644 --- a/user.js +++ b/user.js @@ -65,8 +65,8 @@ user_pref("general.warnOnAboutConfig", false); /*** 0100: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); -/* 0101: disable some startup options ***/ -user_pref("browser.laterrun.enabled", false); +/* 0101: disable default browser check + * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) * [SETTING] General>Startup>When Firefox starts ***/ From 7f1f9e124b11a0644ef5e67d59b770c9bef018eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 29 May 2018 16:12:07 +0000 Subject: [PATCH 0812/1961] updated 29-May-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index b7860c0..e84e6c6 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -87,15 +87,16 @@ 'security.fileuri.strict_origin_policy', 'security.sri.enable', /* 61-beta */ + 'browser.laterrun.enabled', 'browser.offline-apps.notify', + 'browser.rights.3.shown', + 'browser.slowStartup.maxSamples' + 'browser.slowStartup.notificationDisabled', + 'browser.slowStartup.samples', 'dom.allow_scripts_to_close_windows', 'dom.disable_window_flip', 'network.http.fast-fallback-to-IPv4', 'offline-apps.quota.warn', - 'browser.slowStartup.maxSamples' - 'browser.slowStartup.samples', - 'browser.slowStartup.notificationDisabled', - 'browser.rights.3.shown', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From b8b3a4f7ed0903937b5e5bc7303d1605e33710cf Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 29 May 2018 19:06:06 +0200 Subject: [PATCH 0813/1961] enable DNT header by default pros and cons: see https://github.com/ghacksuserjs/ghacks-user.js/issues/422#issuecomment-392789507 + follow-up comments --- user.js | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 3dd6a03..ce80351 100644 --- a/user.js +++ b/user.js @@ -918,15 +918,11 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 * TBB (Tor Browser Bundle) which is specifically designed for the dark web * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); -/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS - * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined. - * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy. - * Sending a DNT header *highly likely* raises entropy, especially in standard windows. +/* 1610: ALL: enable the DNT (Do Not Track) HTTP header * [SETTING] Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... * [SETTING-ESR52] Privacy>Use Tracking Protecting>manage your Do Not Track settings - * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (e.g. in default PB Mode) - * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ -user_pref("privacy.donottrackheader.enabled", false); + * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ +user_pref("privacy.donottrackheader.enabled", true); /*** 1700: CONTAINERS [SETUP] [1] https://support.mozilla.org/kb/containers-experiment From 3264fbd9c3171515f8fc26a436064b390753c6ac Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 May 2018 01:27:20 +0000 Subject: [PATCH 0814/1961] finalize 60 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ce80351..89b9724 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 15 May 2018 -* version 60-beta: Call Me Pants, Maybe +* date: 30 May 2018 +* version 60: Call Me Pants, Maybe * "Your stare was holding, ripped JEANS, skin was showin'" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 8783ae9ce8541966274a6916b9f14446c6508352 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 May 2018 01:35:51 +0000 Subject: [PATCH 0815/1961] start 61 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 89b9724..621d005 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 30 May 2018 -* version 60: Call Me Pants, Maybe -* "Your stare was holding, ripped JEANS, skin was showin'" +* version 61-alpha: You Can't Hurry Pants +* "My mama said, "You can't hurry pants. No, you'll just have to wait"" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From c61e633236f030a279d38906cdb4849005260348 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 1 Jun 2018 04:32:52 +0000 Subject: [PATCH 0816/1961] 0707: added ref link --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 621d005..c968abb 100644 --- a/user.js +++ b/user.js @@ -471,7 +471,8 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // default: false * TRR = Trusted Recursive Resolver * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) - * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ ***/ + * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ + * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ // user_pref("network.trr.mode", 0); // user_pref("network.trr.bootstrapAddress", ""); // user_pref("network.trr.uri", ""); From a4a9b9a675df5f43e32d82062bd32e29f1ff4936 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Jun 2018 00:23:16 +0000 Subject: [PATCH 0817/1961] cleanup #426 Both deprecated in FF61, but we'll remove them from the user.js - `services.blocklist.signing.enforced` is default true since FF50 - `browser.storageManager.enabled` only controls "Site Data" UI visibility --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index c968abb..064d24f 100644 --- a/user.js +++ b/user.js @@ -227,7 +227,6 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/ user_pref("services.blocklist.update_enabled", true); -user_pref("services.blocklist.signing.enforced", true); /* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates // user_pref("services.blocklist.addons.collection", ""); @@ -1420,7 +1419,6 @@ user_pref("dom.caches.enabled", false); * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ // user_pref("dom.storageManager.enabled", false); // (FF51+) - // user_pref("browser.storageManager.enabled", false); // controls "Site Data" UI visibility (FF53+) /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From d9a1c83300f6aab3622d55f8b157304a254037a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Jun 2018 00:27:20 +0000 Subject: [PATCH 0818/1961] updated 03-Jun-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index e84e6c6..5dff5dd 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -93,10 +93,12 @@ 'browser.slowStartup.maxSamples' 'browser.slowStartup.notificationDisabled', 'browser.slowStartup.samples', + 'browser.storageManager.enabled', 'dom.allow_scripts_to_close_windows', 'dom.disable_window_flip', 'network.http.fast-fallback-to-IPv4', 'offline-apps.quota.warn', + 'services.blocklist.signing.enforced', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From a2b5e1e7cfec152a94d3ec869591246b2cd2b47a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Jun 2018 00:28:43 +0000 Subject: [PATCH 0819/1961] updated 03-Jun-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 5dff5dd..c7e33f7 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 27-May-2018 + Last updated: 03-Jun-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] From 05021ac62e4f33bd72e1d8dc00a28883715b66ae Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 20 Jun 2018 05:05:48 +0000 Subject: [PATCH 0820/1961] 2300: workers, fixes #446 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 064d24f..97e6a2a 100644 --- a/user.js +++ b/user.js @@ -1086,7 +1086,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); including service and shared workers. Shared workers can be utilized by multiple scripts and communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter). + [WARNING] Disabling "web workers" might break sites [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 @@ -2103,6 +2103,7 @@ user_pref("extensions.shield-recipe-client.api_url", ""); // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); // 2301: disable workers + // [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter) // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [-] https://bugzilla.mozilla.org/1434934 user_pref("dom.workers.enabled", false); From 1eac4185d23291dbb542c308eba34011da5220f1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Jun 2018 03:48:47 +0000 Subject: [PATCH 0821/1961] 4500: RFP geo reverted 63+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 97e6a2a..31e404a 100644 --- a/user.js +++ b/user.js @@ -1539,7 +1539,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201, 0211) (FF56+) + ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0211) (FF56-62) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) From 56acb4cff590941bb5b1e2a0fe491941bb653f96 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Jul 2018 09:15:44 +0000 Subject: [PATCH 0822/1961] disable UNC paths --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 31e404a..cf99c44 100644 --- a/user.js +++ b/user.js @@ -478,6 +478,9 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // default: false /* 0708: disable FTP (FF60+) * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ // user_pref("network.ftp.enabled", false); +/* 0709: disable using UNC (Uniform Naming Convention) paths (FF61+) + * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ +user_pref("network.file.disable_unc_paths", true); // (hidden pref) /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private From 9386fb55819f960842a5328cb614e13899f5d805 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Jul 2018 09:41:30 +0000 Subject: [PATCH 0823/1961] 61 deprecated/removed prefs --- user.js | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index cf99c44..177d959 100644 --- a/user.js +++ b/user.js @@ -327,12 +327,6 @@ user_pref("privacy.trackingprotection.ui.enabled", true); [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions ***/ user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); -/* 0501: disable experiments - * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/ -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("experiments.supported", false); -user_pref("experiments.activeExperiment", false); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); /* 0503: disable Normandy/Shield (FF60+) @@ -1245,12 +1239,6 @@ user_pref("mathml.disabled", true); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2612: disable remote JAR files being opened, regardless of content type (FF42+) - * [1] https://bugzilla.mozilla.org/1173171 - * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/ -user_pref("network.jar.block-remote-files", true); -/* 2613: disable JAR from opening Unsafe File Types ***/ -user_pref("network.jar.open-unsafe-types", false); /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ @@ -2116,5 +2104,26 @@ user_pref("dom.workers.enabled", false); // * * * / // ***/ +/* ESR60.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF61 +// 0501: disable experiments + // [1] https://wiki.mozilla.org/Telemetry/Experiments + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 +user_pref("experiments.enabled", false); +user_pref("experiments.manifest.uri", ""); +user_pref("experiments.supported", false); +user_pref("experiments.activeExperiment", false); +// 2612: disable remote JAR files being opened, regardless of content type (FF42+) + // [1] https://bugzilla.mozilla.org/1173171 + // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 +user_pref("network.jar.block-remote-files", true); +// 2613: disable JAR from opening Unsafe File Types + // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 +user_pref("network.jar.open-unsafe-types", false); +// * * * / +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From dceef9d1dbb8060be767f9fce3d7f3f07f3803f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Jul 2018 12:53:21 +0000 Subject: [PATCH 0824/1961] 0503: disable savant --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 177d959..759a470 100644 --- a/user.js +++ b/user.js @@ -336,6 +336,7 @@ user_pref("network.allow-experiments", false); user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); +user_pref("shield.savant.enabled", false); // (FF61+) /* 0505: disable System Add-on updates * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.enabled", false); // (FF62+) From 70abeda9d495edd72d5ca580233af17994e9ba49 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Jul 2018 16:49:26 +0000 Subject: [PATCH 0825/1961] 2730 + 2750: Storage API + Offline Cache https://bugzilla.mozilla.org/show_bug.cgi?id=1450448#c20 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 759a470..165f74d 100644 --- a/user.js +++ b/user.js @@ -1390,7 +1390,7 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); /* 2730: disable offline cache - * [NOTE] For FF60 and under, this is required 'true' for Storage API (2750) ***/ + * [NOTE] For FF60.0.1 and under, this is required 'true' for Storage API (2750) ***/ // user_pref("browser.cache.offline.enable", false); /* 2730b: disable offline cache on insecure sites (FF60+) * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ @@ -1406,7 +1406,7 @@ user_pref("dom.caches.enabled", false); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] For FF60 and under, if Storage API is enabled, then Offline Cache (2730) must be also be enabled + * [NOTE] For FF60.0.1 and under, if Storage API is enabled, then Offline Cache (2730) must be also be enabled * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ From d34894e9656cddcdf32c177a15e088e2316e0543 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 5 Jul 2018 10:16:20 +0000 Subject: [PATCH 0826/1961] 2730 + 2750: Storage API + Offline Cache ESR52.x doesn't use the new site storage UI. FF61+ the issue is resolved, so let's enforce offline cache (2730) as false again --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 165f74d..813cf17 100644 --- a/user.js +++ b/user.js @@ -1390,8 +1390,8 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ // user_pref("dom.indexedDB.enabled", false); /* 2730: disable offline cache - * [NOTE] For FF60.0.1 and under, this is required 'true' for Storage API (2750) ***/ - // user_pref("browser.cache.offline.enable", false); + * [NOTE] For FF51-FF60 (ESR not included), this is required 'true' for Storage API (2750) ***/ +user_pref("browser.cache.offline.enable", false); /* 2730b: disable offline cache on insecure sites (FF60+) * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ user_pref("browser.cache.offline.insecure.enable", false); @@ -1402,15 +1402,15 @@ user_pref("offline-apps.allow_by_default", false); /* 2740: disable service workers cache and cache storage * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ user_pref("dom.caches.enabled", false); -/* 2750: disable Storage API +/* 2750: disable Storage API (FF51+) * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] For FF60.0.1 and under, if Storage API is enabled, then Offline Cache (2730) must be also be enabled + * [NOTE] For FF51-FF60 (ESR not included), if Storage API is enabled, then Offline Cache (2730) must be also be enabled * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ - // user_pref("dom.storageManager.enabled", false); // (FF51+) + // user_pref("dom.storageManager.enabled", false); /*** 2800: SHUTDOWN [SETUP] You should set the values to what suits you best. Be aware that the settings below clear From c9543519c787c37bdaa2602b3e5938de6b4efca0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 5 Jul 2018 15:32:19 +0000 Subject: [PATCH 0827/1961] 0100s: startpage, home+newwindow, newtab FF61 introduced quite a few changes, including removing the ability to set a blank startpage in the UI, and a new Home options tab with unified Activity Stream (AS) defaults and dropdown options. Because the only way to stop AS on startup is to enforce a blank page (pref 0102), and setting this auto changes `home+newwindow` (0103) and `newtab` (0104) to a blank page, then we're just going to go ahead and enforce that on all of them. For more info see the discussion in #426 --- user.js | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 813cf17..85ecfdc 100644 --- a/user.js +++ b/user.js @@ -68,11 +68,18 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable default browser check * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); -/* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session) +/* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) * [SETTING] General>Startup>When Firefox starts ***/ - // user_pref("browser.startup.page", 0); -/* 0103: set your "home" page (see 0102) ***/ - // user_pref("browser.startup.homepage", "https://www.example.com/"); +user_pref("browser.startup.page", 0); +/* 0103: set HOME+NEWWINDOW page + * about:home=Activity Stream (default, see 0514), custom URL, about:blank + * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/ +user_pref("browser.startup.homepage", "about:blank"); +/* 0104: set NEWTAB page + * true=Activity Stream (default, see 0514), false=blank page + * [SETTING] Home>New Windows and Tabs>New tabs ***/ +user_pref("browser.newtabpage.enabled", false); +user_pref("browser.newtab.preload", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); @@ -192,9 +199,6 @@ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) -/* 0360: disable new tab tile ads & preload & marketing junk ***/ -user_pref("browser.newtab.preload", false); -user_pref("browser.newtabpage.enabled", false); /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); From 857cbd8c2482d9a47de90a42914631f621631d2d Mon Sep 17 00:00:00 2001 From: Emanuele Petriglia Date: Fri, 6 Jul 2018 12:06:01 +0000 Subject: [PATCH 0828/1961] Use wget if curl is not available (#451) * Use wget if curl is not available On most GNU/Linux distributions wget is often preinstalled, while curl is not. * Bump updater.sh version --- updater.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/updater.sh b/updater.sh index ddf623a..6e69bbd 100755 --- a/updater.sh +++ b/updater.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash ### ghacks-user.js updater for Mac/Linux -## author: @overdodactyl -## version: 1.3 +## author: @overdodactyl, @ema-pe +## version: 1.4 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in check_for_update() ) @@ -12,6 +12,15 @@ update_pref=${1:--ask} currdir=$(pwd) +DOWNLOAD_TO_STDOUT="curl -s" +DOWNLOAD_TO_FILE="curl -O" + +# Use wget if curl is not available. +if [[ -z $(command -v "curl") ]]; then + DOWNLOAD_TO_STDOUT="wget --quiet --output-document=-" + DOWNLOAD_TO_FILE="wget" +fi + ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) @@ -24,7 +33,7 @@ cd "$(dirname "${sfp}")" ## Used to check if a new version of updater.sh is available update_available="no" check_for_update () { - online_version="$(curl -s ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')" + online_version="$($DOWNLOAD_TO_STDOUT ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')" path_to_script="$(dirname "${sfp}")/updater.sh" current_version="$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$path_to_script")" if [[ "$current_version" < "$online_version" ]]; then @@ -36,8 +45,8 @@ check_for_update () { update_script () { echo -e "This script will be backed up and the latest version of updater.sh will be executed.\n" mv updater.sh "updater.sh.backup.$(date +"%Y-%m-%d_%H%M")" - curl -O ${updater} && echo -e "\nThe latest updater script has been downloaded\n" - + $DOWNLOAD_TO_FILE ${updater} && echo -e "\nThe latest updater script has been downloaded\n" + # make new file executable chmod +x updater.sh @@ -60,7 +69,7 @@ main () { if [ -e user.js ]; then echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." echo -e "\nIf currently using the ghacks user.js, please compare versions:" - echo " Available online: $(curl -s ${ghacksjs} | sed -n '4p')" + echo " Available online: $($DOWNLOAD_TO_STDOUT ${ghacksjs} | sed -n '4p')" echo " Currently using: $(sed -n '4p' user.js)" else echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded." @@ -80,7 +89,7 @@ main () { # download latest ghacks user.js echo "downloading latest ghacks user.js file" - curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded" + $DOWNLOAD_TO_FILE ${ghacksjs} && echo "ghacks user.js has been downloaded" if [ -e user-overrides.js ]; then echo "user-overrides.js file found" @@ -94,6 +103,7 @@ main () { cd "${currdir}" } + update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')" if [ $update_pref = "-donotupdate" ]; then main From a81d013e45af4d4346e9b3f47160f8a911eb250e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 6 Jul 2018 12:25:41 +0000 Subject: [PATCH 0829/1961] 61-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 85ecfdc..e0ff817 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 30 May 2018 -* version 61-alpha: You Can't Hurry Pants +* date: 06 July 2018 +* version 61-beta: You Can't Hurry Pants * "My mama said, "You can't hurry pants. No, you'll just have to wait"" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 96706cf11e25e8d125cd5d1e7a392233df013bb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9?= Date: Fri, 6 Jul 2018 13:44:53 +0000 Subject: [PATCH 0830/1961] ghacks-clear-[removed].js : Fix JS syntax (#460) * Fix syntax * updated 06-July-2018 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index c7e33f7..5b5b389 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 03-Jun-2018 + Last updated: 06-July-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -90,7 +90,7 @@ 'browser.laterrun.enabled', 'browser.offline-apps.notify', 'browser.rights.3.shown', - 'browser.slowStartup.maxSamples' + 'browser.slowStartup.maxSamples', 'browser.slowStartup.notificationDisabled', 'browser.slowStartup.samples', 'browser.storageManager.enabled', From 4813aa549b99d8c5ff1ed0899eb135a5446f05a1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 11 Jul 2018 13:59:52 +0200 Subject: [PATCH 0831/1961] Update user.js --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index e0ff817..fcfe592 100644 --- a/user.js +++ b/user.js @@ -39,7 +39,7 @@ ******/ -/* START: internal custom pref to test for syntax errors (thanks earthling) +/* START: internal custom pref to test for syntax errors * [NOTE] In FF60+, not all syntax errors cause parsing to abort i.e. reaching the last debug * pref no longer necessarily means that all prefs have been applied. Check the console right * after startup for any warnings/error messages related to non-applied prefs @@ -2122,10 +2122,10 @@ user_pref("experiments.activeExperiment", false); // 2612: disable remote JAR files being opened, regardless of content type (FF42+) // [1] https://bugzilla.mozilla.org/1173171 // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 + // [-] https://bugzilla.mozilla.org/1427726 user_pref("network.jar.block-remote-files", true); // 2613: disable JAR from opening Unsafe File Types - // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 + // [-] https://bugzilla.mozilla.org/1427726 user_pref("network.jar.open-unsafe-types", false); // * * * / // ***/ From cbea3adc7e4f9907737d40b94a0157ed3c2ed1b3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Jul 2018 02:58:51 +0000 Subject: [PATCH 0832/1961] FPI & IP addresses FF63+ --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index fcfe592..ca67a19 100644 --- a/user.js +++ b/user.js @@ -1484,6 +1484,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1337893 - isolate DNS cache (FF55+) ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data:, about: URLs (FF55+) + ** 1473247 - isolate IP addresses (FF63+) NOTE: FPI has some issues depending on your Firefox release ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes From 43119694fbf9e678bdf8f0dd9ee346a89832c5a9 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 5 Aug 2018 13:02:34 +0000 Subject: [PATCH 0833/1961] Update .gitattributes --- .gitattributes | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitattributes b/.gitattributes index d6d1095..8cc5e8c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,14 +1,14 @@ -## * text=auto +* text=auto -*.js text=auto -*.md text=auto -*.yml text=auto -*.txt text=auto -*.sh text=auto -*.bat eol=crlf +*.js text +*.md text +*.yml text +*.txt text +*.sh text +*.bat text eol=crlf *.png binary .gitattributes export-ignore *.yml export-ignore -wikipiki export-ignore +/wikipiki export-ignore From 9611eac1cfb2aa83e23fef05f21f1888ece9372f Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 18:52:30 +0000 Subject: [PATCH 0834/1961] test test --- test-CR.bat | 1 + test-CRLF.bat | 8 ++++++++ test-LF.bat | 8 ++++++++ 3 files changed, 17 insertions(+) create mode 100644 test-CR.bat create mode 100644 test-CRLF.bat create mode 100644 test-LF.bat diff --git a/test-CR.bat b/test-CR.bat new file mode 100644 index 0000000..a9308ce --- /dev/null +++ b/test-CR.bat @@ -0,0 +1 @@ + line endings test line endings test line endings test line endings test \ No newline at end of file diff --git a/test-CRLF.bat b/test-CRLF.bat new file mode 100644 index 0000000..bddf79f --- /dev/null +++ b/test-CRLF.bat @@ -0,0 +1,8 @@ + +line endings test + +line endings test + +line endings test + +line endings test diff --git a/test-LF.bat b/test-LF.bat new file mode 100644 index 0000000..00c5994 --- /dev/null +++ b/test-LF.bat @@ -0,0 +1,8 @@ + +line endings test + +line endings test + +line endings test + +line endings test From 5ccea3262f901898d3d29abf8eee8c7bba595706 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:14:56 +0000 Subject: [PATCH 0835/1961] Update updater.bat --- updater.bat | 2 ++ 1 file changed, 2 insertions(+) diff --git a/updater.bat b/updater.bat index 21c83a2..a4d3f82 100644 --- a/updater.bat +++ b/updater.bat @@ -192,6 +192,7 @@ REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") + FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") ( FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( @@ -205,6 +206,7 @@ FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out - ) ELSE ( ENDLOCAL FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( + IF NOT "_user.js.parrot"=="%%K" ( IF DEFINED __unset__%%K ( ECHO://%%J From 833f816b998d584ef24c05698323b9c59098a12a Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:17:48 +0000 Subject: [PATCH 0836/1961] Add files via upload From 5bcbe56f4b9afb17aae82b2f3f600d77c52eeca2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:19:22 +0000 Subject: [PATCH 0837/1961] Add files via upload --- prefsCleaner2.bat | 108 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 prefsCleaner2.bat diff --git a/prefsCleaner2.bat b/prefsCleaner2.bat new file mode 100644 index 0000000..6e0875d --- /dev/null +++ b/prefsCleaner2.bat @@ -0,0 +1,108 @@ +@ECHO OFF & SETLOCAL DisableDelayedExpansion +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 2.1 + +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### by claustromaniac #### +ECHO #### v2.1 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +TIMEOUT 1 /nobreak >nul +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 (EXIT /B) +IF ERRORLEVEL 2 (GOTO :showhelp) +IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) +IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +SET "_time=%time: =0%" +COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" +CALL :message "Cleaning prefs.js..." +CALL :cleanup +CALL :message "All done!" +TIMEOUT 5 >nul +ENDLOCAL +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + CALL :message "close Firefox first!" + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") +) +( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( + IF ""=="%%H" ( + ECHO: + ) ELSE ( + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] (ECHO:%%H) + ) + ) + ) +)>tempcleanedprefs +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### From f973422581beb93855ec3a9a3f60faaeae057a8d Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:23:36 +0000 Subject: [PATCH 0838/1961] Delete prefsCleaner2.bat --- prefsCleaner2.bat | 108 ---------------------------------------------- 1 file changed, 108 deletions(-) delete mode 100644 prefsCleaner2.bat diff --git a/prefsCleaner2.bat b/prefsCleaner2.bat deleted file mode 100644 index 6e0875d..0000000 --- a/prefsCleaner2.bat +++ /dev/null @@ -1,108 +0,0 @@ -@ECHO OFF & SETLOCAL DisableDelayedExpansion -TITLE prefs.js cleaner - -REM ### prefs.js cleaner for Windows -REM ## author: @claustromaniac -REM ## version: 2.1 - -:begin -ECHO: -ECHO: -ECHO ######################################## -ECHO #### prefs.js cleaner for Windows #### -ECHO #### by claustromaniac #### -ECHO #### v2.1 #### -ECHO ######################################## -ECHO: -CALL :message "This script should be run from your Firefox profile directory." -ECHO It will remove any entries from prefs.js that also exist in user.js. -CALL :message "This will allow inactive preferences to be reset to their default values." -ECHO This Firefox profile shouldn't be in use during the process. -CALL :message "" -TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) -IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) -IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) -CALL :FFcheck -CALL :message "Backing up prefs.js..." -SET "_time=%time: =0%" -COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" -CALL :message "Cleaning prefs.js..." -CALL :cleanup -CALL :message "All done!" -TIMEOUT 5 >nul -ENDLOCAL -EXIT /B - -REM ########## Abort Function ########### -:abort -CALL :message %1 -TIMEOUT %~2 >nul -EXIT -REM ########## Message Function ######### -:message -ECHO: -ECHO: %~1 -ECHO: -GOTO :EOF -REM ####### Firefox Check Function ###### -:FFcheck -TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL -IF NOT ERRORLEVEL 1 ( - CLS - CALL :message "Firefox is still running." - ECHO If you're not currently using this profile you can continue, otherwise - CALL :message "close Firefox first!" - ECHO: - PAUSE - CLS - CALL :message "Resuming..." - TIMEOUT 5 /nobreak >nul -) -GOTO :EOF -REM ######### Cleanup Function ########## -:cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( - IF NOT ""=="%%G" (SET "[%%G]=1") -) -( - FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - IF ""=="%%H" ( - ECHO: - ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] (ECHO:%%H) - ) - ) - ) -)>tempcleanedprefs -MOVE /Y tempcleanedprefs prefs.js -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,34 -CLS -CALL :message "This script creates a backup of your prefs.js file before doing anything." -ECHO It should be safe, but you can follow these steps if something goes wrong: -ECHO: -CALL :message " 1. Make sure Firefox is closed." -ECHO 2. Delete prefs.js in your profile folder. -CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." -ECHO 4. Rename or copy your latest backup to prefs.js. -CALL :message " 5. Run Firefox and see if you notice anything wrong with it." -ECHO 6. If you do notice something wrong, especially with your extensions, -CALL :message " and/or with the UI, go to about:support, and restart Firefox with" -ECHO add-ons disabled. Then, restart it again normally, and see if the -CALL :message " problems were solved." -ECHO: -CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. -ECHO: -ECHO: -PAUSE -CLS -GOTO :begin -REM ##################################### From 2e908f38d2d6b7fde6d25c9415eb61121e4e7728 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:25:25 +0000 Subject: [PATCH 0839/1961] Update prefsCleaner.bat --- prefsCleaner.bat | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 6e0875d..12b865d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -65,17 +65,13 @@ IF NOT ERRORLEVEL 1 ( GOTO :EOF REM ######### Cleanup Function ########## :cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( - IF NOT ""=="%%G" (SET "[%%G]=1") -) +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO (IF NOT ""=="%%G" (SET "[%%G]=1")) ( FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( IF ""=="%%H" ( ECHO: ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] (ECHO:%%H) - ) + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO (IF NOT DEFINED [%%J] (ECHO:%%H)) ) ) )>tempcleanedprefs From b390d9787be86234fe42e606501c2c7d8b2e6c85 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:27:07 +0000 Subject: [PATCH 0840/1961] Add files via upload --- prefsCleaner.bat | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 12b865d..6e0875d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -65,13 +65,17 @@ IF NOT ERRORLEVEL 1 ( GOTO :EOF REM ######### Cleanup Function ########## :cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO (IF NOT ""=="%%G" (SET "[%%G]=1")) +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") +) ( FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( IF ""=="%%H" ( ECHO: ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO (IF NOT DEFINED [%%J] (ECHO:%%H)) + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] (ECHO:%%H) + ) ) ) )>tempcleanedprefs From 03efb9975451aaa3f0e2a1231eba6b9d58e97ae9 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:34:18 +0000 Subject: [PATCH 0841/1961] Delete test-CR.bat --- test-CR.bat | 1 - 1 file changed, 1 deletion(-) delete mode 100644 test-CR.bat diff --git a/test-CR.bat b/test-CR.bat deleted file mode 100644 index a9308ce..0000000 --- a/test-CR.bat +++ /dev/null @@ -1 +0,0 @@ - line endings test line endings test line endings test line endings test \ No newline at end of file From d8bfdaa0586347acc91b1a47a5efc27cdecd175d Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:34:26 +0000 Subject: [PATCH 0842/1961] Delete test-CRLF.bat --- test-CRLF.bat | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 test-CRLF.bat diff --git a/test-CRLF.bat b/test-CRLF.bat deleted file mode 100644 index bddf79f..0000000 --- a/test-CRLF.bat +++ /dev/null @@ -1,8 +0,0 @@ - -line endings test - -line endings test - -line endings test - -line endings test From 06b69bb95ab6761281d62e3363c268c880625748 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 19:34:33 +0000 Subject: [PATCH 0843/1961] Delete test-LF.bat --- test-LF.bat | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 test-LF.bat diff --git a/test-LF.bat b/test-LF.bat deleted file mode 100644 index 00c5994..0000000 --- a/test-LF.bat +++ /dev/null @@ -1,8 +0,0 @@ - -line endings test - -line endings test - -line endings test - -line endings test From 3806ccc68c80b4e6e9786fe81997f703fd3468c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B5=D0=BD=D0=B8=D1=81?= Date: Tue, 7 Aug 2018 00:06:30 +0200 Subject: [PATCH 0844/1961] Introduce end-of-line normalization (#471) fix for #469 --- prefsCleaner.bat | 216 +++++++++---------- updater.bat | 530 +++++++++++++++++++++++------------------------ 2 files changed, 373 insertions(+), 373 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 6e0875d..d4eeb13 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -1,108 +1,108 @@ -@ECHO OFF & SETLOCAL DisableDelayedExpansion -TITLE prefs.js cleaner - -REM ### prefs.js cleaner for Windows -REM ## author: @claustromaniac -REM ## version: 2.1 - -:begin -ECHO: -ECHO: -ECHO ######################################## -ECHO #### prefs.js cleaner for Windows #### -ECHO #### by claustromaniac #### -ECHO #### v2.1 #### -ECHO ######################################## -ECHO: -CALL :message "This script should be run from your Firefox profile directory." -ECHO It will remove any entries from prefs.js that also exist in user.js. -CALL :message "This will allow inactive preferences to be reset to their default values." -ECHO This Firefox profile shouldn't be in use during the process. -CALL :message "" -TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) -IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) -IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) -CALL :FFcheck -CALL :message "Backing up prefs.js..." -SET "_time=%time: =0%" -COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" -CALL :message "Cleaning prefs.js..." -CALL :cleanup -CALL :message "All done!" -TIMEOUT 5 >nul -ENDLOCAL -EXIT /B - -REM ########## Abort Function ########### -:abort -CALL :message %1 -TIMEOUT %~2 >nul -EXIT -REM ########## Message Function ######### -:message -ECHO: -ECHO: %~1 -ECHO: -GOTO :EOF -REM ####### Firefox Check Function ###### -:FFcheck -TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL -IF NOT ERRORLEVEL 1 ( - CLS - CALL :message "Firefox is still running." - ECHO If you're not currently using this profile you can continue, otherwise - CALL :message "close Firefox first!" - ECHO: - PAUSE - CLS - CALL :message "Resuming..." - TIMEOUT 5 /nobreak >nul -) -GOTO :EOF -REM ######### Cleanup Function ########## -:cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( - IF NOT ""=="%%G" (SET "[%%G]=1") -) -( - FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - IF ""=="%%H" ( - ECHO: - ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] (ECHO:%%H) - ) - ) - ) -)>tempcleanedprefs -MOVE /Y tempcleanedprefs prefs.js -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,34 -CLS -CALL :message "This script creates a backup of your prefs.js file before doing anything." -ECHO It should be safe, but you can follow these steps if something goes wrong: -ECHO: -CALL :message " 1. Make sure Firefox is closed." -ECHO 2. Delete prefs.js in your profile folder. -CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." -ECHO 4. Rename or copy your latest backup to prefs.js. -CALL :message " 5. Run Firefox and see if you notice anything wrong with it." -ECHO 6. If you do notice something wrong, especially with your extensions, -CALL :message " and/or with the UI, go to about:support, and restart Firefox with" -ECHO add-ons disabled. Then, restart it again normally, and see if the -CALL :message " problems were solved." -ECHO: -CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. -ECHO: -ECHO: -PAUSE -CLS -GOTO :begin -REM ##################################### +@ECHO OFF & SETLOCAL DisableDelayedExpansion +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 2.1 + +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### by claustromaniac #### +ECHO #### v2.1 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +TIMEOUT 1 /nobreak >nul +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 (EXIT /B) +IF ERRORLEVEL 2 (GOTO :showhelp) +IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) +IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +SET "_time=%time: =0%" +COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" +CALL :message "Cleaning prefs.js..." +CALL :cleanup +CALL :message "All done!" +TIMEOUT 5 >nul +ENDLOCAL +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + CALL :message "close Firefox first!" + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") +) +( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( + IF ""=="%%H" ( + ECHO: + ) ELSE ( + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] (ECHO:%%H) + ) + ) + ) +)>tempcleanedprefs +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### diff --git a/updater.bat b/updater.bat index a4d3f82..ef7aaa9 100644 --- a/updater.bat +++ b/updater.bat @@ -1,265 +1,265 @@ -@ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE ghacks user.js updater - -REM ## ghacks-user.js updater for Windows -REM ## author: @claustromaniac -REM ## version: 4.5 -REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts - -SET _myname=%~n0 -SET _myparams=%* -:parse -IF "%~1"=="" (GOTO endparse) -IF /I "%~1"=="-unattended" (SET _ua=1) -IF /I "%~1"=="-log" (SET _log=1) -IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) -IF /I "%~1"=="-multioverrides" (SET _multi=1) -IF /I "%~1"=="-merge" (SET _merge=1) -IF /I "%~1"=="-updatebatch" (SET _updateb=1) -IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) -SHIFT -GOTO parse -:endparse -IF DEFINED _updateb ( - REM The normal flow here goes from phase 1 to phase 2 and then phase 3. - IF NOT "!_myname:~0,9!"=="[updated]" ( - IF EXIST "[updated]!_myname!.bat" ( - REM ## Phase 3 ##: The new script, with the original name, will: - REM * Delete the [updated]*.bat script - REM * Begin the normal routine - REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" - DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^!" - TIMEOUT 3 >nul - GOTO begin - ) - REM ## Phase 1 ## - REM * Download new batch and name it [updated]*.bat - REM * Start that script in a new CMD window - REM * Exit - CALL :message "Updating script..." - REM Uncomment the next line and comment the powershell call for testing. - REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" - ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" - ) >nul 2>&1 - IF EXIST "[updated]!_myname!.bat" ( - START /min CMD /C "[updated]!_myname!.bat" !_myparams! - ) ELSE ( - CALL :message "Failed. Make sure PowerShell is allowed internet access." - TIMEOUT 120 >nul - ) - ) ELSE ( - IF "!_myname!"=="[updated]" ( - CALL :message "The [updated] label is reserved. Rename this script and try again." - TIMEOUT 300 >nul - ) ELSE ( - REM ## Phase 2 ##: The [updated]*.bat script will: - REM * Copy itself overwriting the original batch - REM * Start that script in a new CMD instance - REM * Exit - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" - DEL /F "!_myname:~9!.bat.old" - ) - COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" - START CMD /C "!_myname:~9!.bat" !_myparams! - ) - ) - EXIT /B -) -:begin -CLS -ECHO: -ECHO: -ECHO: ######################################## -ECHO: #### user.js Updater for Windows #### -ECHO: #### by claustromaniac #### -ECHO: #### v4.5 #### -ECHO: ######################################## -ECHO: -SET /A "_line=0" -IF NOT EXIST user.js ( - CALL :message "user.js not detected in the current directory." -) ELSE ( - FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO ( - SET /A "_line+=1" - IF !_line! GEQ 4 (GOTO exitloop) - IF !_line! EQU 1 (SET _name=%%H) - IF !_line! EQU 2 (SET _date=%%H) - IF !_line! EQU 3 (SET _version=%%G) - ) - :exitloop - IF NOT "!_name!"=="" ( - IF /I NOT "!_name!"=="!_name:ghacks=!" ( - CALL :message "!_name! !_version:~2!,!_date!" - ) ELSE (CALL :message "Current user.js version not recognised.") - ) ELSE (CALL :message "Current user.js version not recognised.") -) -ECHO: -IF NOT DEFINED _ua ( - CALL :message "This batch should be run from your Firefox profile directory." - ECHO: It will download the latest version of ghacks user.js from github and then - CALL :message "append any of your own changes from user-overrides.js to it." - CALL :message "Visit the wiki for more detailed information." - ECHO: - TIMEOUT 1 /nobreak >nul - CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" - CLS - IF ERRORLEVEL 3 (EXIT /B) - IF ERRORLEVEL 2 (GOTO :showhelp) -) -IF DEFINED _log ( - CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp (START user.js-update-log.txt) - EXIT /B - :log - SET _log=2 - ECHO:################################################################## - ECHO: %date%, %time% -) -IF EXIST user.js.new (DEL /F "user.js.new") -CALL :message "Retrieving latest user.js file from github repository..." -( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" -) >nul 2>&1 -IF EXIST user.js.new ( - IF DEFINED _multi ( - FORFILES /P user.js-overrides /M *.js >nul 2>&1 - IF NOT ERRORLEVEL 1 ( - IF DEFINED _merge ( - CALL :message "Merging..." - COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js - CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new - CALL :merge user.js.new - ) ELSE ( - CALL :message "Appending..." - COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new - ) - ) ELSE (CALL :message "No override files found.") - ) ELSE ( - IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" - IF DEFINED _merge ( - CALL :message "Merging user-overrides.js..." - CALL :merge user.js.new - ) ELSE ( - CALL :message "user-overrides.js appended." - ) - ) ELSE (CALL :message "user-overrides.js not found.") - ) - IF EXIST user.js ( - FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" - ) - IF "!_changed!"=="true" ( - CALL :message "Backing up..." - IF DEFINED _singlebackup ( - MOVE /Y user.js user.js.bak >nul - ) ELSE ( - SET "_time=!time: =0!" - MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul - ) - REN user.js.new user.js - CALL :message "Update complete." - ) ELSE ( - IF "!_changed!"=="false" ( - DEL /F user.js.new >nul - CALL :message "Update completed without changes." - ) ELSE ( - REN user.js.new user.js - CALL :message "Update complete." - ) - ) -) ELSE ( - CALL :message "Update failed. Make sure PowerShell is allowed internet access." - ECHO: No changes were made. -) -IF NOT DEFINED _log ( - IF NOT DEFINED _ua (PAUSE) -) -EXIT /B - -REM ########### Message Function ########### -:message -SETLOCAL DisableDelayedExpansion -IF NOT "2"=="%_log%" (ECHO:) -ECHO: %~1 -IF NOT "2"=="%_log%" (ECHO:) -ENDLOCAL -GOTO :EOF -REM ############ Merge function ############ -:merge -SETLOCAL DisableDelayedExpansion -FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") - -FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") -( - FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - SET "_temp=%%J" - SETLOCAL EnableDelayedExpansion - IF NOT "!_temp:~0,9!"=="user_pref" ( - ENDLOCAL & ECHO:%%J - ) ELSE ( - IF "!_temp:;=!"=="!_temp!" ( - ENDLOCAL & ECHO:%%J - ) ELSE ( - ENDLOCAL - FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( - - IF NOT "_user.js.parrot"=="%%K" ( - IF DEFINED __unset__%%K ( - ECHO://%%J - ) ELSE ( - IF DEFINED [%%K] ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("![%%K]!") DO ( - ENDLOCAL & ECHO:user_pref("%%K"%%L - SET "[%%K]=" - ) - ) - ) - ) ELSE (ECHO:%%J) - ) - ) - ) - ) -)>updatertempfile -MOVE /Y updatertempfile "%~1" >nul -ENDLOCAL -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,46 -CLS -CALL :message "Available arguments (case-insensitive):" -CALL :message " -log" -ECHO: Write the console output to a logfile (user.js-update-log.txt) -CALL :message " -logP" -ECHO: Like -log, but also open the logfile after updating. -CALL :message " -merge" -ECHO: Merge overrides instead of appending them. Single-line comments and -ECHO: _user.js.parrot lines are appended normally. Overrides for inactive -ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used -ECHO: together, a user-overrides-merged.js file is also generated in the root -ECHO: directory for quick reference. It contains only the merged data from -ECHO: override files and can be safely discarded after updating, or used as the -ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. Visit the wiki -ECHO: for usage examples and more detailed information. -CALL :message " -multiOverrides" -ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides -ECHO: instead of the default user-overrides.js file. Files are appended in -ECHO: alphabetical order. -CALL :message " -unattended" -ECHO: Run without user input. -CALL :message " -singleBackup" -ECHO: Use a single backup file and overwrite it on new updates, instead of -ECHO: cumulative backups. This was the default behaviour before v4.3. -CALL :message " -updatebatch" -ECHO: Update the script itself on execution, before the normal routine. -CALL :message "" -PAUSE -MODE 80,25 -GOTO :begin -REM ##################################### +@ECHO OFF & SETLOCAL EnableDelayedExpansion +TITLE ghacks user.js updater + +REM ## ghacks-user.js updater for Windows +REM ## author: @claustromaniac +REM ## version: 4.5 +REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts + +SET _myname=%~n0 +SET _myparams=%* +:parse +IF "%~1"=="" (GOTO endparse) +IF /I "%~1"=="-unattended" (SET _ua=1) +IF /I "%~1"=="-log" (SET _log=1) +IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) +IF /I "%~1"=="-multioverrides" (SET _multi=1) +IF /I "%~1"=="-merge" (SET _merge=1) +IF /I "%~1"=="-updatebatch" (SET _updateb=1) +IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) +SHIFT +GOTO parse +:endparse +IF DEFINED _updateb ( + REM The normal flow here goes from phase 1 to phase 2 and then phase 3. + IF NOT "!_myname:~0,9!"=="[updated]" ( + IF EXIST "[updated]!_myname!.bat" ( + REM ## Phase 3 ##: The new script, with the original name, will: + REM * Delete the [updated]*.bat script + REM * Begin the normal routine + REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" + DEL /F "[updated]!_myname!.bat.old" + CALL :message "Script updated^!" + TIMEOUT 3 >nul + GOTO begin + ) + REM ## Phase 1 ## + REM * Download new batch and name it [updated]*.bat + REM * Start that script in a new CMD window + REM * Exit + CALL :message "Updating script..." + REM Uncomment the next line and comment the powershell call for testing. + REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + ( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" + ) >nul 2>&1 + IF EXIST "[updated]!_myname!.bat" ( + START /min CMD /C "[updated]!_myname!.bat" !_myparams! + ) ELSE ( + CALL :message "Failed. Make sure PowerShell is allowed internet access." + TIMEOUT 120 >nul + ) + ) ELSE ( + IF "!_myname!"=="[updated]" ( + CALL :message "The [updated] label is reserved. Rename this script and try again." + TIMEOUT 300 >nul + ) ELSE ( + REM ## Phase 2 ##: The [updated]*.bat script will: + REM * Copy itself overwriting the original batch + REM * Start that script in a new CMD instance + REM * Exit + IF EXIST "!_myname:~9!.bat" ( + REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" + DEL /F "!_myname:~9!.bat.old" + ) + COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + START CMD /C "!_myname:~9!.bat" !_myparams! + ) + ) + EXIT /B +) +:begin +CLS +ECHO: +ECHO: +ECHO: ######################################## +ECHO: #### user.js Updater for Windows #### +ECHO: #### by claustromaniac #### +ECHO: #### v4.5 #### +ECHO: ######################################## +ECHO: +SET /A "_line=0" +IF NOT EXIST user.js ( + CALL :message "user.js not detected in the current directory." +) ELSE ( + FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO ( + SET /A "_line+=1" + IF !_line! GEQ 4 (GOTO exitloop) + IF !_line! EQU 1 (SET _name=%%H) + IF !_line! EQU 2 (SET _date=%%H) + IF !_line! EQU 3 (SET _version=%%G) + ) + :exitloop + IF NOT "!_name!"=="" ( + IF /I NOT "!_name!"=="!_name:ghacks=!" ( + CALL :message "!_name! !_version:~2!,!_date!" + ) ELSE (CALL :message "Current user.js version not recognised.") + ) ELSE (CALL :message "Current user.js version not recognised.") +) +ECHO: +IF NOT DEFINED _ua ( + CALL :message "This batch should be run from your Firefox profile directory." + ECHO: It will download the latest version of ghacks user.js from github and then + CALL :message "append any of your own changes from user-overrides.js to it." + CALL :message "Visit the wiki for more detailed information." + ECHO: + TIMEOUT 1 /nobreak >nul + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) +) +IF DEFINED _log ( + CALL :log >>user.js-update-log.txt 2>&1 + IF DEFINED _logp (START user.js-update-log.txt) + EXIT /B + :log + SET _log=2 + ECHO:################################################################## + ECHO: %date%, %time% +) +IF EXIST user.js.new (DEL /F "user.js.new") +CALL :message "Retrieving latest user.js file from github repository..." +( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" +) >nul 2>&1 +IF EXIST user.js.new ( + IF DEFINED _multi ( + FORFILES /P user.js-overrides /M *.js >nul 2>&1 + IF NOT ERRORLEVEL 1 ( + IF DEFINED _merge ( + CALL :message "Merging..." + COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + CALL :merge user-overrides-merged.js + COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new + CALL :merge user.js.new + ) ELSE ( + CALL :message "Appending..." + COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new + ) + ) ELSE (CALL :message "No override files found.") + ) ELSE ( + IF EXIST "user-overrides.js" ( + COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" + IF DEFINED _merge ( + CALL :message "Merging user-overrides.js..." + CALL :merge user.js.new + ) ELSE ( + CALL :message "user-overrides.js appended." + ) + ) ELSE (CALL :message "user-overrides.js not found.") + ) + IF EXIST user.js ( + FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" + ) + IF "!_changed!"=="true" ( + CALL :message "Backing up..." + IF DEFINED _singlebackup ( + MOVE /Y user.js user.js.bak >nul + ) ELSE ( + SET "_time=!time: =0!" + MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul + ) + REN user.js.new user.js + CALL :message "Update complete." + ) ELSE ( + IF "!_changed!"=="false" ( + DEL /F user.js.new >nul + CALL :message "Update completed without changes." + ) ELSE ( + REN user.js.new user.js + CALL :message "Update complete." + ) + ) +) ELSE ( + CALL :message "Update failed. Make sure PowerShell is allowed internet access." + ECHO: No changes were made. +) +IF NOT DEFINED _log ( + IF NOT DEFINED _ua (PAUSE) +) +EXIT /B + +REM ########### Message Function ########### +:message +SETLOCAL DisableDelayedExpansion +IF NOT "2"=="%_log%" (ECHO:) +ECHO: %~1 +IF NOT "2"=="%_log%" (ECHO:) +ENDLOCAL +GOTO :EOF +REM ############ Merge function ############ +:merge +SETLOCAL DisableDelayedExpansion +FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") + +FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") +( + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( + SET "_temp=%%J" + SETLOCAL EnableDelayedExpansion + IF NOT "!_temp:~0,9!"=="user_pref" ( + ENDLOCAL & ECHO:%%J + ) ELSE ( + IF "!_temp:;=!"=="!_temp!" ( + ENDLOCAL & ECHO:%%J + ) ELSE ( + ENDLOCAL + FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( + + IF NOT "_user.js.parrot"=="%%K" ( + IF DEFINED __unset__%%K ( + ECHO://%%J + ) ELSE ( + IF DEFINED [%%K] ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("![%%K]!") DO ( + ENDLOCAL & ECHO:user_pref("%%K"%%L + SET "[%%K]=" + ) + ) + ) + ) ELSE (ECHO:%%J) + ) + ) + ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,46 +CLS +CALL :message "Available arguments (case-insensitive):" +CALL :message " -log" +ECHO: Write the console output to a logfile (user.js-update-log.txt) +CALL :message " -logP" +ECHO: Like -log, but also open the logfile after updating. +CALL :message " -merge" +ECHO: Merge overrides instead of appending them. Single-line comments and +ECHO: _user.js.parrot lines are appended normally. Overrides for inactive +ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used +ECHO: together, a user-overrides-merged.js file is also generated in the root +ECHO: directory for quick reference. It contains only the merged data from +ECHO: override files and can be safely discarded after updating, or used as the +ECHO: new user-overrides.js. When there are conflicting records for the same +ECHO: pref, the value of the last one declared will be used. Visit the wiki +ECHO: for usage examples and more detailed information. +CALL :message " -multiOverrides" +ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: instead of the default user-overrides.js file. Files are appended in +ECHO: alphabetical order. +CALL :message " -unattended" +ECHO: Run without user input. +CALL :message " -singleBackup" +ECHO: Use a single backup file and overwrite it on new updates, instead of +ECHO: cumulative backups. This was the default behaviour before v4.3. +CALL :message " -updatebatch" +ECHO: Update the script itself on execution, before the normal routine. +CALL :message "" +PAUSE +MODE 80,25 +GOTO :begin +REM ##################################### From a1638868ea3a8cc79385633cc6a1be9798525e6a Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 22:31:21 +0000 Subject: [PATCH 0845/1961] Update .gitattributes --- .gitattributes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index 8cc5e8c..2c7ddd5 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,7 +5,8 @@ *.yml text *.txt text *.sh text -*.bat text eol=crlf +## *.bat text eol=crlf +*.bat -text *.png binary From 9c975b318a838f5dad51eba8f819f47cfb39ad2e Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 23:27:41 +0000 Subject: [PATCH 0846/1961] store file with CRLF I think there's no way to get rid of ^M but hopefully with `*.bat -text` in `.gitattributes` it shouldn't be a problem because git won't do any line conversion on check-in/out. This way the raw link as well as the file within the zip download should be in proper MSDOS CRLF format, and git status shouldn't report the file as modified either. ***fingerscrossed!!*** --- prefsCleaner.bat | 216 +++++++++++++++++++++++------------------------ 1 file changed, 108 insertions(+), 108 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index d4eeb13..6e0875d 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -1,108 +1,108 @@ -@ECHO OFF & SETLOCAL DisableDelayedExpansion -TITLE prefs.js cleaner - -REM ### prefs.js cleaner for Windows -REM ## author: @claustromaniac -REM ## version: 2.1 - -:begin -ECHO: -ECHO: -ECHO ######################################## -ECHO #### prefs.js cleaner for Windows #### -ECHO #### by claustromaniac #### -ECHO #### v2.1 #### -ECHO ######################################## -ECHO: -CALL :message "This script should be run from your Firefox profile directory." -ECHO It will remove any entries from prefs.js that also exist in user.js. -CALL :message "This will allow inactive preferences to be reset to their default values." -ECHO This Firefox profile shouldn't be in use during the process. -CALL :message "" -TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) -IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) -IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) -CALL :FFcheck -CALL :message "Backing up prefs.js..." -SET "_time=%time: =0%" -COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" -CALL :message "Cleaning prefs.js..." -CALL :cleanup -CALL :message "All done!" -TIMEOUT 5 >nul -ENDLOCAL -EXIT /B - -REM ########## Abort Function ########### -:abort -CALL :message %1 -TIMEOUT %~2 >nul -EXIT -REM ########## Message Function ######### -:message -ECHO: -ECHO: %~1 -ECHO: -GOTO :EOF -REM ####### Firefox Check Function ###### -:FFcheck -TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL -IF NOT ERRORLEVEL 1 ( - CLS - CALL :message "Firefox is still running." - ECHO If you're not currently using this profile you can continue, otherwise - CALL :message "close Firefox first!" - ECHO: - PAUSE - CLS - CALL :message "Resuming..." - TIMEOUT 5 /nobreak >nul -) -GOTO :EOF -REM ######### Cleanup Function ########## -:cleanup -FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( - IF NOT ""=="%%G" (SET "[%%G]=1") -) -( - FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( - IF ""=="%%H" ( - ECHO: - ) ELSE ( - FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( - IF NOT DEFINED [%%J] (ECHO:%%H) - ) - ) - ) -)>tempcleanedprefs -MOVE /Y tempcleanedprefs prefs.js -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,34 -CLS -CALL :message "This script creates a backup of your prefs.js file before doing anything." -ECHO It should be safe, but you can follow these steps if something goes wrong: -ECHO: -CALL :message " 1. Make sure Firefox is closed." -ECHO 2. Delete prefs.js in your profile folder. -CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." -ECHO 4. Rename or copy your latest backup to prefs.js. -CALL :message " 5. Run Firefox and see if you notice anything wrong with it." -ECHO 6. If you do notice something wrong, especially with your extensions, -CALL :message " and/or with the UI, go to about:support, and restart Firefox with" -ECHO add-ons disabled. Then, restart it again normally, and see if the -CALL :message " problems were solved." -ECHO: -CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. -ECHO: -ECHO: -PAUSE -CLS -GOTO :begin -REM ##################################### +@ECHO OFF & SETLOCAL DisableDelayedExpansion +TITLE prefs.js cleaner + +REM ### prefs.js cleaner for Windows +REM ## author: @claustromaniac +REM ## version: 2.1 + +:begin +ECHO: +ECHO: +ECHO ######################################## +ECHO #### prefs.js cleaner for Windows #### +ECHO #### by claustromaniac #### +ECHO #### v2.1 #### +ECHO ######################################## +ECHO: +CALL :message "This script should be run from your Firefox profile directory." +ECHO It will remove any entries from prefs.js that also exist in user.js. +CALL :message "This will allow inactive preferences to be reset to their default values." +ECHO This Firefox profile shouldn't be in use during the process. +CALL :message "" +TIMEOUT 1 /nobreak >nul +CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" +CLS +IF ERRORLEVEL 3 (EXIT /B) +IF ERRORLEVEL 2 (GOTO :showhelp) +IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) +IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) +CALL :FFcheck +CALL :message "Backing up prefs.js..." +SET "_time=%time: =0%" +COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" +CALL :message "Cleaning prefs.js..." +CALL :cleanup +CALL :message "All done!" +TIMEOUT 5 >nul +ENDLOCAL +EXIT /B + +REM ########## Abort Function ########### +:abort +CALL :message %1 +TIMEOUT %~2 >nul +EXIT +REM ########## Message Function ######### +:message +ECHO: +ECHO: %~1 +ECHO: +GOTO :EOF +REM ####### Firefox Check Function ###### +:FFcheck +TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL +IF NOT ERRORLEVEL 1 ( + CLS + CALL :message "Firefox is still running." + ECHO If you're not currently using this profile you can continue, otherwise + CALL :message "close Firefox first!" + ECHO: + PAUSE + CLS + CALL :message "Resuming..." + TIMEOUT 5 /nobreak >nul +) +GOTO :EOF +REM ######### Cleanup Function ########## +:cleanup +FOR /F tokens^=2^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^[^\"']*user_pref[ ]*\([ ]*[\"'][^\"']*[\"'][ ]*," user.js') DO ( + IF NOT ""=="%%G" (SET "[%%G]=1") +) +( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( + IF ""=="%%H" ( + ECHO: + ) ELSE ( + FOR /F tokens^=1^,2^ delims^=^"^' %%I IN ("%%H") DO ( + IF NOT DEFINED [%%J] (ECHO:%%H) + ) + ) + ) +)>tempcleanedprefs +MOVE /Y tempcleanedprefs prefs.js +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,34 +CLS +CALL :message "This script creates a backup of your prefs.js file before doing anything." +ECHO It should be safe, but you can follow these steps if something goes wrong: +ECHO: +CALL :message " 1. Make sure Firefox is closed." +ECHO 2. Delete prefs.js in your profile folder. +CALL :message " 3. Delete Invalidprefs.js if you have one in the same folder." +ECHO 4. Rename or copy your latest backup to prefs.js. +CALL :message " 5. Run Firefox and see if you notice anything wrong with it." +ECHO 6. If you do notice something wrong, especially with your extensions, +CALL :message " and/or with the UI, go to about:support, and restart Firefox with" +ECHO add-ons disabled. Then, restart it again normally, and see if the +CALL :message " problems were solved." +ECHO: +CALL :message "If you are able to identify the cause of your issues, please bring it up" +ECHO on ghacks-user.js GitHub repository. +ECHO: +ECHO: +PAUSE +CLS +GOTO :begin +REM ##################################### From c4d131aaf91a8d47c44ad141b2d03948ace38027 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 6 Aug 2018 23:33:06 +0000 Subject: [PATCH 0847/1961] Add files via upload (#474) --- updater.bat | 528 ++++++++++++++++++++++++++-------------------------- 1 file changed, 263 insertions(+), 265 deletions(-) diff --git a/updater.bat b/updater.bat index ef7aaa9..21c83a2 100644 --- a/updater.bat +++ b/updater.bat @@ -1,265 +1,263 @@ -@ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE ghacks user.js updater - -REM ## ghacks-user.js updater for Windows -REM ## author: @claustromaniac -REM ## version: 4.5 -REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts - -SET _myname=%~n0 -SET _myparams=%* -:parse -IF "%~1"=="" (GOTO endparse) -IF /I "%~1"=="-unattended" (SET _ua=1) -IF /I "%~1"=="-log" (SET _log=1) -IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) -IF /I "%~1"=="-multioverrides" (SET _multi=1) -IF /I "%~1"=="-merge" (SET _merge=1) -IF /I "%~1"=="-updatebatch" (SET _updateb=1) -IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) -SHIFT -GOTO parse -:endparse -IF DEFINED _updateb ( - REM The normal flow here goes from phase 1 to phase 2 and then phase 3. - IF NOT "!_myname:~0,9!"=="[updated]" ( - IF EXIST "[updated]!_myname!.bat" ( - REM ## Phase 3 ##: The new script, with the original name, will: - REM * Delete the [updated]*.bat script - REM * Begin the normal routine - REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" - DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^!" - TIMEOUT 3 >nul - GOTO begin - ) - REM ## Phase 1 ## - REM * Download new batch and name it [updated]*.bat - REM * Start that script in a new CMD window - REM * Exit - CALL :message "Updating script..." - REM Uncomment the next line and comment the powershell call for testing. - REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" - ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" - ) >nul 2>&1 - IF EXIST "[updated]!_myname!.bat" ( - START /min CMD /C "[updated]!_myname!.bat" !_myparams! - ) ELSE ( - CALL :message "Failed. Make sure PowerShell is allowed internet access." - TIMEOUT 120 >nul - ) - ) ELSE ( - IF "!_myname!"=="[updated]" ( - CALL :message "The [updated] label is reserved. Rename this script and try again." - TIMEOUT 300 >nul - ) ELSE ( - REM ## Phase 2 ##: The [updated]*.bat script will: - REM * Copy itself overwriting the original batch - REM * Start that script in a new CMD instance - REM * Exit - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" - DEL /F "!_myname:~9!.bat.old" - ) - COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" - START CMD /C "!_myname:~9!.bat" !_myparams! - ) - ) - EXIT /B -) -:begin -CLS -ECHO: -ECHO: -ECHO: ######################################## -ECHO: #### user.js Updater for Windows #### -ECHO: #### by claustromaniac #### -ECHO: #### v4.5 #### -ECHO: ######################################## -ECHO: -SET /A "_line=0" -IF NOT EXIST user.js ( - CALL :message "user.js not detected in the current directory." -) ELSE ( - FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO ( - SET /A "_line+=1" - IF !_line! GEQ 4 (GOTO exitloop) - IF !_line! EQU 1 (SET _name=%%H) - IF !_line! EQU 2 (SET _date=%%H) - IF !_line! EQU 3 (SET _version=%%G) - ) - :exitloop - IF NOT "!_name!"=="" ( - IF /I NOT "!_name!"=="!_name:ghacks=!" ( - CALL :message "!_name! !_version:~2!,!_date!" - ) ELSE (CALL :message "Current user.js version not recognised.") - ) ELSE (CALL :message "Current user.js version not recognised.") -) -ECHO: -IF NOT DEFINED _ua ( - CALL :message "This batch should be run from your Firefox profile directory." - ECHO: It will download the latest version of ghacks user.js from github and then - CALL :message "append any of your own changes from user-overrides.js to it." - CALL :message "Visit the wiki for more detailed information." - ECHO: - TIMEOUT 1 /nobreak >nul - CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" - CLS - IF ERRORLEVEL 3 (EXIT /B) - IF ERRORLEVEL 2 (GOTO :showhelp) -) -IF DEFINED _log ( - CALL :log >>user.js-update-log.txt 2>&1 - IF DEFINED _logp (START user.js-update-log.txt) - EXIT /B - :log - SET _log=2 - ECHO:################################################################## - ECHO: %date%, %time% -) -IF EXIST user.js.new (DEL /F "user.js.new") -CALL :message "Retrieving latest user.js file from github repository..." -( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" -) >nul 2>&1 -IF EXIST user.js.new ( - IF DEFINED _multi ( - FORFILES /P user.js-overrides /M *.js >nul 2>&1 - IF NOT ERRORLEVEL 1 ( - IF DEFINED _merge ( - CALL :message "Merging..." - COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js - CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new - CALL :merge user.js.new - ) ELSE ( - CALL :message "Appending..." - COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new - ) - ) ELSE (CALL :message "No override files found.") - ) ELSE ( - IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" - IF DEFINED _merge ( - CALL :message "Merging user-overrides.js..." - CALL :merge user.js.new - ) ELSE ( - CALL :message "user-overrides.js appended." - ) - ) ELSE (CALL :message "user-overrides.js not found.") - ) - IF EXIST user.js ( - FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" - ) - IF "!_changed!"=="true" ( - CALL :message "Backing up..." - IF DEFINED _singlebackup ( - MOVE /Y user.js user.js.bak >nul - ) ELSE ( - SET "_time=!time: =0!" - MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul - ) - REN user.js.new user.js - CALL :message "Update complete." - ) ELSE ( - IF "!_changed!"=="false" ( - DEL /F user.js.new >nul - CALL :message "Update completed without changes." - ) ELSE ( - REN user.js.new user.js - CALL :message "Update complete." - ) - ) -) ELSE ( - CALL :message "Update failed. Make sure PowerShell is allowed internet access." - ECHO: No changes were made. -) -IF NOT DEFINED _log ( - IF NOT DEFINED _ua (PAUSE) -) -EXIT /B - -REM ########### Message Function ########### -:message -SETLOCAL DisableDelayedExpansion -IF NOT "2"=="%_log%" (ECHO:) -ECHO: %~1 -IF NOT "2"=="%_log%" (ECHO:) -ENDLOCAL -GOTO :EOF -REM ############ Merge function ############ -:merge -SETLOCAL DisableDelayedExpansion -FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") - -FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") -( - FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( - SET "_temp=%%J" - SETLOCAL EnableDelayedExpansion - IF NOT "!_temp:~0,9!"=="user_pref" ( - ENDLOCAL & ECHO:%%J - ) ELSE ( - IF "!_temp:;=!"=="!_temp!" ( - ENDLOCAL & ECHO:%%J - ) ELSE ( - ENDLOCAL - FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( - - IF NOT "_user.js.parrot"=="%%K" ( - IF DEFINED __unset__%%K ( - ECHO://%%J - ) ELSE ( - IF DEFINED [%%K] ( - SETLOCAL EnableDelayedExpansion - FOR /F "delims=" %%L IN ("![%%K]!") DO ( - ENDLOCAL & ECHO:user_pref("%%K"%%L - SET "[%%K]=" - ) - ) - ) - ) ELSE (ECHO:%%J) - ) - ) - ) - ) -)>updatertempfile -MOVE /Y updatertempfile "%~1" >nul -ENDLOCAL -GOTO :EOF -REM ############### Help ################## -:showhelp -MODE 80,46 -CLS -CALL :message "Available arguments (case-insensitive):" -CALL :message " -log" -ECHO: Write the console output to a logfile (user.js-update-log.txt) -CALL :message " -logP" -ECHO: Like -log, but also open the logfile after updating. -CALL :message " -merge" -ECHO: Merge overrides instead of appending them. Single-line comments and -ECHO: _user.js.parrot lines are appended normally. Overrides for inactive -ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used -ECHO: together, a user-overrides-merged.js file is also generated in the root -ECHO: directory for quick reference. It contains only the merged data from -ECHO: override files and can be safely discarded after updating, or used as the -ECHO: new user-overrides.js. When there are conflicting records for the same -ECHO: pref, the value of the last one declared will be used. Visit the wiki -ECHO: for usage examples and more detailed information. -CALL :message " -multiOverrides" -ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides -ECHO: instead of the default user-overrides.js file. Files are appended in -ECHO: alphabetical order. -CALL :message " -unattended" -ECHO: Run without user input. -CALL :message " -singleBackup" -ECHO: Use a single backup file and overwrite it on new updates, instead of -ECHO: cumulative backups. This was the default behaviour before v4.3. -CALL :message " -updatebatch" -ECHO: Update the script itself on execution, before the normal routine. -CALL :message "" -PAUSE -MODE 80,25 -GOTO :begin -REM ##################################### +@ECHO OFF & SETLOCAL EnableDelayedExpansion +TITLE ghacks user.js updater + +REM ## ghacks-user.js updater for Windows +REM ## author: @claustromaniac +REM ## version: 4.5 +REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts + +SET _myname=%~n0 +SET _myparams=%* +:parse +IF "%~1"=="" (GOTO endparse) +IF /I "%~1"=="-unattended" (SET _ua=1) +IF /I "%~1"=="-log" (SET _log=1) +IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1) +IF /I "%~1"=="-multioverrides" (SET _multi=1) +IF /I "%~1"=="-merge" (SET _merge=1) +IF /I "%~1"=="-updatebatch" (SET _updateb=1) +IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) +SHIFT +GOTO parse +:endparse +IF DEFINED _updateb ( + REM The normal flow here goes from phase 1 to phase 2 and then phase 3. + IF NOT "!_myname:~0,9!"=="[updated]" ( + IF EXIST "[updated]!_myname!.bat" ( + REM ## Phase 3 ##: The new script, with the original name, will: + REM * Delete the [updated]*.bat script + REM * Begin the normal routine + REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" + DEL /F "[updated]!_myname!.bat.old" + CALL :message "Script updated^!" + TIMEOUT 3 >nul + GOTO begin + ) + REM ## Phase 1 ## + REM * Download new batch and name it [updated]*.bat + REM * Start that script in a new CMD window + REM * Exit + CALL :message "Updating script..." + REM Uncomment the next line and comment the powershell call for testing. + REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + ( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" + ) >nul 2>&1 + IF EXIST "[updated]!_myname!.bat" ( + START /min CMD /C "[updated]!_myname!.bat" !_myparams! + ) ELSE ( + CALL :message "Failed. Make sure PowerShell is allowed internet access." + TIMEOUT 120 >nul + ) + ) ELSE ( + IF "!_myname!"=="[updated]" ( + CALL :message "The [updated] label is reserved. Rename this script and try again." + TIMEOUT 300 >nul + ) ELSE ( + REM ## Phase 2 ##: The [updated]*.bat script will: + REM * Copy itself overwriting the original batch + REM * Start that script in a new CMD instance + REM * Exit + IF EXIST "!_myname:~9!.bat" ( + REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" + DEL /F "!_myname:~9!.bat.old" + ) + COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + START CMD /C "!_myname:~9!.bat" !_myparams! + ) + ) + EXIT /B +) +:begin +CLS +ECHO: +ECHO: +ECHO: ######################################## +ECHO: #### user.js Updater for Windows #### +ECHO: #### by claustromaniac #### +ECHO: #### v4.5 #### +ECHO: ######################################## +ECHO: +SET /A "_line=0" +IF NOT EXIST user.js ( + CALL :message "user.js not detected in the current directory." +) ELSE ( + FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO ( + SET /A "_line+=1" + IF !_line! GEQ 4 (GOTO exitloop) + IF !_line! EQU 1 (SET _name=%%H) + IF !_line! EQU 2 (SET _date=%%H) + IF !_line! EQU 3 (SET _version=%%G) + ) + :exitloop + IF NOT "!_name!"=="" ( + IF /I NOT "!_name!"=="!_name:ghacks=!" ( + CALL :message "!_name! !_version:~2!,!_date!" + ) ELSE (CALL :message "Current user.js version not recognised.") + ) ELSE (CALL :message "Current user.js version not recognised.") +) +ECHO: +IF NOT DEFINED _ua ( + CALL :message "This batch should be run from your Firefox profile directory." + ECHO: It will download the latest version of ghacks user.js from github and then + CALL :message "append any of your own changes from user-overrides.js to it." + CALL :message "Visit the wiki for more detailed information." + ECHO: + TIMEOUT 1 /nobreak >nul + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) +) +IF DEFINED _log ( + CALL :log >>user.js-update-log.txt 2>&1 + IF DEFINED _logp (START user.js-update-log.txt) + EXIT /B + :log + SET _log=2 + ECHO:################################################################## + ECHO: %date%, %time% +) +IF EXIST user.js.new (DEL /F "user.js.new") +CALL :message "Retrieving latest user.js file from github repository..." +( + powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" +) >nul 2>&1 +IF EXIST user.js.new ( + IF DEFINED _multi ( + FORFILES /P user.js-overrides /M *.js >nul 2>&1 + IF NOT ERRORLEVEL 1 ( + IF DEFINED _merge ( + CALL :message "Merging..." + COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + CALL :merge user-overrides-merged.js + COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new + CALL :merge user.js.new + ) ELSE ( + CALL :message "Appending..." + COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new + ) + ) ELSE (CALL :message "No override files found.") + ) ELSE ( + IF EXIST "user-overrides.js" ( + COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" + IF DEFINED _merge ( + CALL :message "Merging user-overrides.js..." + CALL :merge user.js.new + ) ELSE ( + CALL :message "user-overrides.js appended." + ) + ) ELSE (CALL :message "user-overrides.js not found.") + ) + IF EXIST user.js ( + FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true" + ) + IF "!_changed!"=="true" ( + CALL :message "Backing up..." + IF DEFINED _singlebackup ( + MOVE /Y user.js user.js.bak >nul + ) ELSE ( + SET "_time=!time: =0!" + MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul + ) + REN user.js.new user.js + CALL :message "Update complete." + ) ELSE ( + IF "!_changed!"=="false" ( + DEL /F user.js.new >nul + CALL :message "Update completed without changes." + ) ELSE ( + REN user.js.new user.js + CALL :message "Update complete." + ) + ) +) ELSE ( + CALL :message "Update failed. Make sure PowerShell is allowed internet access." + ECHO: No changes were made. +) +IF NOT DEFINED _log ( + IF NOT DEFINED _ua (PAUSE) +) +EXIT /B + +REM ########### Message Function ########### +:message +SETLOCAL DisableDelayedExpansion +IF NOT "2"=="%_log%" (ECHO:) +ECHO: %~1 +IF NOT "2"=="%_log%" (ECHO:) +ENDLOCAL +GOTO :EOF +REM ############ Merge function ############ +:merge +SETLOCAL DisableDelayedExpansion +FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") +FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out --- '[^'][^']*'.*" "%~1"') DO (SET "__unset__%%G=1") +( + FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO ( + SET "_temp=%%J" + SETLOCAL EnableDelayedExpansion + IF NOT "!_temp:~0,9!"=="user_pref" ( + ENDLOCAL & ECHO:%%J + ) ELSE ( + IF "!_temp:;=!"=="!_temp!" ( + ENDLOCAL & ECHO:%%J + ) ELSE ( + ENDLOCAL + FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO ( + IF NOT "_user.js.parrot"=="%%K" ( + IF DEFINED __unset__%%K ( + ECHO://%%J + ) ELSE ( + IF DEFINED [%%K] ( + SETLOCAL EnableDelayedExpansion + FOR /F "delims=" %%L IN ("![%%K]!") DO ( + ENDLOCAL & ECHO:user_pref("%%K"%%L + SET "[%%K]=" + ) + ) + ) + ) ELSE (ECHO:%%J) + ) + ) + ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF +REM ############### Help ################## +:showhelp +MODE 80,46 +CLS +CALL :message "Available arguments (case-insensitive):" +CALL :message " -log" +ECHO: Write the console output to a logfile (user.js-update-log.txt) +CALL :message " -logP" +ECHO: Like -log, but also open the logfile after updating. +CALL :message " -merge" +ECHO: Merge overrides instead of appending them. Single-line comments and +ECHO: _user.js.parrot lines are appended normally. Overrides for inactive +ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used +ECHO: together, a user-overrides-merged.js file is also generated in the root +ECHO: directory for quick reference. It contains only the merged data from +ECHO: override files and can be safely discarded after updating, or used as the +ECHO: new user-overrides.js. When there are conflicting records for the same +ECHO: pref, the value of the last one declared will be used. Visit the wiki +ECHO: for usage examples and more detailed information. +CALL :message " -multiOverrides" +ECHO: Use any and all .js files in a user.js-overrides sub-folder as overrides +ECHO: instead of the default user-overrides.js file. Files are appended in +ECHO: alphabetical order. +CALL :message " -unattended" +ECHO: Run without user input. +CALL :message " -singleBackup" +ECHO: Use a single backup file and overwrite it on new updates, instead of +ECHO: cumulative backups. This was the default behaviour before v4.3. +CALL :message " -updatebatch" +ECHO: Update the script itself on execution, before the normal routine. +CALL :message "" +PAUSE +MODE 80,25 +GOTO :begin +REM ##################################### From b3b3ae4660a402a4cfca05e559ea5bc265718ff4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Aug 2018 14:34:08 +0000 Subject: [PATCH 0848/1961] finalize 61 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ca67a19..b65ca07 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 06 July 2018 -* version 61-beta: You Can't Hurry Pants +* date: 08 August 2018 +* version 61: You Can't Hurry Pants * "My mama said, "You can't hurry pants. No, you'll just have to wait"" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From cfa2da8fea4d23f61c6d2ac4a405b1f91ba1af32 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Aug 2018 03:28:54 +0000 Subject: [PATCH 0849/1961] start 62 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b65ca07..ecf759d 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 08 August 2018 -* version 61: You Can't Hurry Pants -* "My mama said, "You can't hurry pants. No, you'll just have to wait"" +* version 62-alpha: Total Eclipse of the Pants +* "Once upon a time there was light in my life, but now there's only pants in the dark" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From ab404680dfc07f192dd8ead1660657689f3788e0 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 9 Aug 2018 03:30:57 +0000 Subject: [PATCH 0850/1961] remove [SETTING-ESR52] lines (#475) --- user.js | 45 ++++++++++----------------------------------- 1 file changed, 10 insertions(+), 35 deletions(-) diff --git a/user.js b/user.js index ecf759d..b972a16 100644 --- a/user.js +++ b/user.js @@ -51,7 +51,6 @@ user_pref("general.warnOnAboutConfig", false); /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode - * [SETTING-ESR52] Privacy>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or @@ -125,23 +124,20 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301a: disable auto-update checks for Firefox * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal - * [SETTING] General>Firefox Updates>Never check for updates - * [SETTING-ESR52] Advanced>Update>Never check for updates ***/ + * [SETTING] General>Firefox Updates>Never check for updates ***/ // user_pref("app.update.enabled", false); /* 0301b: disable auto-update checks for extensions * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.enabled", false); /* 0302a: disable auto update installing for Firefox (after the check in 0301a) * [SETTING] General>Firefox Updates>Check for updates but let you choose... - * [SETTING-ESR52] Advanced>Update>Check for updates but let you choose... * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ user_pref("app.update.auto", false); /* 0302b: disable auto update installing for extensions (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] - * [SETTING] General>Firefox Updates>Use a background service to install updates - * [SETTING-ESR52] Advanced>Update>Use a background service to install updates ***/ + * [SETTING] General>Firefox Updates>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); /* 0304: disable background update staging ***/ user_pref("app.update.staging.enabled", false); @@ -154,8 +150,7 @@ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update - * [SETTING] General>Firefox Update>Automatically update search engines - * [SETTING-ESR52] Advanced>Update>Automatically update: Search Engines ***/ + * [SETTING] General>Firefox Update>Automatically update search engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -296,8 +291,7 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: set which Tracking Protection block list to use * [WARNING] We don't recommend enforcing this from here, as available block lists can change - * [SETTING] Privacy & Security>Tracking Protection>Change Block List - * [SETTING-ESR52] Privacy>Use Tracking Protection>Change Block List ***/ + * [SETTING] Privacy & Security>Tracking Protection>Change Block List ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ @@ -381,7 +375,6 @@ user_pref("browser.library.activity-stream.enabled", false); // (FF57+) user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) * [SETTING] Privacy & Security>Forms & Passwords>Enable Profile Autofill - * [SETTING-ESR52] Privacy>Forms & Passwords>Enable Profile Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill @@ -537,7 +530,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest - * [SETTING-ESR52] Privacy>Location Bar>When using the location bar, suggest * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/ user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); @@ -563,12 +555,10 @@ user_pref("browser.urlbar.oneOffSearches", false); user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions /* 0860: disable search and form history * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history - * [SETTING-ESR52] Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history * [SETTING] Privacy & Security>History>Custom Settings>Remember my browsing and download history - * [SETTING-ESR52] Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ @@ -583,13 +573,11 @@ user_pref("browser.taskbar.previews.enable", false); user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords * [SETTING] Privacy & Security>Forms & Passwords>Remember logins and passwords for sites - * [SETTING-ESR52] Security>Logins>Remember logins for sites * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. * [SETTING] Privacy & Security>Forms & Passwords>Use a master password - * [SETTING-ESR52] Security>Logins>Use a master password * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ @@ -836,12 +824,10 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. * [SETTING] General>Language and Appearance>Advanced>Allow pages to choose... - * [SETTING-ESR52] Content>Font & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts [SETUP] * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [SETTING-ESR52] Content>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman @@ -922,7 +908,6 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header * [SETTING] Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... - * [SETTING-ESR52] Privacy>Use Tracking Protecting>manage your Do Not Track settings * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ user_pref("privacy.donottrackheader.enabled", true); @@ -936,8 +921,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * [1] https://bugzilla.mozilla.org/1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) - * [SETTING] Privacy & Security>Tabs>Enable Container Tabs - * [SETTING-ESR52] Privacy>Container Tabs>Enable Container Tabs ***/ + * [SETTING] Privacy & Security>Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); @@ -1072,8 +1056,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ user_pref("full-screen-api.enabled", false); /* 2210: block popup windows - * [SETTING] Privacy & Security>Permissions>Block pop-up windows - * [SETTING-ESR52] Content>Pop-ups>Block pop-up windows ***/ + * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); @@ -1188,7 +1171,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] General>Performance>Custom>Use hardware acceleration when available - * [SETTING-ESR52] Advanced>General>Use hardware acceleration when available * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ @@ -1272,7 +1254,6 @@ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) user_pref("network.IDN_show_punycode", true); /* 2620: enable Firefox's built-in PDF reader [SETUP] * [SETTING] General>Applications>Portable Document Format (PDF) - * [SETTING-ESR52] Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) @@ -1288,8 +1269,7 @@ user_pref("pdfjs.disabled", false); * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ user_pref("browser.download.folderList", 2); /* 2651: enforce user interaction for security by always asking the user where to download - * [SETTING] General>Downloads>Always ask you where to save files - * [SETTING-ESR52] General>Downloads>Always ask me where to save files ***/ + * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); @@ -1319,8 +1299,7 @@ user_pref("extensions.webextensions.keepUuidOnUninstall", false); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); /* 2663: enable warning when websites try to install add-ons - * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons - * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ + * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons ***/ user_pref("xpinstall.whitelist.required", true); // default: true /** SECURITY ***/ @@ -1356,7 +1335,6 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites - * [SETTING-ESR52] Privacy>History>Custom Settings>Accept cookies from sites * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ @@ -1371,8 +1349,7 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) - * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until - * [SETTING-ESR52] Privacy>History>Custom Settings>Accept cookies from sites>Keep until ***/ + * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ // user_pref("network.cookie.lifetime.days", 90); @@ -1426,12 +1403,10 @@ user_pref("dom.caches.enabled", false); ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown - * [SETTING] Privacy & Security>History>Clear history when Firefox closes - * [SETTING-ESR52] Privacy>Clear history when Firefox closes ***/ + * [SETTING] Privacy & Security>History>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what history items to clear on shutdown * [SETTING] Privacy & Security>History>Clear history when Firefox closes>Settings - * [SETTING-ESR52] Privacy>Clear history when Firefox closes>Settings * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these From c2c8e6227cba79a445a4f1cdc087821fc6cb9e30 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 12 Aug 2018 03:01:03 +0000 Subject: [PATCH 0851/1961] more info for 2026-28 (#481) --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index b972a16..f12aaea 100644 --- a/user.js +++ b/user.js @@ -1012,15 +1012,15 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); -/* 2026: disable canvas capture stream +/* 2026: disable canvas capture stream (FF41+) * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); -/* 2027: disable camera image capture +/* 2027: disable camera image capture (FF35+) * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ -user_pref("dom.imagecapture.enabled", false); -/* 2028: disable offscreen canvas +user_pref("dom.imagecapture.enabled", false); // default: false +/* 2028: disable offscreen canvas (FF44+) * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ -user_pref("gfx.offscreencanvas.enabled", false); +user_pref("gfx.offscreencanvas.enabled", false); // default: false /* 2030: disable auto-play of HTML5 media * [WARNING] This may break video playback on various sites ***/ user_pref("media.autoplay.enabled", false); From 0145ccfec34d2c32191e2d0e93db93458c9d62bc Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 12 Aug 2018 03:11:23 +0000 Subject: [PATCH 0852/1961] add empty lines for subgroups in 0400 + 1200 (#482) --- user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user.js b/user.js index f12aaea..f87533a 100644 --- a/user.js +++ b/user.js @@ -231,6 +231,7 @@ user_pref("services.blocklist.update_enabled", true); // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); // user_pref("services.blocklist.gfx.collection", ""); + /** SAFE BROWSING (SB) This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data being sent to Google from all other settings such as using local blocklists/whitelists and @@ -277,6 +278,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // /* 0417: disable data sharing (FF58+) ***/ user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); + /** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ @@ -724,6 +726,7 @@ user_pref("security.ssl.errorReporting.url", ""); * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true) + /** OCSP (Online Certificate Status Protocol) #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ /* 1210: enable OCSP Stapling @@ -744,6 +747,7 @@ user_pref("security.OCSP.enabled", 1); * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ user_pref("security.OCSP.require", true); + /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) * 0=disable detecting Family Safety mode and importing the root @@ -765,12 +769,14 @@ user_pref("security.family_safety.mode", 0); * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); + /** MIXED CONTENT ***/ /* 1240: disable insecure active content on https pages - mixed content * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ user_pref("security.mixed_content.block_active_content", true); /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ user_pref("security.mixed_content.block_display_content", true); + /** CIPHERS [see the section 1200 intro] ***/ /* 1260: disable or limit SHA-1 * 0=all SHA1 certs are allowed @@ -799,6 +805,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); * [NOTE] Commented out because it still breaks too many sites ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); + /** UI (User Interface) ***/ /* 1270: display warning (red padlock) for "broken security" * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ From f39112f9149e65c567b6daae6bce57b01019392b Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 12 Aug 2018 11:56:47 +0000 Subject: [PATCH 0853/1961] P*tches for B*tches (#483) * replace /V with global VERIFY ON * change working dir to script dir The working dir doesn't necessarily match the script's path, depending on how the script is called. All relative paths and conditional statements using EXIST will fail whenever the working dir is not the script's own location. This fixes that. * minimal stuff, mostly cosmetic * prompt to run prefsCleaner under very specific circumstances * improve -updatebatch option * add version variable + display new script version on update --- prefsCleaner.bat | 6 ++++-- updater.bat | 50 +++++++++++++++++++++++++++++++++--------------- 2 files changed, 39 insertions(+), 17 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 6e0875d..4c8f7a4 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,9 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.1 +REM ## version: 2.2 + +CD /D "%~dp0" :begin ECHO: @@ -11,7 +13,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.1 #### +ECHO #### v2.2 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." diff --git a/updater.bat b/updater.bat index 21c83a2..2aed79c 100644 --- a/updater.bat +++ b/updater.bat @@ -3,11 +3,16 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.5 +REM ## version: 4.6 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts +SET v=4.6 + +VERIFY ON +CD /D "%~dp0" SET _myname=%~n0 SET _myparams=%* + :parse IF "%~1"=="" (GOTO endparse) IF /I "%~1"=="-unattended" (SET _ua=1) @@ -20,6 +25,7 @@ IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) SHIFT GOTO parse :endparse + IF DEFINED _updateb ( REM The normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( @@ -27,10 +33,13 @@ IF DEFINED _updateb ( REM ## Phase 3 ##: The new script, with the original name, will: REM * Delete the [updated]*.bat script REM * Begin the normal routine + FC "[updated]!_myname!.bat" "!_myname!.bat" >nul + IF ERRORLEVEL 1 ( + CALL :message "Script updated to version !v!" + TIMEOUT 3 >nul + ) REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" DEL /F "[updated]!_myname!.bat.old" - CALL :message "Script updated^!" - TIMEOUT 3 >nul GOTO begin ) REM ## Phase 1 ## @@ -38,10 +47,10 @@ IF DEFINED _updateb ( REM * Start that script in a new CMD window REM * Exit CALL :message "Updating script..." - REM Uncomment the next line and comment the powershell call for testing. - REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat" + REM Uncomment the next line and comment out the PowerShell call for testing. + REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" + PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! @@ -62,12 +71,13 @@ IF DEFINED _updateb ( REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" DEL /F "!_myname:~9!.bat.old" ) - COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat" + COPY /B /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! ) ) EXIT /B ) + :begin CLS ECHO: @@ -75,7 +85,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v4.5 #### +ECHO: #### v!v! #### ECHO: ######################################## ECHO: SET /A "_line=0" @@ -121,7 +131,7 @@ IF DEFINED _log ( IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." ( - powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" + PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" ) >nul 2>&1 IF EXIST user.js.new ( IF DEFINED _multi ( @@ -129,18 +139,18 @@ IF EXIST user.js.new ( IF NOT ERRORLEVEL 1 ( IF DEFINED _merge ( CALL :message "Merging..." - COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js + COPY /B /Y user.js-overrides\*.js user-overrides-merged.js CALL :merge user-overrides-merged.js - COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new + COPY /B /Y user.js.new+user-overrides-merged.js user.js.new CALL :merge user.js.new ) ELSE ( CALL :message "Appending..." - COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new + COPY /B /Y user.js.new+"user.js-overrides\*.js" user.js.new ) ) ELSE (CALL :message "No override files found.") ) ELSE ( IF EXIST "user-overrides.js" ( - COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new" + COPY /B /Y user.js.new+"user-overrides.js" "user.js.new" IF DEFINED _merge ( CALL :message "Merging user-overrides.js..." CALL :merge user.js.new @@ -169,6 +179,7 @@ IF EXIST user.js.new ( ) ELSE ( REN user.js.new user.js CALL :message "Update complete." + SET "_changed=true" ) ) ) ELSE ( @@ -176,7 +187,15 @@ IF EXIST user.js.new ( ECHO: No changes were made. ) IF NOT DEFINED _log ( - IF NOT DEFINED _ua (PAUSE) + IF NOT DEFINED _ua ( + IF EXIST prefsCleaner.bat ( + IF "!_changed!"=="true" ( + CALL :message "Would you like to run the prefsCleaner now?" + CHOICE /C YN /N /M "(Y/N) " + IF "1"=="!errorlevel!" ( START "" cmd.exe /C "prefsCleaner.bat" ) + ) ELSE (PAUSE) + ) ELSE (PAUSE) + ) ) EXIT /B @@ -188,6 +207,7 @@ ECHO: %~1 IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF + REM ############ Merge function ############ :merge SETLOCAL DisableDelayedExpansion @@ -226,6 +246,7 @@ FOR /F tokens^=2^,^*^ delims^=^' %%G IN ('FINDSTR /R /C:"^//// --- comment-out - MOVE /Y updatertempfile "%~1" >nul ENDLOCAL GOTO :EOF + REM ############### Help ################## :showhelp MODE 80,46 @@ -260,4 +281,3 @@ CALL :message "" PAUSE MODE 80,25 GOTO :begin -REM ##################################### From 29e2461cd1555b57edb1380fd257b2c260f861b3 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Mon, 13 Aug 2018 12:39:24 +0000 Subject: [PATCH 0854/1961] fix -updatebatch (#484) --- updater.bat | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/updater.bat b/updater.bat index 2aed79c..3458c63 100644 --- a/updater.bat +++ b/updater.bat @@ -6,7 +6,7 @@ REM ## author: @claustromaniac REM ## version: 4.6 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts -SET v=4.6 +SET v=4.7 VERIFY ON CD /D "%~dp0" @@ -31,15 +31,15 @@ IF DEFINED _updateb ( IF NOT "!_myname:~0,9!"=="[updated]" ( IF EXIST "[updated]!_myname!.bat" ( REM ## Phase 3 ##: The new script, with the original name, will: - REM * Delete the [updated]*.bat script + REM * Delete the [updated]*.bat and *.bat.old scripts REM * Begin the normal routine - FC "[updated]!_myname!.bat" "!_myname!.bat" >nul - IF ERRORLEVEL 1 ( + FC "[updated]!_myname!.bat" "!_myname!.bat.old" >nul + IF NOT "!errorlevel!"=="0" ( CALL :message "Script updated to version !v!" TIMEOUT 3 >nul ) REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old" - DEL /F "[updated]!_myname!.bat.old" + DEL /F "!_myname!.bat.old" "[updated]!_myname!.bat.old" GOTO begin ) REM ## Phase 1 ## @@ -64,13 +64,10 @@ IF DEFINED _updateb ( TIMEOUT 300 >nul ) ELSE ( REM ## Phase 2 ##: The [updated]*.bat script will: - REM * Copy itself overwriting the original batch - REM * Start that script in a new CMD instance + REM * Rename the old script and make a copy of itself with the original name. + REM * Run that copy in a new CMD instance REM * Exit - IF EXIST "!_myname:~9!.bat" ( - REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" - DEL /F "!_myname:~9!.bat.old" - ) + IF EXIST "!_myname:~9!.bat" ( REN "!_myname:~9!.bat" "!_myname:~9!.bat.old" ) COPY /B /Y "!_myname!.bat" "!_myname:~9!.bat" START CMD /C "!_myname:~9!.bat" !_myparams! ) From 572d16d5a5863c08da5ed3b96f96d1effba3eeb8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 15 Aug 2018 05:56:40 +0000 Subject: [PATCH 0855/1961] change cookies from block all to allow 1st party (#477) * change cookies from block all to allow 1st party see https://github.com/ghacksuserjs/ghacks-user.js/issues/439 * and fixup readme as well --- user.js | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index f87533a..7905339 100644 --- a/user.js +++ b/user.js @@ -19,10 +19,7 @@ * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Auto-installing updates for Firefox and extensions are disabled (section 0302's) - * Some user data is erased on close (section 2800), namely history (browsing, form, download) - * Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks - extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below - [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions + * Some user data is erased on close (section 2800). Change this to suit your needs * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) or enable them as an alternative to RFP or for ESR users @@ -1338,14 +1335,14 @@ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) serviceWorkers : ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable cookies on all sites [SETUP] +/* 2701: disable 3rd-party cookies and site-data [SETUP] * You can set exceptions under site permissions or use an extension * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ -user_pref("network.cookie.cookieBehavior", 2); +user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and @@ -1401,8 +1398,7 @@ user_pref("dom.caches.enabled", false); // user_pref("dom.storageManager.enabled", false); /*** 2800: SHUTDOWN [SETUP] - You should set the values to what suits you best. Be aware that the settings below clear - browsing, download and form history, but not cookies (use exceptions or an extension). + You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the @@ -1419,7 +1415,7 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true); * However, this may not always be the case. The interface combines and syncs these * prefs when set from there, and the sanitize code may change at any time ***/ user_pref("privacy.clearOnShutdown.cache", true); -user_pref("privacy.clearOnShutdown.cookies", false); +user_pref("privacy.clearOnShutdown.cookies", true); user_pref("privacy.clearOnShutdown.downloads", true); // see note above user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History @@ -1432,7 +1428,7 @@ user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ user_pref("privacy.cpd.cache", true); -user_pref("privacy.cpd.cookies", false); +user_pref("privacy.cpd.cookies", true); // user_pref("privacy.cpd.downloads", true); // not used, see note above user_pref("privacy.cpd.formdata", true); // Form & Search History user_pref("privacy.cpd.history", true); // Browsing & Download History From 9e1c368cd90ab32bffdd96a3163b889f7295394b Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 15 Aug 2018 19:04:25 +0000 Subject: [PATCH 0856/1961] move dom.battery.enabled back to 2500 from 9999 (#486) * move dom.battery.enabled back to 2500 from 9999 * make it inactive, clear out old links --- user.js | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 7905339..30d5eb9 100644 --- a/user.js +++ b/user.js @@ -1164,6 +1164,13 @@ user_pref("javascript.options.shared_memory", false); /*** 2500: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); +/* 2502: disable Battery Status API + * Initially a Linux issue (high precision readout) that was fixed. + * However, it is still another metric for fingerprinting, used to raise entropy. + * e.g. do you have a battery or not, current charging status, charge level, times remaining etc + * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. see [1] + * [1] https://bugzilla.mozilla.org/1313580 ***/ + // user_pref("dom.battery.enabled", false); /* 2504: disable virtual reality devices * [WARNING] [SETUP] Optional protection depending on your connected devices * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ @@ -1897,17 +1904,6 @@ user_pref("media.gmp-eme-adobe.autoupdate", false); // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony // [-] https://bugzilla.mozilla.org/1309719 user_pref("dom.telephony.enabled", false); -// 2502: disable Battery Status API - // Initially a Linux issue (high precision readout) that was fixed. - // However, it is still another metric for fingerprinting, used to raise entropy. - // e.g. do you have a battery or not, current charging status, charge level, times remaining etc - // [1] https://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ - // [2] https://bugzilla.mozilla.org/1124127 - // [3] https://www.w3.org/TR/battery-status/ - // [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online - // [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. - // [-] https://bugzilla.mozilla.org/1313580 -user_pref("dom.battery.enabled", false); // ***/ /* ESR52.x still uses all the following prefs From 776e32c27f286d6260348cf9a00b607c0493637d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Aug 2018 14:34:32 +0000 Subject: [PATCH 0857/1961] 0850d: remove browser.urlbar.autoFill.typed It is deprecated in FF62 ( https://bugzilla.mozilla.org/show_bug.cgi?id=1239708 ), and is already covered by the other pref in 0850d (for ESR60.x users) --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 30d5eb9..1c67640 100644 --- a/user.js +++ b/user.js @@ -545,7 +545,6 @@ user_pref("browser.urlbar.suggest.openpage", false); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ user_pref("browser.urlbar.autoFill", false); -user_pref("browser.urlbar.autoFill.typed", false); /* 0850e: disable location bar one-off searches (FF51+) * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); From 2969c6660f0bc98f2f20f889554836ff0063ae2a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 16 Aug 2018 14:36:48 +0000 Subject: [PATCH 0858/1961] removed browser.urlbar.autoFill.typed --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 5b5b389..47bec1a 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 06-July-2018 + Last updated: 16-August-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -99,6 +99,8 @@ 'network.http.fast-fallback-to-IPv4', 'offline-apps.quota.warn', 'services.blocklist.signing.enforced', + /* 62-beta */ + 'browser.urlbar.autoFill.typed', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 5b6ed92da4a9eb31160b96acb1ebc1541d78da7d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Aug 2018 07:15:47 +0000 Subject: [PATCH 0859/1961] 0701: disable IPv6, closes #437 --- user.js | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 1c67640..f893d82 100644 --- a/user.js +++ b/user.js @@ -422,16 +422,13 @@ user_pref("network.predictor.enable-prefetch", false); /*** 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); -/* 0701: disable IPv6 (included for knowledge ONLY [WARNING] do not do this) - * This is all about covert channels such as MAC addresses being included/abused in the - * IPv6 protocol for tracking. If you want to mask your IP address, this is not the way - * to do it. It's 2016, IPv6 is here. Here are some old links - * 2010: https://christopher-parsons.com/ipv6-and-the-future-of-privacy/ - * 2011: https://iapp.org/news/a/2011-09-09-facing-the-privacy-implications-of-ipv6/ - * 2012: http://www.zdnet.com/article/security-versus-privacy-with-ipv6-deployment/ - * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection - * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/ - // user_pref("network.dns.disableIPv6", true); +/* 0701: disable IPv6 + * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice + * with VPNs. That's even assuming your ISP and/or router and/or website can hande it + * [TEST] http://testmyipv6.com/ + * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 + * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ +user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities From 9e67f982abd3759d93ec6c2b9a694c5c8848b5e9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Aug 2018 07:50:33 +0000 Subject: [PATCH 0860/1961] 2720: enforce IDB=enabled --- user.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index f893d82..7d93783 100644 --- a/user.js +++ b/user.js @@ -1372,11 +1372,14 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [WARNING] This will break a LOT of sites' functionality. * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2720: disable JS storing data permanently [SETUP] - * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB - * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 - * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/ - // user_pref("dom.indexedDB.enabled", false); +/* 2720: enforce IndexedDB (IDB) as enabled + * IDB is required for extensions and Firefox internals (even before FF63 in [1]) + * To control *website* IDB data, control allowing cookies and service workers, or use + * Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize + * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically + * via an extenion. Note that IDB currently cannot be sanitized by host. + * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/ +user_pref("dom.indexedDB.enabled", true); // default: true /* 2730: disable offline cache * [NOTE] For FF51-FF60 (ESR not included), this is required 'true' for Storage API (2750) ***/ user_pref("browser.cache.offline.enable", false); From 6fb2f25e6519b7a4a07f633fc935af758e9bcc01 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 17 Aug 2018 09:09:01 +0000 Subject: [PATCH 0861/1961] 4700: revamp, closes #485 --- user.js | 44 +++++++++++++++++++------------------------- 1 file changed, 19 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 7d93783..37e0d65 100644 --- a/user.js +++ b/user.js @@ -1634,36 +1634,30 @@ user_pref("webgl.enable-debug-renderer-info", false); // ***/ /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING - Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage - depending on your values. Even if you spoof, like TBB (Tor Browser Bundle) does, as the - latest ESR, it still *does* *not* *work*. There are two main reasons for this. - 1. Many of the components that make up your UA can be derived by other means. And when - those values differ, you provide more bits and raise entropy. Examples of leaks include - navigator objects, date locale/formats, iframes, headers, resource://URIs, - feature detection and more. - 2. You are not in a controlled set of significant numbers, where the values are enforced - by default. It works for TBB because for TBB, the spoofed values ARE their default. - * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) - which is already plugging leaks (see 1 above) the prefs below do not address - * Values below are for example only based on the current TBB at the time of writing + This is FYI ONLY. These prefs are INSUFFICIENT(a) on their own, you need + to use RFP (4500) or an extension, in which case they become POINTLESS. + (a) Many of the components that make up your UA can be derived by other means. + And when those values differ, you provide more bits and raise entropy. + Examples of leaks include navigator objects, date locale/formats, iframes, + headers, tcp/ip attributes, feature detection, and **many** more. + ALL values below intentionally left blank - use RFP, or get a vetted, tested + extension and mimic RFP values to *lower* entropy, or randomize to *raise* it ***/ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); -/* 4701: navigator.userAgent leaks in JS - * [NOTE] Setting this will break any UA spoofing extension whitelisting ***/ - // user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); // (hidden pref) -/* 4702: navigator.buildID (see gecko.buildID in about:config) reveals build time - * down to the second which defeats user agent spoofing and can compromise OS etc +/* 4701: navigator.userAgent ***/ + // user_pref("general.useragent.override", ""); // (hidden pref) +/* 4702: navigator.buildID ( + * reveals build time down to the second * [1] https://bugzilla.mozilla.org/583181 ***/ - // user_pref("general.buildID.override", "20100101"); // (hidden pref) + // user_pref("general.buildID.override", ""); // (hidden pref) /* 4703: navigator.appName ***/ - // user_pref("general.appname.override", "Netscape"); // (hidden pref) + // user_pref("general.appname.override", ""); // (hidden pref) /* 4704: navigator.appVersion ***/ - // user_pref("general.appversion.override", "5.0 (Windows)"); // (hidden pref) -/* 4705: navigator.platform leaks in JS ***/ - // user_pref("general.platform.override", "Win32"); // (hidden pref) -/* 4706: navigator.oscpu leaks in JS ***/ - // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) -/* 4707: general.useragent.locale (related, see 0204-deprecated FF59+) ***/ + // user_pref("general.appversion.override", ""); // (hidden pref) +/* 4705: navigator.platform ***/ + // user_pref("general.platform.override", ""); // (hidden pref) +/* 4706: navigator.oscpu ***/ + // user_pref("general.oscpu.override", ""); // (hidden pref) /*** 5000: PERSONAL [SETUP] Non-project related but useful. If any of these interest you, add them to your overrides ***/ From 9a46fafb53c6bcd4d6404e5db25fa47a67c71506 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Aug 2018 14:52:06 +0000 Subject: [PATCH 0862/1961] 1203: remove TLS fallback-limit Currently enforcing the default at 3, it gets changed to 4 for FF62, and will get deprecated some stage soon - https://bugzilla.mozilla.org/show_bug.cgi?id=1479501 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 37e0d65..a8ecd58 100644 --- a/user.js +++ b/user.js @@ -701,7 +701,6 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ user_pref("security.tls.version.min", 3); -user_pref("security.tls.version.fallback-limit", 3); user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1203: disable SSL session tracking (FF36+) * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. From e6a13e5a932b4e641f76a46f79cf00347dfbc529 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Aug 2018 14:54:47 +0000 Subject: [PATCH 0863/1961] removed security.tls.version.fallback-limit --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 47bec1a..74f216a 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 16-August-2018 + Last updated: 20-August-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -101,6 +101,7 @@ 'services.blocklist.signing.enforced', /* 62-beta */ 'browser.urlbar.autoFill.typed', + 'security.tls.version.fallback-limit', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 7d417da5fdfb632da481358e38fde15f44ee7ba7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Aug 2018 06:09:28 +0000 Subject: [PATCH 0864/1961] 0701: IPv6 info tweak, closes #437 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index a8ecd58..fe49903 100644 --- a/user.js +++ b/user.js @@ -425,7 +425,9 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice * with VPNs. That's even assuming your ISP and/or router and/or website can hande it - * [TEST] http://testmyipv6.com/ + * [WARNING] This is just an application level fallback. Disabling IPv6 is best done + * at an OS/network level, and/or configured properly in VPN setups + * [TEST] http://ipv6leak.com/ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); From 50a578c32ab1efd73361545cd5c284805f7b43a5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 Aug 2018 07:57:21 +0000 Subject: [PATCH 0865/1961] remove extra spaces --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index fe49903..4f43fe6 100644 --- a/user.js +++ b/user.js @@ -34,7 +34,7 @@ 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance - ******/ +******/ /* START: internal custom pref to test for syntax errors * [NOTE] In FF60+, not all syntax errors cause parsing to abort i.e. reaching the last debug @@ -479,7 +479,7 @@ user_pref("network.file.disable_unc_paths", true); // (hidden pref) functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. [NOTE] The urlbar is also commonly referred to as the location bar and address bar #Required reading [#] https://xkcd.com/538/ - ***/ +***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY * don't leak typos to a search engine, give an error message instead ***/ @@ -687,7 +687,7 @@ user_pref("alerts.showFavicons", false); // default: false Optionally, disable the ciphers in 1264. [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ - ***/ +***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /* 1201: disable old SSL/TLS - vulnerable to a MiTM attack @@ -877,7 +877,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); scheme+host+port: https://example.com:8888 #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ - ***/ +***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ @@ -1082,7 +1082,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); [4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 - ***/ +***/ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2302: disable service workers * Service workers essentially act as proxy servers that sit between web apps, and the browser @@ -1337,7 +1337,7 @@ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) indexedDB : profile\storage\default appCache : profile\OfflineCache serviceWorkers : - ***/ +***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP] * You can set exceptions under site permissions or use an extension @@ -1410,7 +1410,7 @@ user_pref("dom.caches.enabled", false); Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced - ***/ +***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown * [SETTING] Privacy & Security>History>Clear history when Firefox closes ***/ From 299489c701cb9da341da176c9c4aa87bb80861a9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 Aug 2018 08:27:45 +0000 Subject: [PATCH 0866/1961] 1000s: cache description/info, closes #436 --- user.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 4f43fe6..7f20269 100644 --- a/user.js +++ b/user.js @@ -609,7 +609,17 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -/*** 1000: CACHE [SETUP] ***/ +/*** 1000: CACHE [SETUP] + ETAG [1] and other [2] cache tracking/fingerprinting techniques can be averted by + disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized + by modifying response headers [3]. Another solution is to use a hardened configuration + with Temporary Containers [4]. Alternatively, you can *LIMIT* exposure by clearing + cache on close (2803). or on a regular basis manually or with an extension. + [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags + [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ + [3] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor + [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 +***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ /* 1001: disable disk cache ***/ From f2065a463c9debcbc63196c5400507bba500b24c Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 29 Aug 2018 17:10:28 +0000 Subject: [PATCH 0867/1961] move 1007 to 9999 (#493) `browser.cache.frecency_experiment` is a dead pref since FF59: https://bugzilla.mozilla.org/1430197 proof: https://dxr.mozilla.org/mozilla-esr60/search?q=frecency_experiment - the pref still exists but is not used anymore ie dead pref --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 7f20269..753fa3c 100644 --- a/user.js +++ b/user.js @@ -645,9 +645,6 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) -/* 1007: disable randomized FF HTTP cache decay experiments - * [1] https://trac.torproject.org/projects/tor/ticket/13575 ***/ -user_pref("browser.cache.frecency_experiment", -1); /* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); @@ -2033,6 +2030,10 @@ user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); // [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ // [-] https://bugzilla.mozilla.org/1374574 user_pref("dom.flyweb.enabled", false); +// 1007: disable randomized FF HTTP cache decay experiments + // [1] https://trac.torproject.org/projects/tor/ticket/13575 + // [-] https://bugzilla.mozilla.org/1430197 +user_pref("browser.cache.frecency_experiment", -1); // 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because From a89e8fc1e02e6f3f9cc048a1952022ff6565703f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Aug 2018 17:12:13 +0000 Subject: [PATCH 0868/1961] removed browser.cache.frecency_experiment --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 74f216a..aa8e7d0 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 20-August-2018 + Last updated: 29-August-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -102,6 +102,7 @@ /* 62-beta */ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', + 'browser.cache.frecency_experiment', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From c805dd8b3b7b0386beddcbbac5314060871827e2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Sep 2018 09:30:42 +0000 Subject: [PATCH 0869/1961] 62 deprecated/removed prefs --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 753fa3c..5192abd 100644 --- a/user.js +++ b/user.js @@ -956,7 +956,6 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ user_pref("plugin.state.flash", 0); -user_pref("plugin.state.java", 0); /* 1805: disable scanning for plugins [WINDOWS] * [1] http://kb.mozillazine.org/Plugin_scanning * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. @@ -2108,6 +2107,11 @@ user_pref("network.jar.block-remote-files", true); // [-] https://bugzilla.mozilla.org/1427726 user_pref("network.jar.open-unsafe-types", false); // * * * / +// FF62 +// 1803: disable Java plugin + // [-] (part5) https://bugzilla.mozilla.org/1461243 +user_pref("plugin.state.java", 0); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 109d4cf916027d663f6367c5cb6b6472812909e0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Sep 2018 09:33:29 +0000 Subject: [PATCH 0870/1961] removed plugin.state.java --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index aa8e7d0..3b83232 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 29-August-2018 + Last updated: 05-Sept-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -103,6 +103,7 @@ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', 'browser.cache.frecency_experiment', + 'plugin.state.java', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 9e342deaf2c458e73b36bad9a48b224c294fd971 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 5 Sep 2018 16:59:04 +0000 Subject: [PATCH 0871/1961] update 1803 after Java removal (#494) --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5192abd..b556c10 100644 --- a/user.js +++ b/user.js @@ -949,11 +949,10 @@ user_pref("plugin.defaultXpi.state", 0); /* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: disable NPAPI plugins (Add-ons>Plugins) +/* 1803: disable Flash plugin (Add-ons>Plugins) * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash - * [NOTE] ESR52 users should check plugin.state* for other installed NPAPI plugins - * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions + * [NOTE] You can still override individual sites via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ user_pref("plugin.state.flash", 0); /* 1805: disable scanning for plugins [WINDOWS] From e7a71143a8f042d261e672ad0c6816abacd2edf7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Sep 2018 14:14:46 +0000 Subject: [PATCH 0872/1961] oophs these two prefs were moved to deprecated, not removed from the user.js itself --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 3b83232..a59325b 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 05-Sept-2018 + Last updated: 08-Sept-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -102,8 +102,6 @@ /* 62-beta */ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', - 'browser.cache.frecency_experiment', - 'plugin.state.java', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From f0c29cf8a6d2b4318fd1046794202630b3a78814 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Sep 2018 16:37:12 +0000 Subject: [PATCH 0873/1961] 62-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b556c10..dce355d 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 08 August 2018 -* version 62-alpha: Total Eclipse of the Pants +* date: 08 September 2018 +* version 62-beta: Total Eclipse of the Pants * "Once upon a time there was light in my life, but now there's only pants in the dark" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 8b5547a9737bbefe93544ba401fdbd2c1a3b3576 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Sep 2018 17:23:48 +0000 Subject: [PATCH 0874/1961] 4504: browser.startup.blankWindow --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index dce355d..18d9a07 100644 --- a/user.js +++ b/user.js @@ -1561,6 +1561,9 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) +/* 4504: disable showing about:blank as soon as possible during startup (FF60+) + * When default true (FF62+) this no longer masks the RFP resizing activity ***/ +user_pref("browser.startup.blankWindow", false); /*** 4600: RFP (4500) ALTERNATIVES [SETUP] * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, From b7c0e816a0abc6f96af96ee03e7db9e589426926 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 9 Sep 2018 20:33:43 +0000 Subject: [PATCH 0875/1961] remove ESR52 grouping in 9999 (#499) --- user.js | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index 18d9a07..89e9b6b 100644 --- a/user.js +++ b/user.js @@ -1907,10 +1907,7 @@ user_pref("media.gmp-eme-adobe.autoupdate", false); // [-] https://bugzilla.mozilla.org/1309719 user_pref("dom.telephony.enabled", false); // ***/ - -/* ESR52.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF53 +/* FF53 // 1265: block rc4 fallback // [-] https://bugzilla.mozilla.org/1130670 user_pref("security.tls.unrestricted_rc4_fallback", false); @@ -1925,8 +1922,8 @@ user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // 2507: disable keyboard fingerprinting // [-] https://bugzilla.mozilla.org/1322736 user_pref("dom.beforeAfterKeyboardEvent.enabled", false); -// * * * / -// FF54 +// ***/ +/* FF54 // 0415: disable reporting URLs (safe browsing) // [-] https://bugzilla.mozilla.org/1288633 user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); @@ -1938,8 +1935,8 @@ user_pref("media.eme.apiVisible", false); // i.e. reading archive contents directly in the browser, through DOM file objects // [-] https://bugzilla.mozilla.org/1342361 user_pref("dom.archivereader.enabled", false); -// * * * / -// FF55 +// ***/ +/* FF55 // 0209: disable geolocation on non-secure origins (FF54+) // [1] https://bugzilla.mozilla.org/1269531 // [-] https://bugzilla.mozilla.org/1072859 @@ -1977,16 +1974,16 @@ user_pref("browser.tabs.animate", false); // 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/1352069 user_pref("browser.fullscreen.animate", false); -// * * * / -// FF56 +// ***/ +/* FF56 // 0515: disable Screenshots (rollout pref only) (FF54+) // [-] https://bugzilla.mozilla.org/1386333 // user_pref("extensions.screenshots.system-disabled", true); // 0517: disable Form Autofill (FF55+) - replaced by extensions.formautofill.available // [-] https://bugzilla.mozilla.org/1385201 user_pref("extensions.formautofill.experimental", false); -// * * * / -// FF57 +// ***/ +/* FF57 // 0374: disable "social" integration // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388902,1406193 (some leftovers were removed in FF58) @@ -2011,8 +2008,8 @@ user_pref("browser.casting.enabled", false); // 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) // [-] https://bugzilla.mozilla.org/1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); -// * * * / -// FF59 +// ***/ +/* FF59 // 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested // [-] https://bugzilla.mozilla.org/1414390 user_pref("intl.locale.matchOS", false); @@ -2062,8 +2059,8 @@ user_pref("dom.disable_window_status_change", true); // 2416: disable idle observation // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("dom.idle-observers-api.enabled", false); -// * * * / -// FF60 +// ***/ +/* FF60 // 0360: disable new tab tile ads & preload & marketing junk // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133 user_pref("browser.newtabpage.directory.source", "data:text/plain,"); @@ -2087,7 +2084,6 @@ user_pref("dom.workers.enabled", false); // 5000's: open "page/selection source" in a new window // [-] https://bugzilla.mozilla.org/1418403 // user_pref("view_source.tab", false); -// * * * / // ***/ /* ESR60.x still uses all the following prefs From 11a94c7e320e3c14f5c542d9ca8a9776c0162fd9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Sep 2018 20:43:56 +0000 Subject: [PATCH 0876/1961] 4503: add bugzilla --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 89e9b6b..b9dcb40 100644 --- a/user.js +++ b/user.js @@ -1562,7 +1562,8 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) /* 4504: disable showing about:blank as soon as possible during startup (FF60+) - * When default true (FF62+) this no longer masks the RFP resizing activity ***/ + * When default true (FF62+) this no longer masks the RFP resizing activity + * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); /*** 4600: RFP (4500) ALTERNATIVES [SETUP] From 6717bc0674b92078971da41b712cf3668440bb87 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Sep 2018 20:46:35 +0000 Subject: [PATCH 0877/1961] 1024: toolkit.winRegisterApplicationRestart --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index b9dcb40..84a3179 100644 --- a/user.js +++ b/user.js @@ -669,6 +669,9 @@ user_pref("browser.sessionstore.resume_from_crash", false); * This longer interval *may* affect history but we cannot replicate any history not recorded * [1] https://bugzilla.mozilla.org/1304389 ***/ user_pref("browser.sessionstore.interval", 30000); +/* 1024: disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) + * [1] https://bugzilla.mozilla.org/603903 ***/ +user_pref("toolkit.winRegisterApplicationRestart", false); /** FAVICONS ***/ /* 1030: disable favicons in shortcuts * URL shortcuts use a cached randomly named .ico file which is stored in your From 01a978e33ae649e366fd2796dacd5aa145d276a4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Sep 2018 16:43:18 +0000 Subject: [PATCH 0878/1961] add 0864: dom.forms.datetime, closes #495 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 84a3179..5fee46a 100644 --- a/user.js +++ b/user.js @@ -558,6 +558,10 @@ user_pref("browser.formfill.enable", false); * [SETTING] Privacy & Security>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); +/* 0864: disable date/time picker (FF57+ default true) + * This can leak your locale if not en-US + * [1] https://trac.torproject.org/projects/tor/ticket/21787 ***/ +user_pref("dom.forms.datetime", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From ee213f2babba007f943f351dd6601c0525c18d65 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 12 Sep 2018 22:17:56 +0000 Subject: [PATCH 0879/1961] infos about default values (#504) * more infos * add colons not all EOL comments for defaults start with `// default` (23). The common string is `default:` (27 incl. these ones) with or without preceding or trailing spaces --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 5fee46a..55c805e 100644 --- a/user.js +++ b/user.js @@ -216,7 +216,7 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ -user_pref("extensions.blocklist.enabled", true); +user_pref("extensions.blocklist.enabled", true); // default: true user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: enable Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications @@ -424,7 +424,7 @@ user_pref("network.predictor.enable-prefetch", false); user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice - * with VPNs. That's even assuming your ISP and/or router and/or website can hande it + * with VPNs. That's even assuming your ISP and/or router and/or website can handle it * [WARNING] This is just an application level fallback. Disabling IPv6 is best done * at an OS/network level, and/or configured properly in VPN setups * [TEST] http://ipv6leak.com/ @@ -781,7 +781,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); /** MIXED CONTENT ***/ /* 1240: disable insecure active content on https pages - mixed content * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ -user_pref("security.mixed_content.block_active_content", true); +user_pref("security.mixed_content.block_active_content", true); // default: true /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ user_pref("security.mixed_content.block_display_content", true); @@ -939,7 +939,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * [SETTING] Privacy & Security>Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ - // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); + // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true in FF61+ /* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) * 0=disables long press, 1=when clicked, the menu is shown * 2=the menu is shown after X milliseconds @@ -1336,7 +1336,7 @@ user_pref("security.csp.experimentalEnabled", true); * [1] https://bugzilla.mozilla.org/1331351 * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ -user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); +user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+ /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ @@ -1382,7 +1382,7 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * [3] https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ ***/ // user_pref("network.cookie.same-site.enabled", true); // default: true /* 2710: disable DOM (Document Object Model) Storage - * [WARNING] This will break a LOT of sites' functionality. + * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); /* 2720: enforce IndexedDB (IDB) as enabled @@ -1398,7 +1398,7 @@ user_pref("dom.indexedDB.enabled", true); // default: true user_pref("browser.cache.offline.enable", false); /* 2730b: disable offline cache on insecure sites (FF60+) * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ -user_pref("browser.cache.offline.insecure.enable", false); +user_pref("browser.cache.offline.insecure.enable", false); // default: false in FF62+ /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ From 36c791c4bc031e83ba72d19bd828f03dfcfbf8e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Sep 2018 22:23:59 +0000 Subject: [PATCH 0880/1961] remove 2661: *webextensions.keep* Added in FF51 with defaults false and never changed since --- user.js | 6 ------ 1 file changed, 6 deletions(-) diff --git a/user.js b/user.js index 55c805e..0a8aa44 100644 --- a/user.js +++ b/user.js @@ -1309,12 +1309,6 @@ user_pref("browser.download.forbid_open_with", true); * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.autoDisableScopes", 15); -/* 2661: clear localStorage and UUID when an extension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); From 2d316ceedd347836ad268e5d59c3b20a5a56565a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Sep 2018 22:27:26 +0000 Subject: [PATCH 0881/1961] removed *webextensions.keep* --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index a59325b..0b1980e 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 08-Sept-2018 + Last updated: 12-Sept-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -102,6 +102,8 @@ /* 62-beta */ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', + 'extensions.webextensions.keepStorageOnUninstall', + 'extensions.webextensions.keepUuidOnUninstall', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 1c6c5ea2ff3cbd9185e80c869f8b1c4217d223bd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Sep 2018 05:09:07 +0000 Subject: [PATCH 0882/1961] 1000s: cache header section #496 --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 0a8aa44..00a04d1 100644 --- a/user.js +++ b/user.js @@ -614,15 +614,16 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); /*** 1000: CACHE [SETUP] - ETAG [1] and other [2] cache tracking/fingerprinting techniques can be averted by + ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized - by modifying response headers [3]. Another solution is to use a hardened configuration - with Temporary Containers [4]. Alternatively, you can *LIMIT* exposure by clearing + by modifying response headers [4]. Another solution is to use a hardened configuration + with Temporary Containers [5]. Alternatively, you can *LIMIT* exposure by clearing cache on close (2803). or on a regular basis manually or with an extension. [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ - [3] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor - [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache + [4] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor + [5] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ From f88af1dac6edda674c80d0b74fdb026abc70447c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 20 Sep 2018 23:39:44 +0000 Subject: [PATCH 0883/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 90bdea3..5367578 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github + * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From ca1cc2001f9d40c4dff9e32f396cf9d43df256cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 20 Sep 2018 23:40:29 +0000 Subject: [PATCH 0884/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5367578..9b59e75 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) + * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From b2fc9bc2664820cb22a658fb9a3977390029333a Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 30 Sep 2018 15:20:36 +0000 Subject: [PATCH 0885/1961] remove 0421: privacy.trackingprotection.ui.enabled - pref removed in FF63 (https://bugzilla.mozilla.org/1476879) - when we added it the default was false - default is true since FF57 - it's only an UI thing ergo we don't need to move it to 9999 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 00a04d1..5146813 100644 --- a/user.js +++ b/user.js @@ -285,9 +285,6 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default: true // user_pref("privacy.trackingprotection.enabled", true); -/* 0421: enable more Tracking Protection choices under Options>Privacy & Security>Use Tracking Protection - * Displays three choices: "Always", "Only in private windows", "Never" ***/ -user_pref("privacy.trackingprotection.ui.enabled", true); /* 0422: set which Tracking Protection block list to use * [WARNING] We don't recommend enforcing this from here, as available block lists can change * [SETTING] Privacy & Security>Tracking Protection>Change Block List ***/ From ec5fb6e3a1833c2db8eacd2e31bc12f0d469a859 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 30 Sep 2018 15:24:33 +0000 Subject: [PATCH 0886/1961] removed privacy.trackingprotection.ui.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 0b1980e..6f3dd47 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 12-Sept-2018 + Last updated: 30-Sept-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -102,8 +102,10 @@ /* 62-beta */ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', + /* 63-beta */ 'extensions.webextensions.keepStorageOnUninstall', 'extensions.webextensions.keepUuidOnUninstall', + 'privacy.trackingprotection.ui.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From aacf5d4a0b2cb056957cecc464b6a30d0ef978ff Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 30 Sep 2018 15:30:32 +0000 Subject: [PATCH 0887/1961] update 1031 description --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5146813..b5dc7e7 100644 --- a/user.js +++ b/user.js @@ -681,7 +681,7 @@ user_pref("toolkit.winRegisterApplicationRestart", false); * If set to false then the shortcuts use a generic Firefox icon ***/ user_pref("browser.shell.shortcutFavicons", false); /* 1031: disable favicons in tabs and new bookmarks - * bookmark favicons are stored as data blobs in places.sqlite>moz_favicons ***/ + * bookmark favicons are stored as data blobs in favicons.sqlite ***/ // user_pref("browser.chrome.site_icons", false); // user_pref("browser.chrome.favicons", false); /* 1032: disable favicons in web notifications ***/ From cbcd293e68a2d6eebdd6268140aa55fe1963461a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 Oct 2018 05:50:09 +0000 Subject: [PATCH 0888/1961] RFP: spoof/suppress Pointer Events https://bugzilla.mozilla.org/show_bug.cgi?id=1363508 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index b5dc7e7..fb3fdb1 100644 --- a/user.js +++ b/user.js @@ -1543,6 +1543,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers [ANDROID] (FF62+) + ** 1363508 - spoof/suppress Pointer Events (FF64+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 21b18cbe49b901280a3ea4a6e0e7016bb05cfe2f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 Oct 2018 10:46:35 +0000 Subject: [PATCH 0889/1961] finalize 62 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index fb3fdb1..1665501 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 08 September 2018 -* version 62-beta: Total Eclipse of the Pants +* date: 10 October 2018 +* version 62: Total Eclipse of the Pants * "Once upon a time there was light in my life, but now there's only pants in the dark" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 58931bc15d80ceba832006554bc3cdb5f10223f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 Oct 2018 11:25:03 +0000 Subject: [PATCH 0890/1961] start 63 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 1665501..0368473 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 10 October 2018 -* version 62: Total Eclipse of the Pants -* "Once upon a time there was light in my life, but now there's only pants in the dark" +* version 63-alpha: Pants Romance +* "Rah rah ah-ah-ah! Ro mah ro-mah-mah. Gaga oh-la-la! Want your pants romance" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 732c438148511b3b32e7f1ce40486db3f2a3431d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 14 Oct 2018 12:11:56 +0000 Subject: [PATCH 0891/1961] 0710: disable GIO... #442 --- user.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user.js b/user.js index 0368473..d3463e3 100644 --- a/user.js +++ b/user.js @@ -468,6 +468,14 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // default: false /* 0709: disable using UNC (Uniform Naming Convention) paths (FF61+) * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ user_pref("network.file.disable_unc_paths", true); // (hidden pref) +/* 0710: disable GIO as a potential proxy bypass vector + * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, + * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) + * [1] https://bugzilla.mozilla.org/1433507 + * [2] https://trac.torproject.org/23044 + * [3] https://en.wikipedia.org/wiki/GVfs + * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ +user_pref("network.gio.supported-protocols", ""); // (hidden pref) /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] If you are in a private environment (no unwanted eyeballs) and your device is private From 9e073ea5d5c2b928cd31698eeb227a1b2f362611 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 Oct 2018 11:57:32 +0000 Subject: [PATCH 0892/1961] 1201: SSL renegotiation -> active, closes #519 --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index d3463e3..d3a2ccf 100644 --- a/user.js +++ b/user.js @@ -710,10 +710,11 @@ user_pref("alerts.showFavicons", false); // default: false ***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ -/* 1201: disable old SSL/TLS - vulnerable to a MiTM attack - * [WARNING] Tested Feb 2017 - still breaks too many sites - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ - // user_pref("security.ssl.require_safe_negotiation", true); +/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack) + * [WARNING] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2] + * [1] https://wiki.mozilla.org/Security:Renegotiation + * [2] https://www.ssllabs.com/ssl-pulse/ ***/ +user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 From 7aac6d476ab71b43d78bf6c68ffa81955007d2bf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 Oct 2018 12:01:42 +0000 Subject: [PATCH 0893/1961] 1270: link to 1201, #519 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d3a2ccf..4e297d3 100644 --- a/user.js +++ b/user.js @@ -822,7 +822,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); // user_pref("security.ssl3.rsa_aes_256_sha", false); /** UI (User Interface) ***/ -/* 1270: display warning (red padlock) for "broken security" +/* 1270: display warning (red padlock) for "broken security" (see 1201) * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings From 587194ce848717377f2287e34699ce249d8b14ae Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 20 Oct 2018 01:35:37 +0000 Subject: [PATCH 0894/1961] 1403: icon fonts: flip, make inactive, closes #521 --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 4e297d3..d7f18ab 100644 --- a/user.js +++ b/user.js @@ -857,9 +857,11 @@ user_pref("browser.display.use_document_fonts", 0); // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial // user_pref("font.name.monospace.x-unicode", "Lucida Console"); // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New -/* 1403: enable icon fonts (glyphs) (FF41+) - * [1] https://bugzilla.mozilla.org/789788 ***/ -user_pref("gfx.downloadable_fonts.enabled", true); // default: true +/* 1403: disable icon fonts (glyphs) (FF41) and local fallback rendering + * [1] https://bugzilla.mozilla.org/789788 + * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/ + // user_pref("gfx.downloadable_fonts.enabled", false); + // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); From 56206f77ba6833876931e346212e3df9d2cf9ae5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 23 Oct 2018 15:45:31 +0000 Subject: [PATCH 0895/1961] removed, renamed or hidden in v63.0 (#523) * removed, renamed or hidden in v63.0 - 0301a - do you want to add the `[NOTE] Firefox currently checks every 12 hrs ...` to `0302a` ? The problem is it also checks for updates every time you open/reload about:preferences and in Menu>Help>About Firefox regardless of when the last check was. - 0513 - removed because follow-on-search is no longer a deletable system addon - 2703 - do we just remove `3=for n days` or add a [NOTE] that value 3 was remove in FF63 or something? - `browser.ctrlTab.recentlyUsedOrder` replaces `browser.ctrlTab.previews` but it now defaults to true. No need to list the new one under 5000 IMO * Update user.js * 1031 add more info https://bugzilla.mozilla.org/show_bug.cgi?id=1453751#c28 * 0301a: remove update-check timing info * 2703: add version deprecation for value 3 --- user.js | 61 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 39 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index d7f18ab..6be3a70 100644 --- a/user.js +++ b/user.js @@ -90,7 +90,6 @@ user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=b * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ -user_pref("browser.search.countryCode", "US"); // (hidden pref) user_pref("browser.search.region", "US"); // (hidden pref) user_pref("browser.search.geoip.url", ""); /* 0205: set OS & APP locale (FF59+) @@ -119,16 +118,11 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. It is still important to do updates for security reasons, please do so manually. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301a: disable auto-update checks for Firefox - * [NOTE] Firefox currently checks every 12 hrs and allows 8 day notification dismissal - * [SETTING] General>Firefox Updates>Never check for updates ***/ - // user_pref("app.update.enabled", false); /* 0301b: disable auto-update checks for extensions * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.enabled", false); -/* 0302a: disable auto update installing for Firefox (after the check in 0301a) - * [SETTING] General>Firefox Updates>Check for updates but let you choose... - * [NOTE] The UI checkbox also controls the behavior for checking, the pref only controls auto installing ***/ +/* 0302a: disable auto update installing for Firefox + * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/ user_pref("app.update.auto", false); /* 0302b: disable auto update installing for extensions (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ @@ -218,12 +212,10 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); // default: true user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: enable Kinto blocklist updates (FF50+) +/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/ -user_pref("services.blocklist.update_enabled", true); -/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/ // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", ""); @@ -330,7 +322,6 @@ user_pref("network.allow-experiments", false); user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); -user_pref("shield.savant.enabled", false); // (FF61+) /* 0505: disable System Add-on updates * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/ // user_pref("extensions.systemAddon.update.enabled", false); // (FF62+) @@ -343,9 +334,6 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0513: disable Follow On Search (FF53+) - * Just DELETE the XPI file in your System Add-ons directory - * [1] https://blog.mozilla.org/data/2017/06/05/measuring-search-in-firefox/ ***/ /* 0514: disable Activity Stream (FF54+) * Activity Stream is the default homepage/newtab in FF57+. It is based on metadata and browsing behavior, * and includes telemetry and web content such as snippets, top stories (pocket), top sites, etc. @@ -691,7 +679,6 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1031: disable favicons in tabs and new bookmarks * bookmark favicons are stored as data blobs in favicons.sqlite ***/ // user_pref("browser.chrome.site_icons", false); - // user_pref("browser.chrome.favicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); // default: false @@ -1043,9 +1030,10 @@ user_pref("dom.imagecapture.enabled", false); // default: false /* 2028: disable offscreen canvas (FF44+) * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // default: false -/* 2030: disable auto-play of HTML5 media +/* 2030: disable auto-play of HTML5 media (FF63+) + * 0=Allowed (default), 1=Blocked, 2=Prompt * [WARNING] This may break video playback on various sites ***/ -user_pref("media.autoplay.enabled", false); +user_pref("media.autoplay.default", 1); /* 2031: disable audio auto-play in non-active tabs (FF51+) * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); @@ -1371,11 +1359,9 @@ user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy - * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref) + * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see 2704-deprecated FF63+) * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); -/* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/ - // user_pref("network.cookie.lifetime.days", 90); /* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); // default: true @@ -1703,7 +1689,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line /* UX BEHAVIOR ***/ // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing - // user_pref("browser.ctrlTab.previews", true); // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab (FF57+) // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) @@ -2122,6 +2107,38 @@ user_pref("network.jar.open-unsafe-types", false); // [-] (part5) https://bugzilla.mozilla.org/1461243 user_pref("plugin.state.java", 0); // * * * / +// FF63 +// 0202: disable GeoIP-based search results + // [NOTE] May not be hidden if Firefox has changed your settings due to your locale + // [-] https://bugzilla.mozilla.org/1462015 +user_pref("browser.search.countryCode", "US"); // (hidden pref) +// 0301a: disable auto-update checks for Firefox + // [SETTING] General>Firefox Updates>Never check for updates + // [-] https://bugzilla.mozilla.org/1420514 + // user_pref("app.update.enabled", false); +// 0402: enable Kinto blocklist updates (FF50+) + // What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications + // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be + // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes + // [-] https://bugzilla.mozilla.org/1458917 +user_pref("services.blocklist.update_enabled", true); +// 0503: disable "Savant" Shield study (FF61+) + // [-] https://bugzilla.mozilla.org/1457226 +user_pref("shield.savant.enabled", false); +// 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons + // [-] https://bugzilla.mozilla.org/1453751 + // user_pref("browser.chrome.favicons", false); +// 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default + // [WARNING] This may break video playback on various sites + // [-] https://bugzilla.mozilla.org/1470082 +user_pref("media.autoplay.enabled", false); +// 2704: set cookie lifetime in days (see 2703) + // [-] https://bugzilla.mozilla.org/1457170 + // user_pref("network.cookie.lifetime.days", 90); // default: 90 +// 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder + // [-] https://bugzilla.mozilla.org/1473595 + // user_pref("browser.ctrlTab.previews", true); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 24f7847f7321e1a55add50ea78f0393f92a00917 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Oct 2018 16:13:23 +0000 Subject: [PATCH 0896/1961] 2703: make value 3 info clearer --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 6be3a70..cb2d363 100644 --- a/user.js +++ b/user.js @@ -1359,7 +1359,8 @@ user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy - * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see 2704-deprecated FF63+) + * 0=until they expire (default), 2=until you close Firefox + * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) From 1abe1fd4df744780460a047046c6a6ab3615c570 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Oct 2018 10:15:37 +0000 Subject: [PATCH 0897/1961] 4702: buildID cleanup, closes 518 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index cb2d363..af0f24e 100644 --- a/user.js +++ b/user.js @@ -1654,9 +1654,10 @@ user_pref("webgl.enable-debug-renderer-info", false); user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); /* 4701: navigator.userAgent ***/ // user_pref("general.useragent.override", ""); // (hidden pref) -/* 4702: navigator.buildID ( - * reveals build time down to the second - * [1] https://bugzilla.mozilla.org/583181 ***/ +/* 4702: navigator.buildID + * Revealed build time down to the second. In FF64+ it now returns a fixed timestamp + * [1] https://bugzilla.mozilla.org/583181 + * [2] https://www.fxsitecompat.com/en-CA/docs/2018/navigator-buildid-now-returns-a-fixed-timestamp/ ***/ // user_pref("general.buildID.override", ""); // (hidden pref) /* 4703: navigator.appName ***/ // user_pref("general.appname.override", ""); // (hidden pref) From e8bfa936966785fe6a167d6728146640945d8ec9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 Oct 2018 00:13:50 +0000 Subject: [PATCH 0898/1961] 0410s: SBv4 & cookies, #520 --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index af0f24e..1f5b319 100644 --- a/user.js +++ b/user.js @@ -222,13 +222,13 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi // user_pref("services.blocklist.gfx.collection", ""); /** SAFE BROWSING (SB) - This sub-section has been redesigned to differentiate between "real-time"/"user initiated" - data being sent to Google from all other settings such as using local blocklists/whitelists and - updating those lists. There are NO privacy issues here. *IF* required, a full url is never sent - to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. - Google also swear it is anonymized and only used to flag malicious sites/activity. Firefox - also takes measures such as striping out identifying parameters and storing safe browsing - cookies in a separate jar. (#Turn on browser.safebrowsing.debug to monitor this activity) + This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data + being sent to Google from all other settings such as using local blocklists/whitelists and updating + those lists. There are NO privacy issues here. *IF* required, a full url is never sent to Google, + only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also + swear it is anonymized and only used to flag malicious sites/activity. Firefox also takes measures + such as striping out identifying parameters and storing safe browsing cookies in a separate jar. + SB v4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ /* 0410: disable "Block dangerous and deceptive content" (under Options>Privacy & Security) From 68e44285c57f0a274461e321ca87e33bed8633a7 Mon Sep 17 00:00:00 2001 From: Mtq <5884000+KonoromiHimaries@users.noreply.github.com> Date: Sat, 27 Oct 2018 16:52:19 +0200 Subject: [PATCH 0899/1961] Update README.md (#524) + compressed --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9b59e75..3f9df6f 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,14 @@ -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) user.js +### ![][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js +### ![][b] ghacks user.js The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments +### ![][b] acknowledgments Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 @@ -18,4 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + +[b]: https://i.postimg.cc/TPT20mdn/bullet01.png From 29d832e350acb41b6a90f574acd052969b662a73 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Oct 2018 14:55:15 +0000 Subject: [PATCH 0900/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f9df6f..f22e3c3 100644 --- a/README.md +++ b/README.md @@ -20,4 +20,4 @@ Literally thousands of sources, references and suggestions. That said... ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://i.postimg.cc/TPT20mdn/bullet01.png +[b]: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png From b4b5e3a06826492b2f98780112dd5dbe4cea769b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Oct 2018 03:57:54 +1300 Subject: [PATCH 0901/1961] Add files via upload --- wikipiki/License-MIT-yellow.svg | 1 + 1 file changed, 1 insertion(+) create mode 100644 wikipiki/License-MIT-yellow.svg diff --git a/wikipiki/License-MIT-yellow.svg b/wikipiki/License-MIT-yellow.svg new file mode 100644 index 0000000..d4aa560 --- /dev/null +++ b/wikipiki/License-MIT-yellow.svg @@ -0,0 +1 @@ + licenselicenseMITMIT \ No newline at end of file From 49d9314b0add9998c8cb90e1f3dede3070e57ea0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Oct 2018 15:00:10 +0000 Subject: [PATCH 0902/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f22e3c3..985308a 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [b]: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png From 0efebe3e83fd349c8c9e74b6d56f5a93a346f569 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 27 Oct 2018 16:17:25 +0000 Subject: [PATCH 0903/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 985308a..d1bb973 100644 --- a/README.md +++ b/README.md @@ -20,4 +20,4 @@ Literally thousands of sources, references and suggestions. That said... ### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png +[b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png From 806d04772906cc50cb08ab4ccd36e51c17e8f486 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 27 Oct 2018 16:28:15 +0000 Subject: [PATCH 0904/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d1bb973..30c5372 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### ![][b] user.js +### • user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js From 8f10300c15e1d897b7115e949c5fb36658631265 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 27 Oct 2018 16:29:34 +0000 Subject: [PATCH 0905/1961] Update _config.yml --- _config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 1885487..a8f761e 100644 --- a/_config.yml +++ b/_config.yml @@ -1 +1,3 @@ -theme: jekyll-theme-midnight \ No newline at end of file +theme: jekyll-theme-midnight +title: ghacks-user.js +description: An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting From 39a30d710b1dd27d79c5c48006813f1684d92b8c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 27 Oct 2018 16:30:38 +0000 Subject: [PATCH 0906/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 30c5372..d1bb973 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### • user.js +### ![][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js From 661af196d9e9775ea0b29ecd639a75a30cd5ebfa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Oct 2018 11:08:18 +0000 Subject: [PATCH 0907/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d1bb973..e601a9d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js -The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +The `ghacks user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. @@ -18,6 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png From 452c71750241eb7fb3bc53267be153b507b6a912 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Oct 2018 11:09:47 +0000 Subject: [PATCH 0908/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e601a9d..7ad85e8 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![][b] [![License: MIT](https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/tree/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png From 7b3e6f5143f75e944bc69f2645f1e773fb4a643e Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 28 Oct 2018 15:20:41 +0000 Subject: [PATCH 0909/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7ad85e8..8252a30 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/tree/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png +[b]: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png From 5a36b4e016c27db22ee0e040edbe1ba399085ab6 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 28 Oct 2018 15:58:47 +0000 Subject: [PATCH 0910/1961] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8252a30..2b3454b 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,6 @@ Literally thousands of sources, references and suggestions. That said... 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. -### ![][b] [![License: MIT](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png +[b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png From afee555045df337d07874cf143bdbeaac4c8e363 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Oct 2018 16:46:22 +0000 Subject: [PATCH 0911/1961] FPI: isolate postMessage... --- user.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 1f5b319..53fd981 100644 --- a/user.js +++ b/user.js @@ -1472,6 +1472,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1344170 - isolate blob: URI (FF55+) ** 1300671 - isolate data:, about: URLs (FF55+) ** 1473247 - isolate IP addresses (FF63+) + ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) NOTE: FPI has some issues depending on your Firefox release ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes @@ -1485,8 +1486,14 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener (FF54+) * [NOTE] Setting this to false may reduce the breakage in 4001 - * [1] https://bugzilla.mozilla.org/1319773#c22 ***/ -user_pref("privacy.firstparty.isolate.restrict_opener_access", true); + * [FF65+] blocks postMessage with targetOrigin "*" if originAttributes don't match. But + * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3]) + * The 2nd pref removes that limitation and will only allow communication if FPDs also match. + * [1] https://bugzilla.mozilla.org/1319773#c22 + * [2] https://bugzilla.mozilla.org/1492607 + * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ +user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true + // user_pref("privacy.firstparty.isolate.block_post_message", true); // (hidden pref) /*** 4500: privacy.resistFingerprinting (RFP) This master switch will be used for a wide range of items, many of which will From 58fa4e9b6d44ba37adf2d5083b09f28ef792dc06 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 29 Oct 2018 14:26:49 +0000 Subject: [PATCH 0912/1961] 0514: disable snippets, top stories, telemetry --- user.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/user.js b/user.js index 53fd981..374a63b 100644 --- a/user.js +++ b/user.js @@ -340,9 +340,22 @@ user_pref("extensions.pocket.enabled", false); * - ONE: make sure to set your "home" and "newtab" to about:blank (or use an extension to control them) * - TWO: DELETE the XPI file in your System Add-ons directory (note this get reinstalled on app updates) * And/or you can try to control the ever-growing, ever-changing "browser.newtabpage.activity-stream.*" prefs + * [FF63+] Activity Stream (AS) is now builtin and no longer an easily deletable system addon! + * We'll clean this up and move to a new number when ESR67 is released. * [1] https://wiki.mozilla.org/Firefox/Activity_Stream * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ user_pref("browser.library.activity-stream.enabled", false); // (FF57+) +/* 0514a: disable AS Snippets ***/ +user_pref("browser.newtabpage.activity-stream.disableSnippets", true); +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [SETTING] Home>Firefox Home Content>Snippets +/* 0514b: disable AS Top Stories and other Pocket-based and/or sponsored content ***/ +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [SETTING] Home>Firefox Home Content>Highlights>Pages Saved to Pocket +user_pref("browser.newtabpage.activity-stream.showSponsored", false); +/* 0514c: disable AS telemetry ***/ +user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); +user_pref("browser.newtabpage.activity-stream.telemetry", false); +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0515: disable Screenshots (FF55+) * alternatively in FF60+, disable uploading to the Screenshots server * [1] https://github.com/mozilla-services/screenshots From f8fc465d0aa30fc66282095199c892dce104358c Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 29 Oct 2018 15:40:24 +0000 Subject: [PATCH 0913/1961] 2701: add new descriptions and new value (#527) --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 374a63b..2bfff10 100644 --- a/user.js +++ b/user.js @@ -1357,7 +1357,9 @@ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP] * You can set exceptions under site permissions or use an extension - * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie + * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, + * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) + * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). From 89bc0bee16d9728208208c38c6e6828b17c95d84 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 4 Nov 2018 14:44:20 +0000 Subject: [PATCH 0914/1961] scheme+host+path+port -> scheme+host+port+path (#530) --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 2bfff10..6945045 100644 --- a/user.js +++ b/user.js @@ -896,7 +896,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); use the site and then change the values back. If you visit those sites regularly (e.g. Vimeo), use an extension. full URI: https://example.com:8888/foo/bar.html?id=1234 - scheme+host+path+port: https://example.com:8888/foo/bar.html + scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ @@ -906,13 +906,13 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ user_pref("network.http.sendRefererHeader", 2); /* 1602: ALL: control the amount of information to send - * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/ + * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer [SETUP] * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) - * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/ + * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer * [WARNING] Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on ***/ From b6b9733afa5e887abafc878456f9c0a0a4c20d20 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Nov 2018 15:14:32 +0000 Subject: [PATCH 0915/1961] remove old information (#531) Pants said "We do not need to keep anything for ESR users. ESR users are on v60, and we have an archived 60 for them." This isn't even affecting ESR60 but only older versions. --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 6945045..2a87f25 100644 --- a/user.js +++ b/user.js @@ -1398,8 +1398,7 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * via an extenion. Note that IDB currently cannot be sanitized by host. * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/ user_pref("dom.indexedDB.enabled", true); // default: true -/* 2730: disable offline cache - * [NOTE] For FF51-FF60 (ESR not included), this is required 'true' for Storage API (2750) ***/ +/* 2730: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); /* 2730b: disable offline cache on insecure sites (FF60+) * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ @@ -1415,7 +1414,6 @@ user_pref("dom.caches.enabled", false); * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. - * [NOTE] For FF51-FF60 (ESR not included), if Storage API is enabled, then Offline Cache (2730) must be also be enabled * [1] https://developer.mozilla.org/docs/Web/API/StorageManager * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ From 92acb6b2f754cbce457789877c2c206c0908817b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 12 Nov 2018 00:06:19 +0000 Subject: [PATCH 0916/1961] saving the world, one byte at a time --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2a87f25..bdee111 100644 --- a/user.js +++ b/user.js @@ -1713,7 +1713,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab (FF57+) - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) + // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ From 8fd6061bcc977d6e242ba08b1c50ac46b0225b7d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 08:19:19 +0000 Subject: [PATCH 0917/1961] 0426: enforce CB --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bdee111..bdcf7ed 100644 --- a/user.js +++ b/user.js @@ -194,7 +194,7 @@ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION / CONTENT BLOCKING This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. @@ -268,7 +268,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); -/** TRACKING PROTECTION (TP) +/** TRACKING PROTECTION (TP) / CONTENT BLOCKING There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ /* 0420: enable Tracking Protection in all windows @@ -295,6 +295,8 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); +/* 0426: enforce Content Blocking (required to block cookies) (FF63+) ***/ +user_pref("browser.contentblocking.enabled", true); // default: true /*** 0500: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be From f214e4bc4e69af62a031323142b3645bd0bad340 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 08:42:49 +0000 Subject: [PATCH 0918/1961] 2517: disable Media Capabilities API (for now) --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index bdcf7ed..0648345 100644 --- a/user.js +++ b/user.js @@ -1214,6 +1214,11 @@ user_pref("dom.webaudio.enabled", false); /* 2516: disable PointerEvents * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ user_pref("dom.w3c_pointer_events.enabled", false); +/* 2517: disable Media Capabilities API (FF63+) + [WARNING] This *may* affect media performance if disabled, no one is sure + [1] https://github.com/WICG/media-capabilities + [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ +user_pref("media.media-capabilities.enabled", false); /*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From 4834472107a4c03c206571271586dfe0bf9bcc92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 15:01:35 +0000 Subject: [PATCH 0919/1961] remove 0426 content blocking --- user.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 0648345..b96b4f0 100644 --- a/user.js +++ b/user.js @@ -194,7 +194,7 @@ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION / CONTENT BLOCKING +/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. @@ -268,7 +268,7 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); -/** TRACKING PROTECTION (TP) / CONTENT BLOCKING +/** TRACKING PROTECTION (TP) There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ /* 0420: enable Tracking Protection in all windows @@ -295,8 +295,6 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); -/* 0426: enforce Content Blocking (required to block cookies) (FF63+) ***/ -user_pref("browser.contentblocking.enabled", true); // default: true /*** 0500: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be From 3423d39fa9255a4793fa60d6de63ba2cb2d95e1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 15:11:01 +0000 Subject: [PATCH 0920/1961] 2517 Media Capabilities => inactive see https://github.com/ghacksuserjs/ghacks-user.js/commit/f214e4bc4e69af62a031323142b3645bd0bad340#comments --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index b96b4f0..a5f7971 100644 --- a/user.js +++ b/user.js @@ -1213,10 +1213,10 @@ user_pref("dom.webaudio.enabled", false); * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ user_pref("dom.w3c_pointer_events.enabled", false); /* 2517: disable Media Capabilities API (FF63+) - [WARNING] This *may* affect media performance if disabled, no one is sure - [1] https://github.com/WICG/media-capabilities - [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ -user_pref("media.media-capabilities.enabled", false); + * [WARNING] This *may* affect media performance if disabled, no one is sure + * [1] https://github.com/WICG/media-capabilities + * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ + // user_pref("media.media-capabilities.enabled", false); /*** 2600: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From ce48306a0dffffedc5932d8eac05c79e7a0f69c1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 15:12:20 +0000 Subject: [PATCH 0921/1961] finalize beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a5f7971..7d61448 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 10 October 2018 -* version 63-alpha: Pants Romance +* date: 13 November 2018 +* version 63-beta: Pants Romance * "Rah rah ah-ah-ah! Ro mah ro-mah-mah. Gaga oh-la-la! Want your pants romance" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 3003f2dd85be1851d1493e94df801c5c6d8c29ef Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 15:30:39 +0000 Subject: [PATCH 0922/1961] make up yer mind stick it back in for two releases - pref gets removed in FF65 anyway --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 7d61448..be8a695 100644 --- a/user.js +++ b/user.js @@ -295,6 +295,8 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); +/* 0426: enforce Content Blocking (required to block cookies) (FF63+) ***/ +user_pref("browser.contentblocking.enabled", true); // default: true /*** 0500: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be From 0cc4007eda10a92dadbe8d3548a06a16c21a1d7b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 16:19:23 +0000 Subject: [PATCH 0923/1961] 1202: tls.min => inactive #533 TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites. TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway. Any arguments, please see @earthlng --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index be8a695..aa4a1a2 100644 --- a/user.js +++ b/user.js @@ -725,7 +725,7 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ -user_pref("security.tls.version.min", 3); + // user_pref("security.tls.version.min", 3); user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1203: disable SSL session tracking (FF36+) * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. From b85e748b532086a28fc69524223bde1e1e6e8c76 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Nov 2018 18:56:51 +0000 Subject: [PATCH 0924/1961] 2204: FS API=>inactive, #533 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index aa4a1a2..db6145f 100644 --- a/user.js +++ b/user.js @@ -1075,11 +1075,11 @@ user_pref("dom.disable_window_move_resize", true); * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); -/* 2204: disable Fullscreen API to prevent screen-resolution leaks [SETUP] +/* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ -user_pref("full-screen-api.enabled", false); + // user_pref("full-screen-api.enabled", false); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); From 4e42bad6a13ba8a840a61e5807ea0d3ddd162690 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 14 Nov 2018 17:12:03 +0000 Subject: [PATCH 0925/1961] 0201: default geo=> inactive, #533 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index db6145f..282fea8 100644 --- a/user.js +++ b/user.js @@ -85,7 +85,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease /* 0201b: set a default permission for Location (FF58+) * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ -user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block + // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 From 7351e561c429adbbb94f2130a77b0a153bff8d8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 15 Nov 2018 07:06:34 +0000 Subject: [PATCH 0926/1961] 1243: mixed OBJECT_SUBREQUESTS --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 282fea8..8415596 100644 --- a/user.js +++ b/user.js @@ -793,6 +793,9 @@ user_pref("security.cert_pinning.enforcement_level", 2); user_pref("security.mixed_content.block_active_content", true); // default: true /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ user_pref("security.mixed_content.block_display_content", true); +/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks (FF59+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 ***/ +user_pref("security.mixed_content.block_object_subrequest", true); /** CIPHERS [see the section 1200 intro] ***/ /* 1260: disable or limit SHA-1 From acbf881b1f7cede2a903f226bdaa7f636ce688d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 15 Nov 2018 15:47:21 +0000 Subject: [PATCH 0927/1961] saving the world bytes at a time --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8415596..a3ac3c2 100644 --- a/user.js +++ b/user.js @@ -794,7 +794,7 @@ user_pref("security.mixed_content.block_active_content", true); // default: true /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ user_pref("security.mixed_content.block_display_content", true); /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks (FF59+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 ***/ + * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); /** CIPHERS [see the section 1200 intro] ***/ From c12eb0fdc6ccd898298ee7094aca5a05fc4d3b42 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 18 Nov 2018 12:56:51 +0000 Subject: [PATCH 0928/1961] 0201b+2305 Permissions API info --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index a3ac3c2..1dd6ef0 100644 --- a/user.js +++ b/user.js @@ -83,6 +83,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); /* 0201b: set a default permission for Location (FF58+) + * [NOTE] best left at default "always ask", fingerpintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block @@ -1123,6 +1124,7 @@ user_pref("dom.serviceWorkers.enabled", false); user_pref("dom.webnotifications.enabled", false); // (FF22+) user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) /* 2305: set a default permission for Notifications (see 2304) (FF58+) + * [NOTE] best left at default "always ask", fingerpintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block From 13550d18a1a4e6fe350096e6aa61875e41f6209b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Nov 2018 12:56:12 +1300 Subject: [PATCH 0929/1961] update [SETTING] info (#538) --- user.js | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/user.js b/user.js index 1dd6ef0..1c659f0 100644 --- a/user.js +++ b/user.js @@ -65,7 +65,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) - * [SETTING] General>Startup>When Firefox starts ***/ + * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page * about:home=Activity Stream (default, see 0514), custom URL, about:blank @@ -142,7 +142,7 @@ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update - * [SETTING] General>Firefox Update>Automatically update search engines ***/ + * [SETTING] General>Firefox Updates>Automatically update search engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -180,8 +180,7 @@ user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); -/* 0351: disable sending of crash reports (FF44+) - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send crash reports ***/ +/* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) @@ -280,7 +279,7 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); // user_pref("privacy.trackingprotection.enabled", true); /* 0422: set which Tracking Protection block list to use * [WARNING] We don't recommend enforcing this from here, as available block lists can change - * [SETTING] Privacy & Security>Tracking Protection>Change Block List ***/ + * [SETTING] Privacy & Security>Content Blocking>All Detected Trackers>Change block list ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ @@ -374,7 +373,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); * [3] https://bugzilla.mozilla.org/863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) - * [SETTING] Privacy & Security>Forms & Passwords>Enable Profile Autofill + * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill @@ -564,7 +563,7 @@ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [SETTING] Privacy & Security>History>Custom Settings>Remember my browsing and download history + * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); /* 0864: disable date/time picker (FF57+ default true) @@ -582,7 +581,7 @@ user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * [SETTING] Privacy & Security>Forms & Passwords>Remember logins and passwords for sites + * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for sites * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) @@ -851,7 +850,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. - * [SETTING] General>Language and Appearance>Advanced>Allow pages to choose... + * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts [SETUP] @@ -937,7 +936,7 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header - * [SETTING] Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"... + * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ user_pref("privacy.donottrackheader.enabled", true); @@ -951,7 +950,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * [1] https://bugzilla.mozilla.org/1279029 ***/ // user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) - * [SETTING] Privacy & Security>Tabs>Enable Container Tabs ***/ + * [SETTING] General>Tabs>Enable Container Tabs ***/ // user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true in FF61+ @@ -1372,7 +1371,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! - * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites + * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ @@ -1388,7 +1387,7 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) - * [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until ***/ + * [SETTING] Privacy & Security>Cookies and Site Data>Keep until... ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ @@ -1440,10 +1439,10 @@ user_pref("dom.caches.enabled", false); ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear history items on shutdown - * [SETTING] Privacy & Security>History>Clear history when Firefox closes ***/ + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what history items to clear on shutdown - * [SETTING] Privacy & Security>History>Clear history when Firefox closes>Settings + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these From 299a03663fb70673d017f82058e4ba97910f6d54 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Nov 2018 00:12:07 +0000 Subject: [PATCH 0930/1961] 0351: move *autoSubmit to deprecated https://github.com/ghacksuserjs/ghacks-user.js/issues/302#issuecomment-359245047 --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 1c659f0..7486c0e 100644 --- a/user.js +++ b/user.js @@ -183,7 +183,6 @@ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports (FF44+) ***/ user_pref("browser.tabs.crashReporting.sendReport", false); user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ @@ -2039,6 +2038,11 @@ user_pref("browser.casting.enabled", false); // [-] https://bugzilla.mozilla.org/1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); // ***/ +/* FF58 +// 0351: disable sending of crash reports - replaced by *.autoSubmit2 + // [-] https://bugzilla.mozilla.org/1424373 +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) +// ***/ /* FF59 // 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested // [-] https://bugzilla.mozilla.org/1414390 From 36b90cd5e6bc71a2c214da81060c4d8e2673f69d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Nov 2018 00:34:56 +0000 Subject: [PATCH 0931/1961] 1830: remove hiding the DRM UI out of interest, it no longer requires a restart --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7486c0e..d2e3fb7 100644 --- a/user.js +++ b/user.js @@ -992,9 +992,9 @@ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] + * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ -user_pref("media.eme.enabled", false); // [SETTING] General>DRM Content>Play DRM-controlled content -user_pref("browser.eme.ui.enabled", false); // hides "Play DRM-controlled content" checkbox [RESTART] +user_pref("media.eme.enabled", false); /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) From b5c5d8e9d17e6f871bbfe63a36c37f6e84e9b955 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Nov 2018 00:37:42 +0000 Subject: [PATCH 0932/1961] removed browser.eme.ui.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 6f3dd47..1ad4ae9 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 30-Sept-2018 + Last updated: 18-Mov-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -106,6 +106,8 @@ 'extensions.webextensions.keepStorageOnUninstall', 'extensions.webextensions.keepUuidOnUninstall', 'privacy.trackingprotection.ui.enabled', + /* 64-beta */ + 'browser.eme.ui.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 643cba63cf810bc6563b5afc4e5ab2c79a7fdc11 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Nov 2018 03:00:40 +0000 Subject: [PATCH 0933/1961] Activity Stream is no longer a System Add-on --- user.js | 43 +++++++++++++++++++------------------------ 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index d2e3fb7..9af11c0 100644 --- a/user.js +++ b/user.js @@ -68,14 +68,31 @@ user_pref("browser.shell.checkDefaultBrowser", false); * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page - * about:home=Activity Stream (default, see 0514), custom URL, about:blank + * about:home=Activity Stream (default, see 0105), custom URL, about:blank * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/ user_pref("browser.startup.homepage", "about:blank"); /* 0104: set NEWTAB page - * true=Activity Stream (default, see 0514), false=blank page + * true=Activity Stream (default, see 0105), false=blank page * [SETTING] Home>New Windows and Tabs>New tabs ***/ user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtab.preload", false); +/* 0105: disable Activity Stream stuff (AS) + * AS is the default homepage/newtab in FF57+, based on metadata and browsing behavior. + * **NOT LISTING ALL OF THESE: USE THE PREFERENCES UI** + * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ +/* 0105a: disable Activity Stream telemetry ***/ +user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); +user_pref("browser.newtabpage.activity-stream.telemetry", false); +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +/* 0105b: disable AS Snippets ***/ +user_pref("browser.newtabpage.activity-stream.disableSnippets", true); +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [SETTING] +/* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/ +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [SETTING] +user_pref("browser.newtabpage.activity-stream.showSponsored", false); +/* 0105d: disable AS recent Highlights in the Library (FF57+) ***/ + // user_pref("browser.library.activity-stream.enabled", false); /*** 0200: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); @@ -335,28 +352,6 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0514: disable Activity Stream (FF54+) - * Activity Stream is the default homepage/newtab in FF57+. It is based on metadata and browsing behavior, - * and includes telemetry and web content such as snippets, top stories (pocket), top sites, etc. - * - ONE: make sure to set your "home" and "newtab" to about:blank (or use an extension to control them) - * - TWO: DELETE the XPI file in your System Add-ons directory (note this get reinstalled on app updates) - * And/or you can try to control the ever-growing, ever-changing "browser.newtabpage.activity-stream.*" prefs - * [FF63+] Activity Stream (AS) is now builtin and no longer an easily deletable system addon! - * We'll clean this up and move to a new number when ESR67 is released. - * [1] https://wiki.mozilla.org/Firefox/Activity_Stream - * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/ -user_pref("browser.library.activity-stream.enabled", false); // (FF57+) -/* 0514a: disable AS Snippets ***/ -user_pref("browser.newtabpage.activity-stream.disableSnippets", true); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [SETTING] Home>Firefox Home Content>Snippets -/* 0514b: disable AS Top Stories and other Pocket-based and/or sponsored content ***/ -user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [SETTING] Home>Firefox Home Content>Highlights>Pages Saved to Pocket -user_pref("browser.newtabpage.activity-stream.showSponsored", false); -/* 0514c: disable AS telemetry ***/ -user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); -user_pref("browser.newtabpage.activity-stream.telemetry", false); -user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0515: disable Screenshots (FF55+) * alternatively in FF60+, disable uploading to the Screenshots server * [1] https://github.com/mozilla-services/screenshots From 106f46d053496cc0eeaa802f49626ecbd5f62d78 Mon Sep 17 00:00:00 2001 From: Pat Johnson Date: Mon, 19 Nov 2018 10:34:14 -0700 Subject: [PATCH 0934/1961] updater.sh restructuring/re-write (#541) * Uses `perl` as a last resort if `curl` and `wget` are not available (fixes #537) * Aborts and notifies user if none of the above are installed * Better use of functions * When version numbers are checked, the contents are immediately saved to a temp dir. This allows us to skip using wget/curl/perl a second time * Improved messages for users * Added various font colors for ease of use and aesthetics --- updater.sh | 278 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 177 insertions(+), 101 deletions(-) diff --git a/updater.sh b/updater.sh index 6e69bbd..d7c1b38 100755 --- a/updater.sh +++ b/updater.sh @@ -1,129 +1,205 @@ #!/usr/bin/env bash -### ghacks-user.js updater for Mac/Linux -## author: @overdodactyl, @ema-pe -## version: 1.4 +## ghacks-user.js updater for macOS and Linux + +## version: 1.5 +## Author: Pat Johnson (@overdodactyl) +## Additional contributors: @earthlng, @ema-pe ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in check_for_update() ) -ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" -updater="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh" +######################### +# Base variables # +######################### update_pref=${1:--ask} +RED='\033[0;31m' +BLUE='\033[0;34m' +BBLUE='\033[1;34m' +GREEN='\033[0;32m' +ORANGE='\033[0;33m' +CYAN='\033[0;36m' +NC='\033[0m' # No Color + +######################### +# Working directory # +######################### + +# get current directory currdir=$(pwd) - -DOWNLOAD_TO_STDOUT="curl -s" -DOWNLOAD_TO_FILE="curl -O" - -# Use wget if curl is not available. -if [[ -z $(command -v "curl") ]]; then - DOWNLOAD_TO_STDOUT="wget --quiet --output-document=-" - DOWNLOAD_TO_FILE="wget" -fi - ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) - ## fallback for Macs without coreutils if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi +## store the Firefox profile directory +ff_profile="$(dirname "${sfp}")" -## change directory to the Firefox profile directory -cd "$(dirname "${sfp}")" -## Used to check if a new version of updater.sh is available -update_available="no" -check_for_update () { - online_version="$($DOWNLOAD_TO_STDOUT ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')" - path_to_script="$(dirname "${sfp}")/updater.sh" - current_version="$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$path_to_script")" - if [[ "$current_version" < "$online_version" ]]; then - update_available="yes" +######################### +# File Handeling # +######################### + +# Download method priority: curl -> wget -> pearl +DOWNLOAD_METHOD="not_pearl" +if [[ $(command -v "curl") ]] > /dev/null 2>&1; then + DOWNLOAD_TO_FILE="curl -O" +elif [[ $(command -v "wget") ]] > /dev/null 2>&1; then + DOWNLOAD_TO_FILE="wget" +elif [[ $(command -v "perl") ]]; then + DOWNLOAD_METHOD="perl" +else + echo -e ${RED}"This script requires curl, wget or perl to be installed.\nProcess aborted"${NC} + exit 0 +fi + +# Download files +download_file () { + mkdir -p userjs_temps + cd userjs_temps + url=$1 + + if [ $DOWNLOAD_METHOD = "not_pearl" ]; then + $DOWNLOAD_TO_FILE ${url} + else + http_url=${url/https/http} + # Variables from the shell are available in Perl's %ENV hash + # Need to export shell variable so it is visible to subprocesses + export http_url + + perl -e ' + use File::Fetch; + my $ff = File::Fetch->new(uri => $ENV{http_url}); + my $where = $ff->fetch() or die $ff->error; + my $where = $ff->fetch( to => "." ); + ' + fi + + cd .. +} + +# Backup a file into userjs_backups +# Replace current version of a file with new one in userjs_temps +backup_file () { + filename=$1 + mkdir -p userjs_backups + mv $filename "userjs_backups/${filename}.backup.$(date +"%Y-%m-%d_%H%M")" + mv "userjs_temps/${filename}" $filename + echo -e "Status: ${GREEN}${filename} has been backed up and replaced with the latest version!${NC}" +} + +######################### +# Initiation # +######################### + +initiate () { + echo -e + echo -e + echo -e ${BBLUE}" ############################################################################" + echo -e " #### ####" + echo -e " #### ghacks user.js ####" + echo -e " #### Hardening the Privacy and Security Settings of Firefox ####" + echo -e " #### Maintained by @Thorin-Oakenpants and @earthlng ####" ####" + echo -e " #### Updater for macOS and Linux by @overdodactyl ####" ####" + echo -e " #### ####" + echo -e " ############################################################################"${NC} + echo -e + echo -e + echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" +} + +confirmation () { + download_file "https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" &>/dev/null + echo -e "Please observe the following information:" + echo -e "\tFirefox profile: ${ORANGE}$(pwd)${NC}" + echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version userjs_temps/user.js)${NC}" + echo -e "\tCurrently using: ${ORANGE}$(get_userjs_version user.js)\n${NC}\n" + + echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" + read -p "" -n 1 -r + echo -e "\n" + + if [[ $REPLY =~ ^[Nn]$ ]]; then + echo -e ${RED}"Process aborted"${NC} + return 1 fi } -## Used to backup the current script, and download and execute the latest version of updater.sh -update_script () { - echo -e "This script will be backed up and the latest version of updater.sh will be executed.\n" - mv updater.sh "updater.sh.backup.$(date +"%Y-%m-%d_%H%M")" - $DOWNLOAD_TO_FILE ${updater} && echo -e "\nThe latest updater script has been downloaded\n" - # make new file executable +######################### +# Update updater.sh # +######################### + +# Returns the version number of a updater.sh file +get_updater_version () { + filename=$1 + version_regex='5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' + echo "$(sed -n "$version_regex" "${ff_profile}/${filename}")" +} + +# Update updater.sh +# Default: Check for update, if available, ask user if they want to execute it +# Args: +# -donotupdate: New version will not be looked for and update will not occur +# -update: Check for update, if available, execute without asking +update_updater () { + update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')" + if [ $update_pref = "-donotupdate" ]; then + # User signified not to check for updates + return 0 + fi + + download_file "https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh" &>/dev/null + + if [[ $(get_updater_version updater.sh) < $(get_updater_version userjs_temps/updater.sh) ]]; then + if [ $update_pref != "-update" ]; then + echo -e "There is a newer version of updater.sh available. ${RED}Download and execute Y/N?${NC}" + read -p "" -n 1 -r + echo -e "\n\n" + if [[ $REPLY =~ ^[Nn]$ ]]; then + # Update available, but user chooses not to update + return 0 + fi + fi + else + # No update available + return 0 + fi + # Backup current updater, execute latest version + backup_file updater.sh chmod +x updater.sh - - # execute new updater script ./updater.sh -donotupdate - - # exit script exit 1 } -main () { - ## create backup folder if it doesn't exist - mkdir -p userjs_backups; +######################### +# Update user.js # +######################### - echo -e "\nThis script should be run from your Firefox profile directory.\n" - - echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n" - - if [ -e user.js ]; then - echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place." - echo -e "\nIf currently using the ghacks user.js, please compare versions:" - echo " Available online: $($DOWNLOAD_TO_STDOUT ${ghacksjs} | sed -n '4p')" - echo " Currently using: $(sed -n '4p' user.js)" - else - echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded." - fi - - echo -e "\nIf a user-overrides.js file exists in this profile, it will be appended to the user.js.\n" - - read -p "Continue Y/N? " -n 1 -r - echo -e "\n\n" - - if [[ $REPLY =~ ^[Yy]$ ]]; then - if [ -e user.js ]; then - # backup current user.js - bakfile="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" - mv user.js "${bakfile}" && echo "Your previous user.js file was backed up: ${bakfile}" - fi - - # download latest ghacks user.js - echo "downloading latest ghacks user.js file" - $DOWNLOAD_TO_FILE ${ghacksjs} && echo "ghacks user.js has been downloaded" - - if [ -e user-overrides.js ]; then - echo "user-overrides.js file found" - cat user-overrides.js >> user.js && echo "user-overrides.js has been appended to user.js" - fi - else - echo "Process aborted" - fi - - ## change directory back to the original working directory - cd "${currdir}" +# Returns version number of a user.js file +get_userjs_version () { + filename=$1 + echo "$(sed -n "4p" "${ff_profile}/${filename}")" } - -update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')" -if [ $update_pref = "-donotupdate" ]; then - main -else - check_for_update - if [ $update_available = "no" ]; then - main - else - ## there is an update available - if [ $update_pref = "-update" ]; then - ## update without asking - update_script - else - read -p "There is a newer version of updater.sh available. Download and execute? Y/N? " -n 1 -r - echo -e "\n\n" - if [[ $REPLY =~ ^[Yy]$ ]]; then - update_script - else - main - fi - fi +# Applies latest version of user.js and any custom overrides +update_userjs () { + backup_file user.js + if [ -e user-overrides.js ]; then + cat user-overrides.js >> user.js + echo -e "Status: ${GREEN}Your user-overrides.js customizations have been applied!${NC}" fi -fi +} + +######################### +# Execute # +######################### + +## change directory to the Firefox profile directory +cd "$ff_profile" + +initiate +update_updater +confirmation && update_userjs +rm -rf userjs_temps +cd "${currdir}" From 661a314e2821e71fa2e2a73ff13aad449c3b0d45 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Nov 2018 17:36:04 +0000 Subject: [PATCH 0935/1961] RFP: pointerEvent.pointerid --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9af11c0..103c385 100644 --- a/user.js +++ b/user.js @@ -1566,7 +1566,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers [ANDROID] (FF62+) - ** 1363508 - spoof/suppress Pointer Events (FF64+) + ** 1363508 - spoof/suppress Pointer Events (see 2516) (FF64+) + FF65: pointerEvent.pointerid (1492766) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) From 0ff610c056c90724a65e33463e466fe8f9cab84b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Nov 2018 18:14:23 +0000 Subject: [PATCH 0936/1961] there is no spoon --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 103c385..876babe 100644 --- a/user.js +++ b/user.js @@ -1548,7 +1548,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0211) (FF56-62) + ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0201b) (FF56-62) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) From 2ae3a3e4e1a52ea05ebc9e7283ab2f613bff0667 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Nov 2018 23:53:00 +0000 Subject: [PATCH 0937/1961] 1700s: enable containers, #438 AFAIK there's no technical reasons for containers to be disabled in FF63+ --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 876babe..741b47d 100644 --- a/user.js +++ b/user.js @@ -942,18 +942,18 @@ user_pref("privacy.donottrackheader.enabled", true); user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable Container Tabs setting in preferences (see 1702) (FF50+) * [1] https://bugzilla.mozilla.org/1279029 ***/ - // user_pref("privacy.userContext.ui.enabled", true); +user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs (FF50+) * [SETTING] General>Tabs>Enable Container Tabs ***/ - // user_pref("privacy.userContext.enabled", true); +user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads (FF51+) ***/ - // user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true in FF61+ +user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true in FF61+ /* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) * 0=disables long press, 1=when clicked, the menu is shown * 2=the menu is shown after X milliseconds * [NOTE] The menu does not contain a non-container tab option * [1] https://bugzilla.mozilla.org/1328756 ***/ - // user_pref("privacy.userContext.longPressBehavior", 2); +user_pref("privacy.userContext.longPressBehavior", 2); /*** 1800: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); From b182946ae48d5a84f25d5b8ef2bfbe9eb2c004b9 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sat, 24 Nov 2018 05:19:24 +0000 Subject: [PATCH 0938/1961] Tor-related warnings (#551) Also reworded some stuff. --- README.md | 8 ++++++-- user.js | 8 +++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2b3454b..1e1b28c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,10 @@ The `ghacks user.js` is a **template** which aims to provide as much privacy and Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. +Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. + +Also be aware that this `user.js` is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. + Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) ### ![][b] acknowledgments @@ -14,10 +18,10 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) + * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[b]: https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/wikipiki/bullet01.png +[b]: /wikipiki/bullet01.png diff --git a/user.js b/user.js index 741b47d..c077d57 100644 --- a/user.js +++ b/user.js @@ -13,6 +13,8 @@ * README: + 0. Consider using Tor Browser if it meets your needs or fits your threat model better + * https://www.torproject.org/about/torusers.html.en 1. READ the full README * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md 2. READ this @@ -441,7 +443,7 @@ user_pref("network.http.spdy.enabled.http2", false); user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); /* 0704: enforce the proxy server to do any DNS lookups when using SOCKS - * e.g. in TOR, this stops your local DNS server from knowing your Tor destination + * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ @@ -652,7 +654,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) -/* 1008: set DNS cache and expiration time (default 400 and 60, same as TBB) ***/ +/* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ @@ -926,7 +928,7 @@ user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) * [NOTE] Firefox cannot access .onion sites by default. We recommend you use - * TBB (Tor Browser Bundle) which is specifically designed for the dark web + * the Tor Browser which is specifically designed for hidden services * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header From 62351bfbf5b001ba89c814b1db5f3e38fbc6a7b7 Mon Sep 17 00:00:00 2001 From: Pat Johnson Date: Sun, 25 Nov 2018 10:16:05 -0700 Subject: [PATCH 0939/1961] updater.sh v2.0 (#543) * lots of new arguments `usage: ./updater.sh [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-o OVERRIDE]` Args can be written separately or together. Examples: ```txt ./updater.sh -sdc ./updater.sh -sd -o relaxed.js ./updater.sh -s -d ``` Deprecated arguments still work (for now!) --- updater.sh | 397 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 294 insertions(+), 103 deletions(-) diff --git a/updater.sh b/updater.sh index d7c1b38..1aba949 100755 --- a/updater.sh +++ b/updater.sh @@ -2,104 +2,169 @@ ## ghacks-user.js updater for macOS and Linux -## version: 1.5 +## version: 2.0 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe -## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in check_for_update() ) +## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) + +readonly currdir=$(pwd) + +sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) +if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi +readonly SCRIPT_DIR=$(dirname "${sfp}") + ######################### # Base variables # ######################### -update_pref=${1:--ask} + +# Colors used for printing RED='\033[0;31m' BLUE='\033[0;34m' -BBLUE='\033[1;34m' +BBLUE='\033[1;34m' GREEN='\033[0;32m' ORANGE='\033[0;33m' -CYAN='\033[0;36m' +CYAN='\033[0;36m' NC='\033[0m' # No Color +# Argument defaults +UPDATE="check" +CONFIRM="yes" +OVERRIDE="user-overrides.js" +BACKUP="multiple" +COMPARE=false +SKIPOVERRIDE=false +VIEW=false +PROFILE_PATH=false ######################### # Working directory # ######################### -# get current directory -currdir=$(pwd) -## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) -sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) -## fallback for Macs without coreutils -if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi -## store the Firefox profile directory -ff_profile="$(dirname "${sfp}")" - +set_wd () { + declare -r macdir=~/Library/Application\ Support/Firefox/Profiles/ + declare -r nixdir=~/.mozilla/firefox/ + local ff_profile + if [ "$PROFILE_PATH" = false ]; then + ff_profile="$SCRIPT_DIR" + elif [ "$PROFILE_PATH" = "list" ]; then + local firefox_dir="" + if [ -d "$macdir" ]; then + firefox_dir=$macdir + elif [ -d $nixdir ]; then + firefox_dir=$nixdir + else + echo -e ${RED}"Error: Sorry, -l is not supported for your OS"${NC} + exit 1 + fi + if [ $(find "$firefox_dir" -maxdepth 1 -type d | wc -l) == "2" ]; then + ff_profile=$(ls -d "$firefox_dir"*) + else + echo -e ${GREEN}"The following profiles were found:\n"${ORANGE} + ls -d "$firefox_dir"* + echo -e ${RED}"\nWhich profile would you like to update?"${NC} + read -p "" + echo -e "" + ff_profile=$REPLY + fi + else + ff_profile="$PROFILE_PATH" + fi + cd "$ff_profile" +} ######################### -# File Handeling # +# Arguments # ######################### -# Download method priority: curl -> wget -> pearl -DOWNLOAD_METHOD="not_pearl" -if [[ $(command -v "curl") ]] > /dev/null 2>&1; then - DOWNLOAD_TO_FILE="curl -O" -elif [[ $(command -v "wget") ]] > /dev/null 2>&1; then - DOWNLOAD_TO_FILE="wget" -elif [[ $(command -v "perl") ]]; then - DOWNLOAD_METHOD="perl" +usage() { + echo -e ${BLUE}"\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-o OVERRIDE]\n"${NC} 1>&2 # Echo usage string to standard error + echo -e "Optional Arguments:" + echo -e "\t-h,\t\t Show this help message and exit." + echo -e "\t-p PROFILE,\t Path to your Firefox profile (if different than the dir of this script)" + echo -e "\t\t\t IMPORTANT: if the path include spaces, wrap the entire argument in quotes." + echo -e "\t-l, \t\t Choose your Firefox profile from a list" + echo -e "\t-u,\t\t Update updater.sh and execute silently. Do not seek confirmation." + echo -e "\t-d,\t\t Do not look for updates to updater.sh." + echo -e "\t-s,\t\t Silently update user.js. Do not seek confirmation." + echo -e "\t-b,\t\t Only keep one backup of each file." + echo -e "\t-c,\t\t Create a diff file comparing old and new user.js within userjs_diffs. " + echo -e "\t-o OVERRIDE,\t Filename or path to overrides file (if different than user-overrides.js)." + echo -e "\t\t\t If used with -p, paths should be relative to PROFILE or absolute paths" + echo -e "\t\t\t If given a directory, all files inside will be appended recursively." + echo -e "\t\t\t You can pass multiple files or directories by passing a comma separated list." + echo -e "\t\t\t\t Note: If a directory is given, only files inside ending in the extension .js are appended" + echo -e "\t\t\t\t IMPORTANT: do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1" + echo -e "\t\t\t\t IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes." + echo -e "\t\t\t\t\t Ex: -o \"override folder\" " + echo -e "\t-n,\t\t Do not append any overrides, even if user-overrides.js exists." + echo -e "\t-v,\t\t Open the resulting user.js file." + echo -e "\t-r,\t\t Only download user.js to a temporary file and open it." + echo -e + echo -e "Deprecated Arguments (they still work for now):" + echo -e "\t-donotupdate,\t Use instead -d" + echo -e "\t-update,\t Use instead -u" + echo -e + exit 1 +} + +legacy_argument () { + echo -e ${ORANGE}"\nWarning: command line arguments have changed." + echo -e "$1 has been deprecated and may not work in the future.\n" + echo -e "Please view the new options using the -h argument."${NC} +} + +######################### +# File Handling # +######################### + +# Download method priority: curl -> wget +DOWNLOAD_METHOD="" +if [[ $(command -v "curl") ]]; then + DOWNLOAD_METHOD="curl" +elif [[ $(command -v "wget") ]]; then + DOWNLOAD_METHOD="wget" else - echo -e ${RED}"This script requires curl, wget or perl to be installed.\nProcess aborted"${NC} + echo -e ${RED}"This script requires curl or wget.\nProcess aborted"${NC} exit 0 fi # Download files download_file () { - mkdir -p userjs_temps - cd userjs_temps - url=$1 + declare -r url=$1 + declare -r tf=$(mktemp) + local dlcmd="" - if [ $DOWNLOAD_METHOD = "not_pearl" ]; then - $DOWNLOAD_TO_FILE ${url} + if [ $DOWNLOAD_METHOD = "curl" ]; then + dlcmd="curl -o $tf" else - http_url=${url/https/http} - # Variables from the shell are available in Perl's %ENV hash - # Need to export shell variable so it is visible to subprocesses - export http_url - - perl -e ' - use File::Fetch; - my $ff = File::Fetch->new(uri => $ENV{http_url}); - my $where = $ff->fetch() or die $ff->error; - my $where = $ff->fetch( to => "." ); - ' + dlcmd="wget -O $tf" fi - cd .. + $dlcmd "${url}" &>/dev/null && echo "$tf" || echo "" # return the temp-filename (or empty string on error) } -# Backup a file into userjs_backups -# Replace current version of a file with new one in userjs_temps -backup_file () { - filename=$1 - mkdir -p userjs_backups - mv $filename "userjs_backups/${filename}.backup.$(date +"%Y-%m-%d_%H%M")" - mv "userjs_temps/${filename}" $filename - echo -e "Status: ${GREEN}${filename} has been backed up and replaced with the latest version!${NC}" +open_file () { #expects one argument: file_path + if [ "$(uname)" == "Darwin" ]; then + open "$1" + elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then + xdg-open "$1" + else + echo -e ${RED}"Error: Sorry, opening files is not supported for your OS."${NC} + fi } -######################### -# Initiation # -######################### -initiate () { +show_banner () { echo -e echo -e echo -e ${BBLUE}" ############################################################################" echo -e " #### ####" - echo -e " #### ghacks user.js ####" + echo -e " #### ghacks user.js ####" echo -e " #### Hardening the Privacy and Security Settings of Firefox ####" - echo -e " #### Maintained by @Thorin-Oakenpants and @earthlng ####" ####" - echo -e " #### Updater for macOS and Linux by @overdodactyl ####" ####" + echo -e " #### Maintained by @Thorin-Oakenpants and @earthlng ####" + echo -e " #### Updater for macOS and Linux by @overdodactyl ####" echo -e " #### ####" echo -e " ############################################################################"${NC} echo -e @@ -107,23 +172,6 @@ initiate () { echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" } -confirmation () { - download_file "https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js" &>/dev/null - echo -e "Please observe the following information:" - echo -e "\tFirefox profile: ${ORANGE}$(pwd)${NC}" - echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version userjs_temps/user.js)${NC}" - echo -e "\tCurrently using: ${ORANGE}$(get_userjs_version user.js)\n${NC}\n" - - echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" - read -p "" -n 1 -r - echo -e "\n" - - if [[ $REPLY =~ ^[Nn]$ ]]; then - echo -e ${RED}"Process aborted"${NC} - return 1 - fi -} - ######################### # Update updater.sh # @@ -131,9 +179,7 @@ confirmation () { # Returns the version number of a updater.sh file get_updater_version () { - filename=$1 - version_regex='5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' - echo "$(sed -n "$version_regex" "${ff_profile}/${filename}")" + echo $(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1") } # Update updater.sh @@ -142,32 +188,27 @@ get_updater_version () { # -donotupdate: New version will not be looked for and update will not occur # -update: Check for update, if available, execute without asking update_updater () { - update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')" - if [ $update_pref = "-donotupdate" ]; then - # User signified not to check for updates - return 0 + if [ $UPDATE = "no" ]; then + return 0 # User signified not to check for updates fi - download_file "https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh" &>/dev/null + declare -r tmpfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh') - if [[ $(get_updater_version updater.sh) < $(get_updater_version userjs_temps/updater.sh) ]]; then - if [ $update_pref != "-update" ]; then - echo -e "There is a newer version of updater.sh available. ${RED}Download and execute Y/N?${NC}" + if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then + if [ $UPDATE = "check" ]; then + echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" if [[ $REPLY =~ ^[Nn]$ ]]; then - # Update available, but user chooses not to update - return 0 + return 0 # Update available, but user chooses not to update fi fi else - # No update available - return 0 + return 0 # No update available fi - # Backup current updater, execute latest version - backup_file updater.sh - chmod +x updater.sh - ./updater.sh -donotupdate + mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" + chmod u+x "${SCRIPT_DIR}/updater.sh" + "${SCRIPT_DIR}/updater.sh" "$@ -d" exit 1 } @@ -178,28 +219,178 @@ update_updater () { # Returns version number of a user.js file get_userjs_version () { - filename=$1 - echo "$(sed -n "4p" "${ff_profile}/${filename}")" + echo "$(sed -n '4p' "$1")" +} + +add_override () { + input=$1 + if [ -f "$input" ]; then + echo "" >> user.js + cat "$input" >> user.js + echo -e "Status: ${GREEN}Override file appended:${NC} ${input}" + elif [ -d "$input" ]; then + FSAVEIFS=$IFS + IFS=$'\n\b' # Set IFS + FILES="${input}"/*.js + for f in $FILES + do + add_override "$f" + done + IFS=$SAVEIFS # restore $IFS + else + echo -e "${ORANGE}Warning: Could not find override file:${NC} ${input}" + fi +} + +remove_comments () { # expects 2 arguments: from-file and to-file + sed -e 's/^[[:space:]]*\/\/.*$//' -e '/^\/\*/,/\*\//d' -e '/^[[:space:]]*$/d' -e 's/);[[:space:]]*\/\/.*/);/' "$1" > "$2" } # Applies latest version of user.js and any custom overrides update_userjs () { - backup_file user.js - if [ -e user-overrides.js ]; then - cat user-overrides.js >> user.js - echo -e "Status: ${GREEN}Your user-overrides.js customizations have been applied!${NC}" + declare -r newfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') + + echo 'Please observe the following information:' + echo -e "\tFirefox profile: ${ORANGE}$(pwd)${NC}" + echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version $newfile)${NC}" + echo -e "\tCurrently using: ${ORANGE}$(get_userjs_version user.js)\n${NC}\n" + + if [ $CONFIRM = "yes" ]; then + echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" + read -p "" -n 1 -r + echo -e "\n" + if [[ $REPLY =~ ^[Nn]$ ]]; then + echo -e ${RED}"Process aborted"${NC} + rm $newfile + return 1 + fi fi + + # Copy a version of user.js to diffs folder for later comparison + if [ "$COMPARE" = true ]; then + mkdir -p userjs_diffs + cp user.js userjs_diffs/past_user.js + fi + + # backup user.js + mkdir -p userjs_backups + local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" + if [ $BACKUP = "single" ]; then + bakname="userjs_backups/user.js.backup" + fi + cp user.js "$bakname" + + mv "${newfile}" user.js + echo -e "Status: ${GREEN}user.js has been backed up and replaced with the latest version!${NC}" + + # apply overrides + if [ "$SKIPOVERRIDE" = false ]; then + while IFS=',' read -ra FILE; do + add_override "$FILE" + done <<< "$OVERRIDE" + fi + + # create diff + if [ "$COMPARE" = true ]; then + pastuserjs=userjs_diffs/past_user.js + past_nocomments=userjs_diffs/past_userjs.txt + current_nocomments=userjs_diffs/current_userjs.txt + + remove_comments $pastuserjs $past_nocomments + remove_comments user.js $current_nocomments + + diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt" + diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments) + if [ ! -z "$diff" ]; then + echo "$diff" > "$diffname" + echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" + else + echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created."${NC} + fi + + rm $past_nocomments $current_nocomments $pastuserjs + fi + + if [ "$VIEW" = true ]; then + open_file "${PWD}/user.js" + fi + } ######################### # Execute # ######################### -## change directory to the Firefox profile directory -cd "$ff_profile" +if [ $# != 0 ]; then + readonly legacy_lc=$(echo $1 | tr '[A-Z]' '[a-z]') + # Display usage if first argument is -help or --help + if [ $1 = '--help' ] || [ $1 = '-help' ]; then + usage + elif [ $legacy_lc = '-donotupdate' ]; then + UPDATE="no" + legacy_argument $1 + elif [ $legacy_lc = '-update' ]; then + UPDATE="yes" + legacy_argument $1 + else + while getopts ":hp:ludsno:bcvr" opt; do + case $opt in + h) + usage + ;; + p) + PROFILE_PATH=${OPTARG} + ;; + l) + PROFILE_PATH="list" + ;; + u) + UPDATE="yes" + ;; + d) + UPDATE="no" + ;; + s) + CONFIRM="no" + ;; + n) + SKIPOVERRIDE=true + ;; + o) + OVERRIDE=${OPTARG} + ;; + b) + BACKUP="single" + ;; + c) + COMPARE=true + ;; + v) + VIEW=true + ;; + r) + tfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') + mv $tfile "${tfile}.js" + echo -e ${ORANGE}"Warning: user.js was saved to temporary file ${tfile}.js"${NC} + open_file "${tfile}.js" + exit 1 + ;; + \?) + echo -e ${RED}"\n Error! Invalid option: -$OPTARG"${NC} >&2 + usage + ;; + :) + echo -e ${RED}"Error! Option -$OPTARG requires an argument."${NC} >&2 + exit 1 + ;; + esac + done + fi +fi -initiate +show_banner update_updater -confirmation && update_userjs -rm -rf userjs_temps +set_wd # changes directory to the Firefox profile (or script-dir) +update_userjs + cd "${currdir}" From d4907faa8e9eeaaed0bb1546ac80725bd87b6711 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 26 Nov 2018 14:44:52 +0000 Subject: [PATCH 0940/1961] updater.sh v2.1 (#554) when argument `-l` is used, parse profiles.ini instead of just listing folders in the default profiles dir. This allows to select profiles located outside of the default profiles directory and makes selection easier because it also shows the profile name (and selection is by number instead of having to copy-paste a path) --- updater.sh | 223 ++++++++++++++++++++++++++++------------------------- 1 file changed, 119 insertions(+), 104 deletions(-) diff --git a/updater.sh b/updater.sh index 1aba949..5eca133 100755 --- a/updater.sh +++ b/updater.sh @@ -2,13 +2,13 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.0 +## version: 2.1 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) -readonly currdir=$(pwd) +readonly CURRDIR=$(pwd) sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi @@ -29,58 +29,48 @@ CYAN='\033[0;36m' NC='\033[0m' # No Color # Argument defaults -UPDATE="check" -CONFIRM="yes" -OVERRIDE="user-overrides.js" -BACKUP="multiple" +UPDATE='check' +CONFIRM='yes' +OVERRIDE='user-overrides.js' +BACKUP='multiple' COMPARE=false SKIPOVERRIDE=false VIEW=false PROFILE_PATH=false -######################### -# Working directory # -######################### +# Download method priority: curl -> wget +DOWNLOAD_METHOD='' +if [[ $(command -v 'curl') ]]; then + DOWNLOAD_METHOD='curl' +elif [[ $(command -v 'wget') ]]; then + DOWNLOAD_METHOD='wget' +else + echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}" + exit 0 +fi -set_wd () { - declare -r macdir=~/Library/Application\ Support/Firefox/Profiles/ - declare -r nixdir=~/.mozilla/firefox/ - local ff_profile - if [ "$PROFILE_PATH" = false ]; then - ff_profile="$SCRIPT_DIR" - elif [ "$PROFILE_PATH" = "list" ]; then - local firefox_dir="" - if [ -d "$macdir" ]; then - firefox_dir=$macdir - elif [ -d $nixdir ]; then - firefox_dir=$nixdir - else - echo -e ${RED}"Error: Sorry, -l is not supported for your OS"${NC} - exit 1 - fi - if [ $(find "$firefox_dir" -maxdepth 1 -type d | wc -l) == "2" ]; then - ff_profile=$(ls -d "$firefox_dir"*) - else - echo -e ${GREEN}"The following profiles were found:\n"${ORANGE} - ls -d "$firefox_dir"* - echo -e ${RED}"\nWhich profile would you like to update?"${NC} - read -p "" - echo -e "" - ff_profile=$REPLY - fi - else - ff_profile="$PROFILE_PATH" - fi - cd "$ff_profile" + +show_banner () { + echo -e "${BBLUE}\n" + echo ' ############################################################################' + echo ' #### ####' + echo ' #### ghacks user.js ####' + echo ' #### Hardening the Privacy and Security Settings of Firefox ####' + echo ' #### Maintained by @Thorin-Oakenpants and @earthlng ####' + echo ' #### Updater for macOS and Linux by @overdodactyl ####' + echo ' #### ####' + echo ' ############################################################################' + echo -e "${NC}\n" + echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" } ######################### -# Arguments # +# Arguments # ######################### usage() { - echo -e ${BLUE}"\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-o OVERRIDE]\n"${NC} 1>&2 # Echo usage string to standard error - echo -e "Optional Arguments:" + echo -e "${BLUE}\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-o OVERRIDE]\n${NC}" 1>&2 # Echo usage string to standard error + echo 'Optional Arguments:' echo -e "\t-h,\t\t Show this help message and exit." echo -e "\t-p PROFILE,\t Path to your Firefox profile (if different than the dir of this script)" echo -e "\t\t\t IMPORTANT: if the path include spaces, wrap the entire argument in quotes." @@ -102,7 +92,7 @@ usage() { echo -e "\t-v,\t\t Open the resulting user.js file." echo -e "\t-r,\t\t Only download user.js to a temporary file and open it." echo -e - echo -e "Deprecated Arguments (they still work for now):" + echo 'Deprecated Arguments (they still work for now):' echo -e "\t-donotupdate,\t Use instead -d" echo -e "\t-update,\t Use instead -u" echo -e @@ -110,68 +100,95 @@ usage() { } legacy_argument () { - echo -e ${ORANGE}"\nWarning: command line arguments have changed." + echo -e "${ORANGE}\nWarning: command line arguments have changed." echo -e "$1 has been deprecated and may not work in the future.\n" - echo -e "Please view the new options using the -h argument."${NC} + echo -e "Please view the new options using the -h argument.${NC}" } ######################### # File Handling # ######################### -# Download method priority: curl -> wget -DOWNLOAD_METHOD="" -if [[ $(command -v "curl") ]]; then - DOWNLOAD_METHOD="curl" -elif [[ $(command -v "wget") ]]; then - DOWNLOAD_METHOD="wget" -else - echo -e ${RED}"This script requires curl or wget.\nProcess aborted"${NC} - exit 0 -fi - # Download files download_file () { declare -r url=$1 declare -r tf=$(mktemp) - local dlcmd="" + local dlcmd='' - if [ $DOWNLOAD_METHOD = "curl" ]; then + if [ $DOWNLOAD_METHOD = 'curl' ]; then dlcmd="curl -o $tf" else - dlcmd="wget -O $tf" + dlcmd="wget -O $tf" fi - $dlcmd "${url}" &>/dev/null && echo "$tf" || echo "" # return the temp-filename (or empty string on error) + $dlcmd "${url}" &>/dev/null && echo "$tf" || echo '' # return the temp-filename (or empty string on error) } open_file () { #expects one argument: file_path - if [ "$(uname)" == "Darwin" ]; then + if [ "$(uname)" == 'Darwin' ]; then open "$1" elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then xdg-open "$1" else - echo -e ${RED}"Error: Sorry, opening files is not supported for your OS."${NC} + echo -e "${RED}Error: Sorry, opening files is not supported for your OS.${NC}" fi } +readIniFile () { # expects one argument: absolute path of profiles.ini + declare -r inifile="$1" + declare -r tfile=$(mktemp) -show_banner () { - echo -e - echo -e - echo -e ${BBLUE}" ############################################################################" - echo -e " #### ####" - echo -e " #### ghacks user.js ####" - echo -e " #### Hardening the Privacy and Security Settings of Firefox ####" - echo -e " #### Maintained by @Thorin-Oakenpants and @earthlng ####" - echo -e " #### Updater for macOS and Linux by @overdodactyl ####" - echo -e " #### ####" - echo -e " ############################################################################"${NC} - echo -e - echo -e - echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" + if [ $(grep '^\[Profile' "$inifile" | wc -l) == "1" ]; then ### only 1 profile found + grep '^\[Profile' -A 4 "$inifile" | grep -v '^\[Profile' > $tfile + else + grep -E -v '^\[General\]|^StartWithLastProfile=|^IsRelative=' "$inifile" + echo '' + read -p 'Select the profile number ( 0 for Profile0, 1 for Profile1, etc ) : ' -r + echo -e "\n" + if [[ $REPLY =~ ^(0|[1-9][0-9]*)$ ]]; then + grep '^\[Profile'${REPLY} -A 4 "$inifile" | grep -v '^\[Profile'${REPLY} > $tfile + if [ !$? ]; then + echo "Profile${REPLY} does not exist!" && exit 1 + fi + else + echo "Invalid selection!" && exit 1 + fi + fi + + declare -r profpath=$(grep '^Path=' $tfile) + declare -r pathisrel=$(grep '^IsRelative=' $tfile) + + rm "$tfile" + + # update global variable + if [[ ${pathisrel#*=} == "1" ]]; then + PROFILE_PATH="$(dirname "$inifile")/${profpath#*=}" + else + PROFILE_PATH="${profpath#*=}" + fi } +getProfilePath () { + declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini + declare -r f2=~/.mozilla/firefox/profiles.ini + + if [ "$PROFILE_PATH" = false ]; then + PROFILE_PATH="$SCRIPT_DIR" + elif [ "$PROFILE_PATH" = 'list' ]; then + local ini='' + if [[ -f "$f1" ]]; then + ini="$f1" + elif [[ -f "$f2" ]]; then + ini="$f2" + else + echo -e "${RED}Error: Sorry, -l is not supported for your OS${NC}" + exit 1 + fi + readIniFile "$ini" # updates PROFILE_PATH or exits on error + #else + # PROFILE_PATH already set by user with -p + fi +} ######################### # Update updater.sh # @@ -188,14 +205,14 @@ get_updater_version () { # -donotupdate: New version will not be looked for and update will not occur # -update: Check for update, if available, execute without asking update_updater () { - if [ $UPDATE = "no" ]; then + if [ $UPDATE = 'no' ]; then return 0 # User signified not to check for updates fi declare -r tmpfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh') if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then - if [ $UPDATE = "check" ]; then + if [ $UPDATE = 'check' ]; then echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" @@ -255,12 +272,12 @@ update_userjs () { echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version $newfile)${NC}" echo -e "\tCurrently using: ${ORANGE}$(get_userjs_version user.js)\n${NC}\n" - if [ $CONFIRM = "yes" ]; then + if [ $CONFIRM = 'yes' ]; then echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" read -p "" -n 1 -r echo -e "\n" if [[ $REPLY =~ ^[Nn]$ ]]; then - echo -e ${RED}"Process aborted"${NC} + echo -e "${RED}Process aborted${NC}" rm $newfile return 1 fi @@ -275,8 +292,8 @@ update_userjs () { # backup user.js mkdir -p userjs_backups local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" - if [ $BACKUP = "single" ]; then - bakname="userjs_backups/user.js.backup" + if [ $BACKUP = 'single' ]; then + bakname='userjs_backups/user.js.backup' fi cp user.js "$bakname" @@ -292,29 +309,26 @@ update_userjs () { # create diff if [ "$COMPARE" = true ]; then - pastuserjs=userjs_diffs/past_user.js - past_nocomments=userjs_diffs/past_userjs.txt - current_nocomments=userjs_diffs/current_userjs.txt + pastuserjs='userjs_diffs/past_user.js' + past_nocomments='userjs_diffs/past_userjs.txt' + current_nocomments='userjs_diffs/current_userjs.txt' remove_comments $pastuserjs $past_nocomments remove_comments user.js $current_nocomments diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt" - diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments) + diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments) if [ ! -z "$diff" ]; then echo "$diff" > "$diffname" echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" else - echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created."${NC} + echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" fi rm $past_nocomments $current_nocomments $pastuserjs fi - if [ "$VIEW" = true ]; then - open_file "${PWD}/user.js" - fi - + if [ "$VIEW" = true ]; then open_file "${PWD}/user.js"; fi } ######################### @@ -327,10 +341,10 @@ if [ $# != 0 ]; then if [ $1 = '--help' ] || [ $1 = '-help' ]; then usage elif [ $legacy_lc = '-donotupdate' ]; then - UPDATE="no" + UPDATE='no' legacy_argument $1 elif [ $legacy_lc = '-update' ]; then - UPDATE="yes" + UPDATE='yes' legacy_argument $1 else while getopts ":hp:ludsno:bcvr" opt; do @@ -342,16 +356,16 @@ if [ $# != 0 ]; then PROFILE_PATH=${OPTARG} ;; l) - PROFILE_PATH="list" + PROFILE_PATH='list' ;; u) - UPDATE="yes" + UPDATE='yes' ;; d) - UPDATE="no" + UPDATE='no' ;; s) - CONFIRM="no" + CONFIRM='no' ;; n) SKIPOVERRIDE=true @@ -360,7 +374,7 @@ if [ $# != 0 ]; then OVERRIDE=${OPTARG} ;; b) - BACKUP="single" + BACKUP='single' ;; c) COMPARE=true @@ -371,16 +385,16 @@ if [ $# != 0 ]; then r) tfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') mv $tfile "${tfile}.js" - echo -e ${ORANGE}"Warning: user.js was saved to temporary file ${tfile}.js"${NC} + echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" open_file "${tfile}.js" exit 1 ;; \?) - echo -e ${RED}"\n Error! Invalid option: -$OPTARG"${NC} >&2 + echo -e "${RED}\n Error! Invalid option: -$OPTARG${NC}" >&2 usage ;; :) - echo -e ${RED}"Error! Option -$OPTARG requires an argument."${NC} >&2 + echo -e "${RED}Error! Option -$OPTARG requires an argument.${NC}" >&2 exit 1 ;; esac @@ -390,7 +404,8 @@ fi show_banner update_updater -set_wd # changes directory to the Firefox profile (or script-dir) -update_userjs -cd "${currdir}" +getProfilePath # updates PROFILE_PATH or exits on error +cd "$PROFILE_PATH" && update_userjs + +cd "$CURRDIR" From f3e2bfa76db19da9b696e1dc5e41b386ddbd939f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Nov 2018 15:33:36 +0000 Subject: [PATCH 0941/1961] browser.crashReports.unsubmittedCheck.autoSubmit --- scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js index 8977a8d..f62c589 100644 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js +++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js @@ -36,7 +36,8 @@ 'camera.control.face_detection.enabled', 'dom.disable_window_status_change', 'dom.idle-observers-api.enabled', - /* 58 : nothing */ + /* 58 */ + 'browser.crashReports.unsubmittedCheck.autoSubmit', /* 57 */ 'social.whitelist', 'social.toast-notifications.enabled', From 400d764a9374ebe812b255bd4b74dac8d96f1985 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 27 Nov 2018 16:57:51 +0000 Subject: [PATCH 0942/1961] Update updater.sh (#558) * just some polishing --- updater.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/updater.sh b/updater.sh index 5eca133..0232461 100755 --- a/updater.sh +++ b/updater.sh @@ -2,9 +2,9 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.1 +## version: 2.2 ## Author: Pat Johnson (@overdodactyl) -## Additional contributors: @earthlng, @ema-pe +## Additional contributors: @earthlng, @ema-pe, @claustromaniac ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) @@ -236,7 +236,11 @@ update_updater () { # Returns version number of a user.js file get_userjs_version () { - echo "$(sed -n '4p' "$1")" + if [ -e $1 ]; then + echo "$(sed -n '4p' "$1")" + else + echo "Not detected." + fi } add_override () { @@ -286,7 +290,7 @@ update_userjs () { # Copy a version of user.js to diffs folder for later comparison if [ "$COMPARE" = true ]; then mkdir -p userjs_diffs - cp user.js userjs_diffs/past_user.js + cp user.js userjs_diffs/past_user.js &>/dev/null fi # backup user.js @@ -295,7 +299,7 @@ update_userjs () { if [ $BACKUP = 'single' ]; then bakname='userjs_backups/user.js.backup' fi - cp user.js "$bakname" + cp user.js "$bakname" &>/dev/null mv "${newfile}" user.js echo -e "Status: ${GREEN}user.js has been backed up and replaced with the latest version!${NC}" @@ -324,8 +328,7 @@ update_userjs () { else echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" fi - - rm $past_nocomments $current_nocomments $pastuserjs + rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null fi if [ "$VIEW" = true ]; then open_file "${PWD}/user.js"; fi From db56940422dd91534b6ceed5b789221c991de7ca Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 29 Nov 2018 14:10:08 +0000 Subject: [PATCH 0943/1961] typos --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c077d57..d599012 100644 --- a/user.js +++ b/user.js @@ -102,7 +102,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); /* 0201b: set a default permission for Location (FF58+) - * [NOTE] best left at default "always ask", fingerpintable via Permissions API + * [NOTE] best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block @@ -1119,7 +1119,7 @@ user_pref("dom.serviceWorkers.enabled", false); user_pref("dom.webnotifications.enabled", false); // (FF22+) user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) /* 2305: set a default permission for Notifications (see 2304) (FF58+) - * [NOTE] best left at default "always ask", fingerpintable via Permissions API + * [NOTE] best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block From 74e753d0c5ee9aabc067a8ecc50c5aa1171bea59 Mon Sep 17 00:00:00 2001 From: Pat Johnson Date: Sat, 1 Dec 2018 07:18:38 -0700 Subject: [PATCH 0944/1961] fix profile check (#564) --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 0232461..8a3ac22 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.2 +## version: 2.3 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -147,7 +147,7 @@ readIniFile () { # expects one argument: absolute path of profiles.ini echo -e "\n" if [[ $REPLY =~ ^(0|[1-9][0-9]*)$ ]]; then grep '^\[Profile'${REPLY} -A 4 "$inifile" | grep -v '^\[Profile'${REPLY} > $tfile - if [ !$? ]; then + if [[ "$?" != "0" ]]; then echo "Profile${REPLY} does not exist!" && exit 1 fi else From 51237f688969ed4f094b8d671692badf5af2dd73 Mon Sep 17 00:00:00 2001 From: Pat Johnson Date: Sat, 1 Dec 2018 07:47:58 -0700 Subject: [PATCH 0945/1961] updater.sh: add -e option for ESR users (#565) --- updater.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index 8a3ac22..0206a35 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.3 +## version: 2.4 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -37,6 +37,7 @@ COMPARE=false SKIPOVERRIDE=false VIEW=false PROFILE_PATH=false +ESR=false # Download method priority: curl -> wget DOWNLOAD_METHOD='' @@ -69,7 +70,7 @@ show_banner () { ######################### usage() { - echo -e "${BLUE}\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-o OVERRIDE]\n${NC}" 1>&2 # Echo usage string to standard error + echo -e "${BLUE}\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-e] [-o OVERRIDE]\n${NC}" 1>&2 # Echo usage string to standard error echo 'Optional Arguments:' echo -e "\t-h,\t\t Show this help message and exit." echo -e "\t-p PROFILE,\t Path to your Firefox profile (if different than the dir of this script)" @@ -91,6 +92,7 @@ usage() { echo -e "\t-n,\t\t Do not append any overrides, even if user-overrides.js exists." echo -e "\t-v,\t\t Open the resulting user.js file." echo -e "\t-r,\t\t Only download user.js to a temporary file and open it." + echo -e "\t-e,\t\t Activate ESR related preferences." echo -e echo 'Deprecated Arguments (they still work for now):' echo -e "\t-donotupdate,\t Use instead -d" @@ -304,6 +306,11 @@ update_userjs () { mv "${newfile}" user.js echo -e "Status: ${GREEN}user.js has been backed up and replaced with the latest version!${NC}" + if [ "$ESR" = true ]; then + sed -e 's/\/\* \(ESR[0-9]\{2,\}\.x still uses all.*\)/\/\/ \1/' user.js > user.js.tmp && mv user.js.tmp user.js + echo -e "Status: ${GREEN}ESR related preferences have been activated!${NC}" + fi + # apply overrides if [ "$SKIPOVERRIDE" = false ]; then while IFS=',' read -ra FILE; do @@ -350,7 +357,7 @@ if [ $# != 0 ]; then UPDATE='yes' legacy_argument $1 else - while getopts ":hp:ludsno:bcvr" opt; do + while getopts ":hp:ludsno:bcvre" opt; do case $opt in h) usage @@ -385,6 +392,9 @@ if [ $# != 0 ]; then v) VIEW=true ;; + e) + ESR=true + ;; r) tfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') mv $tfile "${tfile}.js" From 85eaba25711450901bc4888c8d2f7c0e01342df6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 18:36:03 +1300 Subject: [PATCH 0946/1961] TAG! You're it! #545 --- user.js | 140 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 69 insertions(+), 71 deletions(-) diff --git a/user.js b/user.js index d599012..08d7c4a 100644 --- a/user.js +++ b/user.js @@ -29,10 +29,13 @@ * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting and these need to be balanced against Functionality & Convenience & Breakage - * You will need to make a few changes to suit your own needs - - Search this file for the "[SETUP]" tag to find SOME common items you could check - before using to avoid unexpected surprises - - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues + * You will need to make changes, and to troubleshoot at times (choose wisely, there is always a trade-off). + While not 100% definitive, search for "[SETUP". If required, add each pref to your overrides section at + default values (or comment them out and reset them in about:config). Here are the main ones: + [SETUP-WEB] can cause some websites to break + [SETUP-CHROME] changes how Firefox itself behaves (i.e. NOT directly website related) + [SETUP-PERF] may impact performance + * [WARNING] tags are extra special and used sparingly, so heed them 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance @@ -51,13 +54,12 @@ user_pref("general.warnOnAboutConfig", false); /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed - * [NOTE] The P in PB mode is misleading: it means no "persistent" local storage of history, + * [WARNING] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or * removes the ability to control these, and you need to quit Firefox to clear them. PB is best * used as a one off window (File>New Private Window) to provide a temporary self-contained - * new instance. Closing all Private Windows clears all traces. Repeat as required. - * [WARNING] PB does not allow indexedDB which breaks many Extensions that use it - * including uBlock Origin, uMatrix, Violentmonkey and Stylus + * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does + * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); @@ -421,7 +423,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice * with VPNs. That's even assuming your ISP and/or router and/or website can handle it - * [WARNING] This is just an application level fallback. Disabling IPv6 is best done + * [NOTE] This is just an application level fallback. Disabling IPv6 is best done * at an OS/network level, and/or configured properly in VPN setups * [TEST] http://ipv6leak.com/ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 @@ -476,7 +478,7 @@ user_pref("network.file.disable_unc_paths", true); // (hidden pref) * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // (hidden pref) -/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP] +/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] If you are in a private environment (no unwanted eyeballs) and your device is private (restricted access), and the device is secure when unattended (locked, encrypted, forensic hardened), then items 0850 and above can be relaxed in return for more convenience and @@ -532,7 +534,7 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest - * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/ + * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled ***/ user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); @@ -577,7 +579,7 @@ user_pref("browser.taskbar.previews.enable", false); /*** 0900: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for sites + * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites * [NOTE] This does not clear any passwords already saved ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) @@ -617,7 +619,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -/*** 1000: CACHE [SETUP] +/*** 1000: CACHE [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers [4]. Another solution is to use a hardened configuration @@ -647,7 +649,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * To improve performance when pressing back/forward Firefox stores visited pages * so they don't have to be re-parsed. This is not the same as memory cache. * 0=none, -1=auto (that's minus 1), or for other values see [1] - * [NOTE] Not recommended unless you know what you're doing + * [WARNING] Not recommended unless you know what you're doing * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1006: disable permissions manager from writing to disk [RESTART] @@ -659,21 +661,21 @@ user_pref("browser.cache.disk_cache_ssl", false); // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ /* 1020: disable the Session Restore service completely - * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature + * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature * It does not affect "Recently Closed Windows" or any history. ***/ user_pref("browser.sessionstore.max_tabs_undo", 0); user_pref("browser.sessionstore.max_windows_undo", 0); -/* 1021: disable storing extra session data +/* 1021: disable storing extra session data [SETUP-CHROME] * extra session data contains contents of forms, scrollbar positions, cookies and POST data * define on which sites to save extra session data: * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); -/* 1022: disable resuming session from crash [SETUP] ***/ +/* 1022: disable resuming session from crash [SETUP-CHROME] ***/ user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations - increasing it * can help on older machines and some websites, as well as reducing writes, see [1] * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc - * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: + * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * i.e. the longer the interval the more chance a quick tab open/close won't be captured. * This longer interval *may* affect history but we cannot replicate any history not recorded * [1] https://bugzilla.mozilla.org/1304389 ***/ @@ -709,15 +711,13 @@ user_pref("alerts.showFavicons", false); // default: false user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack) - * [WARNING] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2] + * [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 - * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error, temporarily - * set a lower value for 'security.tls.version.min' in about:config * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ @@ -752,7 +752,7 @@ user_pref("security.ssl.enable_ocsp_stapling", true); * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); -/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail +/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it @@ -769,8 +769,7 @@ user_pref("security.OCSP.require", true); * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); /* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] - * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) - * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. + * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. * [TEST] https://fiprinca.0x90.eu/poc/ * [1] https://bugzilla.mozilla.org/1334485 - related bug @@ -800,7 +799,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); * 2=deprecated option that now maps to 1 * 3=only allowed for locally-added roots (e.g. anti-virus) * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [WARNING] When disabled, some man-in-the-middle devices (e.g. security scanners and + * [SETUP-WEB] When disabled, some man-in-the-middle devices (e.g. security scanners and * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); @@ -813,12 +812,10 @@ user_pref("security.pki.sha1_enforcement_level", 1); // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) - * [WARNING] May break obscure sites, but not major sites, which should support ECDH over DHE * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); -/* 1264: disable the remaining non-modern cipher suites as of FF52 - * [NOTE] Commented out because it still breaks too many sites ***/ +/* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); @@ -847,9 +844,9 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... - * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ + * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ user_pref("browser.display.use_document_fonts", 0); -/* 1402: set more legible default fonts [SETUP] +/* 1402: set more legible default fonts * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace * [NOTE] Example below for Windows/Western only ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); @@ -869,7 +866,7 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API - * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ + * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); /* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] * Any of these fonts on your system can be enumerated for fingerprinting. @@ -879,11 +876,11 @@ user_pref("font.blacklist.underline_offset", ""); * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART] +/* 1409: limit system font exposure to a whitelist (FF52+) [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If + * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 4500) may cover this, and 1401 can be relaxed. + * privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) @@ -909,15 +906,16 @@ user_pref("network.http.sendRefererHeader", 2); /* 1602: ALL: control the amount of information to send * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.trimmingPolicy", 0); -/* 1603: CROSS ORIGIN: control when to send a referer [SETUP] +/* 1603: CROSS ORIGIN: control when to send a referer [SETUP-WEB] * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer - * [WARNING] Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on ***/ -user_pref("network.http.referer.spoofSource", false); + * [WARNING] do not set this to true, as spoofing effectively disables the anti-CSRF + * (Cross-Site Request Forgery) protections that some sites may rely on ***/ +user_pref("network.http.referer.spoofSource", false); // default: false /* 1606: ALL: set the default Referrer Policy * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy @@ -936,7 +934,7 @@ user_pref("network.http.referer.hideOnionSource", true); * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ user_pref("privacy.donottrackheader.enabled", true); -/*** 1700: CONTAINERS [SETUP] +/*** 1700: CONTAINERS [1] https://support.mozilla.org/kb/containers-experiment [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [3] https://github.com/mozilla/testpilot-containers @@ -977,23 +975,23 @@ user_pref("plugin.state.flash", 0); * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ user_pref("plugin.scan.plid.all", false); -/* 1820: disable all GMP (Gecko Media Plugins) [SETUP] +/* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); user_pref("media.gmp-manager.url", "data:text/plain,"); user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) -/* 1825: disable widevine CDM (Content Decryption Module) [SETUP] ***/ +/* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.autoupdate", false); -/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] +/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP-WEB] * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - * This is the bundled codec used for video chat in WebRTC ***/ + * This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); @@ -1046,7 +1044,7 @@ user_pref("dom.imagecapture.enabled", false); // default: false user_pref("gfx.offscreencanvas.enabled", false); // default: false /* 2030: disable auto-play of HTML5 media (FF63+) * 0=Allowed (default), 1=Blocked, 2=Prompt - * [WARNING] This may break video playback on various sites ***/ + * [SETUP-WEB] This may break video playback on various sites ***/ user_pref("media.autoplay.default", 1); /* 2031: disable audio auto-play in non-active tabs (FF51+) * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ @@ -1089,13 +1087,13 @@ user_pref("dom.popup_maximum", 3); * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); -/*** 2300: WEB WORKERS [SETUP] +/*** 2300: WEB WORKERS A worker is a JS "background task" running in a global context, i.e. it is different from the current window. Workers can spawn new workers (must be the same origin & scheme), including service and shared workers. Shared workers can be utilized by multiple scripts and communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - [WARNING] Disabling "web workers" might break sites + [SETUP-WEB] Disabling "web workers" might break sites [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 @@ -1138,7 +1136,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ // user_pref("dom.event.contextmenu.enabled", false); /* 2402: disable website access to clipboard events/content - * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress + * [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with * the website for it to look at the clipboard * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ @@ -1163,7 +1161,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits - * [WARNING] Causes the odd site issue and there is also a performance loss + * [SETUP-PERF] If false, causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); @@ -1193,7 +1191,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); /* 2504: disable virtual reality devices - * [WARNING] [SETUP] Optional protection depending on your connected devices + * Optional protection depending on your connected devices * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ // user_pref("dom.vr.enabled", false); /* 2505: disable media device enumeration (FF29+) @@ -1203,7 +1201,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting * [SETTING] General>Performance>Custom>Use hardware acceleration when available - * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance, + * [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] @@ -1215,7 +1213,7 @@ user_pref("dom.webaudio.enabled", false); * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ user_pref("dom.w3c_pointer_events.enabled", false); /* 2517: disable Media Capabilities API (FF63+) - * [WARNING] This *may* affect media performance if disabled, no one is sure + * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); @@ -1236,7 +1234,7 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true); * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) /* 2605: block web content in file processes (FF55+) - * [WARNING] [SETUP] You may want to disable this for corporate or developer environments + * [SETUP-WEB] You may want to disable this for corporate or developer environments * [1] https://bugzilla.mozilla.org/1343184 ***/ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ @@ -1256,7 +1254,7 @@ user_pref("devtools.webide.enabled", false); * [1] https://bugzilla.mozilla.org/1173199 ***/ user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+) - * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. + * [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard @@ -1264,7 +1262,7 @@ user_pref("mathml.disabled", true); * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins) + * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts (FF58+) @@ -1289,7 +1287,7 @@ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enable Firefox's built-in PDF reader [SETUP] +/* 2620: enable Firefox's built-in PDF reader * [SETTING] General>Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") @@ -1315,13 +1313,13 @@ user_pref("browser.download.hide_plugins_without_extensions", false); /* 2654: disable "open with" in download dialog (FF50+) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. - * [SETUP] This may interfere with some users' workflow or methods + * [SETUP-CHROME] This may interfere with some users' workflow or methods * [1] https://bugzilla.mozilla.org/1281959 ***/ user_pref("browser.download.forbid_open_with", true); /** EXTENSIONS ***/ /* 2660: lock down allowed extension directories - * [WARNING] This will break extensions that do not use the default XPI directories + * [SETUP-CHROME] This will break extensions that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // (hidden pref) @@ -1362,7 +1360,7 @@ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) serviceWorkers : ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable 3rd-party cookies and site-data [SETUP] +/* 2701: disable 3rd-party cookies and site-data * You can set exceptions under site permissions or use an extension * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) @@ -1426,7 +1424,7 @@ user_pref("dom.caches.enabled", false); * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ // user_pref("dom.storageManager.enabled", false); -/*** 2800: SHUTDOWN [SETUP] +/*** 2800: SHUTDOWN [SETUP-CHROME] You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) @@ -1501,7 +1499,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation (FF51+) - * [WARNING] May break cross-domain logins and site functionality until perfected + * [SETUP-WEB] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/1260931 ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener (FF54+) @@ -1573,10 +1571,11 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting (FF41+) + * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) -/* 4502: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] Width will round down to multiples of 200s and height to 100s, to fit your screen. +/* 4502: set new window sizes to round to hundreds (FF55+) + * [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ @@ -1592,17 +1591,17 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidde * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/*** 4600: RFP (4500) ALTERNATIVES [SETUP] +/*** 4600: RFP (4500) ALTERNATIVES * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, some even cause RFP to not behave as you would expect and alter your fingerprint. Make sure they are RESET in about:config as per your Firefox version * IF you DO NOT use RFP or are on ESR... then turn on each ESR section below ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); -/* [NOTE] ESR52.x and non-RFP users replace the * with a slash on this line to enable these +/* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these // FF55+ // 4601: [2514] spoof (or limit?) number of CPU cores (FF48+) - // [WARNING] *may* affect core chrome/Firefox performance, will affect content. + // [NOTE] *may* affect core chrome/Firefox performance, will affect content. // [1] https://bugzilla.mozilla.org/1008453 // [2] https://trac.torproject.org/projects/tor/ticket/21675 // [3] https://trac.torproject.org/projects/tor/ticket/22127 @@ -1616,7 +1615,7 @@ user_pref("dom.enable_resource_timing", false); // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI user_pref("dom.enable_performance", false); // 4604: [2512] disable device sensor API - // [WARNING] [SETUP] Optional protection depending on your device + // Optional protection depending on your device // [1] https://trac.torproject.org/projects/tor/ticket/15758 // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 @@ -1627,7 +1626,7 @@ user_pref("dom.enable_performance", false); // and new windows are reset to default and only the current tab retains the current zoom user_pref("browser.zoom.siteSpecific", false); // 4606: [2501] disable gamepad API - USB device ID enumeration - // [WARNING] [SETUP] Optional protection depending on your connected devices + // Optional protection depending on your connected devices // [1] https://trac.torproject.org/projects/tor/ticket/13023 // user_pref("dom.gamepad.enabled", false); // 4607: [2503] disable giving away network info (FF31+) @@ -1650,7 +1649,7 @@ user_pref("media.video_stats.enabled", false); // 4611: [2509] disable touch events // fingerprinting attack vector - leaks screen res & actual screen coordinates // 0=disabled, 1=enabled, 2=autodetect - // [WARNING] [SETUP] Optional protection depending on your device + // Optional protection depending on your device // [1] https://developer.mozilla.org/docs/Web/API/Touch_events // [2] https://trac.torproject.org/projects/tor/ticket/10286 // user_pref("dom.w3c_touch_events.enabled", 0); @@ -1696,7 +1695,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow /* 4706: navigator.oscpu ***/ // user_pref("general.oscpu.override", ""); // (hidden pref) -/*** 5000: PERSONAL [SETUP] +/*** 5000: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* WELCOME & WHAT's NEW NOTICES ***/ @@ -1811,7 +1810,6 @@ user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); user_pref("dom.workers.sharedWorkers.enabled", false); // 2403: disable scripts changing images // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - // [WARNING] Will break some sites such as Google Maps and a lot of web apps // [-] https://bugzilla.mozilla.org/773429 // user_pref("dom.disable_image_src_set", true); // ***/ @@ -2109,7 +2107,7 @@ user_pref("extensions.shield-recipe-client.api_url", ""); // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); // 2301: disable workers - // [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter) + // [SETUP-WEB] Disabling workers *will* break sites (e.g. Google Street View, Twitter) // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [-] https://bugzilla.mozilla.org/1434934 user_pref("dom.workers.enabled", false); @@ -2164,7 +2162,7 @@ user_pref("shield.savant.enabled", false); // [-] https://bugzilla.mozilla.org/1453751 // user_pref("browser.chrome.favicons", false); // 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default - // [WARNING] This may break video playback on various sites + // [SETUP-WEB] This may break video playback on various sites // [-] https://bugzilla.mozilla.org/1470082 user_pref("media.autoplay.enabled", false); // 2704: set cookie lifetime in days (see 2703) From 25923f1acde6e3e53f98e0108862fc202d23d230 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 06:03:11 +0000 Subject: [PATCH 0947/1961] add index #567 --- user.js | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/user.js b/user.js index 08d7c4a..6e80ac2 100644 --- a/user.js +++ b/user.js @@ -39,6 +39,38 @@ 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance +* INDEX: + + 0100: STARTUP + 0200: GEOLOCATION + 0300: QUIET FOX + 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION + 0500: SYSTEM ADD-ONS / EXPERIMENTS + 0600: BLOCK IMPLICIT OUTBOUND + 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc + 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS + 0900: PASSWORDS + 1000: CACHE + 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) + 1400: FONTS + 1600: HEADERS / REFERERS + 1700: CONTAINERS + 1800: PLUGINS + 2000: MEDIA / CAMERA / MIC + 2200: WINDOW MEDDLING & LEAKS / POPUPS + 2300: WEB WORKERS + 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT + 2500: HARDWARE FINGERPRINTING + 2600: MISCELLANEOUS + 2700: PERSISTENT STORAGE + 2800: SHUTDOWN + 4000: FIRST PARTY ISOLATION + 4500: privacy.resistFingerprinting + 4600: RFP (4500) ALTERNATIVES + 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING + 5000: PERSONAL + 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + ******/ /* START: internal custom pref to test for syntax errors From 834857b5643b324291985af7868595bc9c356dc5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 20:03:19 +1300 Subject: [PATCH 0948/1961] tag sections #567 --- user.js | 58 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/user.js b/user.js index 6e80ac2..f25edff 100644 --- a/user.js +++ b/user.js @@ -95,7 +95,7 @@ user_pref("general.warnOnAboutConfig", false); * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); -/*** 0100: STARTUP ***/ +/*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable default browser check * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ @@ -130,7 +130,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); /* 0105d: disable AS recent Highlights in the Library (FF57+) ***/ // user_pref("browser.library.activity-stream.enabled", false); -/*** 0200: GEOLOCATION ***/ +/*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: disable Location-Aware Browsing * [1] https://www.mozilla.org/firefox/geolocation/ ***/ @@ -166,7 +166,7 @@ user_pref("intl.regional_prefs.use_os_locales", false); user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) -/*** 0300: QUIET FOX +/*** [SECTION 0300]: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. @@ -246,7 +246,7 @@ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); -/*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION +/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. @@ -350,7 +350,7 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /* 0426: enforce Content Blocking (required to block cookies) (FF63+) ***/ user_pref("browser.contentblocking.enabled", true); // default: true -/*** 0500: SYSTEM ADD-ONS / EXPERIMENTS +/*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. To view your System Add-ons go to about:support, they are listed under "Firefox Features" @@ -416,7 +416,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); -/*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ +/*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Link_prefetching_FAQ ***/ @@ -450,7 +450,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); -/*** 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ +/*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice @@ -510,7 +510,7 @@ user_pref("network.file.disable_unc_paths", true); // (hidden pref) * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // (hidden pref) -/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] +/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] If you are in a private environment (no unwanted eyeballs) and your device is private (restricted access), and the device is secure when unattended (locked, encrypted, forensic hardened), then items 0850 and above can be relaxed in return for more convenience and @@ -608,7 +608,7 @@ user_pref("browser.taskbar.lists.tasks.enabled", false); /* 0871: disable Windows taskbar preview [WINDOWS] ***/ user_pref("browser.taskbar.previews.enable", false); -/*** 0900: PASSWORDS ***/ +/*** [SECTION 0900]: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites @@ -651,7 +651,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -/*** 1000: CACHE [SETUP-CHROME] +/*** [SECTION 1000]: CACHE [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers [4]. Another solution is to use a hardened configuration @@ -727,7 +727,7 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); // default: false -/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) +/*** [SECTION 1200]: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) Note that your cipher and other settings can be used server side as a fingerprint attack vector, see [1] (It's quite technical but the first part is easy to understand and you can stop reading when you reach the second section titled "Enter Bro") @@ -870,7 +870,7 @@ user_pref("security.insecure_connection_text.enabled", true); // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only // user_pref("security.insecure_connection_text.pbmode.enabled", true); -/*** 1400: FONTS ***/ +/*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font @@ -916,7 +916,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) -/*** 1600: HEADERS / REFERERS +/*** [SECTION 1600]: HEADERS / REFERERS Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce the default values for 1601, 1602, 1605 and 1606 to minimize breakage, and only tweak 1603 and 1604. @@ -966,7 +966,7 @@ user_pref("network.http.referer.hideOnionSource", true); * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ user_pref("privacy.donottrackheader.enabled", true); -/*** 1700: CONTAINERS +/*** [SECTION 1700]: CONTAINERS [1] https://support.mozilla.org/kb/containers-experiment [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [3] https://github.com/mozilla/testpilot-containers @@ -987,7 +987,7 @@ user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // defa * [1] https://bugzilla.mozilla.org/1328756 ***/ user_pref("privacy.userContext.longPressBehavior", 2); -/*** 1800: PLUGINS ***/ +/*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); /* 1801: set default plugin state (i.e. new plugins on discovery) to never activate * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ @@ -1027,7 +1027,7 @@ user_pref("media.eme.enabled", false); user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.autoupdate", false); -/*** 2000: MEDIA / CAMERA / MIC ***/ +/*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [1] https://www.privacytools.io/#webrtc ***/ @@ -1082,7 +1082,7 @@ user_pref("media.autoplay.default", 1); * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); -/*** 2200: WINDOW MEDDLING & LEAKS / POPUPS ***/ +/*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); /* 2201: prevent websites from disabling new window features * [1] http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ @@ -1119,7 +1119,7 @@ user_pref("dom.popup_maximum", 3); * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); -/*** 2300: WEB WORKERS +/*** [SECTION 2300]: WEB WORKERS A worker is a JS "background task" running in a global context, i.e. it is different from the current window. Workers can spawn new workers (must be the same origin & scheme), including service and shared workers. Shared workers can be utilized by multiple scripts and @@ -1162,7 +1162,7 @@ user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); -/*** 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ +/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2401: disable website control over browser right-click context menu * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ @@ -1213,7 +1213,7 @@ user_pref("dom.IntersectionObserver.enabled", false); * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/ user_pref("javascript.options.shared_memory", false); -/*** 2500: HARDWARE FINGERPRINTING ***/ +/*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2502: disable Battery Status API * Initially a Linux issue (high precision readout) that was fixed. @@ -1250,7 +1250,7 @@ user_pref("dom.w3c_pointer_events.enabled", false); * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); -/*** 2600: MISCELLANEOUS ***/ +/*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: prevent accessibility services from accessing your browser [RESTART] * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser @@ -1383,7 +1383,7 @@ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // def * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) -/*** 2700: PERSISTENT STORAGE +/*** [SECTION 2700]: PERSISTENT STORAGE Data SET by websites including cookies : profile\cookies.sqlite localStorage : profile\webappsstore.sqlite @@ -1456,7 +1456,7 @@ user_pref("dom.caches.enabled", false); * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ // user_pref("dom.storageManager.enabled", false); -/*** 2800: SHUTDOWN [SETUP-CHROME] +/*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME] You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) @@ -1508,7 +1508,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences * blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** 4000: FIRST PARTY ISOLATION (FPI) +/*** [SECTION 4000]: FIRST PARTY ISOLATION (FPI) ** 1278037 - isolate indexedDB (FF51+) ** 1277803 - isolate favicons (FF52+) ** 1264562 - isolate OCSP cache (FF52+) @@ -1545,7 +1545,7 @@ user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true // user_pref("privacy.firstparty.isolate.block_post_message", true); // (hidden pref) -/*** 4500: privacy.resistFingerprinting (RFP) +/*** [SECTION 4500]: privacy.resistFingerprinting (RFP) This master switch will be used for a wide range of items, many of which will **override** existing prefs from FF55+, often providing a **better** solution @@ -1623,7 +1623,7 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidde * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/*** 4600: RFP (4500) ALTERNATIVES +/*** [SECTION 4600]: RFP (4500) ALTERNATIVES * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, some even cause RFP to not behave as you would expect and alter your fingerprint. Make sure they are RESET in about:config as per your Firefox version @@ -1700,7 +1700,7 @@ user_pref("webgl.enable-debug-renderer-info", false); // * * * / // ***/ -/*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING +/*** [SECTION 4700]: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING This is FYI ONLY. These prefs are INSUFFICIENT(a) on their own, you need to use RFP (4500) or an extension, in which case they become POINTLESS. (a) Many of the components that make up your UA can be derived by other means. @@ -1727,7 +1727,7 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow /* 4706: navigator.oscpu ***/ // user_pref("general.oscpu.override", ""); // (hidden pref) -/*** 5000: PERSONAL +/*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* WELCOME & WHAT's NEW NOTICES ***/ @@ -1762,7 +1762,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) -/*** 9999: DEPRECATED / REMOVED / LEGACY / RENAMED +/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, viewer-friendly version of the deprecated bugzilla tickets. The original state of each pref has been preserved, or changed to match the current setup, but you are advised to review them. From 67998eb4aff851bcc5ceacf7a0415cc18fbed723 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 08:27:52 +0000 Subject: [PATCH 0949/1961] section naming convention consistency --- user.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index f25edff..14966cd 100644 --- a/user.js +++ b/user.js @@ -51,7 +51,7 @@ 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: CACHE - 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) + 1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) 1400: FONTS 1600: HEADERS / REFERERS 1700: CONTAINERS @@ -64,10 +64,10 @@ 2600: MISCELLANEOUS 2700: PERSISTENT STORAGE 2800: SHUTDOWN - 4000: FIRST PARTY ISOLATION - 4500: privacy.resistFingerprinting - 4600: RFP (4500) ALTERNATIVES - 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING + 4000: FPI (FIRST PARTY ISOLATION) + 4500: RFP (RESIST FINGERPRINTING) + 4600: RFP ALTERNATIVES + 4700: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED @@ -727,7 +727,7 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); // default: false -/*** [SECTION 1200]: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS ) +/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) Note that your cipher and other settings can be used server side as a fingerprint attack vector, see [1] (It's quite technical but the first part is easy to understand and you can stop reading when you reach the second section titled "Enter Bro") @@ -1508,7 +1508,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences * blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** [SECTION 4000]: FIRST PARTY ISOLATION (FPI) +/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) ** 1278037 - isolate indexedDB (FF51+) ** 1277803 - isolate favicons (FF52+) ** 1264562 - isolate OCSP cache (FF52+) @@ -1545,7 +1545,7 @@ user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true // user_pref("privacy.firstparty.isolate.block_post_message", true); // (hidden pref) -/*** [SECTION 4500]: privacy.resistFingerprinting (RFP) +/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) This master switch will be used for a wide range of items, many of which will **override** existing prefs from FF55+, often providing a **better** solution @@ -1623,7 +1623,7 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidde * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/*** [SECTION 4600]: RFP (4500) ALTERNATIVES +/*** [SECTION 4600]: RFP ALTERNATIVES * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, some even cause RFP to not behave as you would expect and alter your fingerprint. Make sure they are RESET in about:config as per your Firefox version @@ -1700,7 +1700,7 @@ user_pref("webgl.enable-debug-renderer-info", false); // * * * / // ***/ -/*** [SECTION 4700]: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING +/*** [SECTION 4700]: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) This is FYI ONLY. These prefs are INSUFFICIENT(a) on their own, you need to use RFP (4500) or an extension, in which case they become POINTLESS. (a) Many of the components that make up your UA can be derived by other means. From c4ec4dbc7780c03aa39b72214d97ba647c47df50 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 08:34:36 +0000 Subject: [PATCH 0950/1961] move 0000 to personal #567 it has zero to do with privacy etc, and in fact most users will only ever encounter it once (and check the box) when they first go to about:config, so it's not even useful as an override or a new profile IMO. This removes one of three numbers that don't have a section --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 14966cd..0ffa56e 100644 --- a/user.js +++ b/user.js @@ -80,9 +80,6 @@ * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); -/* 0000: disable about:config warning ***/ -user_pref("general.warnOnAboutConfig", false); - /* 0001: start Firefox in PB (Private Browsing) mode * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed @@ -1741,6 +1738,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.tabs.warnOnOpen", false); // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); + // user_pref("general.warnOnAboutConfig", false); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // (FF57+) // user_pref("toolkit.cosmeticAnimations.enabled", false); // (FF55+) From 11b16c9c6d21cf9c8868d0f92c9bbf01da20cef4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 08:51:19 +0000 Subject: [PATCH 0951/1961] move PB mode into STARTUP section #567 --- user.js | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index 0ffa56e..7305d47 100644 --- a/user.js +++ b/user.js @@ -80,18 +80,6 @@ * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); -/* 0001: start Firefox in PB (Private Browsing) mode - * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode - * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed - * [WARNING] The P in PB mode is misleading: it means no "persistent" local storage of history, - * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or - * removes the ability to control these, and you need to quit Firefox to clear them. PB is best - * used as a one off window (File>New Private Window) to provide a temporary self-contained - * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does - * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix - * [1] https://wiki.mozilla.org/Private_Browsing ***/ - // user_pref("browser.privatebrowsing.autostart", true); - /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable default browser check @@ -126,6 +114,17 @@ user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", user_pref("browser.newtabpage.activity-stream.showSponsored", false); /* 0105d: disable AS recent Highlights in the Library (FF57+) ***/ // user_pref("browser.library.activity-stream.enabled", false); +/* 0110: start Firefox in PB (Private Browsing) mode + * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode + * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed + * [WARNING] The P in PB mode is misleading: it means no "persistent" local storage of history, + * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or + * removes the ability to control these, and you need to quit Firefox to clear them. PB is best + * used as a one off window (File>New Private Window) to provide a temporary self-contained + * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does + * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix + * [1] https://wiki.mozilla.org/Private_Browsing ***/ + // user_pref("browser.privatebrowsing.autostart", true); /*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); From 571be93ae0eafe65c150be491f369b9adfb167bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 10:26:44 +0000 Subject: [PATCH 0952/1961] proper case convention after tags Can't believe I did this. Out of 32 `[setup*` and 9 `[warning]` tags (excluding the readme), I let one capital letter get past me, the bastard! --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7305d47..14e2c7c 100644 --- a/user.js +++ b/user.js @@ -941,7 +941,7 @@ user_pref("network.http.referer.XOriginPolicy", 1); * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer - * [WARNING] do not set this to true, as spoofing effectively disables the anti-CSRF + * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * (Cross-Site Request Forgery) protections that some sites may rely on ***/ user_pref("network.http.referer.spoofSource", false); // default: false /* 1606: ALL: set the default Referrer Policy From 74f029566ecbd757abac025e1e7ec45add1ac6d6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Dec 2018 10:34:02 +0000 Subject: [PATCH 0953/1961] enforce DOMHighResTimeStamp API #491 flipped true in FF54: https://bugzilla.mozilla.org/show_bug.cgi?id=1026804 but unsure when the pref itself was introduced. note: other timing prefs were always in 2400's see 4602: [2411] disable resource/navigation timing / 4603: [2412] disable timing attacks --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 14e2c7c..8033427 100644 --- a/user.js +++ b/user.js @@ -1208,6 +1208,9 @@ user_pref("dom.IntersectionObserver.enabled", false); * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/ user_pref("javascript.options.shared_memory", false); +/* 2428: enforce DOMHighResTimeStamp API + * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/ +user_pref("dom.event.highrestimestamp.enabled", true); // default: true /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From 91fed43fc7dcec01017b0cb7710cd272e168751a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Dec 2018 20:36:20 +0000 Subject: [PATCH 0954/1961] 0703 atl-svc, better ref, #571 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8033427..df2c47e 100644 --- a/user.js +++ b/user.js @@ -468,7 +468,7 @@ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); /* 0703: disable HTTP Alternative Services (FF37+) - * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 + * [1] https://tools.ietf.org/html/rfc7838#section-9 * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); From 0a87c99a0ecb8ac28b734b63f1a1349514ba6a97 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Dec 2018 20:58:07 +0000 Subject: [PATCH 0955/1961] 1203: ssl session ids are 24hrs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index df2c47e..3e0626d 100644 --- a/user.js +++ b/user.js @@ -752,7 +752,7 @@ user_pref("security.ssl.require_safe_negotiation", true); // user_pref("security.tls.version.min", 3); user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 /* 1203: disable SSL session tracking (FF36+) - * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. + * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 24hrs. * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking * [1] https://tools.ietf.org/html/rfc5077 From 8313f2e01a17907b564d20c9829b4e7c2499d803 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Dec 2018 05:41:25 +0000 Subject: [PATCH 0956/1961] 1020: fix description Session Restore cannot be disabled in Normal mode, it is also used internally. FYI: PB Mode does not use Session Restore. The description is still not 100%, as it refers to what is restored, not what is kept in the recovery.jsonlz4 (at least for tabs) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3e0626d..d3d2248 100644 --- a/user.js +++ b/user.js @@ -688,7 +688,7 @@ user_pref("browser.cache.disk_cache_ssl", false); // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ -/* 1020: disable the Session Restore service completely +/* 1020: limit Session Restore to last active tab and window * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature * It does not affect "Recently Closed Windows" or any history. ***/ user_pref("browser.sessionstore.max_tabs_undo", 0); From 786839ffc17c6aa2d00119c330eb437f21231e8c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Dec 2018 08:16:01 +0000 Subject: [PATCH 0957/1961] 2701: fix split multi-[notes] --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d3d2248..af8dfd3 100644 --- a/user.js +++ b/user.js @@ -1395,8 +1395,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * You can set exceptions under site permissions or use an extension * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) - * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked + * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ From b85668c2cd4a24caac21329033c3b6652fb17321 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Dec 2018 04:10:13 +1300 Subject: [PATCH 0958/1961] make description & info & notes concurrent #574 --- user.js | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index af8dfd3..2dc9302 100644 --- a/user.js +++ b/user.js @@ -115,7 +115,6 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); /* 0105d: disable AS recent Highlights in the Library (FF57+) ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode - * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [WARNING] The P in PB mode is misleading: it means no "persistent" local storage of history, * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or @@ -123,6 +122,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); * used as a one off window (File>New Private Window) to provide a temporary self-contained * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix + * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); @@ -399,9 +399,9 @@ user_pref("extensions.pocket.enabled", false); * [3] https://bugzilla.mozilla.org/863246#c154 ***/ user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill (FF55+) - * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes + * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); @@ -561,8 +561,8 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest - * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled ***/ + * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); @@ -572,7 +572,7 @@ user_pref("browser.urlbar.suggest.openpage", false); * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always * be displayed (no we do not know how these are calculated or what the threshold is), * and this does not affect the search by search engine suggestion (see 0808) - * [USAGE] This setting is only useful if you want to enable search engine keywords + * [NOTE] This setting is only useful if you want to enable search engine keywords * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill @@ -585,12 +585,12 @@ user_pref("browser.urlbar.oneOffSearches", false); * [1] https://bugzilla.mozilla.org/1181644 ***/ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions /* 0860: disable search and form history - * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history - * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ + * [NOTE] You can clear formdata on exiting Firefox (see 2803) + * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history - * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ + * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) + * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 0864: disable date/time picker (FF57+ default true) * This can leak your locale if not en-US @@ -607,8 +607,8 @@ user_pref("browser.taskbar.previews.enable", false); /*** [SECTION 0900]: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords - * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites - * [NOTE] This does not clear any passwords already saved ***/ + * [NOTE] This does not clear any passwords already saved + * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a master password (recommended if you save passwords) * There are no preferences for this. It is all handled internally. @@ -871,12 +871,12 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * If you disallow fonts, this drastically limits/reduces font * enumeration (by JS) which is a high entropy fingerprinting vector. - * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... - * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ + * [NOTE] Disabling fonts can uglify the web a fair bit. + * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts - * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace - * [NOTE] Example below for Windows/Western only ***/ + * [NOTE] Example below for Windows/Western only + * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/ // user_pref("font.name.serif.x-unicode", "Georgia"); // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman // user_pref("font.name.sans-serif.x-unicode", "Arial"); @@ -958,8 +958,8 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header - * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... - * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/ + * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref + * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/ user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS @@ -1231,9 +1231,9 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting - * [SETTING] General>Performance>Custom>Use hardware acceleration when available * [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out + * [SETTING] General>Performance>Custom>Use hardware acceleration when available * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); @@ -1297,8 +1297,8 @@ user_pref("middlemouse.contentLoadURL", false); * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts (FF58+) - * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts - * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ + * [NOTE] At the time of writing, causes issues with delete and backspace keys + * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block /* 2616: remove special permissions for certain mozilla domains (FF35+) * [1] resource://app/defaults/permissions ***/ @@ -1319,7 +1319,6 @@ user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); /* 2620: enable Firefox's built-in PDF reader - * [SETTING] General>Applications>Portable Document Format (PDF) * This setting controls if the option "Display in Firefox" in the above setting is available * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) @@ -1327,7 +1326,8 @@ user_pref("network.IDN_show_punycode", true); * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. * CONS: You may prefer a different pdf reader for security reasons - * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) ***/ + * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) + * [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); /** DOWNLOADS ***/ @@ -1395,10 +1395,10 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * You can set exceptions under site permissions or use an extension * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) - * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). + * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only @@ -1467,11 +1467,11 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what history items to clear on shutdown - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these - * prefs when set from there, and the sanitize code may change at any time ***/ + * prefs when set from there, and the sanitize code may change at any time + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/ user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", true); user_pref("privacy.clearOnShutdown.downloads", true); // see note above From 0a67cdec8bac0d2172a2ffbf92af4e093c8e8275 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 07:18:26 +1300 Subject: [PATCH 0959/1961] #578 cleanups (#576) - cleanup of tags placement, order consistency, and to use square brackets (allows usage elsewhere to not get tagged, eg 1402) - other bits and bobs --- user.js | 518 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 262 insertions(+), 256 deletions(-) diff --git a/user.js b/user.js index 2dc9302..54cc2d4 100644 --- a/user.js +++ b/user.js @@ -112,7 +112,7 @@ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [SETTI user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [SETTING] user_pref("browser.newtabpage.activity-stream.showSponsored", false); -/* 0105d: disable AS recent Highlights in the Library (FF57+) ***/ +/* 0105d: disable AS recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed @@ -131,20 +131,21 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease /* 0201: disable Location-Aware Browsing * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); -/* 0201b: set a default permission for Location (FF58+) +/* 0201b: set a default permission for Location [FF58+] + * 0=always ask (default), 1=allow, 2=block * [NOTE] best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ - // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block + // user_pref("permissions.default.geo", 2); /* 0202: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ -user_pref("browser.search.region", "US"); // (hidden pref) +user_pref("browser.search.region", "US"); // [HIDDEN PREF] user_pref("browser.search.geoip.url", ""); -/* 0205: set OS & APP locale (FF59+) +/* 0205: set OS & APP locale [FF59+] * If set to empty, the OS locales are used. If not set at all, default locale is used ***/ -user_pref("intl.locale.requested", "en-US"); // (hidden pref) +user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); @@ -153,14 +154,14 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/867501 ***/ -user_pref("javascript.use_us_english_locale", true); // (hidden pref) -/* 0209: use APP locale over OS locale in regional preferences (FF56+) +user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +/* 0209: use APP locale over OS locale in regional preferences [FF56+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789 ***/ user_pref("intl.regional_prefs.use_os_locales", false); /* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.wifi.logging.enabled", true); // (hidden pref) + // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). @@ -198,7 +199,7 @@ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); /* 0310: disable sending the URL of the website where a plugin crashed ***/ user_pref("dom.ipc.plugins.reportCrashURL", false); /* 0320: disable about:addons' Get Add-ons panel (uses Google-Analytics) ***/ -user_pref("extensions.getAddons.showPane", false); // hidden pref +user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] user_pref("extensions.webservice.discoverURL", ""); /* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) @@ -214,29 +215,29 @@ user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.cachedClientID", ""); -user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+) -user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+) -user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+) -user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter -user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+) -user_pref("toolkit.telemetry.hybridContent.enabled", false); // (FF59+) +user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] +user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter +user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] +user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] /* 0333: disable health report * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0334: disable new data submission, master kill switch (FF41+) +/* 0334: disable new data submission, master kill switch [FF41+] * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); -/* 0351: disable sending of crash reports (FF44+) ***/ -user_pref("browser.tabs.crashReporting.sendReport", false); -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+) -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+) +/* 0351: disable sending of crash reports ***/ +user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] /* 0370: disable "Snippets" (Mozilla content shown on about:home screen) * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); -/* 0380: disable Browser Error Reporter (FF60+) +/* 0380: disable Browser Error Reporter [FF60+] * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ user_pref("browser.chrome.errorReporter.enabled", false); @@ -258,7 +259,7 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ -user_pref("extensions.blocklist.enabled", true); // default: true +user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications @@ -279,40 +280,43 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi SB v4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410: disable "Block dangerous and deceptive content" (under Options>Privacy & Security) - * This covers deceptive sites such as phishing and social engineering ***/ +/* 0410: disable "Block dangerous and deceptive content" + * This covers deceptive sites such as phishing and social engineering + * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ // user_pref("browser.safebrowsing.malware.enabled", false); - // user_pref("browser.safebrowsing.phishing.enabled", false); // (FF50+) -/* 0411: disable "Block dangerous downloads" (under Options>Privacy & Security) - * This covers malware and PUPs (potentially unwanted programs) ***/ + // user_pref("browser.safebrowsing.phishing.enabled", false); // [FF50+] +/* 0411: disable "Block dangerous downloads" + * This covers malware and PUPs (potentially unwanted programs) + * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable "Warn me about unwanted and uncommon software" (under Options>Privacy & Security) (FF48+) ***/ - // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); - // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // (FF49+) - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // (FF49+) +/* 0412: disable "Warn me about unwanted and uncommon software" + * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ + // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // [FF48+] + // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // [FF48+] + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // [FF49+] + // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // [FF49+] /* 0413: disable Google safebrowsing updates ***/ // user_pref("browser.safebrowsing.provider.google.updateURL", ""); // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) - // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) + // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // [FF50+] + // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // [FF50+] /* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); /* 0415: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); -user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) -user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // (FF54+) -user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // (FF54+) -/* 0416: disable 'ignore this warning' on Safe Browsing warnings which when clicked - * bypasses the block for that session. This is a means for admins to enforce SB +user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // [FF50+] +user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // [FF54+] +user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // [FF54+] +user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // [FF54+] +user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // [FF54+] +/* 0416: disable 'ignore this warning' on Safe Browsing warnings + * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/* 0417: disable data sharing (FF58+) ***/ +/* 0417: disable data sharing [FF58+] ***/ user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); @@ -323,28 +327,28 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default: true + // user_pref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.enabled", true); /* 0422: set which Tracking Protection block list to use * [WARNING] We don't recommend enforcing this from here, as available block lists can change * [SETTING] Privacy & Security>Content Blocking>All Detected Trackers>Change block list ***/ // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic -/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) +/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting [FF48+] * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/1237198 ***/ // user_pref("browser.safebrowsing.blockedURIs.enabled", false); /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -/* 0425: disable passive Tracking Protection (FF53+) +/* 0425: disable passive Tracking Protection [FF53+] * Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list * [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows * This is included for people who want to completely disable Tracking Protection. * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); -/* 0426: enforce Content Blocking (required to block cookies) (FF63+) ***/ -user_pref("browser.contentblocking.enabled", true); // default: true +/* 0426: enforce Content Blocking (required to block cookies) [FF63+] ***/ +user_pref("browser.contentblocking.enabled", true); // [DEFAULT: true] /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be @@ -365,7 +369,7 @@ user_pref("browser.contentblocking.enabled", true); // default: true user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0502: disable Mozilla permission to silently opt you into tests ***/ user_pref("network.allow-experiments", false); -/* 0503: disable Normandy/Shield (FF60+) +/* 0503: disable Normandy/Shield [FF60+] * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" * [1] https://wiki.mozilla.org/Firefox/Shield * [2] https://github.com/mozilla/normandy ***/ @@ -374,23 +378,23 @@ user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); /* 0505: disable System Add-on updates * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/ - // user_pref("extensions.systemAddon.update.enabled", false); // (FF62+) + // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] // user_pref("extensions.systemAddon.update.url", ""); -/* 0506: disable PingCentre telemetry (used in several System Add-ons) (FF57+) +/* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ user_pref("browser.ping-centre.telemetry", false); -/* 0510: disable Pocket (FF39+) +/* 0510: disable Pocket [FF46+] * Pocket is a third party (now owned by Mozilla) "save for later" cloud service * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0515: disable Screenshots (FF55+) +/* 0515: disable Screenshots * alternatively in FF60+, disable uploading to the Screenshots server * [1] https://github.com/mozilla-services/screenshots * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ - // user_pref("extensions.screenshots.disabled", true); - // user_pref("extensions.screenshots.upload-disabled", true); // (FF60+) -/* 0516: disable Onboarding (FF55+) + // user_pref("extensions.screenshots.disabled", true); // [FF55+] + // user_pref("extensions.screenshots.upload-disabled", true); // [FF60+] +/* 0516: disable Onboarding [FF55+] * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time * about:home or about:newtab is opened, the onboarding overlay is injected into that page * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] @@ -398,17 +402,17 @@ user_pref("extensions.pocket.enabled", false); * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf * [3] https://bugzilla.mozilla.org/863246#c154 ***/ user_pref("browser.onboarding.enabled", false); -/* 0517: disable Form Autofill (FF55+) +/* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ -user_pref("extensions.formautofill.addresses.enabled", false); -user_pref("extensions.formautofill.available", "off"); // (FF56+) -user_pref("extensions.formautofill.creditCards.enabled", false); // (FF56+) -user_pref("extensions.formautofill.heuristics.enabled", false); -/* 0518: disable Web Compatibility Reporter (FF56+) +user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] +user_pref("extensions.formautofill.available", "off"); // [FF56+] +user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] +user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +/* 0518: disable Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); @@ -421,7 +425,7 @@ user_pref("network.prefetch-next", false); * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref) +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF] /* 0603a: disable Seer/Necko * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Necko ***/ user_pref("network.predictor.enabled", false); @@ -430,7 +434,7 @@ user_pref("network.predictor.enabled", false); * [2] https://wiki.mozilla.org/Necko/CaptivePortal * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ user_pref("captivedetect.canonicalURL", ""); -user_pref("network.captive-portal-service.enabled", false); // (FF52+) +user_pref("network.captive-portal-service.enabled", false); // [FF52+] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ @@ -443,7 +447,7 @@ user_pref("browser.send_pings.require_same_host", true); /* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); -/* 0608: disable predictor / prefetching (FF48+) ***/ +/* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ @@ -467,7 +471,7 @@ user_pref("network.dns.disableIPv6", true); user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); -/* 0703: disable HTTP Alternative Services (FF37+) +/* 0703: disable HTTP Alternative Services [FF37+] * [1] https://tools.ietf.org/html/rfc7838#section-9 * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ user_pref("network.http.altsvc.enabled", false); @@ -478,11 +482,11 @@ user_pref("network.http.altsvc.oe", false); * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0706: remove paths when sending URLs to PAC scripts (FF51+) +/* 0706: remove paths when sending URLs to PAC scripts [FF51+] * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * [1] https://bugzilla.mozilla.org/1255474 ***/ -user_pref("network.proxy.autoconfig_url.include_path", false); // default: false -/* 0707: disable (or setup) DNS-over-HTTPS (DoH) (FF60+) +user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] +/* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) @@ -491,12 +495,12 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // default: false // user_pref("network.trr.mode", 0); // user_pref("network.trr.bootstrapAddress", ""); // user_pref("network.trr.uri", ""); -/* 0708: disable FTP (FF60+) +/* 0708: disable FTP [FF60+] * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ // user_pref("network.ftp.enabled", false); -/* 0709: disable using UNC (Uniform Naming Convention) paths (FF61+) +/* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ -user_pref("network.file.disable_unc_paths", true); // (hidden pref) +user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0710: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) @@ -504,7 +508,7 @@ user_pref("network.file.disable_unc_paths", true); // (hidden pref) * [2] https://trac.torproject.org/23044 * [3] https://en.wikipedia.org/wiki/GVfs * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ -user_pref("network.gio.supported-protocols", ""); // (hidden pref) +user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] If you are in a private environment (no unwanted eyeballs) and your device is private @@ -515,10 +519,10 @@ user_pref("network.gio.supported-protocols", ""); // (hidden pref) #Required reading [#] https://xkcd.com/538/ ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0801: disable location bar using search - PRIVACY +/* 0801: disable location bar using search * don't leak typos to a search engine, give an error message instead ***/ user_pref("keyword.enabled", false); -/* 0802: disable location bar domain guessing - PRIVACY/SECURITY +/* 0802: disable location bar domain guessing * domain guessing intercepts DNS "hostname not found errors" and resends a * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com @@ -526,14 +530,14 @@ user_pref("keyword.enabled", false); * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack), * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); -/* 0803: display all parts of the url in the location bar - helps SECURITY ***/ +/* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY +/* 0804: limit history leaks via enumeration (PER TAB: back/forward) * This is a PER TAB session history. You still have a full history stored under all history * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages * use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical ***/ user_pref("browser.sessionhistory.max_entries", 10); -/* 0805: disable CSS querying page history - CSS history leak - PRIVACY +/* 0805: disable CSS querying page history - CSS history leak * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * only in 'certain circumstances', also see latest comments in [2] * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) @@ -541,20 +545,20 @@ user_pref("browser.sessionhistory.max_entries", 10); * [2] https://bugzilla.mozilla.org/147777 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); -/* 0806: disable displaying javascript in history URLs - SECURITY ***/ +/* 0806: disable displaying javascript in history URLs ***/ user_pref("browser.urlbar.filter.javascript", true); -/* 0807: disable search bar LIVE search suggestions - PRIVACY +/* 0807: disable search bar LIVE search suggestions * [SETTING] Search>Provide search suggestions ***/ user_pref("browser.search.suggest.enabled", false); -/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY +/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) * Also disable the location bar prompt to enable/disable or learn more about it. * [SETTING] Search>Show search suggestions in address bar results ***/ user_pref("browser.urlbar.suggest.searches", false); -user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) -/* 0809: disable location bar suggesting "preloaded" top websites (FF54+) +user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // [FF41+] +/* 0809: disable location bar suggesting "preloaded" top websites [FF54+] * [1] https://bugzilla.mozilla.org/1211726 ***/ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); -/* 0810: disable location bar making speculative connections (FF56+) +/* 0810: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar autocomplete and suggestion types @@ -578,12 +582,12 @@ user_pref("browser.urlbar.suggest.openpage", false); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ user_pref("browser.urlbar.autoFill", false); -/* 0850e: disable location bar one-off searches (FF51+) +/* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ user_pref("browser.urlbar.oneOffSearches", false); -/* 0850f: disable location bar suggesting local search history (FF57+) +/* 0850f: disable location bar suggesting local search history [FF57+] * [1] https://bugzilla.mozilla.org/1181644 ***/ -user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions +user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); /* 0860: disable search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/ @@ -592,7 +596,7 @@ user_pref("browser.formfill.enable", false); * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); -/* 0864: disable date/time picker (FF57+ default true) +/* 0864: disable date/time picker * This can leak your locale if not en-US * [1] https://trac.torproject.org/projects/tor/ticket/21787 ***/ user_pref("dom.forms.datetime", false); @@ -615,35 +619,35 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * [SETTING] Privacy & Security>Forms & Passwords>Use a master password * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password - * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ + * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Firefox should ask for the master password (see pref above) +/* 0904: set how often in minutes Firefox should ask for the master password (see 0903) * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); -/* 0905: disable auto-filling username & password form fields - SECURITY +/* 0905: disable auto-filling username & password form fields * can leak in cross-site forms AND be spoofed * [NOTE] Password will still be auto-filled after a user name is manually entered * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ user_pref("signon.autofillForms", false); -/* 0906: disable websites' autocomplete="off" (FF30+) +/* 0906: disable websites' autocomplete="off" [FF30+] * Don't let sites dictate use of saved logins and passwords. Increase security through * stronger password use. The trade-off is the convenience. Some sites should never be * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ -user_pref("signon.storeWhenAutocompleteOff", true); // default: true +user_pref("signon.storeWhenAutocompleteOff", true); // [DEFAULT: true] /* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); /* 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ user_pref("browser.fixup.hide_user_pass", true); -/* 0909: disable formless login capture for Password Manager (FF51+) ***/ +/* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); -/* 0910: disable autofilling saved passwords on HTTP pages and show warning (FF52+) +/* 0910: disable autofilling saved passwords on HTTP pages and show warning [FF52+] * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); -/* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt (FF55+) +/* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt [FF55+] * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); @@ -672,7 +676,7 @@ user_pref("browser.cache.disk_cache_ssl", false); /* 1003: disable memory cache * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); - // user_pref("browser.cache.memory.capacity", 0); // (hidden pref) + // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF] /* 1005: disable fastback cache * To improve performance when pressing back/forward Firefox stores visited pages * so they don't have to be re-parsed. This is not the same as memory cache. @@ -683,7 +687,7 @@ user_pref("browser.cache.disk_cache_ssl", false); /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ - // user_pref("permissions.memory_only", true); // (hidden pref) + // user_pref("permissions.memory_only", true); // [HIDDEN PREF] /* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); @@ -700,15 +704,15 @@ user_pref("browser.sessionstore.max_windows_undo", 0); user_pref("browser.sessionstore.privacy_level", 2); /* 1022: disable resuming session from crash [SETUP-CHROME] ***/ user_pref("browser.sessionstore.resume_from_crash", false); -/* 1023: set the minimum interval between session save operations - increasing it - * can help on older machines and some websites, as well as reducing writes, see [1] +/* 1023: set the minimum interval between session save operations + * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * i.e. the longer the interval the more chance a quick tab open/close won't be captured. * This longer interval *may* affect history but we cannot replicate any history not recorded * [1] https://bugzilla.mozilla.org/1304389 ***/ user_pref("browser.sessionstore.interval", 30000); -/* 1024: disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) +/* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); /** FAVICONS ***/ @@ -721,7 +725,7 @@ user_pref("browser.shell.shortcutFavicons", false); * bookmark favicons are stored as data blobs in favicons.sqlite ***/ // user_pref("browser.chrome.site_icons", false); /* 1032: disable favicons in web notifications ***/ -user_pref("alerts.showFavicons", false); // default: false +user_pref("alerts.showFavicons", false); // [DEFAULT: false] /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) Note that your cipher and other settings can be used server side as a fingerprint attack @@ -744,29 +748,29 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [2] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max - * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc + * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 etc * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ // user_pref("security.tls.version.min", 3); -user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 -/* 1203: disable SSL session tracking (FF36+) +user_pref("security.tls.version.max", 4); +/* 1203: disable SSL session tracking [FF36+] * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 24hrs. * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking * [1] https://tools.ietf.org/html/rfc5077 * [2] https://bugzilla.mozilla.org/967977 ***/ -user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref) +user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 1204: disable SSL Error Reporting * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); -/* 1205: disable TLS1.3 0-RTT (round-trip time) (FF51+) +/* 1205: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ -user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true) +user_pref("security.tls.enable_0rtt_data", false); /** OCSP (Online Certificate Status Protocol) #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ @@ -790,7 +794,7 @@ user_pref("security.OCSP.enabled", 1); user_pref("security.OCSP.require", true); /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ -/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) +/* 1220: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] * 0=disable detecting Family Safety mode and importing the root * 1=only attempt to detect Family Safety mode (don't import the root) * 2=detect Family Safety mode and import the root @@ -802,7 +806,7 @@ user_pref("security.family_safety.mode", 0); * [TEST] https://fiprinca.0x90.eu/poc/ * [1] https://bugzilla.mozilla.org/1334485 - related bug * [2] https://bugzilla.mozilla.org/1216882 - related bug (see comment 9) ***/ - // user_pref("security.nocertdb", true); // (hidden pref) + // user_pref("security.nocertdb", true); // [HIDDEN PREF] /* 1222: enforce strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [WARNING] If you rely on an AV (antivirus) to protect your web browsing @@ -811,12 +815,12 @@ user_pref("security.family_safety.mode", 0); user_pref("security.cert_pinning.enforcement_level", 2); /** MIXED CONTENT ***/ -/* 1240: disable insecure active content on https pages - mixed content +/* 1240: disable insecure active content on https pages * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ -user_pref("security.mixed_content.block_active_content", true); // default: true -/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/ +user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] +/* 1241: disable insecure passive content (such as images) on https pages ***/ user_pref("security.mixed_content.block_display_content", true); -/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks (FF59+) +/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); @@ -860,11 +864,11 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1273: display "insecure" icon (FF59+) and "Not Secure" text (FF60+) on HTTP sites ***/ -user_pref("security.insecure_connection_icon.enabled", true); // all windows -user_pref("security.insecure_connection_text.enabled", true); - // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only - // user_pref("security.insecure_connection_text.pbmode.enabled", true); +/* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/ +user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] +user_pref("security.insecure_connection_text.enabled", true); // [FF60+] + // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [FF59+] private windows only + // user_pref("security.insecure_connection_text.pbmode.enabled", true); // [FF60+] private windows only /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); @@ -883,15 +887,15 @@ user_pref("browser.display.use_document_fonts", 0); // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial // user_pref("font.name.monospace.x-unicode", "Lucida Console"); // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New -/* 1403: disable icon fonts (glyphs) (FF41) and local fallback rendering +/* 1403: disable icon fonts (glyphs) and local fallback rendering * [1] https://bugzilla.mozilla.org/789788 * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/ - // user_pref("gfx.downloadable_fonts.enabled", false); + // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/ +/* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ @@ -904,13 +908,13 @@ user_pref("font.blacklist.underline_offset", ""); * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist (FF52+) [RESTART] +/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, * privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) * [1] https://bugzilla.mozilla.org/1121643 ***/ - // user_pref("font.system.whitelist", ""); // (hidden pref) + // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] /*** [SECTION 1600]: HEADERS / REFERERS Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce @@ -937,22 +941,22 @@ user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer [SETUP-WEB] * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ user_pref("network.http.referer.XOriginPolicy", 1); -/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) +/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); /* 1605: ALL: disable spoofing a referer * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * (Cross-Site Request Forgery) protections that some sites may rely on ***/ -user_pref("network.http.referer.spoofSource", false); // default: false -/* 1606: ALL: set the default Referrer Policy +user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] +/* 1606: ALL: set the default Referrer Policy [FF59+] * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/ -user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 -user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 -/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+) +user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] +user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] +/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * the Tor Browser which is specifically designed for hidden services * [1] https://bugzilla.mozilla.org/1305144 ***/ @@ -968,15 +972,15 @@ user_pref("privacy.donottrackheader.enabled", true); [3] https://github.com/mozilla/testpilot-containers ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); -/* 1701: enable Container Tabs setting in preferences (see 1702) (FF50+) +/* 1701: enable Container Tabs setting in preferences (see 1702) [FF50+] * [1] https://bugzilla.mozilla.org/1279029 ***/ user_pref("privacy.userContext.ui.enabled", true); -/* 1702: enable Container Tabs (FF50+) +/* 1702: enable Container Tabs [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); -/* 1703: enable a private container for thumbnail loads (FF51+) ***/ -user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true in FF61+ -/* 1704: set long press behaviour on "+ Tab" button to display container menu (FF53+) +/* 1703: enable a private container for thumbnail loads [FF51+] ***/ +user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+] +/* 1704: set long press behaviour on "+ Tab" button to display container menu [FF53+] * 0=disables long press, 1=when clicked, the menu is shown * 2=the menu is shown after X milliseconds * [NOTE] The menu does not contain a non-container tab option @@ -1008,8 +1012,8 @@ user_pref("plugin.scan.plid.all", false); user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp.trial-create.enabled", false); user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) -user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) +user_pref("media.gmp-manager.url.override", "data:text/plain,"); // [HIDDEN PREF] +user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback [HIDDEN PREF] /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); @@ -1020,7 +1024,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); user_pref("media.eme.enabled", false); /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/ -user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) +user_pref("media.gmp-gmpopenh264.enabled", false); // [HIDDEN PREF] user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ @@ -1038,8 +1042,8 @@ user_pref("media.navigator.video.enabled", false); // video capability for WebRT /* 2002: limit WebRTC IP leaks if using WebRTC * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ -user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50) -user_pref("media.peerconnection.ice.no_host", true); // (FF51+) +user_pref("media.peerconnection.ice.default_address_only", true); // [FF42-FF50] +user_pref("media.peerconnection.ice.no_host", true); // [FF51+] /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ @@ -1048,33 +1052,33 @@ user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); -/* 2012: disable two more webgl preferences (FF51+) ***/ +/* 2012: disable two more webgl preferences [FF51+] ***/ user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); -/* 2024: set a default permission for Camera/Microphone (FF58+) +/* 2024: set a default permission for Camera/Microphone [FF58+] * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); -/* 2026: disable canvas capture stream (FF41+) +/* 2026: disable canvas capture stream [FF41+] * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ user_pref("canvas.capturestream.enabled", false); -/* 2027: disable camera image capture (FF35+) +/* 2027: disable camera image capture [FF35+] * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ -user_pref("dom.imagecapture.enabled", false); // default: false -/* 2028: disable offscreen canvas (FF44+) +user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] +/* 2028: disable offscreen canvas [FF44+] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ -user_pref("gfx.offscreencanvas.enabled", false); // default: false -/* 2030: disable auto-play of HTML5 media (FF63+) +user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] +/* 2030: disable auto-play of HTML5 media [FF63+] * 0=Allowed (default), 1=Blocked, 2=Prompt * [SETUP-WEB] This may break video playback on various sites ***/ user_pref("media.autoplay.default", 1); -/* 2031: disable audio auto-play in non-active tabs (FF51+) +/* 2031: disable audio auto-play in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); @@ -1083,12 +1087,12 @@ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); /* 2201: prevent websites from disabling new window features * [1] http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ user_pref("dom.disable_window_open_feature.close", true); -user_pref("dom.disable_window_open_feature.location", true); // default: true +user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.minimizable", true); user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -user_pref("dom.disable_window_open_feature.resizable", true); // default: true -user_pref("dom.disable_window_open_feature.status", true); // status bar - default: true +user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); /* 2202: prevent scripts moving and resizing open windows ***/ @@ -1142,14 +1146,15 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable web notifications * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ -user_pref("dom.webnotifications.enabled", false); // (FF22+) -user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) -/* 2305: set a default permission for Notifications (see 2304) (FF58+) +user_pref("dom.webnotifications.enabled", false); // [FF22+] +user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] +/* 2305: set a default permission for Notifications (see 2304) [FF58+] + * 0=always ask (default), 1=allow, 2=block * [NOTE] best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ - // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block -/* 2306: disable push notifications (FF44+) + // user_pref("permissions.default.desktop-notification", 2); +/* 2306: disable push notifications [FF44+] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ @@ -1169,10 +1174,10 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * the website for it to look at the clipboard * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) +/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ -user_pref("dom.allow_cut_copy", false); // (hidden pref) +user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] /* 2404: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload @@ -1180,7 +1185,7 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref) user_pref("dom.disable_beforeunload", true); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); -/* 2420: disable asm.js (FF22+) +/* 2420: disable asm.js [FF22+] * [1] http://asmjs.org/ * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/ * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/ @@ -1193,10 +1198,10 @@ user_pref("javascript.options.asmjs", false); * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); -/* 2422: disable WebAssembly for now (FF52+) +/* 2422: disable WebAssembly [FF52+] * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); -/* 2426: disable Intersection Observer API (FF53+) +/* 2426: disable Intersection Observer API [FF53+] * Almost a year to complete, three versions late to stable (as default false), * number #1 cause of crashes in nightly numerous times, and is (primarily) an * ad network API for "ad viewability checks" down to a pixel level @@ -1210,7 +1215,7 @@ user_pref("dom.IntersectionObserver.enabled", false); user_pref("javascript.options.shared_memory", false); /* 2428: enforce DOMHighResTimeStamp API * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/ -user_pref("dom.event.highrestimestamp.enabled", true); // default: true +user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); @@ -1225,7 +1230,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * Optional protection depending on your connected devices * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ // user_pref("dom.vr.enabled", false); -/* 2505: disable media device enumeration (FF29+) +/* 2505: disable media device enumeration [FF29+] * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) * [1] https://wiki.mozilla.org/Media/getUserMedia * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ @@ -1237,13 +1242,13 @@ user_pref("media.navigator.enabled", false); * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] user_pref("layers.acceleration.disabled", true); -/* 2510: disable Web Audio API (FF51+) +/* 2510: disable Web Audio API [FF51+] * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); /* 2516: disable PointerEvents * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ user_pref("dom.w3c_pointer_events.enabled", false); -/* 2517: disable Media Capabilities API (FF63+) +/* 2517: disable Media Capabilities API [FF63+] * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ @@ -1263,8 +1268,8 @@ user_pref("beacon.enabled", false); user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2604: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ -user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) -/* 2605: block web content in file processes (FF55+) +user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] +/* 2605: block web content in file processes [FF55+] * [SETUP-WEB] You may want to disable this for corporate or developer environments * [1] https://bugzilla.mozilla.org/1343184 ***/ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); @@ -1280,11 +1285,11 @@ user_pref("devtools.chrome.enabled", false); user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2609: disable MathML (Mathematical Markup Language) (FF51+) +/* 2609: disable MathML (Mathematical Markup Language) [FF51+] * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ user_pref("mathml.disabled", true); -/* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+) +/* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] * [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); @@ -1296,19 +1301,20 @@ user_pref("middlemouse.contentLoadURL", false); * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); -/* 2615: disable websites overriding Firefox's keyboard shortcuts (FF58+) +/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] + * 0= (default), 1=allow, 2=block * [NOTE] At the time of writing, causes issues with delete and backspace keys * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ - // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block -/* 2616: remove special permissions for certain mozilla domains (FF35+) + // user_pref("permissions.default.shortcuts", 2); +/* 2616: remove special permissions for certain mozilla domains [FF35+] * [1] resource://app/defaults/permissions ***/ user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2618: disable exposure of system colors to CSS or canvas (FF44+) +/* 2618: disable exposure of system colors to CSS or canvas [FF44+] * [NOTE] see second listed bug: may cause black on black for elements with undefined colors * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ -user_pref("ui.use_standins_for_native_colors", true); // (hidden pref) +user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF] /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets @@ -1341,7 +1347,7 @@ user_pref("browser.download.useDownloadDir", false); user_pref("browser.download.manager.addToRecentDocs", false); /* 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); -/* 2654: disable "open with" in download dialog (FF50+) +/* 2654: disable "open with" in download dialog [FF50+] * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. * [SETUP-CHROME] This may interfere with some users' workflow or methods @@ -1353,34 +1359,34 @@ user_pref("browser.download.forbid_open_with", true); * [SETUP-CHROME] This will break extensions that do not use the default XPI directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ -user_pref("extensions.enabledScopes", 1); // (hidden pref) +user_pref("extensions.enabledScopes", 1); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); -/* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) +/* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) [FF60+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); /* 2663: enable warning when websites try to install add-ons * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons ***/ -user_pref("xpinstall.whitelist.required", true); // default: true +user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true] /** SECURITY ***/ /* 2680: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ -user_pref("security.csp.enable", true); // default: true -/* 2681: disable CSP violation events (FF59+) +user_pref("security.csp.enable", true); // [DEFAULT: true] +/* 2681: disable CSP violation events [FF59+] * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ user_pref("security.csp.enable_violation_events", false); -/* 2682: enable CSP 1.1 experimental hash-source directive (FF29+) +/* 2682: enable CSP 1.1 experimental hash-source directive [FF44+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); -/* 2683: block top level window data: URIs (FF56+) +/* 2683: block top level window data: URIs [FF56+] * [1] https://bugzilla.mozilla.org/1331351 * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ -user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+ +user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true] /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds) +user_pref("security.dialog_enable_delay", 700); /*** [SECTION 2700]: PERSISTENT STORAGE Data SET by websites including @@ -1401,27 +1407,27 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 1); -/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only +/* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); -user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) +user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) * [SETTING] Privacy & Security>Cookies and Site Data>Keep until... ***/ // user_pref("network.cookie.lifetimePolicy", 0); -/* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+) +/* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+] * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ -user_pref("network.cookie.leave-secure-alone", true); // default: true -/* 2706: enable support for same-site cookies (FF60+) +user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] +/* 2706: enable support for same-site cookies [FF60+] * [1] https://bugzilla.mozilla.org/795346 * [2] https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ * [3] https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ ***/ - // user_pref("network.cookie.same-site.enabled", true); // default: true + // user_pref("network.cookie.same-site.enabled", true); // [DEFAULT: true] /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ @@ -1433,12 +1439,12 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically * via an extenion. Note that IDB currently cannot be sanitized by host. * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/ -user_pref("dom.indexedDB.enabled", true); // default: true +user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -/* 2730b: disable offline cache on insecure sites (FF60+) +/* 2730b: disable offline cache on insecure sites [FF60+] * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ -user_pref("browser.cache.offline.insecure.enable", false); // default: false in FF62+ +user_pref("browser.cache.offline.insecure.enable", false); // [DEFAULT: false in FF62+] /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ @@ -1446,7 +1452,7 @@ user_pref("offline-apps.allow_by_default", false); /* 2740: disable service workers cache and cache storage * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ user_pref("dom.caches.enabled", false); -/* 2750: disable Storage API (FF51+) +/* 2750: disable Storage API [FF51+] * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted * before the user agent disposes of site data in order to make room for other things. @@ -1494,9 +1500,9 @@ user_pref("privacy.cpd.offlineApps", true); // Offline Website Data user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences -/* 2805: privacy.*.openWindows (clear session restore data) (FF34+) +/* 2805: privacy.*.openWindows (clear session restore data) [FF34+] * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts. - * You do not need these anyway if session restore is disabled (see 1020) ***/ + * You do not need these anyway if session restore is cleared with history (see 2803) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) @@ -1529,20 +1535,20 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); -/* 4001: enable First Party Isolation (FF51+) +/* 4001: enable First Party Isolation [FF51+] * [SETUP-WEB] May break cross-domain logins and site functionality until perfected * [1] https://bugzilla.mozilla.org/1260931 ***/ user_pref("privacy.firstparty.isolate", true); -/* 4002: enforce FPI restriction for window.opener (FF54+) +/* 4002: enforce FPI restriction for window.opener [FF54+] * [NOTE] Setting this to false may reduce the breakage in 4001 - * [FF65+] blocks postMessage with targetOrigin "*" if originAttributes don't match. But + * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3]) * The 2nd pref removes that limitation and will only allow communication if FPDs also match. * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ -user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true - // user_pref("privacy.firstparty.isolate.block_post_message", true); // (hidden pref) +user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] + // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF] /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) This master switch will be used for a wide range of items, many of which will @@ -1596,28 +1602,28 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) - ** 1459089 - disable OS locale in HTTP Accept-Language headers [ANDROID] (FF62+) + ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) ** 1363508 - spoof/suppress Pointer Events (see 2516) (FF64+) FF65: pointerEvent.pointerid (1492766) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting (FF41+) +/* 4501: enable privacy.resistFingerprinting [FF41+] * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) -/* 4502: set new window sizes to round to hundreds (FF55+) +user_pref("privacy.resistFingerprinting", true); +/* 4502: set new window sizes to round to hundreds [FF55+] * [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) - // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) -/* 4503: disable mozAddonManager Web API (FF57+) + // user_pref("privacy.window.maxInnerWidth", 1600); // [HIDDEN PREF] + // user_pref("privacy.window.maxInnerHeight", 900); // [HIDDEN PREF] +/* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref) -/* 4504: disable showing about:blank as soon as possible during startup (FF60+) +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] +/* 4504: disable showing about:blank as soon as possible during startup [FF60+] * When default true (FF62+) this no longer masks the RFP resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); @@ -1631,7 +1637,7 @@ user_pref("browser.startup.blankWindow", false); user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these // FF55+ -// 4601: [2514] spoof (or limit?) number of CPU cores (FF48+) +// 4601: [2514] spoof (or limit?) number of CPU cores [FF48+] // [NOTE] *may* affect core chrome/Firefox performance, will affect content. // [1] https://bugzilla.mozilla.org/1008453 // [2] https://trac.torproject.org/projects/tor/ticket/21675 @@ -1660,7 +1666,7 @@ user_pref("browser.zoom.siteSpecific", false); // Optional protection depending on your connected devices // [1] https://trac.torproject.org/projects/tor/ticket/13023 // user_pref("dom.gamepad.enabled", false); -// 4607: [2503] disable giving away network info (FF31+) +// 4607: [2503] disable giving away network info [FF31+] // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API // [2] https://wicg.github.io/netinfo/ @@ -1673,7 +1679,7 @@ user_pref("dom.netinfo.enabled", false); user_pref("media.webspeech.synth.enabled", false); // * * * / // FF57+ -// 4610: [2506] disable video statistics - JS performance fingerprinting (FF25+) +// 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] // [1] https://trac.torproject.org/projects/tor/ticket/15757 // [2] https://bugzilla.mozilla.org/654550 user_pref("media.video_stats.enabled", false); @@ -1686,7 +1692,7 @@ user_pref("media.video_stats.enabled", false); // user_pref("dom.w3c_touch_events.enabled", 0); // * * * / // FF59+ -// 4612: [2511] disable MediaDevices change detection (FF51+) +// 4612: [2511] disable MediaDevices change detection [FF51+] // [1] https://developer.mozilla.org/docs/Web/Events/devicechange // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); @@ -1711,20 +1717,20 @@ user_pref("webgl.enable-debug-renderer-info", false); ***/ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); /* 4701: navigator.userAgent ***/ - // user_pref("general.useragent.override", ""); // (hidden pref) + // user_pref("general.useragent.override", ""); // [HIDDEN PREF] /* 4702: navigator.buildID * Revealed build time down to the second. In FF64+ it now returns a fixed timestamp * [1] https://bugzilla.mozilla.org/583181 * [2] https://www.fxsitecompat.com/en-CA/docs/2018/navigator-buildid-now-returns-a-fixed-timestamp/ ***/ - // user_pref("general.buildID.override", ""); // (hidden pref) + // user_pref("general.buildID.override", ""); // [HIDDEN PREF] /* 4703: navigator.appName ***/ - // user_pref("general.appname.override", ""); // (hidden pref) + // user_pref("general.appname.override", ""); // [HIDDEN PREF] /* 4704: navigator.appVersion ***/ - // user_pref("general.appversion.override", ""); // (hidden pref) + // user_pref("general.appversion.override", ""); // [HIDDEN PREF] /* 4705: navigator.platform ***/ - // user_pref("general.platform.override", ""); // (hidden pref) + // user_pref("general.platform.override", ""); // [HIDDEN PREF] /* 4706: navigator.oscpu ***/ - // user_pref("general.oscpu.override", ""); // (hidden pref) + // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] /*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides ***/ @@ -1742,8 +1748,8 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("full-screen-api.warning.timeout", 0); // user_pref("general.warnOnAboutConfig", false); /* APPEARANCE ***/ - // user_pref("browser.download.autohideButton", false); // (FF57+) - // user_pref("toolkit.cosmeticAnimations.enabled", false); // (FF55+) + // user_pref("browser.download.autohideButton", false); // [FF57+] + // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] @@ -1751,13 +1757,13 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* UX BEHAVIOR ***/ // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.tabs.closeWindowWithLastTab", false); - // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab (FF57+) - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 (FF53+) + // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] + // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 [FF53+] // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); - // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync (FF60+) [RESTART] + // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) @@ -1781,7 +1787,7 @@ user_pref("dom.network.enabled", false); // 2600's: (35+) disable WebSockets // [-] https://bugzilla.mozilla.org/1091016 user_pref("network.websocket.enabled", false); -// 1610: (36+) set DNT "value" to "not be tracked" (FF21+) +// 1610: (36+) set DNT "value" to "not be tracked" [FF21+] // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value // [-] https://bugzilla.mozilla.org/1042135#c101 // user_pref("privacy.donottrackheader.value", 1); @@ -1830,7 +1836,7 @@ user_pref("pfs.datasource.url", ""); // user_pref("browser.search.showOneOffButtons", false); // ***/ /* FF44 -// 0414: disable safebrowsing's real-time binary checking (google) (FF43+) +// 0414: disable safebrowsing's real-time binary checking (google) [FF43+] // [-] https://bugzilla.mozilla.org/1237103 user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL // 1200's: block rc4 whitelist @@ -1854,8 +1860,8 @@ user_pref("browser.sessionstore.privacy_level_deferred", 2); /* FF46 // 0333: disable health report // [-] https://bugzilla.mozilla.org/1234526 -user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) -user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) +user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF] +user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF] // 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers // [-] https://bugzilla.mozilla.org/1234522 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); @@ -1865,7 +1871,7 @@ user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputatio // 0420: disable polaris (part of Tracking Protection, never used in stable) // [-] https://bugzilla.mozilla.org/1235565 // user_pref("browser.polaris.enabled", false); -// 0510: disable "Pocket" - replaced by extensions.pocket.* +// 0510: disable "Pocket" [FF39+] - replaced by extensions.pocket.* // [-] https://bugzilla.mozilla.org/1215694 user_pref("browser.pocket.enabled", false); user_pref("browser.pocket.api", ""); @@ -1876,7 +1882,7 @@ user_pref("browser.pocket.oAuthConsumerKey", ""); // 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled // [-] https://bugzilla.mozilla.org/1236580 -user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) +user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF] // 0333b: disable about:healthreport page UNIFIED // [-] https://bugzilla.mozilla.org/1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); @@ -1994,14 +2000,14 @@ user_pref("media.eme.apiVisible", false); user_pref("dom.archivereader.enabled", false); // ***/ /* FF55 -// 0209: disable geolocation on non-secure origins (FF54+) +// 0209: disable geolocation on non-secure origins [FF54+] // [1] https://bugzilla.mozilla.org/1269531 // [-] https://bugzilla.mozilla.org/1072859 user_pref("geo.security.allowinsecure", false); -// 0336: disable "Heartbeat" (Mozilla user rating telemetry) (FF37+) +// 0336: disable "Heartbeat" (Mozilla user rating telemetry) [FF37+] // [1] https://trac.torproject.org/projects/tor/ticket/18738 // [-] https://bugzilla.mozilla.org/1361578 -user_pref("browser.selfsupport.enabled", false); // (hidden pref) +user_pref("browser.selfsupport.enabled", false); // [HIDDEN PREF] user_pref("browser.selfsupport.url", ""); // 0360: disable new tab "pings" // [-] https://bugzilla.mozilla.org/1241390 @@ -2009,14 +2015,14 @@ user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); // 0861: disable saving form history on secure websites // [-] https://bugzilla.mozilla.org/1361220 user_pref("browser.formfill.saveHttpsForms", false); -// 0863: disable Form Autofill (FF54+) - replaced by extensions.formautofill.* +// 0863: disable Form Autofill [FF54+] - replaced by extensions.formautofill.* // [-] https://bugzilla.mozilla.org/1364334 user_pref("browser.formautofill.enabled", false); // 2410: disable User Timing API // [1] https://trac.torproject.org/projects/tor/ticket/16336 // [-] https://bugzilla.mozilla.org/1344669 user_pref("dom.enable_user_timing", false); -// 2507: disable keyboard fingerprinting (FF38+) (physical keyboards) +// 2507: disable keyboard fingerprinting (physical keyboards) [FF38+] // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on // web pages. These parameters vary between types of keyboard layouts such as QWERTY, // AZERTY, Dvorak, and between various languages, e.g. German vs English. @@ -2033,10 +2039,10 @@ user_pref("browser.tabs.animate", false); user_pref("browser.fullscreen.animate", false); // ***/ /* FF56 -// 0515: disable Screenshots (rollout pref only) (FF54+) +// 0515: disable Screenshots (rollout pref only) [FF54+] // [-] https://bugzilla.mozilla.org/1386333 // user_pref("extensions.screenshots.system-disabled", true); -// 0517: disable Form Autofill (FF55+) - replaced by extensions.formautofill.available +// 0517: disable Form Autofill [FF55+] - replaced by extensions.formautofill.available // [-] https://bugzilla.mozilla.org/1385201 user_pref("extensions.formautofill.experimental", false); // ***/ @@ -2050,10 +2056,10 @@ user_pref("social.shareDirectory", ""); user_pref("social.remote-install.enabled", false); user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); -user_pref("social.enabled", false); // (hidden pref) -// 1830: disable DRM's EME WideVineAdapter +user_pref("social.enabled", false); // [HIDDEN PREF] +// 1830: disable DRM's EME WideVineAdapter [FF55+] // [-] https://bugzilla.mozilla.org/1395468 -user_pref("media.eme.chromium-api.enabled", false); // (FF55+) +user_pref("media.eme.chromium-api.enabled", false); // 2608: disable WebIDE extension downloads (Valence) // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 @@ -2062,14 +2068,14 @@ user_pref("devtools.webide.autoinstallFxdtAdapters", false); // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 user_pref("browser.casting.enabled", false); -// 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) +// 5022: hide recently bookmarked items (you still have the original bookmarks) [FF49+] // [-] https://bugzilla.mozilla.org/1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); // ***/ /* FF58 -// 0351: disable sending of crash reports - replaced by *.autoSubmit2 +// 0351: disable sending of crash reports [FF51+] - replaced by *.autoSubmit2 // [-] https://bugzilla.mozilla.org/1424373 -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57) +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // ***/ /* FF59 // 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested @@ -2083,7 +2089,7 @@ user_pref("general.useragent.locale", "en-US"); // If you want to see what health data is present, then this must be set at default // [-] https://bugzilla.mozilla.org/1352497 user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); -// 0511: disable FlyWeb (FF49+) +// 0511: disable FlyWeb [FF49+] // Flyweb is a set of APIs for advertising and discovering local-area web servers // [1] https://flyweb.github.io/ // [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios @@ -2094,7 +2100,7 @@ user_pref("dom.flyweb.enabled", false); // [1] https://trac.torproject.org/projects/tor/ticket/13575 // [-] https://bugzilla.mozilla.org/1430197 user_pref("browser.cache.frecency_experiment", -1); -// 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+) +// 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests [FF51+] // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because // those may cause noticeable delays e.g. requests time out or are not handled well by servers @@ -2103,9 +2109,9 @@ user_pref("browser.cache.frecency_experiment", -1); // [-] https://bugzilla.mozilla.org/1424917 user_pref("security.mixed_content.use_hsts", true); user_pref("security.mixed_content.send_hsts_priming", false); -// 1606: set the default Referrer Policy - replaced by network.http.referer.defaultPolicy +// 1606: set the default Referrer Policy [FF53+] - replaced by network.http.referer.defaultPolicy // [-] https://bugzilla.mozilla.org/587523 -user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 +user_pref("network.http.referer.userControlPolicy", 3); // 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect // [-] (part8) https://bugzilla.mozilla.org/1416703#c21 user_pref("security.xpconnect.plugin.unrestricted", false); @@ -2128,14 +2134,14 @@ user_pref("dom.idle-observers-api.enabled", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield (FF53+) - replaced internally by Normandy (see 0503) +// 0512: disable Shield - replaced internally by Normandy (see 0503) [FF53+] // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" // [1] https://wiki.mozilla.org/Firefox/Shield // [2] https://github.com/mozilla/normandy // [-] https://bugzilla.mozilla.org/1436113 user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); -// 0514: disable Activity Stream (FF54+) +// 0514: disable Activity Stream [FF54+] // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); // 2301: disable workers @@ -2158,7 +2164,7 @@ user_pref("experiments.enabled", false); user_pref("experiments.manifest.uri", ""); user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); -// 2612: disable remote JAR files being opened, regardless of content type (FF42+) +// 2612: disable remote JAR files being opened, regardless of content type [FF42+] // [1] https://bugzilla.mozilla.org/1173171 // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ // [-] https://bugzilla.mozilla.org/1427726 @@ -2176,18 +2182,18 @@ user_pref("plugin.state.java", 0); // 0202: disable GeoIP-based search results // [NOTE] May not be hidden if Firefox has changed your settings due to your locale // [-] https://bugzilla.mozilla.org/1462015 -user_pref("browser.search.countryCode", "US"); // (hidden pref) +user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // 0301a: disable auto-update checks for Firefox // [SETTING] General>Firefox Updates>Never check for updates // [-] https://bugzilla.mozilla.org/1420514 // user_pref("app.update.enabled", false); -// 0402: enable Kinto blocklist updates (FF50+) +// 0402: enable Kinto blocklist updates [FF50+] // What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes // [-] https://bugzilla.mozilla.org/1458917 user_pref("services.blocklist.update_enabled", true); -// 0503: disable "Savant" Shield study (FF61+) +// 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false); // 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons @@ -2199,7 +2205,7 @@ user_pref("shield.savant.enabled", false); user_pref("media.autoplay.enabled", false); // 2704: set cookie lifetime in days (see 2703) // [-] https://bugzilla.mozilla.org/1457170 - // user_pref("network.cookie.lifetime.days", 90); // default: 90 + // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90] // 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder // [-] https://bugzilla.mozilla.org/1473595 // user_pref("browser.ctrlTab.previews", true); From 5c85e61bb4f5fca18ef37de9b3eef32da9d6259b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 07:36:07 +1300 Subject: [PATCH 0960/1961] 4000: remove old FPI notes (#581) --- user.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/user.js b/user.js index 54cc2d4..f00355d 100644 --- a/user.js +++ b/user.js @@ -1528,11 +1528,6 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1300671 - isolate data:, about: URLs (FF55+) ** 1473247 - isolate IP addresses (FF63+) ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) - - NOTE: FPI has some issues depending on your Firefox release - ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes - are not removed with "Clear All/Recent History" or "On Close" - ** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From 8172f730d361fb026893a8c69b3bda1b4e6f1294 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 10 Dec 2018 19:26:17 +0000 Subject: [PATCH 0961/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e1b28c..fc5d76a 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators -* [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) +* [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From 45e3b3a0e023ef328b2f0aabe1ba2007db42a2b9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Dec 2018 19:35:41 +0000 Subject: [PATCH 0962/1961] 2682: put correct version back https://github.com/ghacksuserjs/ghacks-user.js/commit/0a67cdec8bac0d2172a2ffbf92af4e093c8e8275#comments --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f00355d..6165ef8 100644 --- a/user.js +++ b/user.js @@ -1375,7 +1375,7 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 2681: disable CSP violation events [FF59+] * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ user_pref("security.csp.enable_violation_events", false); -/* 2682: enable CSP 1.1 experimental hash-source directive [FF44+] +/* 2682: enable CSP 1.1 experimental hash-source directive [FF29+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); /* 2683: block top level window data: URIs [FF56+] From 74ebacc0dd914afa6fd7e96c3f0194db91dd7b77 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Dec 2018 19:52:48 +0000 Subject: [PATCH 0963/1961] obey rules for [setting] tag location #578 all setting tags must be between `/* ... ***/` --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6165ef8..82737da 100644 --- a/user.js +++ b/user.js @@ -107,10 +107,10 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0105b: disable AS Snippets ***/ user_pref("browser.newtabpage.activity-stream.disableSnippets", true); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [SETTING] +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // has setting (see 0105) /* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [SETTING] +user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // has setting (see 0105) user_pref("browser.newtabpage.activity-stream.showSponsored", false); /* 0105d: disable AS recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); From 71a2d393f37e0dc3b77975b992b915be0e4d4ea7 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 10 Dec 2018 22:23:00 +0000 Subject: [PATCH 0964/1961] minor wording changes (#583) --- user.js | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/user.js b/user.js index 82737da..c50d76b 100644 --- a/user.js +++ b/user.js @@ -50,7 +50,7 @@ 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS - 1000: CACHE + 1000: CACHE / SESSION (RE)STORE / FAVICONS 1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) 1400: FONTS 1600: HEADERS / REFERERS @@ -488,7 +488,7 @@ user_pref("network.proxy.socks_remote_dns", true); user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver - * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result + * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats but always use native result * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ @@ -546,7 +546,7 @@ user_pref("browser.sessionhistory.max_entries", 10); * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs ***/ -user_pref("browser.urlbar.filter.javascript", true); +user_pref("browser.urlbar.filter.javascript", true); // [DEFAULT: true] /* 0807: disable search bar LIVE search suggestions * [SETTING] Search>Provide search suggestions ***/ user_pref("browser.search.suggest.enabled", false); @@ -651,7 +651,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -/*** [SECTION 1000]: CACHE [SETUP-CHROME] +/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers [4]. Another solution is to use a hardened configuration @@ -691,6 +691,7 @@ user_pref("browser.cache.disk_cache_ssl", false); /* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); + /** SESSIONS & SESSION RESTORE ***/ /* 1020: limit Session Restore to last active tab and window * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature @@ -702,7 +703,7 @@ user_pref("browser.sessionstore.max_windows_undo", 0); * define on which sites to save extra session data: * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); -/* 1022: disable resuming session from crash [SETUP-CHROME] ***/ +/* 1022: disable resuming session from crash ***/ user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] @@ -715,6 +716,7 @@ user_pref("browser.sessionstore.interval", 30000); /* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); + /** FAVICONS ***/ /* 1030: disable favicons in shortcuts * URL shortcuts use a cached randomly named .ico file which is stored in your @@ -748,7 +750,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [2] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max - * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 etc + * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ @@ -831,7 +833,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); * 2=deprecated option that now maps to 1 * 3=only allowed for locally-added roots (e.g. anti-virus) * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [SETUP-WEB] When disabled, some man-in-the-middle devices (e.g. security scanners and + * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); @@ -910,9 +912,8 @@ user_pref("font.blacklist.underline_offset", ""); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. If - * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) + * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. + * Eventually privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -980,10 +981,9 @@ user_pref("privacy.userContext.ui.enabled", true); user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads [FF51+] ***/ user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+] -/* 1704: set long press behaviour on "+ Tab" button to display container menu [FF53+] - * 0=disables long press, 1=when clicked, the menu is shown - * 2=the menu is shown after X milliseconds - * [NOTE] The menu does not contain a non-container tab option +/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] + * 0=no menu (default), 1=show when clicked, 2=show on long press + * [NOTE] The menu does not contain a non-container tab option (use Ctrl+T to open non-container tab) * [1] https://bugzilla.mozilla.org/1328756 ***/ user_pref("privacy.userContext.longPressBehavior", 2); @@ -1022,8 +1022,8 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); -/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - * This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/ +/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-WEB] + * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // [HIDDEN PREF] user_pref("media.gmp-gmpopenh264.autoupdate", false); @@ -1095,7 +1095,7 @@ user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2202: prevent scripts moving and resizing open windows ***/ +/* 2202: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. @@ -1302,7 +1302,7 @@ user_pref("middlemouse.contentLoadURL", false); * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] - * 0= (default), 1=allow, 2=block + * 0 (default) or 1=allow, 2=block * [NOTE] At the time of writing, causes issues with delete and backspace keys * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); @@ -1606,8 +1606,8 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs") * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); -/* 4502: set new window sizes to round to hundreds [FF55+] - * [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen. +/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] + * Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ @@ -2059,6 +2059,7 @@ user_pref("media.eme.chromium-api.enabled", false); // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); +user_pref("devtools.webide.adaptersAddonURL", ""); // 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 @@ -2083,7 +2084,7 @@ user_pref("general.useragent.locale", "en-US"); // If you have disabled health reports, then this about page is useless - disable it // If you want to see what health data is present, then this must be set at default // [-] https://bugzilla.mozilla.org/1352497 -user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); +user_pref("datareporting.healthreport.about.reportUrl", "data:,"); // 0511: disable FlyWeb [FF49+] // Flyweb is a set of APIs for advertising and discovering local-area web servers // [1] https://flyweb.github.io/ @@ -2129,7 +2130,7 @@ user_pref("dom.idle-observers-api.enabled", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield - replaced internally by Normandy (see 0503) [FF53+] +// 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503) // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" // [1] https://wiki.mozilla.org/Firefox/Shield // [2] https://github.com/mozilla/normandy @@ -2187,7 +2188,7 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes // [-] https://bugzilla.mozilla.org/1458917 -user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true] // 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false); From 23733097a95d9db37028d0ec8c7991bd0bf0a04b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 00:13:07 +0000 Subject: [PATCH 0965/1961] 2302 FF version --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c50d76b..4ffd04a 100644 --- a/user.js +++ b/user.js @@ -1137,7 +1137,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 ***/ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -/* 2302: disable service workers +/* 2302: disable service workers [FF32, FF44-compat] * Service workers essentially act as proxy servers that sit between web apps, and the browser * and network, are event driven, and can control the web page/site it is associated with, * intercepting and modifying navigation and resource requests, and caching resources. From 778dc89bb6126212d9c897f6e7add88ca5e6a96e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 00:40:03 +0000 Subject: [PATCH 0966/1961] 2002 WebRTC tests #580 FYI, the https://www.privacytools.io/webrtc.html test in our wiki is 404, so I gave it a strikethru and added this one. This is also handy for 2001, but do we need to double up on it? We're only disabling WebRTC because of IP leaks, so I don't see the point in testing if WebRTC is disabled. --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 4ffd04a..7c6a668 100644 --- a/user.js +++ b/user.js @@ -1040,6 +1040,7 @@ user_pref("media.peerconnection.turn.disable", true); user_pref("media.peerconnection.ice.tcp", false); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC + * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); // [FF42-FF50] From 0e1b0a4b6e572f88a7e456a75be8e88f46a9b559 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 11 Dec 2018 15:40:29 +0000 Subject: [PATCH 0967/1961] move 0370 to 0105b (#586) --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 7c6a668..484b963 100644 --- a/user.js +++ b/user.js @@ -105,13 +105,16 @@ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -/* 0105b: disable AS Snippets ***/ +/* 0105b: disable AS Snippets + * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server + * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.disableSnippets", true); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // has setting (see 0105) +user_pref("browser.aboutHomeSnippets.updateUrl", ""); /* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/ -user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // has setting (see 0105) user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // has setting (see 0105) -user_pref("browser.newtabpage.activity-stream.showSponsored", false); +user_pref("browser.newtabpage.activity-stream.showSponsored", false); // has setting (see 0105) /* 0105d: disable AS recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode @@ -234,9 +237,6 @@ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] -/* 0370: disable "Snippets" (Mozilla content shown on about:home screen) - * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/ -user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); /* 0380: disable Browser Error Reporter [FF60+] * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ From 205c48d9d324bb8ef7f39a6281e3af0e5c3e7ee2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 15:49:31 +0000 Subject: [PATCH 0968/1961] final 63 release --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 484b963..8bed37a 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 13 November 2018 -* version 63-beta: Pants Romance +* date: 11 December 2018 +* version 63: Pants Romance * "Rah rah ah-ah-ah! Ro mah ro-mah-mah. Gaga oh-la-la! Want your pants romance" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From ef1e61ebcd33a88ef18913299c2d3e3ebc1c0f86 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 16:05:07 +0000 Subject: [PATCH 0969/1961] start 64-alpha --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8bed37a..a17ece3 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 11 December 2018 -* version 63: Pants Romance -* "Rah rah ah-ah-ah! Ro mah ro-mah-mah. Gaga oh-la-la! Want your pants romance" +* version 64-alpha: Crocodile Pants +* "I remember when Pants was young, me and Suzie had so much fun" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 61be5ae563e0e7e3427885a16e6f920437797966 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 11 Dec 2018 16:07:28 +0000 Subject: [PATCH 0970/1961] all Deprecations + new ADB extension prefs (#587) --- user.js | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index a17ece3..f707684 100644 --- a/user.js +++ b/user.js @@ -394,14 +394,6 @@ user_pref("extensions.pocket.enabled", false); * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ // user_pref("extensions.screenshots.disabled", true); // [FF55+] // user_pref("extensions.screenshots.upload-disabled", true); // [FF60+] -/* 0516: disable Onboarding [FF55+] - * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time - * about:home or about:newtab is opened, the onboarding overlay is injected into that page - * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] - * [1] https://wiki.mozilla.org/Firefox/Onboarding - * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf - * [3] https://bugzilla.mozilla.org/863246#c154 ***/ -user_pref("browser.onboarding.enabled", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes @@ -1283,9 +1275,10 @@ user_pref("browser.uitour.url", ""); user_pref("devtools.chrome.enabled", false); /* 2608: disable WebIDE to prevent remote debugging and extension downloads * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ -user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); +user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] +user_pref("devtools.remote.adb.extensionURL", ""); // [FF64+] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ @@ -1373,9 +1366,6 @@ user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true] /* 2680: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // [DEFAULT: true] -/* 2681: disable CSP violation events [FF59+] - * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/ -user_pref("security.csp.enable_violation_events", false); /* 2682: enable CSP 1.1 experimental hash-source directive [FF29+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); @@ -2207,6 +2197,26 @@ user_pref("media.autoplay.enabled", false); // [-] https://bugzilla.mozilla.org/1473595 // user_pref("browser.ctrlTab.previews", true); // * * * / +// FF64 +// 0516: disable Onboarding [FF55+] + // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time + // about:home or about:newtab is opened, the onboarding overlay is injected into that page + // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] + // [1] https://wiki.mozilla.org/Firefox/Onboarding + // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf + // [3] https://bugzilla.mozilla.org/863246#c154 + // [-] https://bugzilla.mozilla.org/1462415 +user_pref("browser.onboarding.enabled", false); +// 2608: disable WebIDE ADB extension downloads - both renamed + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/1491315 +user_pref("devtools.webide.autoinstallADBHelper", false); +user_pref("devtools.webide.adbAddonURL", ""); +// 2681: disable CSP violation events [FF59+] + // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent + // [-] https://bugzilla.mozilla.org/1488165 +user_pref("security.csp.enable_violation_events", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 26b874bed78ac6a42e5a9dbc8881c665697a13e5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 16:43:11 +0000 Subject: [PATCH 0971/1961] 1020: remove max_windows #575 --- user.js | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index f707684..a7b8dc9 100644 --- a/user.js +++ b/user.js @@ -685,11 +685,8 @@ user_pref("browser.cache.disk_cache_ssl", false); // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ -/* 1020: limit Session Restore to last active tab and window - * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature - * It does not affect "Recently Closed Windows" or any history. ***/ -user_pref("browser.sessionstore.max_tabs_undo", 0); -user_pref("browser.sessionstore.max_windows_undo", 0); +/* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ + // user_pref("browser.sessionstore.max_tabs_undo", 0); /* 1021: disable storing extra session data [SETUP-CHROME] * extra session data contains contents of forms, scrollbar positions, cookies and POST data * define on which sites to save extra session data: From 4f379755668e285d12a610a216c804a1690f1a0f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 16:49:38 +0000 Subject: [PATCH 0972/1961] browser.sessionstore.max_windows_undo #575 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 1ad4ae9..6315ed0 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 18-Mov-2018 + Last updated: 11-Dec-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -108,6 +108,7 @@ 'privacy.trackingprotection.ui.enabled', /* 64-beta */ 'browser.eme.ui.enabled', + 'browser.sessionstore.max_windows_undo', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 7684e83abadd45aa30e4c63592059b6eb94e9eab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 17:18:26 +0000 Subject: [PATCH 0973/1961] 0102 add SR info #575 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index a7b8dc9..e57bcf6 100644 --- a/user.js +++ b/user.js @@ -86,6 +86,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) + * [NOTE] Session Restore is not used in PB mode (0110) and is cleared with history (2803, 2804) * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page From c6ebe3616525847aad30f3ba2a8ece789fab93d4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 17:28:21 +0000 Subject: [PATCH 0974/1961] 1022: resume from crash=>inactive, closes #575 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e57bcf6..3ec3f66 100644 --- a/user.js +++ b/user.js @@ -694,7 +694,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); /* 1022: disable resuming session from crash ***/ -user_pref("browser.sessionstore.resume_from_crash", false); + // user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc From 88b747ef36185c460b87a5ca5cd7d964a2dd597e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 17:42:19 +0000 Subject: [PATCH 0975/1961] 0911: remove it, #585 it is default false in FF59+ --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 3ec3f66..aa410de 100644 --- a/user.js +++ b/user.js @@ -640,9 +640,6 @@ user_pref("signon.formlessCapture.enabled", false); * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); -/* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt [FF55+] - * [1] https://bugzilla.mozilla.org/1357835 ***/ -user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by From f0fbfd3086311548b8863a2a8d0e50593b76b306 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Dec 2018 17:44:19 +0000 Subject: [PATCH 0976/1961] network.auth.subresource-img-cross-origin-http-auth-allow #585 --- scratchpad-scripts/ghacks-clear-[removed].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 6315ed0..e1e7dcf 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -109,6 +109,7 @@ /* 64-beta */ 'browser.eme.ui.enabled', 'browser.sessionstore.max_windows_undo', + 'network.auth.subresource-img-cross-origin-http-auth-allow', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From ccdd4decf01dd3576e84c775d1a99fe3d7f5b27d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 08:25:25 +0000 Subject: [PATCH 0977/1961] Pocket: 0510->0370 Pocket is no longer a System Add-on in FF64+ --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index aa410de..41774f6 100644 --- a/user.js +++ b/user.js @@ -238,6 +238,11 @@ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] +/* 0370: disable Pocket [FF46+] + * Pocket is a third party (now owned by Mozilla) "save for later" cloud service + * [1] https://en.wikipedia.org/wiki/Pocket_(application) + * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ +user_pref("extensions.pocket.enabled", false); /* 0380: disable Browser Error Reporter [FF60+] * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ @@ -384,11 +389,6 @@ user_pref("app.shield.optoutstudies.enabled", false); /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ user_pref("browser.ping-centre.telemetry", false); -/* 0510: disable Pocket [FF46+] - * Pocket is a third party (now owned by Mozilla) "save for later" cloud service - * [1] https://en.wikipedia.org/wiki/Pocket_(application) - * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ -user_pref("extensions.pocket.enabled", false); /* 0515: disable Screenshots * alternatively in FF60+, disable uploading to the Screenshots server * [1] https://github.com/mozilla-services/screenshots From 9d6bfb650cca3e0785849c49640a31d6323249f9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Dec 2018 00:29:29 +1300 Subject: [PATCH 0978/1961] disable Telemetry Coverage (#589) --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 41774f6..818c8b9 100644 --- a/user.js +++ b/user.js @@ -232,6 +232,9 @@ user_pref("datareporting.healthreport.uploadEnabled", false); * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 0335: disable Telemetry Coverage [FF64+] + * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ +user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports ***/ From 2d956d04f303a70e6ca2cde3625548445c0fb520 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 12 Dec 2018 11:52:49 +0000 Subject: [PATCH 0979/1961] move 1260 to 122x (#591) * move 1260 to 122x "disable or limit SHA-1 certificates" is about certs, not ciphers. Because CERTS is 1st in the title I moved it to the 1st item there because it's arguably also the most important of the lot (and renumbered the rest) We can also drop HSTS from the subgroup title because there's nothing HSTS left atm. --- user.js | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/user.js b/user.js index 818c8b9..6f4a79f 100644 --- a/user.js +++ b/user.js @@ -51,7 +51,7 @@ 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: CACHE / SESSION (RE)STORE / FAVICONS - 1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) + 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) 1400: FONTS 1600: HEADERS / REFERERS 1700: CONTAINERS @@ -719,14 +719,13 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); // [DEFAULT: false] -/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) +/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) Note that your cipher and other settings can be used server side as a fingerprint attack vector, see [1] (It's quite technical but the first part is easy to understand and you can stop reading when you reach the second section titled "Enter Bro") - Option 1: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local - only anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and - other browsers) will always lag for fear of breakage and upset end-users + Option 1: Use defaults for ciphers (1260's). There is nothing *weak* about these, but + due to breakage, browsers can't deprecate them until the web stops using them Option 2: Disable the ciphers in 1261, 1262 and 1263. These shouldn't break anything. Optionally, disable the ciphers in 1264. @@ -785,21 +784,31 @@ user_pref("security.OCSP.enabled", 1); * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ user_pref("security.OCSP.require", true); -/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ -/* 1220: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] +/** CERTS / HPKP (HTTP Public Key Pinning) ***/ +/* 1220: disable or limit SHA-1 certificates + * 0=all SHA1 certs are allowed + * 1=all SHA1 certs are blocked + * 2=deprecated option that now maps to 1 + * 3=only allowed for locally-added roots (e.g. anti-virus) + * 4=only allowed for locally-added roots or for certs in 2015 and earlier + * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and + * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. + * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ +user_pref("security.pki.sha1_enforcement_level", 1); +/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] * 0=disable detecting Family Safety mode and importing the root * 1=only attempt to detect Family Safety mode (don't import the root) * 2=detect Family Safety mode and import the root * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] +/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. * [TEST] https://fiprinca.0x90.eu/poc/ * [1] https://bugzilla.mozilla.org/1334485 - related bug * [2] https://bugzilla.mozilla.org/1216882 - related bug (see comment 9) ***/ // user_pref("security.nocertdb", true); // [HIDDEN PREF] -/* 1222: enforce strict pinning +/* 1223: enforce strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [WARNING] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 @@ -817,16 +826,6 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /** CIPHERS [see the section 1200 intro] ***/ -/* 1260: disable or limit SHA-1 - * 0=all SHA1 certs are allowed - * 1=all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier) - * 2=deprecated option that now maps to 1 - * 3=only allowed for locally-added roots (e.g. anti-virus) - * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and - * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. - * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ -user_pref("security.pki.sha1_enforcement_level", 1); /* 1261: disable 3DES (effective key size < 128) * [1] https://en.wikipedia.org/wiki/3des#Security * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack From 51ac69874bca1f07ca577897a491e5df289851fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 11:58:48 +0000 Subject: [PATCH 0980/1961] 0105* remove // has setting --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 6f4a79f..a0196a2 100644 --- a/user.js +++ b/user.js @@ -110,12 +110,12 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.disableSnippets", true); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // has setting (see 0105) +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); user_pref("browser.aboutHomeSnippets.updateUrl", ""); /* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/ -user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // has setting (see 0105) -user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // has setting (see 0105) -user_pref("browser.newtabpage.activity-stream.showSponsored", false); // has setting (see 0105) +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +user_pref("browser.newtabpage.activity-stream.showSponsored", false); /* 0105d: disable AS recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode From 3916e3868180cae24594c15af9c799b9cd7a4f80 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 12 Dec 2018 13:02:38 +0000 Subject: [PATCH 0981/1961] taking out the garbage (#590) --- user.js | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index a0196a2..87101ad 100644 --- a/user.js +++ b/user.js @@ -1021,18 +1021,12 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); -user_pref("media.peerconnection.use_document_iceservers", false); -user_pref("media.peerconnection.video.enabled", false); -user_pref("media.peerconnection.identity.enabled", false); -user_pref("media.peerconnection.identity.timeout", 1); -user_pref("media.peerconnection.turn.disable", true); -user_pref("media.peerconnection.ice.tcp", false); user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ -user_pref("media.peerconnection.ice.default_address_only", true); // [FF42-FF50] +user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ @@ -1270,12 +1264,11 @@ user_pref("browser.uitour.url", ""); * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -/* 2608: disable WebIDE to prevent remote debugging and extension downloads +/* 2608: disable WebIDE to prevent remote debugging and ADB extension download * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -user_pref("devtools.remote.adb.extensionURL", ""); // [FF64+] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ From d97d0ec0f59df18938f9f78ca81a12b192a16ce1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 13:09:03 +0000 Subject: [PATCH 0982/1961] media.peerconnection* covered by user_pref("media.peerconnection.enabled", false); --- scratchpad-scripts/ghacks-clear-[removed].js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index e1e7dcf..5fb1425 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 11-Dec-2018 + Last updated: 12-Dec-2018 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -110,6 +110,12 @@ 'browser.eme.ui.enabled', 'browser.sessionstore.max_windows_undo', 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'media.peerconnection.ice.tcp', + 'media.peerconnection.identity.enabled', + 'media.peerconnection.identity.timeout', + 'media.peerconnection.turn.disable', + 'media.peerconnection.use_document_iceservers', + 'media.peerconnection.video.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 879f0abf28703ea082cdf41a396dc97c8d0a3bbd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 13:21:24 +0000 Subject: [PATCH 0983/1961] 2201: more garbage --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 87101ad..e2157ba 100644 --- a/user.js +++ b/user.js @@ -1021,7 +1021,6 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); -user_pref("media.navigator.video.enabled", false); // video capability for WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 From 3c247a2c5b91502f548e7a5d5a24b234d3881e3d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 13:22:58 +0000 Subject: [PATCH 0984/1961] Update ghacks-clear-[removed].js --- scratchpad-scripts/ghacks-clear-[removed].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 5fb1425..4231a0b 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -116,6 +116,7 @@ 'media.peerconnection.turn.disable', 'media.peerconnection.use_document_iceservers', 'media.peerconnection.video.enabled', + 'media.navigator.video.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 31adbba774139f1f79cc90c4b48126b5bd3912fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 16:34:27 +0000 Subject: [PATCH 0985/1961] 5000s: disable CFR --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index e2157ba..11f048f 100644 --- a/user.js +++ b/user.js @@ -1738,6 +1738,9 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CRF [FF64+] + // [SETTING] General>Browsing>Recommend extensions as you browse + // [1] https://support.mozilla.org/en-US/kb/extension-recommendations // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" From d55b8176adea7ae91fd96a16db388f689f5560fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 16:52:12 +0000 Subject: [PATCH 0986/1961] dyslexia and/or dementia --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 11f048f..f3d668f 100644 --- a/user.js +++ b/user.js @@ -1738,7 +1738,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CRF [FF64+] + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR [FF64+] // [SETTING] General>Browsing>Recommend extensions as you browse // [1] https://support.mozilla.org/en-US/kb/extension-recommendations // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] From e60abd6c44fc6395867304ee8ee48029720b5e84 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Dec 2018 17:17:33 +0000 Subject: [PATCH 0987/1961] 64-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index f3d668f..47d85c8 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 11 December 2018 -* version 64-alpha: Crocodile Pants +* date: 12 December 2018 +* version 64-beta: Crocodile Pants * "I remember when Pants was young, me and Suzie had so much fun" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 04b797f1aa2271ae561cffddb963912b0b61f96e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Dec 2018 11:14:44 +0000 Subject: [PATCH 0988/1961] 0209: remove trailing space @Just-me-ghacks :kiss: --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 47d85c8..06a2cfa 100644 --- a/user.js +++ b/user.js @@ -159,7 +159,7 @@ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/867501 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -/* 0209: use APP locale over OS locale in regional preferences [FF56+] +/* 0209: use APP locale over OS locale in regional preferences [FF56+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789 ***/ user_pref("intl.regional_prefs.use_os_locales", false); /* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled From 15c68dc344b5781b7d0269cee0d8fd0ce43093c2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 13 Dec 2018 14:21:57 +0000 Subject: [PATCH 0989/1961] disable System Add-on updates (#595) remember the new Coverage Telemetry shit? with a **hidden** opt-out pref? guess what, they are already collecting for 3 months ... https://bugzilla.mozilla.org/show_bug.cgi?id=1487578 - **3 months ago**: "I see data coming in that looks reasonable" guess what else ... "It has also replaced the previous version that was there (from bug 1480194)" and oh, surprise surprise, 1480194 is ACCESS DENIED! they're not just using private tickets to hide security critical information from potential hackers and blackhats, no they also use it to hide shady AF things. Things that they fully know are shady as fuck and that they absolutely know a lot of people would not like. There's simply no other reason why they'd do that but wait, that's not all. If you think an opt-out pref that 99% of people wouldn't know about even if it showed up in about:config BUT ALSO HAPPENS TO BE HIDDEN is kind of questionable, well ... the system addon that they use for this shit apparently looked or still looks for `toolkit.telemetry.coverage.opt-out` [1] instead of `toolkit.coverage.opt-out` as their documentation [2] claims [1] https://github.com/mozilla/one-off-system-add-ons/pull/131/files#diff-6e0cbf76986d04383ccb32a29ef27a7aR25 [2] https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/docs/data/coverage-ping.rst#l32 It's time to opt out of all that shit for good. Disable system addon updates and kill it at the root > In FF61 and lower, you will not get any System Add-on updates except when you update Firefox on its own that's not true. You will get SA updates unless you disable app update checks + auto install. Let's just remove that as well. --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 06a2cfa..55cdd89 100644 --- a/user.js +++ b/user.js @@ -385,10 +385,9 @@ user_pref("network.allow-experiments", false); user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.shield.optoutstudies.enabled", false); -/* 0505: disable System Add-on updates - * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/ - // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] - // user_pref("extensions.systemAddon.update.url", ""); +/* 0505: disable System Add-on updates ***/ +user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] +user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ user_pref("browser.ping-centre.telemetry", false); From 645492e82f748d6b2085f092b551c1afbad56074 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Dec 2018 04:49:50 +1300 Subject: [PATCH 0990/1961] grammar, case, etc, closes #594 thanks @Just-me-ghacks --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 55cdd89..ed9951a 100644 --- a/user.js +++ b/user.js @@ -202,7 +202,7 @@ user_pref("browser.search.update", false); user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); /* 0310: disable sending the URL of the website where a plugin crashed ***/ user_pref("dom.ipc.plugins.reportCrashURL", false); -/* 0320: disable about:addons' Get Add-ons panel (uses Google-Analytics) ***/ +/* 0320: disable about:addons' Get Add-ons panel (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] user_pref("extensions.webservice.discoverURL", ""); /* 0330: disable telemetry @@ -696,7 +696,7 @@ user_pref("browser.sessionstore.privacy_level", 2); // user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] - * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc + * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * i.e. the longer the interval the more chance a quick tab open/close won't be captured. * This longer interval *may* affect history but we cannot replicate any history not recorded @@ -912,7 +912,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); Our default settings provide the best balance between protection and amount of breakage. To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). To fix broken sites (including your modem/router), temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, - use the site and then change the values back. If you visit those sites regularly (e.g. Vimeo), use an extension. + use the site and then change the values back. If you visit those sites regularly (e.g. vimeo), use an extension. full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html @@ -1416,7 +1416,7 @@ user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] * To control *website* IDB data, control allowing cookies and service workers, or use * Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically - * via an extenion. Note that IDB currently cannot be sanitized by host. + * via an extension. Note that IDB currently cannot be sanitized by host. * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/ user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache ***/ @@ -1732,7 +1732,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 [FF53+] + // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ @@ -1741,7 +1741,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // [SETTING] General>Browsing>Recommend extensions as you browse // [1] https://support.mozilla.org/en-US/kb/extension-recommendations // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] - // user_pref("network.manage-offline-status", false); // see Bugzilla 620472 + // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) From f6ea20a8b09b128a0b7d2b8b3067a4334622d5a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Dec 2018 17:28:16 +0000 Subject: [PATCH 0991/1961] 0335: Telemetry Coverage endpoint let's just coverage-our-ass on this one While I don't mind telemetry (development needs meaningful feedback to better the product), and I trust the data is not PII, and/or anonymized into buckets etc (you can check this you know), and I understand this one needs to be outside the Telemetry pref in order to gather the one-time ping ... and I trust Mozilla's motives ... I'm starting to get a little annoyed at the non-stop incessant increasing telemetry bullshittery and ass-fuckery around sending data home, and the lengths some Mozilla devs will go to, to hide this info (hidden prefs, access denied tickets to hide discussion of what should be public, and even **not even adhering to their own documentation**). I will also be killing as many Activity Stream endpoints as well - as long as they are in line with our js - pocket, snippets, onboarding etc. And I will add those from personal as inactive for end-users - eg cfr --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index ed9951a..f9bb4c2 100644 --- a/user.js +++ b/user.js @@ -234,6 +234,7 @@ user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0335: disable Telemetry Coverage [FF64+] * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ +user_pref("toolkit.coverage.endpoint.base", ""); user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); From d5ece0f6f44896461a22c0dce46427aac77fcd19 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Dec 2018 20:05:43 +1300 Subject: [PATCH 0992/1961] 1700s: revamp Containers header #585 (#596) --- user.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index f9bb4c2..31f718f 100644 --- a/user.js +++ b/user.js @@ -957,9 +957,12 @@ user_pref("network.http.referer.hideOnionSource", true); user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS - [1] https://support.mozilla.org/kb/containers-experiment - [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers - [3] https://github.com/mozilla/testpilot-containers + If you want to *really* leverage containers, we highly recommend Temporary Containers [2]. + Read the article by the extension author [3], and check out the github wiki/repo [4]. + [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers + [2] https://addons.mozilla.org/firefox/addon/temporary-containers/ + [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [4] https://github.com/stoically/temporary-containers/wiki ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable Container Tabs setting in preferences (see 1702) [FF50+] From c1d6d81528917d102dd57eb00c74be6efb49dfc3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Dec 2018 14:10:32 +0000 Subject: [PATCH 0993/1961] add PERF tags to wasm, asm.js, closes #599 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 31f718f..12fc230 100644 --- a/user.js +++ b/user.js @@ -1171,7 +1171,7 @@ user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] user_pref("dom.disable_beforeunload", true); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); -/* 2420: disable asm.js [FF22+] +/* 2420: disable asm.js [FF22+] [SETUP-PERF] * [1] http://asmjs.org/ * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/ * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/ @@ -1184,7 +1184,7 @@ user_pref("javascript.options.asmjs", false); * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); -/* 2422: disable WebAssembly [FF52+] +/* 2422: disable WebAssembly [FF52+] [SETUP-PERF] * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2426: disable Intersection Observer API [FF53+] From da80e390648257b92327202164b923bc7efcb63e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Dec 2018 17:37:42 +0000 Subject: [PATCH 0994/1961] 0105s: description s/be self explanatory #578 when filtered and 0105a is not shown, AS doesn't mean anything --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 12fc230..56f18fa 100644 --- a/user.js +++ b/user.js @@ -106,17 +106,17 @@ user_pref("browser.newtab.preload", false); user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -/* 0105b: disable AS Snippets +/* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.disableSnippets", true); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); user_pref("browser.aboutHomeSnippets.updateUrl", ""); -/* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/ +/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); -/* 0105d: disable AS recent Highlights in the Library [FF57+] ***/ +/* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed From 6946a012320025d257a80a0729000d34c5240ec4 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 17 Dec 2018 08:19:14 +0000 Subject: [PATCH 0995/1961] Update troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 0e751ca..9653c2f 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.5 ***/ +/*** ghacks-user.js troubleshooter.js v1.5.1 ***/ (function() { @@ -82,7 +82,6 @@ 'dom.push.enabled', 'dom.push.serverURL', 'dom.serviceWorkers.enabled', - 'dom.workers.enabled', 'dom.webnotifications.enabled', 'dom.webnotifications.serviceworker.enabled', @@ -116,6 +115,7 @@ /* Audio + Video */ 'dom.webaudio.enabled', 'media.autoplay.enabled', + 'media.autoplay.default', // FF63+ /* Forms */ 'browser.formfill.enable', @@ -125,7 +125,6 @@ /* HTTPS */ 'security.cert_pinning.enforcement_level', 'security.family_safety.mode', - 'security.mixed_content.use_hsts', 'security.OCSP.require', 'security.pki.sha1_enforcement_level', 'security.ssl.require_safe_negotiation', @@ -152,7 +151,6 @@ 'dom.popup_maximum', 'layout.css.visited_links_enabled', 'mathml.disabled', - 'network.auth.subresource-img-cross-origin-http-auth-allow', 'network.http.redirection-limit', 'network.protocol-handler.external.ms-windows-store', 'privacy.trackingprotection.enabled', From 4badc42879184cc5a470430504f9339360f005ff Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 17 Dec 2018 09:36:26 +0000 Subject: [PATCH 0996/1961] 0105b: kill snippets endpoint #528 it's too hard to follow AS changes, and work out if disabling showing items (basic toggling of show/hide sections etc) actually stops downloading a localized local copy etc. For items we actually want to block, let the endpoint slaughter begin. --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 56f18fa..3907c0d 100644 --- a/user.js +++ b/user.js @@ -109,9 +109,10 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ +user_pref("browser.aboutHomeSnippets.updateUrl", ""); +user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); user_pref("browser.newtabpage.activity-stream.disableSnippets", true); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.aboutHomeSnippets.updateUrl", ""); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); From 55c2cacbce27003c77cf05069b964944ab65dde3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 17 Dec 2018 09:43:45 +0000 Subject: [PATCH 0997/1961] 0335: toolkit.telemetry.coverage.opt-out (#600) --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3907c0d..cca0842 100644 --- a/user.js +++ b/user.js @@ -233,10 +233,11 @@ user_pref("datareporting.healthreport.uploadEnabled", false); * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0335: disable Telemetry Coverage [FF64+] +/* 0335: disable Telemetry Coverage * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ +user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] +user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] user_pref("toolkit.coverage.endpoint.base", ""); -user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] /* 0350: disable crash reports ***/ user_pref("breakpad.reportURL", ""); /* 0351: disable sending of crash reports ***/ From 5bd5f6b28e801b8437e2574fad35f52365a6b593 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 18 Dec 2018 01:41:37 +1300 Subject: [PATCH 0998/1961] 0912: HTTP Auth sub-resources #585 (#602) --- user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user.js b/user.js index cca0842..a454252 100644 --- a/user.js +++ b/user.js @@ -645,6 +645,13 @@ user_pref("signon.formlessCapture.enabled", false); * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); +/* 0912: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+] + * hardens against potential credentials phishing + * 0=don't allow sub-resources to open HTTP authentication credentials dialogs + * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs + * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) + * [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ ***/ +user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by From 5b0952f60a5e9ed0fd62499187c6e62829fcd587 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 17 Dec 2018 13:00:27 +0000 Subject: [PATCH 0999/1961] network.auth.subresource-http-auth-allow --- scratchpad-scripts/troubleshooter.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 9653c2f..98d9948 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.5.1 ***/ +/*** ghacks-user.js troubleshooter.js v1.5.2 ***/ (function() { @@ -151,6 +151,7 @@ 'dom.popup_maximum', 'layout.css.visited_links_enabled', 'mathml.disabled', + 'network.auth.subresource-http-auth-allow', 'network.http.redirection-limit', 'network.protocol-handler.external.ms-windows-store', 'privacy.trackingprotection.enabled', From ac4e764c37560a32edddb1deb12cd7bca9c20a7e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 18 Dec 2018 15:54:57 +0000 Subject: [PATCH 1000/1961] http2, altsvc, ssl session ids vs FPI vs TB #571 --- user.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a454252..aee54f5 100644 --- a/user.js +++ b/user.js @@ -462,6 +462,9 @@ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance * privacy, and in fact opens up a number of server-side fingerprinting opportunities + * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the + * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, + * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://queue.acm.org/detail.cfm?id=2716278 @@ -470,6 +473,9 @@ user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); /* 0703: disable HTTP Alternative Services [FF37+] + * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the + * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, + * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [1] https://tools.ietf.org/html/rfc7838#section-9 * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ user_pref("network.http.altsvc.enabled", false); @@ -756,11 +762,13 @@ user_pref("security.ssl.require_safe_negotiation", true); // user_pref("security.tls.version.min", 3); user_pref("security.tls.version.max", 4); /* 1203: disable SSL session tracking [FF36+] - * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 24hrs. - * Since the ID is unique, web servers can (and do) use it for tracking. If set to true, - * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking + * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking + * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the + * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, + * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [1] https://tools.ietf.org/html/rfc5077 - * [2] https://bugzilla.mozilla.org/967977 ***/ + * [2] https://bugzilla.mozilla.org/967977 + * [3] https://arxiv.org/abs/1810.07304 ***/ user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 1204: disable SSL Error Reporting * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ From 186fb1c9be2ed25e5ab6bc82b7a9842b3351a9fc Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 20 Dec 2018 19:42:28 +0000 Subject: [PATCH 1001/1961] Update README.md fix for the weird page title ![][b] https://ghacksuserjs.github.io/ghacks-user.js/ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc5d76a..9df4ee3 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### ![][b] user.js +### ![🔶][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js From 96063027ba4862a85e0cc5c3c1850122b7f7ab1a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 20 Dec 2018 19:44:27 +0000 Subject: [PATCH 1002/1961] Update README.md second attempt at fixing the weird title... --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9df4ee3..d0071be 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### ![🔶][b] user.js +### ![o][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js From b845f8fe3ad49beefe094b818046644f7eb0821e Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Thu, 20 Dec 2018 19:53:48 +0000 Subject: [PATCH 1003/1961] Update README.md OK, I give up. I would've removed those commits by force-pushing, but the branch is protected. #NotMyFault --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d0071be..fc5d76a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### ![o][b] user.js +### ![][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. ### ![][b] ghacks user.js From 4604cf0d4ebc0aef81a89bbb971461018ed68370 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Dec 2018 11:02:40 +0000 Subject: [PATCH 1004/1961] references to other prefs s/be explicit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index aee54f5..e4976d6 100644 --- a/user.js +++ b/user.js @@ -1486,7 +1486,7 @@ user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download Histo user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -/* 2804: reset default history items to clear with Ctrl-Shift-Del (to match above) +/* 2804: reset default history items to clear with Ctrl-Shift-Del (to match 2803) * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox. * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog From 075d6fe6e4e258fb39d4f53ecf6ad04dd30fd0a0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Jan 2019 05:09:14 +0000 Subject: [PATCH 1005/1961] 2615: s/cut keys: bug fix in 66+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e4976d6..e0fb1e7 100644 --- a/user.js +++ b/user.js @@ -1306,7 +1306,7 @@ user_pref("middlemouse.contentLoadURL", false); user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block - * [NOTE] At the time of writing, causes issues with delete and backspace keys + * [NOTE] In FF65 and under, causes issues with delete and backspace keys (see 1445942) * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); /* 2616: remove special permissions for certain mozilla domains [FF35+] From 7bf5790f2b607583307f6e70c510876b245405b8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Jan 2019 05:14:59 +0000 Subject: [PATCH 1006/1961] RFP: FF66 changes to UA HTTP Headers --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index e0fb1e7..a6ae1d7 100644 --- a/user.js +++ b/user.js @@ -1575,6 +1575,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL FF56: The version number will be rounded down to the nearest multiple of 10 FF57: The version number will match current ESR (1393283, 1418672, 1418162) FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) + FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From 45bd5ccc02d4526195cc85bb2e455ec489388361 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 16 Jan 2019 02:07:06 +0000 Subject: [PATCH 1007/1961] PB Mode: ref added --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index a6ae1d7..544d873 100644 --- a/user.js +++ b/user.js @@ -128,7 +128,8 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode - * [1] https://wiki.mozilla.org/Private_Browsing ***/ + * [1] https://wiki.mozilla.org/Private_Browsing + * [2] https://spreadprivacy.com/is-private-browsing-really-private/ ***/ // user_pref("browser.privatebrowsing.autostart", true); /*** [SECTION 0200]: GEOLOCATION ***/ From 3b90e6e5925cc612e6ec3c866b80965cdfb12ce6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 17 Jan 2019 05:11:29 +0000 Subject: [PATCH 1008/1961] end of v64 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 544d873..3a88f8f 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 12 December 2018 -* version 64-beta: Crocodile Pants +* date: 17 January 2019 +* version 64: Crocodile Pants * "I remember when Pants was young, me and Suzie had so much fun" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From f1e6d164f7e6619c2e652ccc44df7a5958c28841 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 17 Jan 2019 05:19:11 +0000 Subject: [PATCH 1009/1961] start 65 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3a88f8f..5512ec6 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 17 January 2019 -* version 64: Crocodile Pants -* "I remember when Pants was young, me and Suzie had so much fun" +* version 65-alpha: Dancing with My Pants +* "If I had the chance, I'd ask the world to dance, and I'll be dancing with my pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 1c09ec36e3275c2ac6c4bf5a7c16d55a928630c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 18 Jan 2019 04:24:13 +0000 Subject: [PATCH 1010/1961] 0306: extra info, closes #615 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 5512ec6..d350535 100644 --- a/user.js +++ b/user.js @@ -193,7 +193,8 @@ user_pref("app.update.staging.enabled", false); * This is the update available, downloaded, error and success information ***/ user_pref("app.update.silent", false); /* 0306: disable extension metadata updating - * sends daily pings to Mozilla about extensions and recent startups ***/ + * sends daily pings to Mozilla about extensions and recent startups + * [NOTE] blocks any expanded text description, if it exists, when you "show more details about an addon" ***/ user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); From 8c96432eb809d4626a1bd396747eb09c1434be5a Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Fri, 25 Jan 2019 14:28:00 +0000 Subject: [PATCH 1011/1961] Update updater.sh (#618) Closes #616 + #617 --- updater.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index 0206a35..226a492 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.4 +## version: 2.5 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -227,7 +227,7 @@ update_updater () { fi mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" chmod u+x "${SCRIPT_DIR}/updater.sh" - "${SCRIPT_DIR}/updater.sh" "$@ -d" + "${SCRIPT_DIR}/updater.sh" "$@" -d exit 1 } @@ -334,6 +334,9 @@ update_userjs () { echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" else echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" + if [ $BACKUP = 'multiple' ]; then + rm $bakname &>/dev/null + fi fi rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null fi @@ -416,7 +419,7 @@ if [ $# != 0 ]; then fi show_banner -update_updater +update_updater $@ getProfilePath # updates PROFILE_PATH or exits on error cd "$PROFILE_PATH" && update_userjs From 95b75a065d428cfe79b54b333c0e4294935caff9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 10:23:42 +0000 Subject: [PATCH 1012/1961] up date info on what cookies control #622 --- user.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d350535..87983d4 100644 --- a/user.js +++ b/user.js @@ -1397,6 +1397,12 @@ user_pref("security.dialog_enable_delay", 700); indexedDB : profile\storage\default appCache : profile\OfflineCache serviceWorkers : + + [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode + [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), + indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications) + If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become + accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data @@ -1404,8 +1410,6 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! - * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache. - * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB). * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 1); From d9a87b3ac4b7b794ff4fad7a9d1aed4a704566af Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 30 Jan 2019 12:27:53 +0000 Subject: [PATCH 1013/1961] FF65 removals (#624) --- user.js | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 87983d4..4cae9bd 100644 --- a/user.js +++ b/user.js @@ -178,7 +178,8 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the /* 0301b: disable auto-update checks for extensions * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.enabled", false); -/* 0302a: disable auto update installing for Firefox +/* 0302a: disable auto update installing for Firefox [NON-WINDOWS FF65+] + * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/ user_pref("app.update.auto", false); /* 0302b: disable auto update installing for extensions (after the check in 0301b) @@ -361,8 +362,6 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ // user_pref("privacy.trackingprotection.annotate_channels", false); // user_pref("privacy.trackingprotection.lower_network_priority", false); -/* 0426: enforce Content Blocking (required to block cookies) [FF63+] ***/ -user_pref("browser.contentblocking.enabled", true); // [DEFAULT: true] /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be @@ -567,13 +566,9 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0810: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0850a: disable location bar autocomplete and suggestion types - * If you enforce any of the suggestion types, you MUST enforce 'autocomplete' - * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false - * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true +/* 0850a: disable location bar suggestion types * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ -user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.openpage", false); @@ -643,9 +638,6 @@ user_pref("signon.storeWhenAutocompleteOff", true); // [DEFAULT: true] /* 0907: display warnings for logins on non-secure (non HTTPS) pages * [1] https://bugzilla.mozilla.org/1217156 ***/ user_pref("security.insecure_password.ui.enabled", true); -/* 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) - * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/ -user_pref("browser.fixup.hide_user_pass", true); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); /* 0910: disable autofilling saved passwords on HTTP pages and show warning [FF52+] @@ -2236,6 +2228,18 @@ user_pref("devtools.webide.adbAddonURL", ""); // [-] https://bugzilla.mozilla.org/1488165 user_pref("security.csp.enable_violation_events", false); // * * * / +// FF65 +// 0850a: disable location bar autocomplete and suggestion types + // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete' + // - If *ALL* of the suggestion types are false, 'autocomplete' must also be false + // - If *ANY* of the suggestion types are true, 'autocomplete' must also be true + // [-] https://bugzilla.mozilla.org/1502392 +user_pref("browser.urlbar.autocomplete.enabled", false); +// 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) + // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) + // [-] https://bugzilla.mozilla.org/1510580 +user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 5dc3ea66cdfd0d8f3b5f292bea00e37cffacd616 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 12:38:07 +0000 Subject: [PATCH 1014/1961] browser.contentblocking.enabled only existed for FF63+64, default true anyway --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 4231a0b..c885953 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 12-Dec-2018 + Last updated: 30-Jan-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -117,6 +117,8 @@ 'media.peerconnection.use_document_iceservers', 'media.peerconnection.video.enabled', 'media.navigator.video.enabled', + /* 65-beta */ + 'browser.contentblocking.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 2f351fa5ce23edeed569b7ad7004cd9ac0afc382 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 14:09:39 +0000 Subject: [PATCH 1015/1961] 0702: http2 websockets might as well add it: needs t be taken into consideration when looking at the whole http2 thing. Will be interesting to see what Tor Browser does with it in ESR68 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 4cae9bd..3010a18 100644 --- a/user.js +++ b/user.js @@ -473,6 +473,7 @@ user_pref("network.dns.disableIPv6", true); user_pref("network.http.spdy.enabled", false); user_pref("network.http.spdy.enabled.deps", false); user_pref("network.http.spdy.enabled.http2", false); +user_pref("network.http.spdy.websockets", false); // [FF65+] /* 0703: disable HTTP Alternative Services [FF37+] * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, From 54f79604da3f631febfe066e313ca5dec3b36ae1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Jan 2019 04:06:32 +1300 Subject: [PATCH 1016/1961] Make Firefox Great Again (#626) * location bar changes * if the dropdown is going to be used, then no point hiding search engines on the bottom line --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 3010a18..aa74e70 100644 --- a/user.js +++ b/user.js @@ -517,10 +517,10 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] - If you are in a private environment (no unwanted eyeballs) and your device is private - (restricted access), and the device is secure when unattended (locked, encrypted, forensic - hardened), then items 0850 and above can be relaxed in return for more convenience and - functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. + Change items 0850 and above to suit for privacy vs convenience and functionality. Consider + your environment (no unwanted eyeballs), your device (restricted access), your device's + unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check + the items cleared on shutdown in section 2800. [NOTE] The urlbar is also commonly referred to as the location bar and address bar #Required reading [#] https://xkcd.com/538/ ***/ @@ -570,9 +570,9 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar suggestion types * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ -user_pref("browser.urlbar.suggest.history", false); -user_pref("browser.urlbar.suggest.bookmark", false); -user_pref("browser.urlbar.suggest.openpage", false); + // user_pref("browser.urlbar.suggest.history", false); + // user_pref("browser.urlbar.suggest.bookmark", false); + // user_pref("browser.urlbar.suggest.openpage", false); /* 0850c: disable location bar dropdown * This value controls the total number of entries to appear in the location bar dropdown * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always @@ -586,7 +586,7 @@ user_pref("browser.urlbar.suggest.openpage", false); user_pref("browser.urlbar.autoFill", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ -user_pref("browser.urlbar.oneOffSearches", false); + // user_pref("browser.urlbar.oneOffSearches", false); /* 0850f: disable location bar suggesting local search history [FF57+] * [1] https://bugzilla.mozilla.org/1181644 ***/ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); From 6147fed61c4f6f0a13f38947598ee20343c2531f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 15:44:08 +0000 Subject: [PATCH 1017/1961] and the rest of the 0850's The location bar dropdown cannot be disabled via prefs except with css, in which case the whole thing is hidden regardless of he above prefs. So there is no point in making any of them active. This is also in line with what we can achieve with relaxed and hardened tags / sticky issues - that is we can find a better balance, Shoulder surfers is a low risk, not even Tor Browser disables this stuff. People need to take responsibility and/or use common sense. Sure, we can leave em in for users to know about and enable if they want. End of story. userChrome.css code is ```css /* locationbar dropdown FF65+ */ #PopupAutoCompleteRichResult {display: none!important;} ``` --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index aa74e70..4d8ab48 100644 --- a/user.js +++ b/user.js @@ -583,13 +583,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ -user_pref("browser.urlbar.autoFill", false); + // user_pref("browser.urlbar.autoFill", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ // user_pref("browser.urlbar.oneOffSearches", false); /* 0850f: disable location bar suggesting local search history [FF57+] * [1] https://bugzilla.mozilla.org/1181644 ***/ -user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); + // user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); /* 0860: disable search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/ From f047fe93c08bd166eea01a95afc7561a016328ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 16:14:39 +0000 Subject: [PATCH 1018/1961] remove 0850f `browser.urlbar.maxHistoricalSearchSuggestions` is default 0 is FF60 thru to FF66. It is also default 0 in ESR60.1 thru 60.5. (at least on Windows) IDK if this has ever been used, maybe android, in which case it's probably useful? --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 4d8ab48..6a80cc3 100644 --- a/user.js +++ b/user.js @@ -587,9 +587,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ // user_pref("browser.urlbar.oneOffSearches", false); -/* 0850f: disable location bar suggesting local search history [FF57+] - * [1] https://bugzilla.mozilla.org/1181644 ***/ - // user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); /* 0860: disable search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/ From d0b8a08a4b88e2bc509b4b314b71c0ed59c8cfe8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Jan 2019 16:16:12 +0000 Subject: [PATCH 1019/1961] browser.urlbar.maxHistoricalSearchSuggestions default 0 in ESR60 and FF60+ --- scratchpad-scripts/ghacks-clear-[removed].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index c885953..185a14e 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -119,6 +119,7 @@ 'media.navigator.video.enabled', /* 65-beta */ 'browser.contentblocking.enabled', + 'browser.urlbar.maxHistoricalSearchSuggestions', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From c6060e5645120856a144acabc20045a9cb4a64bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Jan 2019 16:03:39 +0000 Subject: [PATCH 1020/1961] storage access api --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 6a80cc3..364593f 100644 --- a/user.js +++ b/user.js @@ -1456,6 +1456,9 @@ user_pref("dom.caches.enabled", false); * [2] https://developer.mozilla.org/docs/Web/API/Storage_API * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ // user_pref("dom.storageManager.enabled", false); +/* 2755: disable Storage Access API [FF65+] + * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ + // user_pref("dom.storage_access.enabled", false); /*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME] You should set the values to what suits you best. From 24f2e1d9829212077cbc5a4df92b877fcbfde8ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Jan 2019 16:16:59 +0000 Subject: [PATCH 1021/1961] disable storage access api see: https://old.reddit.com/r/firefox/comments/alnn3f/storageaccessapi_permissions/effg5tp/ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 364593f..d89aef0 100644 --- a/user.js +++ b/user.js @@ -1458,7 +1458,7 @@ user_pref("dom.caches.enabled", false); // user_pref("dom.storageManager.enabled", false); /* 2755: disable Storage Access API [FF65+] * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ - // user_pref("dom.storage_access.enabled", false); +user_pref("dom.storage_access.enabled", false); /*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME] You should set the values to what suits you best. From 524b5f79dc8abe9f77497175d5ec60556736c3dd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Jan 2019 18:42:59 +0000 Subject: [PATCH 1022/1961] setting changes re cookies --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index d89aef0..b0efd39 100644 --- a/user.js +++ b/user.js @@ -1400,7 +1400,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! - * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked + * [SETTING] Privacy & Security>Content Blocking>Custom>Cookies * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only @@ -1413,8 +1413,7 @@ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] /* 2703: set cookie lifetime policy * 0=until they expire (default), 2=until you close Firefox - * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) - * [SETTING] Privacy & Security>Cookies and Site Data>Keep until... ***/ + * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) ***/ // user_pref("network.cookie.lifetimePolicy", 0); /* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+] * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ From f1b892bc1c8cacdbfc1a32ba87ad1a241a52e922 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 2 Feb 2019 00:57:22 +1300 Subject: [PATCH 1023/1961] clean up "Firefox Data Collection & Use" (#627) * clean up "Firefox Data Collection & Use" - telemetry prefs to 330's - Firefox Data Collection & Use prefs to 340's (but leave crash reports in 350s) - move `app.shield.optoutstudies.enabled` to 330's - this is an internal pref which controls if you get the system addon - make notes that `datareporting.healthreport.uploadEnabled` controls studies and ext recommendations - split crash reports better to reflex the UI setting --- user.js | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/user.js b/user.js index b0efd39..af6fb68 100644 --- a/user.js +++ b/user.js @@ -229,23 +229,33 @@ user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] -/* 0333: disable health report - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ -user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0334: disable new data submission, master kill switch [FF41+] - * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/1195552 ***/ -user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0335: disable Telemetry Coverage +/* 0331: disable Telemetry Coverage * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] user_pref("toolkit.coverage.endpoint.base", ""); -/* 0350: disable crash reports ***/ +/* 0340: disable Health Reports + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ +user_pref("datareporting.healthreport.uploadEnabled", false); +/* 0341: disable new data submission, master kill switch [FF41+] + * If disabled, no policy is shown or upload takes place, ever + * [1] https://bugzilla.mozilla.org/1195552 ***/ +user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 0342: disable Studies (see 0503) + * [NOTE] This pref has no effect when Health Reports (0340) are disabled + * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/ +user_pref("app.shield.optoutstudies.enabled", false); +/* 0343: disable Extension Recommendations [FF65+] + * [NOTE] This pref has no effect when Health Reports (0340) are disabled + * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec. + * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ +user_pref("browser.discovery.enabled", false); +/* 0350: disable Crash Reports ***/ user_pref("breakpad.reportURL", ""); -/* 0351: disable sending of crash reports ***/ user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] +/* 0351: disable backlogged Crash Reports + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] /* 0370: disable Pocket [FF46+] * Pocket is a third party (now owned by Mozilla) "save for later" cloud service @@ -388,12 +398,11 @@ user_pref("network.allow-experiments", false); * [2] https://github.com/mozilla/normandy ***/ user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); -user_pref("app.shield.optoutstudies.enabled", false); /* 0505: disable System Add-on updates ***/ user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/ + * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0340) ***/ user_pref("browser.ping-centre.telemetry", false); /* 0515: disable Screenshots * alternatively in FF60+, disable uploading to the Screenshots server @@ -1855,11 +1864,11 @@ user_pref("dom.workers.sharedWorkers.enabled", false); user_pref("browser.sessionstore.privacy_level_deferred", 2); // ***/ /* FF46 -// 0333: disable health report +// 0340: disable health report // [-] https://bugzilla.mozilla.org/1234526 user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF] user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF] -// 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers +// 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers // [-] https://bugzilla.mozilla.org/1234522 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url @@ -1880,7 +1889,7 @@ user_pref("browser.pocket.oAuthConsumerKey", ""); // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled // [-] https://bugzilla.mozilla.org/1236580 user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF] -// 0333b: disable about:healthreport page UNIFIED +// 0340b: disable about:healthreport page UNIFIED // [-] https://bugzilla.mozilla.org/1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); // 0807: disable history manipulation @@ -2082,7 +2091,7 @@ user_pref("intl.locale.matchOS", false); // 0204: set APP locale - replaced by intl.locale.requested // [-] https://bugzilla.mozilla.org/1414390 user_pref("general.useragent.locale", "en-US"); -// 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) +// 0340b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) // If you have disabled health reports, then this about page is useless - disable it // If you want to see what health data is present, then this must be set at default // [-] https://bugzilla.mozilla.org/1352497 From e6eb4730719bca426c73595cf5e07646baa543fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 1 Feb 2019 13:41:00 +0000 Subject: [PATCH 1024/1961] dom.storage_access.enabled regardless of this pref setting: the permissions.sqlite file will still be abused to store a flag for this for every single site you connect to (as third party?) - fun. --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index af6fb68..1943d0e 100644 --- a/user.js +++ b/user.js @@ -1466,7 +1466,7 @@ user_pref("dom.caches.enabled", false); // user_pref("dom.storageManager.enabled", false); /* 2755: disable Storage Access API [FF65+] * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ -user_pref("dom.storage_access.enabled", false); + // user_pref("dom.storage_access.enabled", false); /*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME] You should set the values to what suits you best. From ec0e58099f0669683d109b1d847fe73db18a450e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 1 Feb 2019 13:53:04 +0000 Subject: [PATCH 1025/1961] pointer events -> RFP ALTS --- user.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 1943d0e..4dda617 100644 --- a/user.js +++ b/user.js @@ -1249,9 +1249,6 @@ user_pref("layers.acceleration.disabled", true); /* 2510: disable Web Audio API [FF51+] * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); -/* 2516: disable PointerEvents - * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ -user_pref("dom.w3c_pointer_events.enabled", false); /* 2517: disable Media Capabilities API [FF63+] * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure * [1] https://github.com/WICG/media-capabilities @@ -1606,7 +1603,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - ** 1363508 - spoof/suppress Pointer Events (see 2516) (FF64+) + ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); @@ -1706,6 +1703,11 @@ user_pref("media.ondevicechange.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info user_pref("webgl.enable-debug-renderer-info", false); // * * * / +// FF65+ +// 4614: [2516] disable PointerEvents + // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent +user_pref("dom.w3c_pointer_events.enabled", false); +// * * * / // ***/ /*** [SECTION 4700]: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) From 847eb80877f5f70b352e8d958f267f3501dbe052 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 06:39:29 +0000 Subject: [PATCH 1026/1961] 0306 => inactive, closes #615 whatever we thought it may have done in the past, it doesn't do that now as far as we know. And it's not an issue since we allow extension update-CHECKs anyway. --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 4dda617..c89eaf9 100644 --- a/user.js +++ b/user.js @@ -193,10 +193,10 @@ user_pref("app.update.staging.enabled", false); /* 0305: enforce update information is displayed * This is the update available, downloaded, error and success information ***/ user_pref("app.update.silent", false); -/* 0306: disable extension metadata updating - * sends daily pings to Mozilla about extensions and recent startups - * [NOTE] blocks any expanded text description, if it exists, when you "show more details about an addon" ***/ -user_pref("extensions.getAddons.cache.enabled", false); +/* 0306: disable extension metadata + * used when installing, updating and checking for extension updates: if false, all it does is hide + * the expanded text description, if it exists, when you "show more details about an addon" ***/ + // user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update From f06c78f897968f17da6e47279c286b1e44afa412 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Feb 2019 02:00:19 +1300 Subject: [PATCH 1027/1961] update cookie settings info --- user.js | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index c89eaf9..4421574 100644 --- a/user.js +++ b/user.js @@ -139,7 +139,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease // user_pref("geo.enabled", false); /* 0201b: set a default permission for Location [FF58+] * 0=always ask (default), 1=allow, 2=block - * [NOTE] best left at default "always ask", fingerprintable via Permissions API + * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); @@ -1154,7 +1154,7 @@ user_pref("dom.webnotifications.enabled", false); // [FF22+] user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: set a default permission for Notifications (see 2304) [FF58+] * 0=always ask (default), 1=allow, 2=block - * [NOTE] best left at default "always ask", fingerprintable via Permissions API + * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); @@ -1313,7 +1313,7 @@ user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2618: disable exposure of system colors to CSS or canvas [FF44+] - * [NOTE] see second listed bug: may cause black on black for elements with undefined colors + * [NOTE] See second listed bug: may cause black on black for elements with undefined colors * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF] /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing @@ -1401,13 +1401,11 @@ user_pref("security.dialog_enable_delay", 700); accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable 3rd-party cookies and site-data - * You can set exceptions under site permissions or use an extension - * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies, - * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+) - * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values! - * [SETTING] Privacy & Security>Content Blocking>Custom>Cookies - * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/ +/* 2701: disable 3rd-party cookies + * 0=default (Standard Content Blocking / Custom Content Blocking with "Cookies" unchecked) + * 1=All third-party cookies, 2=All cookies 3=Cookies from unvisited websites, 4=Third-party trackers (FF63+) + * [NOTE] You can set exceptions under site permissions or use an extension + * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only @@ -1417,10 +1415,11 @@ user_pref("network.cookie.cookieBehavior", 1); * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] -/* 2703: set cookie lifetime policy - * 0=until they expire (default), 2=until you close Firefox - * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated) ***/ - // user_pref("network.cookie.lifetimePolicy", 0); +/* 2703: delete cookies and site data on close + * [NOTE] This is *NOT* the same as 2802 + 2803 (clearing data on shutdown) + * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) + * [SETTING] Privacy>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ + // user_pref("network.cookie.lifetimePolicy", 0); // 0=delete, 2=do nothing /* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+] * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] From e432a2269315d64397c8ea507dd78649c7306a21 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 13:08:41 +0000 Subject: [PATCH 1028/1961] 0306: moar info #615 see https://github.com/ghacksuserjs/ghacks-user.js/issues/615#issuecomment-460243162 - checking for updates is not a trigger, having an update **and** applying it is --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4421574..d121cae 100644 --- a/user.js +++ b/user.js @@ -194,8 +194,8 @@ user_pref("app.update.staging.enabled", false); * This is the update available, downloaded, error and success information ***/ user_pref("app.update.silent", false); /* 0306: disable extension metadata - * used when installing, updating and checking for extension updates: if false, all it does is hide - * the expanded text description, if it exists, when you "show more details about an addon" ***/ + * used when installing or updating an extension: if false, all it does is hide the + * expanded text description, if it exists, when you "show more details about an addon" ***/ // user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); From 71ffc661b25ee3dd84c8c5f5718faef2e1600217 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 13:26:19 +0000 Subject: [PATCH 1029/1961] 2701 again --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index d121cae..78c78f2 100644 --- a/user.js +++ b/user.js @@ -1401,11 +1401,12 @@ user_pref("security.dialog_enable_delay", 700); accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable 3rd-party cookies - * 0=default (Standard Content Blocking / Custom Content Blocking with "Cookies" unchecked) - * 1=All third-party cookies, 2=All cookies 3=Cookies from unvisited websites, 4=Third-party trackers (FF63+) +/* 2701: disable 3rd-party cookies and site-data + * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies, + * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) + * [NOTE] value 4 is tied to the Tracking Protection lists * [NOTE] You can set exceptions under site permissions or use an extension - * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ + * [SETTING] the "Cookie" part under Privacy & Security>Content Blocking ***/ user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only From 74a08114a80db2f009ac70e01e72b9c843c31b65 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 13:28:29 +0000 Subject: [PATCH 1030/1961] 2701: refix setting --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 78c78f2..bc617a0 100644 --- a/user.js +++ b/user.js @@ -1406,7 +1406,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) * [NOTE] value 4 is tied to the Tracking Protection lists * [NOTE] You can set exceptions under site permissions or use an extension - * [SETTING] the "Cookie" part under Privacy & Security>Content Blocking ***/ + * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only From 25acd9f63ec847d0d656bbd5868619a5e2ae5ff0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 13:40:45 +0000 Subject: [PATCH 1031/1961] 2703 again - description needs to stay changed from just cookies since it also clears site data - keep the info about n days out of it, it's just messy (ESR users should be on version 60) - get the values correct (I mixed them up earlier) - fixup [setting] path - leave in one (of two) extra [notes] I previously added --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index bc617a0..dbe02a0 100644 --- a/user.js +++ b/user.js @@ -1417,10 +1417,10 @@ user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] /* 2703: delete cookies and site data on close - * [NOTE] This is *NOT* the same as 2802 + 2803 (clearing data on shutdown) + * 0=keep until they expire (default), 2=keep until you close Firefox * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) - * [SETTING] Privacy>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ - // user_pref("network.cookie.lifetimePolicy", 0); // 0=delete, 2=do nothing + * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ + // user_pref("network.cookie.lifetimePolicy", 2); /* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+] * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] From a0508eccf6e8fa3e4fbc6095a7ddd07a80f78cb5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 Feb 2019 13:41:56 +0000 Subject: [PATCH 1032/1961] capital letter after [note] --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index dbe02a0..ef7bddb 100644 --- a/user.js +++ b/user.js @@ -1404,7 +1404,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin /* 2701: disable 3rd-party cookies and site-data * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies, * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) - * [NOTE] value 4 is tied to the Tracking Protection lists + * [NOTE] Value 4 is tied to the Tracking Protection lists * [NOTE] You can set exceptions under site permissions or use an extension * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); From 74c8f294d6cf9bd32332d01b5b107f97c517ca68 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Feb 2019 04:51:07 +0000 Subject: [PATCH 1033/1961] 0306: extension metadata, closes #615 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ef7bddb..ecbaeb5 100644 --- a/user.js +++ b/user.js @@ -194,8 +194,8 @@ user_pref("app.update.staging.enabled", false); * This is the update available, downloaded, error and success information ***/ user_pref("app.update.silent", false); /* 0306: disable extension metadata - * used when installing or updating an extension: if false, all it does is hide the - * expanded text description, if it exists, when you "show more details about an addon" ***/ + * used when installing/updating an extension, and in daily background update checks: if false, it + * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ // user_pref("extensions.getAddons.cache.enabled", false); /* 0307: disable auto updating of personas (themes) ***/ user_pref("lightweightThemes.update.enabled", false); From 1d5289dd94db1fdca8a87a94e84c6d4a0174669c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 6 Feb 2019 16:59:28 +0000 Subject: [PATCH 1034/1961] RFP 67+ --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index ecbaeb5..b21bfa0 100644 --- a/user.js +++ b/user.js @@ -1605,6 +1605,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) + ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 649699ad22123bf5ae88e1b57d3a552e69946c6c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 11:00:07 +0000 Subject: [PATCH 1035/1961] 0609: disable connectivity service #610 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index b21bfa0..ddb23d8 100644 --- a/user.js +++ b/user.js @@ -457,6 +457,8 @@ user_pref("browser.send_pings.require_same_host", true); user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); +/* 0609: disable Network Connectivity Services [FF65+] ***/ +pref("network.connectivity-service.enabled", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); From 7a8381d894ba457efacac4b9675bbaccbf42e322 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 11:01:31 +0000 Subject: [PATCH 1036/1961] typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ddb23d8..183b433 100644 --- a/user.js +++ b/user.js @@ -457,7 +457,7 @@ user_pref("browser.send_pings.require_same_host", true); user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); -/* 0609: disable Network Connectivity Services [FF65+] ***/ +/* 0609: disable Network Connectivity Service [FF65+] ***/ pref("network.connectivity-service.enabled", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ From d81e8ae5835a8cb255bcbc1827e2108227e0097b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 11:11:16 +0000 Subject: [PATCH 1037/1961] i need a break --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 183b433..9ab112c 100644 --- a/user.js +++ b/user.js @@ -458,7 +458,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); /* 0609: disable Network Connectivity Service [FF65+] ***/ -pref("network.connectivity-service.enabled", false); +user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); From 3847f97f4166f2a5f5080d13c92165e702ae9a22 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 13:41:15 +0000 Subject: [PATCH 1038/1961] some more 65+ diffs, #610 --- user.js | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9ab112c..2af9248 100644 --- a/user.js +++ b/user.js @@ -168,6 +168,10 @@ user_pref("intl.regional_prefs.use_os_locales", false); * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +/* 0211: disable using the OS's geolocation service ***/ +user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] +user_pref("geo.provider.use_corelocation", false); // [MAC] +user_pref("geo.provider.use_gpsd", false); // [LINUX] /*** [SECTION 0300]: QUIET FOX We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). @@ -457,7 +461,7 @@ user_pref("browser.send_pings.require_same_host", true); user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); -/* 0609: disable Network Connectivity Service [FF65+] ***/ +/* 0609: disable Network Connectivity checks [FF65+] ***/ user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ @@ -1222,6 +1226,9 @@ user_pref("javascript.options.shared_memory", false); /* 2428: enforce DOMHighResTimeStamp API * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] +/* 2429: enable (limited but sufficient) window.opener protection [FF65+] + * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ +user_pref("dom.targetBlankNoOpener.enabled", true); /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From ed140425ea695f017ad5deb660990290f059274f Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 7 Feb 2019 14:41:23 +0000 Subject: [PATCH 1039/1961] move shit around --- user.js | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index 2af9248..ceaadf4 100644 --- a/user.js +++ b/user.js @@ -271,6 +271,15 @@ user_pref("extensions.pocket.enabled", false); * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); +/* 0390: disable Captive Portal detection + * [1] https://en.wikipedia.org/wiki/Captive_portal + * [2] https://wiki.mozilla.org/Necko/CaptivePortal + * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ +user_pref("captivedetect.canonicalURL", ""); +user_pref("network.captive-portal-service.enabled", false); // [FF52+] +/* 0391: disable Network Connectivity checks [FF65+] + * [1] https://bugzilla.mozilla.org/1460537 ***/ +user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION This section has security & tracking protection implications vs privacy concerns vs effectiveness @@ -438,15 +447,9 @@ user_pref("network.prefetch-next", false); * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF] -/* 0603a: disable Seer/Necko +/* 0603: disable Seer/Necko * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Necko ***/ user_pref("network.predictor.enabled", false); -/* 0603b: disable more Necko/Captive Portal - * [1] https://en.wikipedia.org/wiki/Captive_portal - * [2] https://wiki.mozilla.org/Necko/CaptivePortal - * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ -user_pref("captivedetect.canonicalURL", ""); -user_pref("network.captive-portal-service.enabled", false); // [FF52+] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ @@ -456,13 +459,8 @@ user_pref("network.http.speculative-parallel-limit", 0); * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); user_pref("browser.send_pings.require_same_host", true); -/* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] - * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ -user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); -/* 0609: disable Network Connectivity checks [FF65+] ***/ -user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); @@ -1345,6 +1343,9 @@ user_pref("network.IDN_show_punycode", true); * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) * [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); +/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] + * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ +user_pref("network.protocol-handler.external.ms-windows-store", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) From d3b1ed45ad1ef7d91ca6077d4c9bb7f0afe5b7b4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 15:14:08 +0000 Subject: [PATCH 1040/1961] RFP: UA spoof is now 60+8's --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ceaadf4..95f89c2 100644 --- a/user.js +++ b/user.js @@ -1587,7 +1587,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+) FF56: The version number will be rounded down to the nearest multiple of 10 - FF57: The version number will match current ESR (1393283, 1418672, 1418162) + FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763) FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829) ** 1369319 - disable device sensor API (see 4604) (FF56+) From e448015704f4488a601bd9f6660e33b25bed9fd2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Feb 2019 16:55:04 +0000 Subject: [PATCH 1041/1961] 0343: clarify where TAAR is extension recommendations in the "Add-ons Manager" (not sure how it's displayed) CFR is extension recommendations as you browse the web, via a drop down panel --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 95f89c2..1d608fb 100644 --- a/user.js +++ b/user.js @@ -249,7 +249,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); -/* 0343: disable Extension Recommendations [FF65+] +/* 0343: disable Extension Recommendations in about:addons [FF65+] * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec. * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ From de0ebbed2120787ada6f5455639741c4f3ae1466 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Feb 2019 11:38:17 +0000 Subject: [PATCH 1042/1961] 0343: even MOAR clarification --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1d608fb..6ed9a11 100644 --- a/user.js +++ b/user.js @@ -249,7 +249,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); -/* 0343: disable Extension Recommendations in about:addons [FF65+] +/* 0343: disable Extension Recommendations in about:addons and AMO [FF65+] * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec. * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ From 5c703f0262b948c5ad898c54afd4ff120bba4530 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Feb 2019 10:05:45 +0000 Subject: [PATCH 1043/1961] 65-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6ed9a11..71a0541 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 17 January 2019 -* version 65-alpha: Dancing with My Pants +* date: 8 February 2019 +* version 65-beta: Dancing with My Pants * "If I had the chance, I'd ask the world to dance, and I'll be dancing with my pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 981dd83c1526c5eb8ebe0d86cb30d9e6914382e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Feb 2019 16:34:34 +1300 Subject: [PATCH 1044/1961] clarify themes info, closes #648 --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 71a0541..8823dfc 100644 --- a/user.js +++ b/user.js @@ -179,14 +179,13 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. It is still important to do updates for security reasons, please do so manually. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301b: disable auto-update checks for extensions - * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ +/* 0301b: disable auto-CHECKING for extension and theme updates ***/ // user_pref("extensions.update.enabled", false); -/* 0302a: disable auto update installing for Firefox [NON-WINDOWS FF65+] +/* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/ user_pref("app.update.auto", false); -/* 0302b: disable auto update installing for extensions (after the check in 0301b) +/* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] @@ -201,7 +200,10 @@ user_pref("app.update.silent", false); * used when installing/updating an extension, and in daily background update checks: if false, it * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ // user_pref("extensions.getAddons.cache.enabled", false); -/* 0307: disable auto updating of personas (themes) ***/ +/* 0307: disable auto updating of lightweight themes (LWT) + * Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API + * Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] + * [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ ***/ user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update * [SETTING] General>Firefox Updates>Automatically update search engines ***/ From 60be8be5ec2646ff26fbf0cf451d5c2cbc9e5c72 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Feb 2019 03:51:44 +0000 Subject: [PATCH 1045/1961] UNC and extensions, closes #651 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 8823dfc..401bb35 100644 --- a/user.js +++ b/user.js @@ -520,6 +520,7 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: fals * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ // user_pref("network.ftp.enabled", false); /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] + * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0710: disable GIO as a potential proxy bypass vector From 2cff24f12e89d3592f8285875fed3a57c489a961 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Feb 2019 05:42:32 +0000 Subject: [PATCH 1046/1961] 65 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 401bb35..bbedb40 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 8 February 2019 -* version 65-beta: Dancing with My Pants +* date: 26 February 2019 +* version 65: Dancing with My Pants * "If I had the chance, I'd ask the world to dance, and I'll be dancing with my pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From eae84348536e4ffd9f411c8ef95d0c91e2387365 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Feb 2019 07:53:21 +0000 Subject: [PATCH 1047/1961] start 66 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bbedb40..cd4b486 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 26 February 2019 -* version 65: Dancing with My Pants -* "If I had the chance, I'd ask the world to dance, and I'll be dancing with my pants" +* version 66-alpha: The Power of Pants +* "The power of pants is a curious thing. Make a one man weep, make another man sing" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 6d6cd5f410dea7ae2594ccab56f78ff424741b90 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Mar 2019 03:26:39 +0000 Subject: [PATCH 1048/1961] 2802 applies to 2803, closes #658 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index cd4b486..13e1345 100644 --- a/user.js +++ b/user.js @@ -1486,10 +1486,10 @@ user_pref("dom.caches.enabled", false); Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/* 2802: enable Firefox to clear history items on shutdown +/* 2802: enable Firefox to clear items on shutdown (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: set what history items to clear on shutdown +/* 2803: set what items to clear on shutdown (if 2802 is true) * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these @@ -1503,7 +1503,7 @@ user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download Histo user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -/* 2804: reset default history items to clear with Ctrl-Shift-Del (to match 2803) +/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox. * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog From f8428dcc0a330867b8e0ac2695512de9b5d8e7f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Mar 2019 14:55:03 +0000 Subject: [PATCH 1049/1961] a better test - more metrics covered/displayed - test page site is https --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 13e1345..d63b50b 100644 --- a/user.js +++ b/user.js @@ -1577,7 +1577,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test your window size, do some math, resize to allow for all the non inner window elements - [TEST] http://browserspy.dk/screen.php + [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) From 8b4f45774a4e594501566c7f15cf972058434176 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 13 Mar 2019 14:46:33 +0000 Subject: [PATCH 1050/1961] 4607+RFP clarity, closes #656 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d63b50b..1194977 100644 --- a/user.js +++ b/user.js @@ -1596,7 +1596,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) - ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+) + ** 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0201b) (FF56-62) ** 1369309 - spoof media statistics (see 4610) (FF57+) @@ -1685,7 +1685,7 @@ user_pref("browser.zoom.siteSpecific", false); // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API // [2] https://wicg.github.io/netinfo/ // [3] https://bugzilla.mozilla.org/960426 -user_pref("dom.netinfo.enabled", false); +user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] // 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis From 68584a3397c9e819ad651b409463813fc388d174 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 13 Mar 2019 15:15:23 +0000 Subject: [PATCH 1051/1961] some 2505+RFP clarity, closes #661 --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 1194977..e294747 100644 --- a/user.js +++ b/user.js @@ -1608,7 +1608,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL This blocks exposure of local IP Addresses via mDNS (Multicast DNS) ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) - ** 1372073 - spoof/block fingerprinting in MediaDevices API (see 4612) (FF59+) + ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) + Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if + media.navigator.enabled is true (see 2505 which we chose to keep disabled) + Block: suppresses the ondevicechange event (see 4612) ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. From 97f08ad3cdb7f3de5f0e358703563c815e9d8a7d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Mar 2019 22:34:45 +0000 Subject: [PATCH 1052/1961] 4504: RFP letterboxing, closes #659 --- user.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index e294747..85b5f7c 100644 --- a/user.js +++ b/user.js @@ -1622,9 +1622,11 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+) + ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] + * This pref is the master switch for all other privacy.resist* prefs unless stated * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); @@ -1640,7 +1642,16 @@ user_pref("privacy.resistFingerprinting", true); * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] -/* 4504: disable showing about:blank as soon as possible during startup [FF60+] +/* 4504: enable RFP letterboxing [FF67+] + * Dynamically resizes the inner window in 200w x100h steps by applying letterboxing, using dimensions + * which waste the least content area, If you use the dimension pref, then it will only apply those + * resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") + * [NOTE] This does NOT require RFP (see 4501) **for now** + * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it + * [1] https://bugzilla.mozilla.org/1407366 ***/ +user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] + // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] +/* 4510: disable showing about:blank as soon as possible during startup [FF60+] * When default true (FF62+) this no longer masks the RFP resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); From 28a7226235a128f136374732a35b2ee5feb06356 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Mar 2019 22:36:31 +0000 Subject: [PATCH 1053/1961] 4510: clarify this is the chrome --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 85b5f7c..78b33e2 100644 --- a/user.js +++ b/user.js @@ -1652,7 +1652,7 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] /* 4510: disable showing about:blank as soon as possible during startup [FF60+] - * When default true (FF62+) this no longer masks the RFP resizing activity + * When default true (FF62+) this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); From a349662f69d9cf4d9eb90352f589a8ea240be24e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Mar 2019 22:44:24 +0000 Subject: [PATCH 1054/1961] 66 deprecated prefs --- user.js | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 78b33e2..270544e 100644 --- a/user.js +++ b/user.js @@ -268,11 +268,6 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+ * [1] https://en.wikipedia.org/wiki/Pocket_(application) * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); -/* 0380: disable Browser Error Reporter [FF60+] - * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection - * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/ -user_pref("browser.chrome.errorReporter.enabled", false); -user_pref("browser.chrome.errorReporter.submitUrl", ""); /* 0390: disable Captive Portal detection * [1] https://en.wikipedia.org/wiki/Captive_portal * [2] https://wiki.mozilla.org/Necko/CaptivePortal @@ -405,8 +400,6 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions ***/ user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); -/* 0502: disable Mozilla permission to silently opt you into tests ***/ -user_pref("network.allow-experiments", false); /* 0503: disable Normandy/Shield [FF60+] * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" * [1] https://wiki.mozilla.org/Firefox/Shield @@ -2279,6 +2272,17 @@ user_pref("browser.urlbar.autocomplete.enabled", false); // [-] https://bugzilla.mozilla.org/1510580 user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] // * * * / +// FF66 +// 0380: disable Browser Error Reporter [FF60+] + // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection + // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html + // [-] https://bugzilla.mozilla.org/1509888 +user_pref("browser.chrome.errorReporter.enabled", false); +user_pref("browser.chrome.errorReporter.submitUrl", ""); +// 0502: disable Mozilla permission to silently opt you into tests + // [-] https://bugzilla.mozilla.org/1415625 +user_pref("network.allow-experiments", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From b1aa1f561926cf6e49c96699307f7329146c42d7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Mar 2019 22:51:58 +0000 Subject: [PATCH 1055/1961] 2030: default change --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 270544e..362f7d1 100644 --- a/user.js +++ b/user.js @@ -1079,9 +1079,9 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable auto-play of HTML5 media [FF63+] - * 0=Allowed (default), 1=Blocked, 2=Prompt + * 0=Allowed, 1=Blocked, 2=Prompt * [SETUP-WEB] This may break video playback on various sites ***/ -user_pref("media.autoplay.default", 1); +user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF66+] /* 2031: disable audio auto-play in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); From d9e24e5095bb3f93f9298fcd0e1e02e7a7bb2dc4 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 17 Mar 2019 18:07:15 +0000 Subject: [PATCH 1056/1961] Update user.js (#667) --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 362f7d1..31da20a 100644 --- a/user.js +++ b/user.js @@ -251,7 +251,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); -/* 0343: disable Extension Recommendations in about:addons and AMO [FF65+] +/* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+] * [NOTE] This pref has no effect when Health Reports (0340) are disabled * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec. * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ @@ -2274,9 +2274,9 @@ user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] // * * * / // FF66 // 0380: disable Browser Error Reporter [FF60+] - // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection - // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html - // [-] https://bugzilla.mozilla.org/1509888 + // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection + // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html + // [-] https://bugzilla.mozilla.org/1509888 user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); // 0502: disable Mozilla permission to silently opt you into tests From 462db2062c15331e16fee71d8a736d52839c5615 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Mar 2019 22:43:27 +0000 Subject: [PATCH 1057/1961] 2030: remove setup tag If Firefox see fit to set this as 1 by now, then breakage is probably rare, and I'm not encouraging users to reduce security/privacy etc from default --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 31da20a..4b2500c 100644 --- a/user.js +++ b/user.js @@ -1079,8 +1079,7 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable auto-play of HTML5 media [FF63+] - * 0=Allowed, 1=Blocked, 2=Prompt - * [SETUP-WEB] This may break video playback on various sites ***/ + * 0=Allowed, 1=Blocked, 2=Prompt ***/ user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF66+] /* 2031: disable audio auto-play in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ From 0354895a2e634f04990578026bc6a25d2be2922d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Mar 2019 09:00:39 +0000 Subject: [PATCH 1058/1961] 2030: add [setting] for autoplay --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 4b2500c..db687d4 100644 --- a/user.js +++ b/user.js @@ -1078,10 +1078,11 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] /* 2028: disable offscreen canvas [FF44+] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] -/* 2030: disable auto-play of HTML5 media [FF63+] - * 0=Allowed, 1=Blocked, 2=Prompt ***/ +/* 2030: disable autoplay of HTML5 media [FF63+] + * 0=Allowed, 1=Blocked, 2=Prompt + * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF66+] -/* 2031: disable audio auto-play in non-active tabs [FF51+] +/* 2031: disable audio autoplay in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); @@ -2228,7 +2229,7 @@ user_pref("shield.savant.enabled", false); // 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons // [-] https://bugzilla.mozilla.org/1453751 // user_pref("browser.chrome.favicons", false); -// 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default +// 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default // [SETUP-WEB] This may break video playback on various sites // [-] https://bugzilla.mozilla.org/1470082 user_pref("media.autoplay.enabled", false); From 3c4b312cc7f765e05440e6f5f8a9840599d23567 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Mar 2019 19:58:15 +0000 Subject: [PATCH 1059/1961] 2030: default didn't change not putting the setup-web tag back in, as users now have site exceptions --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index db687d4..ae80a93 100644 --- a/user.js +++ b/user.js @@ -1079,9 +1079,10 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allowed, 1=Blocked, 2=Prompt + * 0=Allowed (default), 1=Blocked, 2=Prompt + * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ -user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF66+] +user_pref("media.autoplay.default", 1); /* 2031: disable audio autoplay in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); From 2fcec590b41d21943a7dee8a57c0f575999715d9 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 26 Mar 2019 19:05:55 +0000 Subject: [PATCH 1060/1961] Update user.js (#676) - to avoid confusion with the setting tag, split the prefs into separate numbers, thus shove 2031->2031, reuse 2031 - remove the default value notation as Mozilla will roll out default change gradually to users --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ae80a93..8999bbf 100644 --- a/user.js +++ b/user.js @@ -117,6 +117,7 @@ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); +user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] /* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode @@ -1079,11 +1080,13 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allowed (default), 1=Blocked, 2=Prompt + * 0=Allowed, 1=Blocked, 2=Prompt * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ user_pref("media.autoplay.default", 1); -/* 2031: disable audio autoplay in non-active tabs [FF51+] +/* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ +user_pref("media.autoplay.enabled.user-gestures-needed", false); +/* 2032: disable audio autoplay in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); From bee47f33cd28e091549d71686bd938f4ffee86cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 27 Mar 2019 04:35:42 +0000 Subject: [PATCH 1061/1961] 66-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8999bbf..eace704 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 26 February 2019 -* version 66-alpha: The Power of Pants +* date: 27 March 2019 +* version 66-beta: The Power of Pants * "The power of pants is a curious thing. Make a one man weep, make another man sing" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 26a70f3cd7c5b7c52869e41affb403236c919e8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 3 Apr 2019 10:43:44 +0000 Subject: [PATCH 1062/1961] 2618: setup-chrome tag, closes #682 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index eace704..97fd287 100644 --- a/user.js +++ b/user.js @@ -1321,6 +1321,7 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2618: disable exposure of system colors to CSS or canvas [FF44+] * [NOTE] See second listed bug: may cause black on black for elements with undefined colors + * [SETUP-CHROME] May affect themes * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF] /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing From 79e316a26fee55197c8a6bbbc123434d073c402c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 3 Apr 2019 10:50:59 +0000 Subject: [PATCH 1063/1961] 2618: better info, #682 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 97fd287..85b591b 100644 --- a/user.js +++ b/user.js @@ -1321,7 +1321,7 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2618: disable exposure of system colors to CSS or canvas [FF44+] * [NOTE] See second listed bug: may cause black on black for elements with undefined colors - * [SETUP-CHROME] May affect themes + * [SETUP-CHROME] Might affect CSS in themes and extensions * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF] /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing From 8419b4d71b9028de325078b452b47b09503217a5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 8 Apr 2019 13:44:11 +0000 Subject: [PATCH 1064/1961] autoplay option "Prompt" was removed in FF66 (#686) * autoplay option "Prompt" was removed in FF66 source: https://hg.mozilla.org/integration/autoland/rev/2e48b6769911 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 85b591b..b2df600 100644 --- a/user.js +++ b/user.js @@ -1080,7 +1080,7 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allowed, 1=Blocked, 2=Prompt + * 0=Allowed, 1=Blocked (2=Prompt - removed in FF66) * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ user_pref("media.autoplay.default", 1); From 99586c4a3b57ab44e78029846480d55fb3d295f2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 8 Apr 2019 14:24:41 +0000 Subject: [PATCH 1065/1961] enabled scopes breakage info, closes #674 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index b2df600..c9ba1f9 100644 --- a/user.js +++ b/user.js @@ -1368,7 +1368,8 @@ user_pref("browser.download.forbid_open_with", true); /** EXTENSIONS ***/ /* 2660: lock down allowed extension directories - * [SETUP-CHROME] This will break extensions that do not use the default XPI directories + * [SETUP-CHROME] This will break extensions, language packs, themes and any other XPI files which are + * installed outside of profile directories (see GitHub issue #674 for an issue with language packs in Linux) * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 1); // [HIDDEN PREF] From 585415b5344198d67181f90f2e6693aab8284848 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 11 Apr 2019 02:02:26 +0000 Subject: [PATCH 1066/1961] RFP: prefers-color-scheme 67+ --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index c9ba1f9..9a30198 100644 --- a/user.js +++ b/user.js @@ -1622,6 +1622,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) + ** 1540726 - enforce "light" with prefers-color-scheme (FF67+) + [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 54f86f4be60484443dbf79650b5a6d75198b070b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 12:55:15 +0000 Subject: [PATCH 1067/1961] Update user.js --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9a30198..9659093 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 27 March 2019 -* version 66-beta: The Power of Pants +* date: 15 April 2019 +* version 66: The Power of Pants * "The power of pants is a curious thing. Make a one man weep, make another man sing" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 92082621d62ac90c1e2625e0a300b19aa0ec42a2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:15:54 +0000 Subject: [PATCH 1068/1961] start 67 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9659093..c52d6c9 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 15 April 2019 -* version 66: The Power of Pants -* "The power of pants is a curious thing. Make a one man weep, make another man sing" +* version 67-alpha: Barbie Pants +* "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From e3349d0f076de90b70dfe75c78cfe697a71d12e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:17:52 +0000 Subject: [PATCH 1069/1961] 2212 defaults [67+ change] --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c52d6c9..b922921 100644 --- a/user.js +++ b/user.js @@ -1123,7 +1123,7 @@ user_pref("dom.disable_open_during_load", true); /* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); /* 2212: limit events that can cause a popup - * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend" + * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); From 8c12f4bb14048fd67e2cb35b2ddc34c21b68c28e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:46:39 +0000 Subject: [PATCH 1070/1961] 1840 no longer hidden 67+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b922921..bb86424 100644 --- a/user.js +++ b/user.js @@ -1035,7 +1035,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); user_pref("media.eme.enabled", false); /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-WEB] * This is the bundled codec used for video chat in WebRTC ***/ -user_pref("media.gmp-gmpopenh264.enabled", false); // [HIDDEN PREF] +user_pref("media.gmp-gmpopenh264.enabled", false); user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ From 411805b05cd94b7da77e77c4f797aed4e60f6158 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:49:22 +0000 Subject: [PATCH 1071/1961] 2618 no longer hidden 67+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bb86424..5d3a2de 100644 --- a/user.js +++ b/user.js @@ -1323,7 +1323,7 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [NOTE] See second listed bug: may cause black on black for elements with undefined colors * [SETUP-CHROME] Might affect CSS in themes and extensions * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ -user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF] +user_pref("ui.use_standins_for_native_colors", true); /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets From 6231d6ebed6302739d816945abf494b519709e4f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:54:55 +0000 Subject: [PATCH 1072/1961] 5000s add new about:config warning pref --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 5d3a2de..8a78ef9 100644 --- a/user.js +++ b/user.js @@ -1781,6 +1781,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); // user_pref("general.warnOnAboutConfig", false); + // user_pref("browser.aboutConfig.showWarning", false); // [FF67+] /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] From c2034617f0dcef095dc4eda7741b10c8e0dce380 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 14:59:23 +0000 Subject: [PATCH 1073/1961] 2429 default true 67+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8a78ef9..e628bb9 100644 --- a/user.js +++ b/user.js @@ -1226,7 +1226,7 @@ user_pref("javascript.options.shared_memory", false); user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From 6ed3581cb0306cff2485622c08b64793be648d15 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Apr 2019 16:31:17 +0000 Subject: [PATCH 1074/1961] 5000s: CRF 67+ --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index e628bb9..22a5657 100644 --- a/user.js +++ b/user.js @@ -1801,6 +1801,10 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR [FF64+] // [SETTING] General>Browsing>Recommend extensions as you browse // [1] https://support.mozilla.org/en-US/kb/extension-recommendations + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] + // [SETTING] General>Browsing>Recommend extensions as you browse + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] + // [SETTING] General>Browsing>Recommend features as you browse // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" From fd10c35049d0f3722f62064a582c618ee699fb45 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Apr 2019 03:31:27 +0000 Subject: [PATCH 1075/1961] 0606 some default info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 22a5657..8f6e967 100644 --- a/user.js +++ b/user.js @@ -453,7 +453,7 @@ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: disable pings (but enforce same host in case) * [1] http://kb.mozillazine.org/Browser.send_pings * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ -user_pref("browser.send_pings", false); +user_pref("browser.send_pings", false); // [DEFAULT: false] user_pref("browser.send_pings.require_same_host", true); /* 0608: disable predictor / prefetching [FF48+] ***/ user_pref("network.predictor.enable-prefetch", false); From ca0f2a5a88bc659b4cbe38d9bbd045187961b765 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 19 Apr 2019 01:39:07 +0000 Subject: [PATCH 1076/1961] 0302b-> inactive: ext auto-updates closes #690 --- user.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 8f6e967..c9e1f75 100644 --- a/user.js +++ b/user.js @@ -175,10 +175,14 @@ user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] /*** [SECTION 0300]: QUIET FOX - We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's). - There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or - monetized extensions, time constraints, legacy issues, and fear of breakage/bugs. - It is still important to do updates for security reasons, please do so manually. ***/ + Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts + to update, in one click. We have NEVER disabled auto-CHECKING, and highly discourage that. + Previously we also disabled auto-INSTALLING of extensions (302b). + + There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized + extensions, time constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is + still important to do updates for security reasons, please do so manually if you make changes. +***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301b: disable auto-CHECKING for extension and theme updates ***/ // user_pref("extensions.update.enabled", false); @@ -188,7 +192,7 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the user_pref("app.update.auto", false); /* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ -user_pref("extensions.update.autoUpdateDefault", false); + // user_pref("extensions.update.autoUpdateDefault", false); /* 0303: disable background update service [WINDOWS] * [SETTING] General>Firefox Updates>Use a background service to install updates ***/ user_pref("app.update.service.enabled", false); From d491cf1e890887e5bab90241b5713fef0301d399 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 19 Apr 2019 02:11:21 +0000 Subject: [PATCH 1077/1961] readme changes --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c9e1f75..2255586 100644 --- a/user.js +++ b/user.js @@ -20,7 +20,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Auto-installing updates for Firefox and extensions are disabled (section 0302's) + * You will still get prompts to update Firefox, but auto-installing them is disabled (0302a) * Some user data is erased on close (section 2800). Change this to suit your needs * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) From 408d1d0e269d68d26f19d055c80e5c7cbc4c1a13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 19 Apr 2019 05:54:57 +0000 Subject: [PATCH 1078/1961] FPI 68+ change --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 2255586..efa75e4 100644 --- a/user.js +++ b/user.js @@ -1548,6 +1548,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1300671 - isolate data:, about: URLs (FF55+) ** 1473247 - isolate IP addresses (FF63+) ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) + ** 1542309 - isolate top-level domain URLs (FF68+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From f62f781645b514b790675abd28611a430a5d284e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 11:41:34 +0000 Subject: [PATCH 1079/1961] HTTP2 -> inactive --- user.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index efa75e4..7be1519 100644 --- a/user.js +++ b/user.js @@ -473,20 +473,20 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); -/* 0702: disable HTTP2 (which was based on SPDY which is now deprecated) - * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance - * privacy, and in fact opens up a number of server-side fingerprinting opportunities - * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the - * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, - * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. +/* 0702: disable HTTP2 + * HTTP2 raises some concerns with "multiplexing" and "server push", does nothing to + * enhance privacy, and may open up a number of server-side fingerprinting opportunities. + * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is + * now at 35% and growing, see [5] - don't be that one person using HTTP1.1 on HTTP2 sites * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://queue.acm.org/detail.cfm?id=2716278 - * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 ***/ -user_pref("network.http.spdy.enabled", false); -user_pref("network.http.spdy.enabled.deps", false); -user_pref("network.http.spdy.enabled.http2", false); -user_pref("network.http.spdy.websockets", false); // [FF65+] + * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 + * [5] https://w3techs.com/technologies/details/ce-http2/all/all ***/ + // user_pref("network.http.spdy.enabled", false); + // user_pref("network.http.spdy.enabled.deps", false); + // user_pref("network.http.spdy.enabled.http2", false); + // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 0703: disable HTTP Alternative Services [FF37+] * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, From d41372a7f00edefe16b7aa28c5f5abd2e2951328 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 11:50:01 +0000 Subject: [PATCH 1080/1961] 2421 should be a warning it's not setup tag, because any change (it is inactive) does not help performance, in fact the opposite --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7be1519..93dc7fb 100644 --- a/user.js +++ b/user.js @@ -1206,7 +1206,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits - * [SETUP-PERF] If false, causes the odd site issue and there is also a performance loss + * [WARNING] If false, causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); From 59d056de27283273739fe22ca6e4bb67ae0a442c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 12:00:46 +0000 Subject: [PATCH 1081/1961] document fonts -> inactive --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 93dc7fb..5492236 100644 --- a/user.js +++ b/user.js @@ -887,11 +887,10 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) - * If you disallow fonts, this drastically limits/reduces font - * enumeration (by JS) which is a high entropy fingerprinting vector. - * [NOTE] Disabling fonts can uglify the web a fair bit. + * [WARNING] Blocking fonts can *sometimes* reduce JS font enumeration, but not entropy. + * There are also other methods to fingerprint fonts. Wait for RFP (4500) to cover this. * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ -user_pref("browser.display.use_document_fonts", 0); + // user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts * [NOTE] Example below for Windows/Western only * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/ From e56665ecd155e9e019c9ee2c1cabadf2bf360791 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 12:05:21 +0000 Subject: [PATCH 1082/1961] HWA -> inactive --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5492236..c9ad677 100644 --- a/user.js +++ b/user.js @@ -1249,13 +1249,13 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://wiki.mozilla.org/Media/getUserMedia * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ user_pref("media.navigator.enabled", false); -/* 2508: disable hardware acceleration to reduce graphics fingerprinting - * [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance, +/* 2508: disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN] + * [WARNING] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out * [SETTING] General>Performance>Custom>Use hardware acceleration when available * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] -user_pref("layers.acceleration.disabled", true); + // user_pref("layers.acceleration.disabled", true); /* 2510: disable Web Audio API [FF51+] * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); From 373602f0f072f1e9fdfd51924c14109fc4e60e4a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 12:12:30 +0000 Subject: [PATCH 1083/1961] mathml -> inactive --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c9ad677..b773e96 100644 --- a/user.js +++ b/user.js @@ -1296,10 +1296,10 @@ user_pref("devtools.chrome.enabled", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -/* 2609: disable MathML (Mathematical Markup Language) [FF51+] +/* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ -user_pref("mathml.disabled", true); + // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] * [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ From bb7f8df6470d171e9409d3b4aaf7a2484ba2d5b9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 12:16:33 +0000 Subject: [PATCH 1084/1961] 2650 -> inactive --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b773e96..a02a36b 100644 --- a/user.js +++ b/user.js @@ -1354,7 +1354,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ -user_pref("browser.download.folderList", 2); + // user_pref("browser.download.folderList", 2); /* 2651: enforce user interaction for security by always asking the user where to download * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); From 2d62b9f729c34a2c586ec2e0af2d5f203d4a1116 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 12:23:39 +0000 Subject: [PATCH 1085/1961] 2654 (open with) -> inactive --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index a02a36b..c77639e 100644 --- a/user.js +++ b/user.js @@ -1362,12 +1362,12 @@ user_pref("browser.download.useDownloadDir", false); user_pref("browser.download.manager.addToRecentDocs", false); /* 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); -/* 2654: disable "open with" in download dialog [FF50+] +/* 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN] * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. - * [SETUP-CHROME] This may interfere with some users' workflow or methods + * [WARNING] This may interfere with some users' workflow or methods * [1] https://bugzilla.mozilla.org/1281959 ***/ -user_pref("browser.download.forbid_open_with", true); + // user_pref("browser.download.forbid_open_with", true); /** EXTENSIONS ***/ /* 2660: lock down allowed extension directories From 8a98cd18902ffa4bfcbe523e20c832d79aa5e6a6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 13:12:47 +0000 Subject: [PATCH 1086/1961] tidying up --- user.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index c77639e..9ed45b3 100644 --- a/user.js +++ b/user.js @@ -530,7 +530,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] -/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME] +/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS Change items 0850 and above to suit for privacy vs convenience and functionality. Consider your environment (no unwanted eyeballs), your device (restricted access), your device's unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check @@ -582,7 +582,7 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar suggestion types - * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled + * If all three suggestion types are false, search engine keywords are disabled * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); // user_pref("browser.urlbar.suggest.bookmark", false); @@ -1352,7 +1352,8 @@ user_pref("pdfjs.disabled", false); user_pref("network.protocol-handler.external.ms-windows-store", false); /** DOWNLOADS ***/ -/* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) +/* 2650: discourage downloading to desktop + * 0=desktop 1=downloads 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); /* 2651: enforce user interaction for security by always asking the user where to download @@ -1480,7 +1481,7 @@ user_pref("dom.caches.enabled", false); * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ // user_pref("dom.storage_access.enabled", false); -/*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME] +/*** [SECTION 2800]: SHUTDOWN You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) @@ -1491,7 +1492,7 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /* 2802: enable Firefox to clear items on shutdown (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: set what items to clear on shutdown (if 2802 is true) +/* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value * but if 'history' is false, downloads can still be cleared independently * However, this may not always be the case. The interface combines and syncs these @@ -1505,7 +1506,7 @@ user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download Histo user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) +/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox. * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog From 9fbe3080c54ac4e5c1894ba7a8507f72b45dad40 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 13:28:07 +0000 Subject: [PATCH 1087/1961] 2651: add setup-chrome tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9ed45b3..8d270b9 100644 --- a/user.js +++ b/user.js @@ -1356,7 +1356,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * 0=desktop 1=downloads 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); -/* 2651: enforce user interaction for security by always asking the user where to download +/* 2651: enforce user interaction for security by always asking where to download [SETUP-CHROME] * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ From 50d31a7aa257532c58786637af2b5214a449e538 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 13:31:15 +0000 Subject: [PATCH 1088/1961] 2701 cookies add setup-web tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 8d270b9..37fcd8e 100644 --- a/user.js +++ b/user.js @@ -1417,7 +1417,7 @@ user_pref("security.dialog_enable_delay", 700); accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable 3rd-party cookies and site-data +/* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies, * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) * [NOTE] Value 4 is tied to the Tracking Protection lists From c2775a3441e475b53c5056b2d88db0427e5cd4f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 14:15:58 +0000 Subject: [PATCH 1089/1961] 0860 form history info, closes #691 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 37fcd8e..5bd3c79 100644 --- a/user.js +++ b/user.js @@ -602,8 +602,10 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ // user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history + * Autocomplete form data is still (in April 2019) easily read by third parties, see [1] * [NOTE] You can clear formdata on exiting Firefox (see 2803) - * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/ + * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history + * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) From 4989928c1ea57c5f763d6b78fd3ee494ff99bc8b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 14:34:07 +0000 Subject: [PATCH 1090/1961] 2026: remove (canvas.capture*) Disabled back when first added as a stop gap measure, never checked on since. TB has this at true, so I think we can get rid of it --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 5bd3c79..a8251b1 100644 --- a/user.js +++ b/user.js @@ -1075,9 +1075,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); -/* 2026: disable canvas capture stream [FF41+] - * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/ -user_pref("canvas.capturestream.enabled", false); /* 2027: disable camera image capture [FF35+] * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] From 8b07fd57d0f8a31dab25661d51235fe1b0c6360c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 14:35:51 +0000 Subject: [PATCH 1091/1961] canvas.capturestream.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 185a14e..b29265e 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 30-Jan-2019 + Last updated: 22-Apr-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -120,6 +120,8 @@ /* 65-beta */ 'browser.contentblocking.enabled', 'browser.urlbar.maxHistoricalSearchSuggestions', + /* 67-beta */ + 'canvas.capturestream.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 87959d621cd9c7f9d0e59928b0e07731309f5b15 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 15:20:16 +0000 Subject: [PATCH 1092/1961] 2010: remove pdf webgl it's default false, and I want to simplify webgl 2010+2012 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index a8251b1..52373c1 100644 --- a/user.js +++ b/user.js @@ -1058,7 +1058,6 @@ user_pref("media.peerconnection.ice.no_host", true); // [FF51+] * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); -user_pref("pdfjs.enableWebGL", false); user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); From 8a68fc48c57f591ada8896e56454f5a0792e233f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 15:21:16 +0000 Subject: [PATCH 1093/1961] pdfjs.enableWebGL --- scratchpad-scripts/ghacks-clear-[removed].js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index b29265e..13a5147 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -122,6 +122,7 @@ 'browser.urlbar.maxHistoricalSearchSuggestions', /* 67-beta */ 'canvas.capturestream.enabled', + 'pdfjs.enableWebGL', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 358ddfdfced6c5b171bdc5509cd20f7f387ae402 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Apr 2019 15:38:26 +0000 Subject: [PATCH 1094/1961] pdfjs - add setup tag --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 52373c1..62515e3 100644 --- a/user.js +++ b/user.js @@ -1334,8 +1334,8 @@ user_pref("ui.use_standins_for_native_colors", true); * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enable Firefox's built-in PDF reader - * This setting controls if the option "Display in Firefox" in the above setting is available +/* 2620: enable Firefox's built-in PDF reader [SETUP-CHROME] + * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) * Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. @@ -1344,7 +1344,7 @@ user_pref("network.IDN_show_punycode", true); * CONS: You may prefer a different pdf reader for security reasons * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) * [SETTING] General>Applications>Portable Document Format (PDF) ***/ -user_pref("pdfjs.disabled", false); +user_pref("pdfjs.disabled", false); // [DEFAULT: false] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); From b05cfc32de098f7bf9ead0b4bd079def38df80ba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Apr 2019 04:04:22 +0000 Subject: [PATCH 1095/1961] HTTP2 tweak --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 62515e3..0bd8d7b 100644 --- a/user.js +++ b/user.js @@ -474,14 +474,14 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 - * HTTP2 raises some concerns with "multiplexing" and "server push", does nothing to - * enhance privacy, and may open up a number of server-side fingerprinting opportunities. + * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to + * enhance privacy, and opens up a number of server-side fingerprinting opportunities. * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is - * now at 35% and growing, see [5] - don't be that one person using HTTP1.1 on HTTP2 sites + * at 35% (April 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html - * [3] https://queue.acm.org/detail.cfm?id=2716278 - * [4] https://github.com/ghacksuserjs/ghacks-user.js/issues/107 + * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 + * [4] https://queue.acm.org/detail.cfm?id=2716278 * [5] https://w3techs.com/technologies/details/ce-http2/all/all ***/ // user_pref("network.http.spdy.enabled", false); // user_pref("network.http.spdy.enabled.deps", false); From b8367959dace0b408eea8421df283fd3e33ef4ee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Apr 2019 05:33:06 +0000 Subject: [PATCH 1096/1961] mathml: a better test --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0bd8d7b..c96154d 100644 --- a/user.js +++ b/user.js @@ -1295,7 +1295,7 @@ user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] - * [TEST] http://browserspy.dk/mathml.php + * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] From 986c9001935c7856e2ef4ddebef47fe3ea026a24 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Apr 2019 05:50:35 +0000 Subject: [PATCH 1097/1961] RFP tidy up --- user.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index c96154d..74c2c00 100644 --- a/user.js +++ b/user.js @@ -1571,14 +1571,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL IMPORTANT: As existing prefs become redundant, and some of them WILL interfere with how RFP works, they will be moved to section 4600 and made inactive - ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) - [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/1216800 - [NOTE] This will probably make your values pretty unique until you resize or snap the - inner window width + height into standard/common resolutions (such as 1366x768) - To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - your window size, do some math, resize to allow for all the non inner window elements + ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) + [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at + 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. + Test your window size, do some math, resize to allow for all the non inner window elements [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) From f849e1c602ad95bb0f7c6734145d8e2a0ec969a5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Apr 2019 06:39:59 +0000 Subject: [PATCH 1098/1961] WOFF2 -> inactive --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 74c2c00..56b450b 100644 --- a/user.js +++ b/user.js @@ -911,7 +911,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/ -user_pref("gfx.downloadable_fonts.woff2.enabled", false); + // user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); From 092221567020c0602113927971cd9be0db895136 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Apr 2019 07:46:47 +0000 Subject: [PATCH 1099/1961] 1840 openh264 -> inactive WebRTC is already disabled --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 56b450b..a14c0be 100644 --- a/user.js +++ b/user.js @@ -1038,10 +1038,10 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); -/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-WEB] +/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-HARDEN] * This is the bundled codec used for video chat in WebRTC ***/ -user_pref("media.gmp-gmpopenh264.enabled", false); -user_pref("media.gmp-gmpopenh264.autoupdate", false); + // user_pref("media.gmp-gmpopenh264.enabled", false); + // user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); From d6ccf7ba643aaf1cba18dd97a4fe4e6fb8033adc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Apr 2019 08:12:31 +0000 Subject: [PATCH 1100/1961] 0860 form history: add setup tag / warning - Used setup-web since it relates to actual web pages, even though it doesn't break them - Added the tag because it's an item that is likely to get attention / troubleshooting - Added a warning tag to make the risk more apparent. - Slight edit to the 2803 references --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a14c0be..a99a39c 100644 --- a/user.js +++ b/user.js @@ -601,14 +601,14 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ // user_pref("browser.urlbar.oneOffSearches", false); -/* 0860: disable search and form history - * Autocomplete form data is still (in April 2019) easily read by third parties, see [1] - * [NOTE] You can clear formdata on exiting Firefox (see 2803) +/* 0860: disable search and form history [SETUP-WEB] + * [WARNING] Autocomplete form data is still (in April 2019) easily read by third parties, see [1] + * [NOTE] We also clear formdata on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) + * [NOTE] We also clear history and downloads on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 0864: disable date/time picker From d4f7590c833f6f0ff851072e74cd05d8517aad1b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Apr 2019 08:39:11 +0000 Subject: [PATCH 1101/1961] 2212: add setup tag - doesn't need any more than that. users can fiddle with it to find what works for them: I'm sure this breaks a lot of website "features" --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index a99a39c..20680f0 100644 --- a/user.js +++ b/user.js @@ -1123,7 +1123,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); user_pref("dom.disable_open_during_load", true); /* 2211: set max popups from a single non-click event - default is 20! ***/ user_pref("dom.popup_maximum", 3); -/* 2212: limit events that can cause a popup +/* 2212: limit events that can cause a popup [SETUP-WEB] * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); From c3210d1be97c7d3867d76841d1573a40a96cf0b2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 06:55:58 +0000 Subject: [PATCH 1102/1961] 1241: insecure passive: add setup tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 20680f0..3f6f3d9 100644 --- a/user.js +++ b/user.js @@ -844,7 +844,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); /* 1240: disable insecure active content on https pages * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] -/* 1241: disable insecure passive content (such as images) on https pages ***/ +/* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ user_pref("security.mixed_content.block_display_content", true); /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] * [1] https://bugzilla.mozilla.org/1190623 ***/ From 882d25f725b75fe12225d12e257a3c1cc3dcf033 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 07:00:40 +0000 Subject: [PATCH 1103/1961] 2610: SVG: should be warning, not setup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3f6f3d9..2ba26a5 100644 --- a/user.js +++ b/user.js @@ -1299,7 +1299,7 @@ user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] - * [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. + * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard From 6a0c44d0a4b467652d92fbb495cbe371f265235c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 07:03:28 +0000 Subject: [PATCH 1104/1961] 2517: should be warning, not setup If it's inactive then it's a warning. We can still go through the js and add setup-harden tags for a few inactive items, which I will do --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2ba26a5..4e9657e 100644 --- a/user.js +++ b/user.js @@ -1258,7 +1258,7 @@ user_pref("media.navigator.enabled", false); * [1] https://bugzilla.mozilla.org/1288359 ***/ user_pref("dom.webaudio.enabled", false); /* 2517: disable Media Capabilities API [FF63+] - * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure + * [WARNING] This *may* affect media performance if disabled, no one is sure * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); From 98f65da430104df5ebb3f8f38d76a1895ae8252f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 07:33:30 +0000 Subject: [PATCH 1105/1961] remove dead setup tags --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4e9657e..0bd44d2 100644 --- a/user.js +++ b/user.js @@ -2187,7 +2187,7 @@ user_pref("extensions.shield-recipe-client.api_url", ""); // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); // 2301: disable workers - // [SETUP-WEB] Disabling workers *will* break sites (e.g. Google Street View, Twitter) + // Disabling workers *will* break sites (e.g. Google Street View, Twitter) // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [-] https://bugzilla.mozilla.org/1434934 user_pref("dom.workers.enabled", false); @@ -2242,7 +2242,7 @@ user_pref("shield.savant.enabled", false); // [-] https://bugzilla.mozilla.org/1453751 // user_pref("browser.chrome.favicons", false); // 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default - // [SETUP-WEB] This may break video playback on various sites + // This may break video playback on various sites // [-] https://bugzilla.mozilla.org/1470082 user_pref("media.autoplay.enabled", false); // 2704: set cookie lifetime in days (see 2703) From 2d0182ce6ee26f9d0c7d0feb2a0f8e207fd53406 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 13:53:02 +0000 Subject: [PATCH 1106/1961] 1001: add setup tag - remove tag from section header (chrome) - add tag to pref (perf) - mention that we clear on close --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0bd44d2..7237e15 100644 --- a/user.js +++ b/user.js @@ -667,7 +667,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ ***/ user_pref("network.auth.subresource-http-auth-allow", 1); -/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME] +/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers [4]. Another solution is to use a hardened configuration @@ -681,7 +681,10 @@ user_pref("network.auth.subresource-http-auth-allow", 1); ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ -/* 1001: disable disk cache ***/ +/* 1001: disable disk cache + * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), + * or you use a hardened Temporary Containers, then feel free to override these + * [NOTE] We also clear cache on close (see 2803) ***/ user_pref("browser.cache.disk.enable", false); user_pref("browser.cache.disk.capacity", 0); user_pref("browser.cache.disk.smart_size.enabled", false); From 053808ba971dc308640d2f1646fb6dbb126d6c0e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 14:03:02 +0000 Subject: [PATCH 1107/1961] 1001: remove dead wood - these are not needed, you can view your cache in about:cache, or look at your `profile/cache2` folder (at least for portable Firefox), the remaining pref is enough to achieve the desired result - browser.cache.disk.smart_size.first_run is set internally (for me it got automatically reset to modified false) - the other two prefs are just more things for users to have deal with if they want to use disk cache --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index 7237e15..49802e7 100644 --- a/user.js +++ b/user.js @@ -683,12 +683,9 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m /** CACHE ***/ /* 1001: disable disk cache * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), - * or you use a hardened Temporary Containers, then feel free to override these + * or you use a hardened Temporary Containers, then feel free to override this * [NOTE] We also clear cache on close (see 2803) ***/ user_pref("browser.cache.disk.enable", false); -user_pref("browser.cache.disk.capacity", 0); -user_pref("browser.cache.disk.smart_size.enabled", false); -user_pref("browser.cache.disk.smart_size.first_run", false); /* 1002: disable disk cache for SSL pages * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); From e6017af4bd43c6a0890b454ac1d8b5c463a02d6a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 14:06:48 +0000 Subject: [PATCH 1108/1961] 3 disk cache prefs see https://github.com/ghacksuserjs/ghacks-user.js/commit/053808ba971dc308640d2f1646fb6dbb126d6c0e --- scratchpad-scripts/ghacks-clear-[removed].js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 13a5147..4ea6aac 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 22-Apr-2019 + Last updated: 27-Apr-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -123,6 +123,9 @@ /* 67-beta */ 'canvas.capturestream.enabled', 'pdfjs.enableWebGL', + 'browser.cache.disk.capacity', + 'browser.cache.disk.smart_size.enabled', + 'browser.cache.disk.smart_size.first_run', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 8765231de0a1d943403732e5b2448d7c45133580 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 16:12:25 +0000 Subject: [PATCH 1109/1961] 0801: keyword.enabled, closes #702 - explain pitfalls, add keyword tip, add setup tag - given the searchbar is hidden by default in new FF installs, a lot of people could find this incredibly annoying (not being able to hit enter), including users who have changed their search engine - hence the setup tag --- user.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 49802e7..a746a49 100644 --- a/user.js +++ b/user.js @@ -540,7 +540,13 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - * don't leak typos to a search engine, give an error message instead ***/ + * Don't leak URL typos to a search engine, give an error message instead. + * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" + * [NOTE] Search buttons in the dropdown work, but hitting 'enter' in the location bar will fail + * [TIP] You can add keywords to search engines in options (e.g. 'd' for DuckDuckGo) and + * the dropdown will now auto-select it and you can then hit 'enter' and it will work + * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search + * engine that respects privacy, then you probably don't need this ***/ user_pref("keyword.enabled", false); /* 0802: disable location bar domain guessing * domain guessing intercepts DNS "hostname not found errors" and resends a From c9c1671e4aa1121cd457995db39a2e36658f15cd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 16:18:48 +0000 Subject: [PATCH 1110/1961] 2010+2012: simplify WebGL, closes #699 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a746a49..0707797 100644 --- a/user.js +++ b/user.js @@ -1060,16 +1060,16 @@ user_pref("media.peerconnection.enabled", false); * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] -/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions +/* 2010: disable WebGL (Web Graphics Library) * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); +user_pref("webgl.dxgl.enabled", false); // [WINDOWS] +user_pref("webgl.enable-webgl2", false); +/* 2012: limit WebGL ***/ user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); -/* 2012: disable two more webgl preferences [FF51+] ***/ -user_pref("webgl.dxgl.enabled", false); // [WINDOWS] -user_pref("webgl.enable-webgl2", false); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); From 528d0de6b4e7d8a205ef38356d2cdf719cb7405d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 17:39:53 +0000 Subject: [PATCH 1111/1961] 2305: permission also applies to push --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 0707797..ad9fea2 100644 --- a/user.js +++ b/user.js @@ -1163,7 +1163,7 @@ user_pref("dom.serviceWorkers.enabled", false); * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ user_pref("dom.webnotifications.enabled", false); // [FF22+] user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] -/* 2305: set a default permission for Notifications (see 2304) [FF58+] +/* 2305: set a default permission for Notifications (2304) and Push (2306) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications From 25b8b404fbf25c0b3b73ef87a954dbee6323fc1c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Apr 2019 19:02:14 +0000 Subject: [PATCH 1112/1961] 2305+2306: musical chairs #706 --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index ad9fea2..83d8490 100644 --- a/user.js +++ b/user.js @@ -1159,17 +1159,11 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); -/* 2304: disable web notifications +/* 2304: disable Web Notifications * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ user_pref("dom.webnotifications.enabled", false); // [FF22+] user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] -/* 2305: set a default permission for Notifications (2304) and Push (2306) [FF58+] - * 0=always ask (default), 1=allow, 2=block - * [NOTE] Best left at default "always ask", fingerprintable via Permissions API - * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ - // user_pref("permissions.default.desktop-notification", 2); -/* 2306: disable push notifications [FF44+] +/* 2305: disable Push Notifications [FF44+] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ @@ -1177,6 +1171,12 @@ user_pref("dom.push.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.serverURL", ""); user_pref("dom.push.userAgentID", ""); +/* 2306: set a default permission for Notifications (both 2305 and 2306) [FF58+] + * 0=always ask (default), 1=allow, 2=block + * [NOTE] Best left at default "always ask", fingerprintable via Permissions API + * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ + // user_pref("permissions.default.desktop-notification", 2); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); From 6f8d0263df52b239f8d7dd5485591abf62c67680 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 02:55:45 +0000 Subject: [PATCH 1113/1961] 0303 + 0304 + 0305: remove, closes #708 --- user.js | 8 -------- 1 file changed, 8 deletions(-) diff --git a/user.js b/user.js index 83d8490..64b2e3f 100644 --- a/user.js +++ b/user.js @@ -193,14 +193,6 @@ user_pref("app.update.auto", false); /* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.autoUpdateDefault", false); -/* 0303: disable background update service [WINDOWS] - * [SETTING] General>Firefox Updates>Use a background service to install updates ***/ -user_pref("app.update.service.enabled", false); -/* 0304: disable background update staging ***/ -user_pref("app.update.staging.enabled", false); -/* 0305: enforce update information is displayed - * This is the update available, downloaded, error and success information ***/ -user_pref("app.update.silent", false); /* 0306: disable extension metadata * used when installing/updating an extension, and in daily background update checks: if false, it * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ From 8f1a489e361f97995e0cb69b1e0303c0f425d2f2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 02:58:35 +0000 Subject: [PATCH 1114/1961] 3 update prefs, see #708 --- scratchpad-scripts/ghacks-clear-[removed].js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 4ea6aac..f5eb3c3 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 27-Apr-2019 + Last updated: 28-Apr-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -121,11 +121,14 @@ 'browser.contentblocking.enabled', 'browser.urlbar.maxHistoricalSearchSuggestions', /* 67-beta */ - 'canvas.capturestream.enabled', - 'pdfjs.enableWebGL', + 'app.update.service.enabled', + 'app.update.staging.enabled', + 'app.update.silent', 'browser.cache.disk.capacity', 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', + 'canvas.capturestream.enabled', + 'pdfjs.enableWebGL', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 7b667db7669155952323bf0aad2894cd09b32728 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 03:37:07 +0000 Subject: [PATCH 1115/1961] 2304 + 2305 -> inactive, see #706 --- user.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 64b2e3f..b0fe23e 100644 --- a/user.js +++ b/user.js @@ -1152,17 +1152,19 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications + * [NOTE] Web Notifications require Service Workers, and are behind a prompt (see 2306) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ -user_pref("dom.webnotifications.enabled", false); // [FF22+] -user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] + // user_pref("dom.webnotifications.enabled", false); // [FF22+] + // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: disable Push Notifications [FF44+] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded + * [NOTE] Push Notifications require Service Workers, and are behind a prompt (see 2306) * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ -user_pref("dom.push.enabled", false); -user_pref("dom.push.connection.enabled", false); -user_pref("dom.push.serverURL", ""); -user_pref("dom.push.userAgentID", ""); + // user_pref("dom.push.enabled", false); + // user_pref("dom.push.connection.enabled", false); + // user_pref("dom.push.serverURL", ""); + // user_pref("dom.push.userAgentID", ""); /* 2306: set a default permission for Notifications (both 2305 and 2306) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API From 3e5e1bfdd2f534961778e8df0ba933d4a517dc9e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 03:48:55 +0000 Subject: [PATCH 1116/1961] 2740 -> inactive, see #706 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index b0fe23e..b38ad0a 100644 --- a/user.js +++ b/user.js @@ -1465,8 +1465,9 @@ user_pref("browser.cache.offline.insecure.enable", false); // [DEFAULT: false in * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2740: disable service workers cache and cache storage + * [NOTE] We clear Service Worker cache on close (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ -user_pref("dom.caches.enabled", false); + // user_pref("dom.caches.enabled", false); /* 2750: disable Storage API [FF51+] * The API gives sites the ability to find out how much space they can use, how much * they are already using, and even control whether or not they need to be alerted From a39516ff0e112c2601d4b8d71e11499bbdc03a1c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 04:02:19 +0000 Subject: [PATCH 1117/1961] case consistency when using service worker* --- user.js | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index b38ad0a..3052bee 100644 --- a/user.js +++ b/user.js @@ -1132,8 +1132,7 @@ user_pref("dom.popup_allowed_events", "click dblclick"); including service and shared workers. Shared workers can be utilized by multiple scripts and communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - [SETUP-WEB] Disabling "web workers" might break sites - [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) + [NOTE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API @@ -1149,17 +1148,17 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * and network, are event driven, and can control the web page/site it is associated with, * intercepting and modifying navigation and resource requests, and caching resources. * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. - * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/ + * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications - * [NOTE] Web Notifications require Service Workers, and are behind a prompt (see 2306) + * [NOTE] Web Notifications require service workers (2302) and are behind a prompt (2306) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ // user_pref("dom.webnotifications.enabled", false); // [FF22+] // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: disable Push Notifications [FF44+] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * [NOTE] Push Notifications require Service Workers, and are behind a prompt (see 2306) + * [NOTE] Push Notifications require service workers (2302) and are behind a prompt (s2306) * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ // user_pref("dom.push.enabled", false); // user_pref("dom.push.connection.enabled", false); @@ -1464,8 +1463,8 @@ user_pref("browser.cache.offline.insecure.enable", false); // [DEFAULT: false in * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); -/* 2740: disable service workers cache and cache storage - * [NOTE] We clear Service Worker cache on close (see 2803) +/* 2740: disable service worker cache and cache storage + * [NOTE] We clear service worker cache on close (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ // user_pref("dom.caches.enabled", false); /* 2750: disable Storage API [FF51+] @@ -1483,7 +1482,7 @@ user_pref("offline-apps.allow_by_default", false); /*** [SECTION 2800]: SHUTDOWN You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), - Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) + service worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced ***/ From 7a9763d1292be07450a3ed7eca7b6d8475e8072d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 04:30:38 +0000 Subject: [PATCH 1118/1961] 2740: add setup tag etc, closes #706 --- user.js | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 3052bee..fcb8785 100644 --- a/user.js +++ b/user.js @@ -682,7 +682,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m /* 1001: disable disk cache * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), * or you use a hardened Temporary Containers, then feel free to override this - * [NOTE] We also clear cache on close (see 2803) ***/ + * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable disk cache for SSL pages * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ @@ -1038,8 +1038,8 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); user_pref("media.eme.enabled", false); /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-HARDEN] * This is the bundled codec used for video chat in WebRTC ***/ - // user_pref("media.gmp-gmpopenh264.enabled", false); - // user_pref("media.gmp-gmpopenh264.autoupdate", false); + // user_pref("media.gmp-gmpopenh264.enabled", false); + // user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); @@ -1147,6 +1147,9 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * Service workers essentially act as proxy servers that sit between web apps, and the browser * and network, are event driven, and can control the web page/site it is associated with, * intercepting and modifying navigation and resource requests, and caching resources. + * [SETUP-WEB] Disabling service workers will break some sites. This pref is a master switch, and controls + * notifications (2304, 2305) and service worker cache (2740) - all three are inactive. Notifications are + * behind a prompt (2306). If you enable service workers, then you may want to look at these prefs as well. * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. ***/ user_pref("dom.serviceWorkers.enabled", false); @@ -1158,7 +1161,7 @@ user_pref("dom.serviceWorkers.enabled", false); /* 2305: disable Push Notifications [FF44+] * web apps can receive messages pushed to them from a server, whether or * not the web app is in the foreground, or even currently loaded - * [NOTE] Push Notifications require service workers (2302) and are behind a prompt (s2306) + * [NOTE] Push Notifications require service workers (2302) and are behind a prompt (2306) * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ // user_pref("dom.push.enabled", false); // user_pref("dom.push.connection.enabled", false); @@ -1464,7 +1467,7 @@ user_pref("browser.cache.offline.insecure.enable", false); // [DEFAULT: false in * [2] https://bugzilla.mozilla.org/959985 ***/ user_pref("offline-apps.allow_by_default", false); /* 2740: disable service worker cache and cache storage - * [NOTE] We clear service worker cache on close (see 2803) + * [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ // user_pref("dom.caches.enabled", false); /* 2750: disable Storage API [FF51+] @@ -1571,7 +1574,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL IMPORTANT: As existing prefs become redundant, and some of them WILL interfere with how RFP works, they will be moved to section 4600 and made inactive - ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) + ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test your window size, do some math, resize to allow for all the non inner window elements From 8a86097997cf56735475da2233f689faab4c3ce9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 11:10:15 +0000 Subject: [PATCH 1119/1961] 1820s: GMP: remove three prefs, see #709 --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index fcb8785..14e824d 100644 --- a/user.js +++ b/user.js @@ -1024,10 +1024,7 @@ user_pref("plugin.scan.plid.all", false); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); -user_pref("media.gmp.trial-create.enabled", false); -user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:text/plain,"); // [HIDDEN PREF] -user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback [HIDDEN PREF] +user_pref("media.gmp-manager.updateEnabled", false); // HIDDEN PREF] /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); From b4a48562237e3b25a2488afa8c36088947f07f81 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 11:12:11 +0000 Subject: [PATCH 1120/1961] 3 x GMP prefs, see #709 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index f5eb3c3..e48fb22 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -128,6 +128,9 @@ 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'canvas.capturestream.enabled', + 'media.gmp-manager.url', + 'media.gmp-manager.url.override', + 'media.gmp.trial-create.enabled', 'pdfjs.enableWebGL', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 8d874401fa7802363be1a94dd0a447f88635d397 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 12:56:27 +0000 Subject: [PATCH 1121/1961] pre FF61 deprecated -> archive This is all archived in the sticky at the end of the first post --- user.js | 385 +------------------------------------------------------- 1 file changed, 2 insertions(+), 383 deletions(-) diff --git a/user.js b/user.js index 14e824d..c70d519 100644 --- a/user.js +++ b/user.js @@ -1810,392 +1810,11 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, - viewer-friendly version of the deprecated bugzilla tickets. The original state of each pref - has been preserved, or changed to match the current setup, but you are advised to review them. - [NOTE] Up to FF53, to enable a section change /* FFxx to // FFxx - For FF53 on, we have bundled releases to cater for ESR. Change /* to // on the first line + Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which + also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); -/* FF42 and older -// 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled - // [-] https://bugzilla.mozilla.org/897811 -user_pref("pageThumbs.enabled", false); -// 2503: (31+) disable network API - replaced by dom.netinfo.enabled - // [-] https://bugzilla.mozilla.org/960426 -user_pref("dom.network.enabled", false); -// 2600's: (35+) disable WebSockets - // [-] https://bugzilla.mozilla.org/1091016 -user_pref("network.websocket.enabled", false); -// 1610: (36+) set DNT "value" to "not be tracked" [FF21+] - // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value - // [-] https://bugzilla.mozilla.org/1042135#c101 - // user_pref("privacy.donottrackheader.value", 1); -// 2023: (37+) disable camera autofocus callback - // The API will be superseded by the WebRTC Capture and Stream API - // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl - // [-] https://bugzilla.mozilla.org/1107683 -user_pref("camera.control.autofocus_moving_callback.enabled", false); -// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various - // [-] https://bugzilla.mozilla.org/1109475 -user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL -user_pref("browser.safebrowsing.reportGenericURL", ""); // removed -user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL -user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed -user_pref("browser.safebrowsing.reportURL", ""); // removed -// 0702: (41+) disable HTTP2 (draft) - // [-] https://bugzilla.mozilla.org/1132357 -user_pref("network.http.spdy.enabled.http2draft", false); -// 1804: (41+) disable plugin enumeration - // [-] https://bugzilla.mozilla.org/1169945 -user_pref("plugins.enumerable_names", ""); -// 2803: (42+) clear passwords on shutdown - // [-] https://bugzilla.mozilla.org/1102184 - // user_pref("privacy.clearOnShutdown.passwords", false); -// 5002: (42+) disable warning when a domain requests full screen - // replaced by setting full-screen-api.warning.timeout to zero - // [-] https://bugzilla.mozilla.org/1160017 - // user_pref("full-screen-api.approval-required", false); -// ***/ -/* FF43 -// 0410's: disable safebrowsing urls & updates - replaced by various - // [-] https://bugzilla.mozilla.org/1107372 - // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL - // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL -user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL -// 0420's: disable tracking protection - replaced by various - // [-] https://bugzilla.mozilla.org/1107372 - // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL - // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL -// 1803: remove plugin finder service - // [1] http://kb.mozillazine.org/Pfs.datasource.url - // [-] https://bugzilla.mozilla.org/1202193 -user_pref("pfs.datasource.url", ""); -// 5003: disable new search panel UI - // [-] https://bugzilla.mozilla.org/1119250 - // user_pref("browser.search.showOneOffButtons", false); -// ***/ -/* FF44 -// 0414: disable safebrowsing's real-time binary checking (google) [FF43+] - // [-] https://bugzilla.mozilla.org/1237103 -user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL -// 1200's: block rc4 whitelist - // [-] https://bugzilla.mozilla.org/1215796 -user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2300's: disable SharedWorkers - // [1] https://trac.torproject.org/projects/tor/ticket/15562 - // [-] https://bugzilla.mozilla.org/1207635 -user_pref("dom.workers.sharedWorkers.enabled", false); -// 2403: disable scripts changing images - // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - // [-] https://bugzilla.mozilla.org/773429 - // user_pref("dom.disable_image_src_set", true); -// ***/ -/* FF45 -// 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none - // extra session data contains contents of forms, scrollbar positions, cookies and POST data - // [-] https://bugzilla.mozilla.org/1235379 -user_pref("browser.sessionstore.privacy_level_deferred", 2); -// ***/ -/* FF46 -// 0340: disable health report - // [-] https://bugzilla.mozilla.org/1234526 -user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF] -user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF] -// 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers - // [-] https://bugzilla.mozilla.org/1234522 -user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url - // [-] https://bugzilla.mozilla.org/1239587 -user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check -// 0420: disable polaris (part of Tracking Protection, never used in stable) - // [-] https://bugzilla.mozilla.org/1235565 - // user_pref("browser.polaris.enabled", false); -// 0510: disable "Pocket" [FF39+] - replaced by extensions.pocket.* - // [-] https://bugzilla.mozilla.org/1215694 -user_pref("browser.pocket.enabled", false); -user_pref("browser.pocket.api", ""); -user_pref("browser.pocket.site", ""); -user_pref("browser.pocket.oAuthConsumerKey", ""); -// ***/ -/* FF47 -// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - // [-] https://bugzilla.mozilla.org/1236580 -user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF] -// 0340b: disable about:healthreport page UNIFIED - // [-] https://bugzilla.mozilla.org/1236580 -user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -// 0807: disable history manipulation - // [1] https://developer.mozilla.org/docs/Web/API/History_API - // [-] https://bugzilla.mozilla.org/1249542 -user_pref("browser.history.allowPopState", false); -user_pref("browser.history.allowPushState", false); -user_pref("browser.history.allowReplaceState", false); -// ***/ -/* FF48 -// 0806: disable 'unified complete': 'Search with [default search engine]' - // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html - // [-] https://bugzilla.mozilla.org/1181078 -user_pref("browser.urlbar.unifiedcomplete", false); -// ***/ -/* FF49 -// 0372: disable "Hello" - // [1] https://www.mozilla.org/privacy/archive/hello/2016-03/ - // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - // [-] https://bugzilla.mozilla.org/1287827 -user_pref("loop.enabled", false); -user_pref("loop.server", ""); -user_pref("loop.feedback.formURL", ""); -user_pref("loop.feedback.manualFormURL", ""); -user_pref("loop.facebook.appId", ""); -user_pref("loop.facebook.enabled", false); -user_pref("loop.facebook.fallbackUrl", ""); -user_pref("loop.facebook.shareUrl", ""); -user_pref("loop.logDomains", false); -// 2201: disable new window scrollbars being hidden - // [-] https://bugzilla.mozilla.org/1257887 -user_pref("dom.disable_window_open_feature.scrollbars", true); -// 2303: disable push notification (UDP wake-up) - // [-] https://bugzilla.mozilla.org/1265914 -user_pref("dom.push.udp.wakeupEnabled", false); -// ***/ -/* FF50 -// 0101: disable Windows10 intro on startup [WINDOWS] - // [-] https://bugzilla.mozilla.org/1274633 -user_pref("browser.usedOnWindows10.introURL", ""); -// 0308: disable plugin update notifications - // [-] https://bugzilla.mozilla.org/1277905 -user_pref("plugins.update.notifyUser", false); -// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled - // [-] https://bugzilla.mozilla.org/1025965 - // user_pref("browser.safebrowsing.enabled", false); -// 1266: disable rc4 ciphers - // [1] https://trac.torproject.org/projects/tor/ticket/17369 - // [-] https://bugzilla.mozilla.org/1268728 - // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ -user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -user_pref("security.ssl3.rsa_rc4_128_md5", false); -user_pref("security.ssl3.rsa_rc4_128_sha", false); -// 1809: remove Mozilla's plugin update URL - // [-] https://bugzilla.mozilla.org/1277905 -user_pref("plugins.update.url", ""); -// ***/ -/* FF51 -// 0702: disable SPDY - // [-] https://bugzilla.mozilla.org/1248197 -user_pref("network.http.spdy.enabled.v3-1", false); -// 1851: delay play of videos until they're visible - // [1] https://bugzilla.mozilla.org/1180563 - // [-] https://bugzilla.mozilla.org/1262053 -user_pref("media.block-play-until-visible", true); -// 2504: disable virtual reality devices - // [-] https://bugzilla.mozilla.org/1250244 -user_pref("dom.vr.oculus050.enabled", false); -// ***/ -/* FF52 -// 1601: disable referer from an SSL Website - // [-] https://bugzilla.mozilla.org/1308725 -user_pref("network.http.sendSecureXSiteReferrer", false); -// 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) - // [1] https://trac.torproject.org/projects/tor/ticket/16285 - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 // FF52 - // [-] https://bugzilla.mozilla.org/1329543 // FF53 -user_pref("media.gmp-eme-adobe.enabled", false); -user_pref("media.gmp-eme-adobe.visible", false); -user_pref("media.gmp-eme-adobe.autoupdate", false); -// 2405: disable WebTelephony API - // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony - // [-] https://bugzilla.mozilla.org/1309719 -user_pref("dom.telephony.enabled", false); -// ***/ -/* FF53 -// 1265: block rc4 fallback - // [-] https://bugzilla.mozilla.org/1130670 -user_pref("security.tls.unrestricted_rc4_fallback", false); -// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1317108,1317109,1317110 -user_pref("plugin.scan.Acrobat", "99999"); -user_pref("plugin.scan.Quicktime", "99999"); -user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -// 2022: disable screensharing - // [-] https://bugzilla.mozilla.org/1329562 -user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); -// 2507: disable keyboard fingerprinting - // [-] https://bugzilla.mozilla.org/1322736 -user_pref("dom.beforeAfterKeyboardEvent.enabled", false); -// ***/ -/* FF54 -// 0415: disable reporting URLs (safe browsing) - // [-] https://bugzilla.mozilla.org/1288633 -user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); -user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); -// 1830: block websites detecting DRM is disabled - // [-] https://bugzilla.mozilla.org/1242321 -user_pref("media.eme.apiVisible", false); -// 2425: disable Archive Reader API - // i.e. reading archive contents directly in the browser, through DOM file objects - // [-] https://bugzilla.mozilla.org/1342361 -user_pref("dom.archivereader.enabled", false); -// ***/ -/* FF55 -// 0209: disable geolocation on non-secure origins [FF54+] - // [1] https://bugzilla.mozilla.org/1269531 - // [-] https://bugzilla.mozilla.org/1072859 -user_pref("geo.security.allowinsecure", false); -// 0336: disable "Heartbeat" (Mozilla user rating telemetry) [FF37+] - // [1] https://trac.torproject.org/projects/tor/ticket/18738 - // [-] https://bugzilla.mozilla.org/1361578 -user_pref("browser.selfsupport.enabled", false); // [HIDDEN PREF] -user_pref("browser.selfsupport.url", ""); -// 0360: disable new tab "pings" - // [-] https://bugzilla.mozilla.org/1241390 -user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); -// 0861: disable saving form history on secure websites - // [-] https://bugzilla.mozilla.org/1361220 -user_pref("browser.formfill.saveHttpsForms", false); -// 0863: disable Form Autofill [FF54+] - replaced by extensions.formautofill.* - // [-] https://bugzilla.mozilla.org/1364334 -user_pref("browser.formautofill.enabled", false); -// 2410: disable User Timing API - // [1] https://trac.torproject.org/projects/tor/ticket/16336 - // [-] https://bugzilla.mozilla.org/1344669 -user_pref("dom.enable_user_timing", false); -// 2507: disable keyboard fingerprinting (physical keyboards) [FF38+] - // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on - // web pages. These parameters vary between types of keyboard layouts such as QWERTY, - // AZERTY, Dvorak, and between various languages, e.g. German vs English. - // [WARNING] Don't use if Android + physical keyboard - // [1] https://developer.mozilla.org/docs/Web/API/KeyboardEvent/code - // [2] https://www.privacy-handbuch.de/handbuch_21v.htm - // [-] https://bugzilla.mozilla.org/1352949 -user_pref("dom.keyboardevent.code.enabled", false); -// 5015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/1352069 -user_pref("browser.tabs.animate", false); -// 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/1352069 -user_pref("browser.fullscreen.animate", false); -// ***/ -/* FF56 -// 0515: disable Screenshots (rollout pref only) [FF54+] - // [-] https://bugzilla.mozilla.org/1386333 - // user_pref("extensions.screenshots.system-disabled", true); -// 0517: disable Form Autofill [FF55+] - replaced by extensions.formautofill.available - // [-] https://bugzilla.mozilla.org/1385201 -user_pref("extensions.formautofill.experimental", false); -// ***/ -/* FF57 -// 0374: disable "social" integration - // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388902,1406193 (some leftovers were removed in FF58) -user_pref("social.whitelist", ""); -user_pref("social.toast-notifications.enabled", false); -user_pref("social.shareDirectory", ""); -user_pref("social.remote-install.enabled", false); -user_pref("social.directories", ""); -user_pref("social.share.activationPanelEnabled", false); -user_pref("social.enabled", false); // [HIDDEN PREF] -// 1830: disable DRM's EME WideVineAdapter [FF55+] - // [-] https://bugzilla.mozilla.org/1395468 -user_pref("media.eme.chromium-api.enabled", false); -// 2608: disable WebIDE extension downloads (Valence) - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1393497 -user_pref("devtools.webide.autoinstallFxdtAdapters", false); -user_pref("devtools.webide.adaptersAddonURL", ""); -// 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1393582 -user_pref("browser.casting.enabled", false); -// 5022: hide recently bookmarked items (you still have the original bookmarks) [FF49+] - // [-] https://bugzilla.mozilla.org/1401238 -user_pref("browser.bookmarks.showRecentlyBookmarked", false); -// ***/ -/* FF58 -// 0351: disable sending of crash reports [FF51+] - replaced by *.autoSubmit2 - // [-] https://bugzilla.mozilla.org/1424373 -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); -// ***/ -/* FF59 -// 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested - // [-] https://bugzilla.mozilla.org/1414390 -user_pref("intl.locale.matchOS", false); -// 0204: set APP locale - replaced by intl.locale.requested - // [-] https://bugzilla.mozilla.org/1414390 -user_pref("general.useragent.locale", "en-US"); -// 0340b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) - // If you have disabled health reports, then this about page is useless - disable it - // If you want to see what health data is present, then this must be set at default - // [-] https://bugzilla.mozilla.org/1352497 -user_pref("datareporting.healthreport.about.reportUrl", "data:,"); -// 0511: disable FlyWeb [FF49+] - // Flyweb is a set of APIs for advertising and discovering local-area web servers - // [1] https://flyweb.github.io/ - // [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios - // [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ - // [-] https://bugzilla.mozilla.org/1374574 -user_pref("dom.flyweb.enabled", false); -// 1007: disable randomized FF HTTP cache decay experiments - // [1] https://trac.torproject.org/projects/tor/ticket/13575 - // [-] https://bugzilla.mozilla.org/1430197 -user_pref("browser.cache.frecency_experiment", -1); -// 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests [FF51+] - // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list - // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because - // those may cause noticeable delays e.g. requests time out or are not handled well by servers - // [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true - // [1] https://bugzilla.mozilla.org/1246540#c145 - // [-] https://bugzilla.mozilla.org/1424917 -user_pref("security.mixed_content.use_hsts", true); -user_pref("security.mixed_content.send_hsts_priming", false); -// 1606: set the default Referrer Policy [FF53+] - replaced by network.http.referer.defaultPolicy - // [-] https://bugzilla.mozilla.org/587523 -user_pref("network.http.referer.userControlPolicy", 3); -// 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect - // [-] (part8) https://bugzilla.mozilla.org/1416703#c21 -user_pref("security.xpconnect.plugin.unrestricted", false); -// 2022: disable screensharing domain whitelist - // [-] https://bugzilla.mozilla.org/1411742 -user_pref("media.getusermedia.screensharing.allowed_domains", ""); -// 2023: disable camera stuff - // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 -user_pref("camera.control.face_detection.enabled", false); -// 2202: prevent scripts from changing the status text - // [-] https://bugzilla.mozilla.org/1425999 -user_pref("dom.disable_window_status_change", true); -// 2416: disable idle observation - // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 -user_pref("dom.idle-observers-api.enabled", false); -// ***/ -/* FF60 -// 0360: disable new tab tile ads & preload & marketing junk - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133 -user_pref("browser.newtabpage.directory.source", "data:text/plain,"); -user_pref("browser.newtabpage.enhanced", false); -user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503) - // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" - // [1] https://wiki.mozilla.org/Firefox/Shield - // [2] https://github.com/mozilla/normandy - // [-] https://bugzilla.mozilla.org/1436113 -user_pref("extensions.shield-recipe-client.enabled", false); -user_pref("extensions.shield-recipe-client.api_url", ""); -// 0514: disable Activity Stream [FF54+] - // [-] https://bugzilla.mozilla.org/1433324 -user_pref("browser.newtabpage.activity-stream.enabled", false); -// 2301: disable workers - // Disabling workers *will* break sites (e.g. Google Street View, Twitter) - // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) - // [-] https://bugzilla.mozilla.org/1434934 -user_pref("dom.workers.enabled", false); -// 5000's: open "page/selection source" in a new window - // [-] https://bugzilla.mozilla.org/1418403 - // user_pref("view_source.tab", false); -// ***/ - /* ESR60.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF61 From 4119be3a860e811b00b78532eb68b855f3cfbf10 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Apr 2019 13:10:04 +0000 Subject: [PATCH 1122/1961] typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c70d519..1751984 100644 --- a/user.js +++ b/user.js @@ -1024,7 +1024,7 @@ user_pref("plugin.scan.plid.all", false); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); -user_pref("media.gmp-manager.updateEnabled", false); // HIDDEN PREF] +user_pref("media.gmp-manager.updateEnabled", false); // [HIDDEN PREF] /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); From 8ffbd818132391149714f8e54e93fe8c2c40cdc9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 04:30:59 +0000 Subject: [PATCH 1123/1961] remove SB & TP see #710 - SB: disabling it nothing to enhance privacy/security etc if changed from default - SB: I will not provide the prefs or encourage users to disable these, especially given that there is a UI - SB: the urls are redundant - SB: note: the binary checks stays - TP section is out of date (or soon will be), I'm not maintaining it, it has a UI and is best handled there --- user.js | 105 +++++++++----------------------------------------------- 1 file changed, 16 insertions(+), 89 deletions(-) diff --git a/user.js b/user.js index 1751984..788db22 100644 --- a/user.js +++ b/user.js @@ -44,7 +44,7 @@ 0100: STARTUP 0200: GEOLOCATION 0300: QUIET FOX - 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION + 0400: BLOCKLISTS / SAFE BROWSING 0500: SYSTEM ADD-ONS / EXPERIMENTS 0600: BLOCK IMPLICIT OUTBOUND 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc @@ -275,67 +275,28 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); -/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION - This section has security & tracking protection implications vs privacy concerns vs effectiveness - vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) - and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. +/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) + Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never + sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real + PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. + Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) + doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed - to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. - These do rely on 3rd parties (Google for SB and Disconnect for TP), but many steps, which are - continually being improved, have been taken to preserve privacy. Disable at your own risk. + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/** BLOCKLISTS ***/ -/* 0401: enable Firefox blocklist, but sanitize blocklist url +/* 0401: enforce Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists - * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/ - // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates - // user_pref("services.blocklist.addons.collection", ""); - // user_pref("services.blocklist.plugins.collection", ""); - // user_pref("services.blocklist.gfx.collection", ""); - -/** SAFE BROWSING (SB) - This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data - being sent to Google from all other settings such as using local blocklists/whitelists and updating - those lists. There are NO privacy issues here. *IF* required, a full url is never sent to Google, - only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also - swear it is anonymized and only used to flag malicious sites/activity. Firefox also takes measures - such as striping out identifying parameters and storing safe browsing cookies in a separate jar. - SB v4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410: disable "Block dangerous and deceptive content" - * This covers deceptive sites such as phishing and social engineering - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.malware.enabled", false); - // user_pref("browser.safebrowsing.phishing.enabled", false); // [FF50+] -/* 0411: disable "Block dangerous downloads" - * This covers malware and PUPs (potentially unwanted programs) - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable "Warn me about unwanted and uncommon software" - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // [FF48+] - // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // [FF48+] - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // [FF49+] - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // [FF49+] -/* 0413: disable Google safebrowsing updates ***/ - // user_pref("browser.safebrowsing.provider.google.updateURL", ""); - // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // [FF50+] - // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // [FF50+] -/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ +/* 0402: disable binaries NOT in Safe Browsing local lists being checked + * [SETUP-WEB] This is a real-time check with Google. If you want this protection, turn it on ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); -/* 0415: disable reporting URLs ***/ +/* 0403: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // [FF50+] @@ -343,43 +304,15 @@ user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); / user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // [FF54+] user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // [FF54+] user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // [FF54+] -/* 0416: disable 'ignore this warning' on Safe Browsing warnings +/* 0404: disable 'ignore this warning' on Safe Browsing warnings * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/* 0417: disable data sharing [FF58+] ***/ +/* 0405: disable data sharing [FF58+] ***/ user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); -/** TRACKING PROTECTION (TP) - There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, - as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ -/* 0420: enable Tracking Protection in all windows - * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) - * [1] https://wiki.mozilla.org/Security/Tracking_protection - * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT: true] - // user_pref("privacy.trackingprotection.enabled", true); -/* 0422: set which Tracking Protection block list to use - * [WARNING] We don't recommend enforcing this from here, as available block lists can change - * [SETTING] Privacy & Security>Content Blocking>All Detected Trackers>Change block list ***/ - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic -/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting [FF48+] - * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - * [2] https://bugzilla.mozilla.org/1237198 ***/ - // user_pref("browser.safebrowsing.blockedURIs.enabled", false); -/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ - // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -/* 0425: disable passive Tracking Protection [FF53+] - * Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list - * [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows - * This is included for people who want to completely disable Tracking Protection. - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ - // user_pref("privacy.trackingprotection.annotate_channels", false); - // user_pref("privacy.trackingprotection.lower_network_priority", false); - /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. @@ -974,7 +907,7 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header - * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref + * [NOTE] DNT is enforced with Tracking Protection regardless of this pref * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/ user_pref("privacy.donottrackheader.enabled", true); @@ -1848,12 +1781,6 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // [SETTING] General>Firefox Updates>Never check for updates // [-] https://bugzilla.mozilla.org/1420514 // user_pref("app.update.enabled", false); -// 0402: enable Kinto blocklist updates [FF50+] - // What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes - // [-] https://bugzilla.mozilla.org/1458917 -user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true] // 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false); From ce3d5a8cbe5c8350654b7b31bfb826ff181b8391 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 04:52:58 +0000 Subject: [PATCH 1124/1961] 24 inactive SB+TP prefs, see #710 --- scratchpad-scripts/ghacks-clear-[removed].js | 25 ++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index e48fb22..fd5d646 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -132,6 +132,31 @@ 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', 'pdfjs.enableWebGL', + /* 67-beta: SB & TP cleanup: these were all inactive */ + 'browser.safebrowsing.downloads.enabled', + 'browser.safebrowsing.downloads.remote.block_dangerous', + 'browser.safebrowsing.downloads.remote.block_dangerous_host', + 'browser.safebrowsing.downloads.remote.block_potentially_unwanted', + 'browser.safebrowsing.downloads.remote.block_uncommon', + 'browser.safebrowsing.blockedURIs.enabled', + 'browser.safebrowsing.malware.enabled', + 'browser.safebrowsing.phishing.enabled', + 'browser.safebrowsing.provider.google.gethashURL', + 'browser.safebrowsing.provider.google.updateURL', + 'browser.safebrowsing.provider.google4.gethashURL', + 'browser.safebrowsing.provider.google4.updateURL', + 'browser.safebrowsing.provider.mozilla.gethashURL', + 'browser.safebrowsing.provider.mozilla.updateURL', + 'privacy.trackingprotection.annotate_channels', + 'privacy.trackingprotection.enabled', + 'privacy.trackingprotection.lower_network_priority', + 'privacy.trackingprotection.pbmode.enabled', + 'services.blocklist.update_enabled', + 'services.blocklist.onecrl.collection', + 'services.blocklist.addons.collection', + 'services.blocklist.plugins.collection', + 'services.blocklist.gfx.collection', + 'urlclassifier.trackingTable', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From ed687fc7ca6535e149a873cb6a8d00c3e7bf0010 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 05:06:43 +0000 Subject: [PATCH 1125/1961] 1820: update -> inactive, see #709 At best disabling the background update of gmp means not only an extra item for those who wish to use it (e.g widevine, netflix) to have to deal with, but also a time delay in getting the actual download. At worst, it could cause users to use an old dll (security risk). I will leave it in, for now, but am seriously considering removing it, so don't cry if I do. --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 788db22..bc7b6b8 100644 --- a/user.js +++ b/user.js @@ -957,7 +957,7 @@ user_pref("plugin.scan.plid.all", false); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); -user_pref("media.gmp-manager.updateEnabled", false); // [HIDDEN PREF] + // user_pref("media.gmp-manager.updateEnabled", false); // [HIDDEN PREF] /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); From 579aa3aa9c8296293367670049374256cf4165f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 05:27:16 +0000 Subject: [PATCH 1126/1961] 0402: tidy up, see #710 --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index bc7b6b8..b0bf1d0 100644 --- a/user.js +++ b/user.js @@ -20,6 +20,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum + * Real time binary checks with Google services are disabled (0402) * You will still get prompts to update Firefox, but auto-installing them is disabled (0302a) * Some user data is erased on close (section 2800). Change this to suit your needs * EACH RELEASE check: @@ -32,9 +33,11 @@ * You will need to make changes, and to troubleshoot at times (choose wisely, there is always a trade-off). While not 100% definitive, search for "[SETUP". If required, add each pref to your overrides section at default values (or comment them out and reset them in about:config). Here are the main ones: + [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break [SETUP-CHROME] changes how Firefox itself behaves (i.e. NOT directly website related) [SETUP-PERF] may impact performance + [SETUP-HARDEN] maybe you should consider using the Tor Browser * [WARNING] tags are extra special and used sparingly, so heed them 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance @@ -293,7 +296,8 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: disable binaries NOT in Safe Browsing local lists being checked - * [SETUP-WEB] This is a real-time check with Google. If you want this protection, turn it on ***/ + * This is a real-time check with Google services. + * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); /* 0403: disable reporting URLs ***/ From 59930d46970f0d371c2802afa663a01fe1a2deb4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 05:29:53 +0000 Subject: [PATCH 1127/1961] 0402, remove redundant pref, see #709 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index b0bf1d0..92c28ee 100644 --- a/user.js +++ b/user.js @@ -299,7 +299,6 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi * This is a real-time check with Google services. * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.url", ""); /* 0403: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); From 48f3dfec841704e0fadfb01f427352a91f9cece0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 05:31:17 +0000 Subject: [PATCH 1128/1961] browser.safebrowsing.downloads.remote.url --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index fd5d646..4e86ede 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 28-Apr-2019 + Last updated: 29-Apr-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -127,6 +127,7 @@ 'browser.cache.disk.capacity', 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', + 'browser.safebrowsing.downloads.remote.url', 'canvas.capturestream.enabled', 'media.gmp-manager.url', 'media.gmp-manager.url.override', From b28677a59439f79dcd01d8e1c19ac5c8906b61ba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 06:32:47 +0000 Subject: [PATCH 1129/1961] 1825: widevine update to inactive, see #709 - at worse, the update pref causes a security risk. I'll leave it in for now --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 92c28ee..5754d76 100644 --- a/user.js +++ b/user.js @@ -964,7 +964,7 @@ user_pref("media.gmp-provider.enabled", false); /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); -user_pref("media.gmp-widevinecdm.autoupdate", false); + // user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP-WEB] * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ From 675577fb8dee5801275503475ace89d3233421c3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 11:12:05 +0000 Subject: [PATCH 1130/1961] 1800: remove redundant flash prefs, closes #714 --- user.js | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/user.js b/user.js index 5754d76..14972be 100644 --- a/user.js +++ b/user.js @@ -939,24 +939,15 @@ user_pref("privacy.userContext.longPressBehavior", 2); /*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1801: set default plugin state (i.e. new plugins on discovery) to never activate - * 0=disabled, 1=ask to activate, 2=active - you can override individual plugins ***/ -user_pref("plugin.default.state", 0); -user_pref("plugin.defaultXpi.state", 0); /* 1802: enable click to play and set to 0 minutes ***/ user_pref("plugins.click_to_play", true); user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); -/* 1803: disable Flash plugin (Add-ons>Plugins) +/* 1803: disable Flash plugin * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash * [NOTE] You can still override individual sites via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ user_pref("plugin.state.flash", 0); -/* 1805: disable scanning for plugins [WINDOWS] - * [1] http://kb.mozillazine.org/Plugin_scanning - * plid.all = whether to scan the directories specified in the Windows registry for PLIDs. - * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ -user_pref("plugin.scan.plid.all", false); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); From 0eb107abf33b576a612407c585d1f45990e4aefc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 11:14:50 +0000 Subject: [PATCH 1131/1961] 3 x plugin prefs, see #714 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 4e86ede..2df664a 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -132,6 +132,9 @@ 'media.gmp-manager.url', 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.scan.plid.all', 'pdfjs.enableWebGL', /* 67-beta: SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.enabled', From 50afeb18616f310bcd74b52eb8d1c01e3028064e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 17:14:23 +0000 Subject: [PATCH 1132/1961] 0205: -> inactive, closes #0707 --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 14972be..9891458 100644 --- a/user.js +++ b/user.js @@ -153,8 +153,11 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ user_pref("browser.search.region", "US"); // [HIDDEN PREF] user_pref("browser.search.geoip.url", ""); -/* 0205: set OS & APP locale [FF59+] - * If set to empty, the OS locales are used. If not set at all, default locale is used ***/ +/* 0205: set Firefox language [FF59+] [RESTART] + * Go to the end of about:support to view Internationalization & Localization settings + * If set to empty, the OS locales are used. If not set at all, default locale is used + * This is the language used in menus, about pages, messages, and notifications from Firefox ***/ + // user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ From bb788682c979d71f8e0ba82d5e71857d013e08f4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 17:44:53 +0000 Subject: [PATCH 1133/1961] fixup: remove duplicate pref --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 9891458..be835bf 100644 --- a/user.js +++ b/user.js @@ -158,12 +158,12 @@ user_pref("browser.search.geoip.url", ""); * If set to empty, the OS locales are used. If not set at all, default locale is used * This is the language used in menus, about pages, messages, and notifications from Firefox ***/ // user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] -user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); -/* 0207: set language to match ***/ +/* 0207: set preferred language for diplaying web pages + * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0208: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/867501 ***/ @@ -299,7 +299,7 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /* 0402: disable binaries NOT in Safe Browsing local lists being checked - * This is a real-time check with Google services. + * This is a real-time check with Google services * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); /* 0403: disable reporting URLs ***/ From 50869a734f75e63b1fd2fd6d959c4ca3c1f5e689 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 18:13:47 +0000 Subject: [PATCH 1134/1961] [setup-*] always goes after [notes] --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index be835bf..31091f3 100644 --- a/user.js +++ b/user.js @@ -1074,11 +1074,11 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * Service workers essentially act as proxy servers that sit between web apps, and the browser * and network, are event driven, and can control the web page/site it is associated with, * intercepting and modifying navigation and resource requests, and caching resources. + * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. + * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. * [SETUP-WEB] Disabling service workers will break some sites. This pref is a master switch, and controls * notifications (2304, 2305) and service worker cache (2740) - all three are inactive. Notifications are - * behind a prompt (2306). If you enable service workers, then you may want to look at these prefs as well. - * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. - * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. ***/ + * behind a prompt (2306). If you enable service workers, then you may want to look at those as well ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications * [NOTE] Web Notifications require service workers (2302) and are behind a prompt (2306) From 9da3cf4be88dfd19fe78cf000b937aa1e8e52f3e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 18:21:01 +0000 Subject: [PATCH 1135/1961] 1840: openh264: remove, see #709 Instead of being inactive, remove this. WebRTC is already blocked. And it can also be controlled by 1820. Redundant and does nothing extra for privacy, security etc --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index 31091f3..3dc9ff8 100644 --- a/user.js +++ b/user.js @@ -963,10 +963,6 @@ user_pref("media.gmp-widevinecdm.enabled", false); * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); -/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-HARDEN] - * This is the bundled codec used for video chat in WebRTC ***/ - // user_pref("media.gmp-gmpopenh264.enabled", false); - // user_pref("media.gmp-gmpopenh264.autoupdate", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); From 4dd40bddcca6c15da0751ca36bf87b0ed24e8b2c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Apr 2019 18:22:39 +0000 Subject: [PATCH 1136/1961] 2 x gmp openh264 --- scratchpad-scripts/ghacks-clear-[removed].js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 2df664a..98ca140 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -110,6 +110,8 @@ 'browser.eme.ui.enabled', 'browser.sessionstore.max_windows_undo', 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'user_pref("media.gmp-gmpopenh264.enabled', + 'user_pref("media.gmp-gmpopenh264.autoupdate', 'media.peerconnection.ice.tcp', 'media.peerconnection.identity.enabled', 'media.peerconnection.identity.timeout', From c3a74a7c6eedd4d5e3b7b2c22a067b1057416d60 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 07:21:08 +0000 Subject: [PATCH 1137/1961] 2615: remove obsolete note 1445942 was resolved in FF66 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 3dc9ff8..9b89499 100644 --- a/user.js +++ b/user.js @@ -1237,7 +1237,6 @@ user_pref("middlemouse.contentLoadURL", false); user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block - * [NOTE] In FF65 and under, causes issues with delete and backspace keys (see 1445942) * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); /* 2616: remove special permissions for certain mozilla domains [FF35+] From 11f40f8a84f45933a4871d1a8fca796d906add44 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 08:25:06 +0000 Subject: [PATCH 1138/1961] 1800s remove: gmp/cdm update prefs, see #709 --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 9b89499..e437551 100644 --- a/user.js +++ b/user.js @@ -954,11 +954,9 @@ user_pref("plugin.state.flash", 0); /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ user_pref("media.gmp-provider.enabled", false); - // user_pref("media.gmp-manager.updateEnabled", false); // [HIDDEN PREF] /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); - // user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP-WEB] * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ From 0d40613268d793aa3d9df029ba0066614f3b6d15 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 08:26:59 +0000 Subject: [PATCH 1139/1961] 2 x update prefs, see #709 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 98ca140..baae99b 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 29-Apr-2019 + Last updated: 30-Apr-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -112,6 +112,8 @@ 'network.auth.subresource-img-cross-origin-http-auth-allow', 'user_pref("media.gmp-gmpopenh264.enabled', 'user_pref("media.gmp-gmpopenh264.autoupdate', + 'user_pref("media.gmp-manager.updateEnabled', + 'user_pref("media.gmp-widevinecdm.autoupdate', 'media.peerconnection.ice.tcp', 'media.peerconnection.identity.enabled', 'media.peerconnection.identity.timeout', From 600f9677e93ad0cc5e884d8ae82b6d509e1244fc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 09:10:42 +0000 Subject: [PATCH 1140/1961] 1820+1825+1830 changes, closes #709 --- user.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index e437551..c1ea4f9 100644 --- a/user.js +++ b/user.js @@ -951,13 +951,15 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); * [NOTE] You can still override individual sites via site permissions * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ user_pref("plugin.state.flash", 0); -/* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB] +/* 1820: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ -user_pref("media.gmp-provider.enabled", false); -/* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/ + // user_pref("media.gmp-provider.enabled", false); +/* 1825: disable widevine CDM (Content Decryption Module) + * [SETUP-WEB] if you *need* CDM, e.g. Netflix, Amazon Prime, Hulu, whatever ***/ user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); -/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP-WEB] +/* 1830: disable all DRM content (EME: Encryption Media Extension) + * [SETUP-WEB] if you *need* EME, e.g. Netflix, Amazon Prime, Hulu, whatever * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); From 57618a31dc92ddb211054dbb16cd6f1850912d11 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 10:05:03 +0000 Subject: [PATCH 1141/1961] fixups --- scratchpad-scripts/ghacks-clear-[removed].js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index baae99b..f4bafbf 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -110,10 +110,6 @@ 'browser.eme.ui.enabled', 'browser.sessionstore.max_windows_undo', 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'user_pref("media.gmp-gmpopenh264.enabled', - 'user_pref("media.gmp-gmpopenh264.autoupdate', - 'user_pref("media.gmp-manager.updateEnabled', - 'user_pref("media.gmp-widevinecdm.autoupdate', 'media.peerconnection.ice.tcp', 'media.peerconnection.identity.enabled', 'media.peerconnection.identity.timeout', @@ -133,6 +129,10 @@ 'browser.cache.disk.smart_size.first_run', 'browser.safebrowsing.downloads.remote.url', 'canvas.capturestream.enabled', + 'media.gmp-gmpopenh264.enabled', + 'media.gmp-gmpopenh264.autoupdate', + 'media.gmp-manager.updateEnabled', + 'media.gmp-widevinecdm.autoupdate', 'media.gmp-manager.url', 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', From f1d28f3878d6051e98a4b81f24ca26a0d37d52d6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 10:10:59 +0000 Subject: [PATCH 1142/1961] pedantic aphabetical sorting --- scratchpad-scripts/ghacks-clear-[removed].js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index f4bafbf..9d674c8 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -122,24 +122,24 @@ 'browser.urlbar.maxHistoricalSearchSuggestions', /* 67-beta */ 'app.update.service.enabled', - 'app.update.staging.enabled', 'app.update.silent', + 'app.update.staging.enabled', 'browser.cache.disk.capacity', 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'browser.safebrowsing.downloads.remote.url', 'canvas.capturestream.enabled', - 'media.gmp-gmpopenh264.enabled', 'media.gmp-gmpopenh264.autoupdate', + 'media.gmp-gmpopenh264.enabled', 'media.gmp-manager.updateEnabled', - 'media.gmp-widevinecdm.autoupdate', 'media.gmp-manager.url', 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', + 'media.gmp-widevinecdm.autoupdate', + 'pdfjs.enableWebGL', 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', - 'pdfjs.enableWebGL', /* 67-beta: SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.enabled', 'browser.safebrowsing.downloads.remote.block_dangerous', From 7bb0bfefe1314c0d83574e23a839543ddd93a7fb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 13:46:41 +0000 Subject: [PATCH 1143/1961] combine search suggestions, add tag, see #609 also remove `browser.urlbar.userMadeSearchSuggestionsChoice` --- user.js | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index c1ea4f9..22274a1 100644 --- a/user.js +++ b/user.js @@ -504,14 +504,12 @@ user_pref("browser.sessionhistory.max_entries", 10); user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs ***/ user_pref("browser.urlbar.filter.javascript", true); // [DEFAULT: true] -/* 0807: disable search bar LIVE search suggestions - * [SETTING] Search>Provide search suggestions ***/ +/* 0807: disable live search suggestions +/* [NOTE] Both must be true for the location bar to work + * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine + * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); -/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - * Also disable the location bar prompt to enable/disable or learn more about it. - * [SETTING] Search>Show search suggestions in address bar results ***/ user_pref("browser.urlbar.suggest.searches", false); -user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // [FF41+] /* 0809: disable location bar suggesting "preloaded" top websites [FF54+] * [1] https://bugzilla.mozilla.org/1211726 ***/ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); @@ -528,7 +526,7 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * This value controls the total number of entries to appear in the location bar dropdown * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always * be displayed (no we do not know how these are calculated or what the threshold is), - * and this does not affect the search by search engine suggestion (see 0808) + * and this does not affect the search by search engine suggestion (see 0807) * [NOTE] This setting is only useful if you want to enable search engine keywords * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/ // user_pref("browser.urlbar.maxRichResults", 0); From 1e0b3d74f91668bd6d3bd4e7444ae1c8327a3c4a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 13:51:13 +0000 Subject: [PATCH 1144/1961] browser.urlbar.userMadeSearchSuggestionsChoice - a user can click the one-off prompt when they first see it - it's also set when you go changing search suggestions in options --- scratchpad-scripts/ghacks-clear-[removed].js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 9d674c8..845780e 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -155,15 +155,16 @@ 'browser.safebrowsing.provider.google4.updateURL', 'browser.safebrowsing.provider.mozilla.gethashURL', 'browser.safebrowsing.provider.mozilla.updateURL', + 'browser.urlbar.userMadeSearchSuggestionsChoice', 'privacy.trackingprotection.annotate_channels', 'privacy.trackingprotection.enabled', 'privacy.trackingprotection.lower_network_priority', 'privacy.trackingprotection.pbmode.enabled', - 'services.blocklist.update_enabled', - 'services.blocklist.onecrl.collection', 'services.blocklist.addons.collection', - 'services.blocklist.plugins.collection', 'services.blocklist.gfx.collection', + 'services.blocklist.onecrl.collection', + 'services.blocklist.plugins.collection', + 'services.blocklist.update_enabled', 'urlclassifier.trackingTable', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 99eb835e7a8d23655c7f72c9641c192dcc2ad5ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Apr 2019 14:26:48 +0000 Subject: [PATCH 1145/1961] merge 0603 + 0608 - also remove reference which is pretty much useless --- user.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 22274a1..d88aff3 100644 --- a/user.js +++ b/user.js @@ -378,9 +378,9 @@ user_pref("network.prefetch-next", false); * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF] -/* 0603: disable Seer/Necko - * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Necko ***/ +/* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); +user_pref("network.predictor.enable-prefetch", false); // [FF48+] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ @@ -390,8 +390,6 @@ user_pref("network.http.speculative-parallel-limit", 0); * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ user_pref("browser.send_pings", false); // [DEFAULT: false] user_pref("browser.send_pings.require_same_host", true); -/* 0608: disable predictor / prefetching [FF48+] ***/ -user_pref("network.predictor.enable-prefetch", false); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); From c55ecbd8b2f48ff4d8f2350987913afa9f616237 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 May 2019 00:30:27 +0000 Subject: [PATCH 1146/1961] 0701: IPv6, MOAR info --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index d88aff3..9184d47 100644 --- a/user.js +++ b/user.js @@ -395,9 +395,11 @@ user_pref("browser.send_pings.require_same_host", true); user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice - * with VPNs. That's even assuming your ISP and/or router and/or website can handle it - * [NOTE] This is just an application level fallback. Disabling IPv6 is best done - * at an OS/network level, and/or configured properly in VPN setups + * with VPNs. That's even assuming your ISP and/or router and/or website can handle it. + * Firefox telemetry (April 2019) shows only 5% of all connections are IPv6. + * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an + * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, + * then this won't make much difference. If you are maksing your IP, then it can only help. * [TEST] http://ipv6leak.com/ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ From 1ff14e31c09f2326ec40bdb0afacc10ff26d88f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 May 2019 00:47:14 +0000 Subject: [PATCH 1147/1961] 1201: TLS max -> inactive Lets be consistent, we don't make min active as it alters your FP, and the risk is super low (updated the telemetry stat: down from 2% to 0.5%). Default max is now 4 anyway (don't care about ESR - they should be using the v60 archive). --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9184d47..1b77c9a 100644 --- a/user.js +++ b/user.js @@ -698,12 +698,13 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 - * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 + * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. + * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ * [2] archived: https://archive.is/hY2Mm ***/ // user_pref("security.tls.version.min", 3); -user_pref("security.tls.version.max", 4); + // user_pref("security.tls.version.max", 4); /* 1203: disable SSL session tracking [FF36+] * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the From dab27cd143d088b250eab1493f87814fc14e125d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 00:09:05 +0000 Subject: [PATCH 1148/1961] spring cleaning, part 1: see #716 All of these are the same as default, checked back to ESR60 and Ff60. Except 2211 which is not considered an issue by TB for example, and it doesn't enhance anything IMO --- user.js | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/user.js b/user.js index 1b77c9a..a7c8fe9 100644 --- a/user.js +++ b/user.js @@ -432,10 +432,6 @@ user_pref("network.http.altsvc.oe", false); * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0706: remove paths when sending URLs to PAC scripts [FF51+] - * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) - * [1] https://bugzilla.mozilla.org/1255474 ***/ -user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats but always use native result @@ -502,8 +498,6 @@ user_pref("browser.sessionhistory.max_entries", 10); * [2] https://bugzilla.mozilla.org/147777 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); -/* 0806: disable displaying javascript in history URLs ***/ -user_pref("browser.urlbar.filter.javascript", true); // [DEFAULT: true] /* 0807: disable live search suggestions /* [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine @@ -579,14 +573,6 @@ user_pref("security.password_lifetime", 5); * [NOTE] Password will still be auto-filled after a user name is manually entered * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ user_pref("signon.autofillForms", false); -/* 0906: disable websites' autocomplete="off" [FF30+] - * Don't let sites dictate use of saved logins and passwords. Increase security through - * stronger password use. The trade-off is the convenience. Some sites should never be - * saved (such as banking sites). Set at true, informed users can make their own choice. ***/ -user_pref("signon.storeWhenAutocompleteOff", true); // [DEFAULT: true] -/* 0907: display warnings for logins on non-secure (non HTTPS) pages - * [1] https://bugzilla.mozilla.org/1217156 ***/ -user_pref("security.insecure_password.ui.enabled", true); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); /* 0910: disable autofilling saved passwords on HTTP pages and show warning [FF52+] @@ -862,7 +848,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. - * Eventually privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) + * Eventually privacy.resistFingerprinting (see 4500) will cover this * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -997,9 +983,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false); /* 2027: disable camera image capture [FF35+] * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] -/* 2028: disable offscreen canvas [FF44+] - * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/ -user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] /* 2030: disable autoplay of HTML5 media [FF63+] * 0=Allowed, 1=Blocked (2=Prompt - removed in FF66) * [NOTE] You can set exceptions under site permissions @@ -1041,8 +1024,6 @@ user_pref("browser.link.open_newwindow.restriction", 0); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); -/* 2211: set max popups from a single non-click event - default is 20! ***/ -user_pref("dom.popup_maximum", 3); /* 2212: limit events that can cause a popup [SETUP-WEB] * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ @@ -1142,10 +1123,6 @@ user_pref("javascript.options.wasm", false); * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); -/* 2427: disable Shared Memory (Spectre mitigation) - * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md - * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/ -user_pref("javascript.options.shared_memory", false); /* 2428: enforce DOMHighResTimeStamp API * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] From 59a85bcdda6eaf3013c7c643bd6fcc9e092b36ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 00:35:04 +0000 Subject: [PATCH 1149/1961] spring cleaning, part 2: see #716 - 0910 same as default for desktop. Android is the opposite, must be for a reason. Android is not really my concern. - 1005: always been inactive: one less warning to deal with - 1008: always been inactive. defaults are 60, 60 --- user.js | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/user.js b/user.js index a7c8fe9..29204e6 100644 --- a/user.js +++ b/user.js @@ -575,11 +575,6 @@ user_pref("security.password_lifetime", 5); user_pref("signon.autofillForms", false); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); -/* 0910: disable autofilling saved passwords on HTTP pages and show warning [FF52+] - * [1] https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ - * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/ -user_pref("signon.autofillForms.http", false); -user_pref("security.insecure_field_warning.contextual.enabled", true); /* 0912: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+] * hardens against potential credentials phishing * 0=don't allow sub-resources to open HTTP authentication credentials dialogs @@ -614,20 +609,10 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF] -/* 1005: disable fastback cache - * To improve performance when pressing back/forward Firefox stores visited pages - * so they don't have to be re-parsed. This is not the same as memory cache. - * 0=none, -1=auto (that's minus 1), or for other values see [1] - * [WARNING] Not recommended unless you know what you're doing - * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ - // user_pref("browser.sessionhistory.max_total_viewers", 0); /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] -/* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ - // user_pref("network.dnsCacheEntries", 400); - // user_pref("network.dnsCacheExpiration", 60); /** SESSIONS & SESSION RESTORE ***/ /* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ From 57f4bd46e9f193e46c02029d9e40b4c214988b21 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 00:41:08 +0000 Subject: [PATCH 1150/1961] spring cleaning, closes #716 --- scratchpad-scripts/ghacks-clear-[removed].js | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 845780e..fa78bc7 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 30-Apr-2019 + Last updated: 02-May-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -128,7 +128,12 @@ 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'browser.safebrowsing.downloads.remote.url', + 'browser.sessionhistory.max_total_viewers' + 'browser.urlbar.filter.javascript', 'canvas.capturestream.enabled', + 'dom.popup_maximum', + 'gfx.offscreencanvas.enabled', + 'javascript.options.shared_memory', 'media.gmp-gmpopenh264.autoupdate', 'media.gmp-gmpopenh264.enabled', 'media.gmp-manager.updateEnabled', @@ -136,11 +141,18 @@ 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', 'media.gmp-widevinecdm.autoupdate', + 'network.dnsCacheEntries' + 'network.dnsCacheExpiration' + 'network.proxy.autoconfig_url.include_path', 'pdfjs.enableWebGL', 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', - /* 67-beta: SB & TP cleanup: these were all inactive */ + 'security.insecure_field_warning.contextual.enabled", true); + 'security.insecure_password.ui.enabled', + 'signon.autofillForms.http", false); + 'signon.storeWhenAutocompleteOff', + /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.enabled', 'browser.safebrowsing.downloads.remote.block_dangerous', 'browser.safebrowsing.downloads.remote.block_dangerous_host', From 329719fe257c321d234f11ec47ff0445e1cbff75 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 02:03:56 +0000 Subject: [PATCH 1151/1961] 0400s: more cleanup, see #710 --- user.js | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 29204e6..d6bc96e 100644 --- a/user.js +++ b/user.js @@ -302,22 +302,13 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi * This is a real-time check with Google services * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); -/* 0403: disable reporting URLs ***/ -user_pref("browser.safebrowsing.provider.google.reportURL", ""); -user_pref("browser.safebrowsing.reportPhishURL", ""); -user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // [FF50+] -user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // [FF54+] -user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // [FF54+] -user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // [FF54+] -user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // [FF54+] +/* 0403: disable data sharing [FF58+] ***/ +user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); /* 0404: disable 'ignore this warning' on Safe Browsing warnings * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/* 0405: disable data sharing [FF58+] ***/ -user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); -user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be From ccec62f66b10e2f205c59fe5386ffe426bf78bdc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 02:09:35 +0000 Subject: [PATCH 1152/1961] SB reporting URLs, closes #710 - the two reportURLs required the user to actively opt to send a report - the other five reporting URLs use Mozilla domains, which is not a problem. Not entirely sure if they get used or how, don't care - the dataSharingURL is not needed, the corresponding .enabled pref is sufficent --- scratchpad-scripts/ghacks-clear-[removed].js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index fa78bc7..26a4f84 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -128,6 +128,14 @@ 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'browser.safebrowsing.downloads.remote.url', + 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google.reportURL', + 'browser.safebrowsing.provider.google4.dataSharingURL', + 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google4.reportURL', + 'browser.safebrowsing.reportPhishURL', 'browser.sessionhistory.max_total_viewers' 'browser.urlbar.filter.javascript', 'canvas.capturestream.enabled', From 7394f2f55395ac20a9752a64430d56c3a345e404 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 07:36:04 +0000 Subject: [PATCH 1153/1961] 2027: remove, #716 default false since forever --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index d6bc96e..651963c 100644 --- a/user.js +++ b/user.js @@ -956,9 +956,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); -/* 2027: disable camera image capture [FF35+] - * [1] https://trac.torproject.org/projects/tor/ticket/16339 ***/ -user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false] /* 2030: disable autoplay of HTML5 media [FF63+] * 0=Allowed, 1=Blocked (2=Prompt - removed in FF66) * [NOTE] You can set exceptions under site permissions From 720253eca3afec3a5056e2eaba3e87c60a222ea7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 07:36:55 +0000 Subject: [PATCH 1154/1961] dom.imagecapture.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 26a4f84..6b89f1a 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 02-May-2019 + Last updated: 03-May-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -139,6 +139,7 @@ 'browser.sessionhistory.max_total_viewers' 'browser.urlbar.filter.javascript', 'canvas.capturestream.enabled', + 'dom.imagecapture.enabled', 'dom.popup_maximum', 'gfx.offscreencanvas.enabled', 'javascript.options.shared_memory', From 7f6d7c6a52392b3e8b83b4d8c99fb3c4fa1bd905 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 07:48:12 +0000 Subject: [PATCH 1155/1961] fixups --- scratchpad-scripts/ghacks-clear-[removed].js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 6b89f1a..41f1769 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -136,7 +136,7 @@ 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', 'browser.safebrowsing.provider.google4.reportURL', 'browser.safebrowsing.reportPhishURL', - 'browser.sessionhistory.max_total_viewers' + 'browser.sessionhistory.max_total_viewers', 'browser.urlbar.filter.javascript', 'canvas.capturestream.enabled', 'dom.imagecapture.enabled', @@ -157,9 +157,9 @@ 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', - 'security.insecure_field_warning.contextual.enabled", true); + 'security.insecure_field_warning.contextual.enabled', 'security.insecure_password.ui.enabled', - 'signon.autofillForms.http", false); + 'signon.autofillForms.http', 'signon.storeWhenAutocompleteOff', /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.enabled', From 2a304369050d3243713ac94625dc84cf8db09ada Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 07:49:47 +0000 Subject: [PATCH 1156/1961] moar fixups --- scratchpad-scripts/ghacks-clear-[removed].js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 41f1769..8c4b8c0 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -150,8 +150,8 @@ 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', 'media.gmp-widevinecdm.autoupdate', - 'network.dnsCacheEntries' - 'network.dnsCacheExpiration' + 'network.dnsCacheEntries', + 'network.dnsCacheExpiration', 'network.proxy.autoconfig_url.include_path', 'pdfjs.enableWebGL', 'plugin.default.state', From da4cfce10fdbe1995d4bb33fc327e58b0a859553 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 3 May 2019 13:19:55 +0000 Subject: [PATCH 1157/1961] RFP: OS spoof changes FF68+ --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 651963c..8e9a140 100644 --- a/user.js +++ b/user.js @@ -1465,6 +1465,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763) FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829) + FF68: Reported OS versions updated to Windows 10, OS 10.14, and Adnroid 8.1 (1511434) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From 473e88c7845235fe1b6dc8c683e22a051e2ccaa6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 5 May 2019 17:28:47 +0000 Subject: [PATCH 1158/1961] spring cleaning, part 3: see #716 --- user.js | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/user.js b/user.js index 8e9a140..49392d9 100644 --- a/user.js +++ b/user.js @@ -302,9 +302,7 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi * This is a real-time check with Google services * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); -/* 0403: disable data sharing [FF58+] ***/ -user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); -/* 0404: disable 'ignore this warning' on Safe Browsing warnings +/* 0403: disable 'ignore this warning' on Safe Browsing warnings * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ @@ -1252,9 +1250,6 @@ user_pref("extensions.autoDisableScopes", 15); /* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) [FF60+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -/* 2663: enable warning when websites try to install add-ons - * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons ***/ -user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true] /** SECURITY ***/ /* 2680: enable CSP (Content Security Policy) @@ -1263,11 +1258,6 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 2682: enable CSP 1.1 experimental hash-source directive [FF29+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ user_pref("security.csp.experimentalEnabled", true); -/* 2683: block top level window data: URIs [FF56+] - * [1] https://bugzilla.mozilla.org/1331351 - * [2] https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ - * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/ -user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true] /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ @@ -1308,14 +1298,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ // user_pref("network.cookie.lifetimePolicy", 2); -/* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+] - * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/ -user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] -/* 2706: enable support for same-site cookies [FF60+] - * [1] https://bugzilla.mozilla.org/795346 - * [2] https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ - * [3] https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ ***/ - // user_pref("network.cookie.same-site.enabled", true); // [DEFAULT: true] /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ @@ -1330,9 +1312,6 @@ user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -/* 2730b: disable offline cache on insecure sites [FF60+] - * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/ -user_pref("browser.cache.offline.insecure.enable", false); // [DEFAULT: false in FF62+] /* 2731: enforce websites to ask to store data for offline use * [1] https://support.mozilla.org/questions/1098540 * [2] https://bugzilla.mozilla.org/959985 ***/ From be7c50c19824533922b935a593d306c586d32b0e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 5 May 2019 17:33:16 +0000 Subject: [PATCH 1159/1961] spring cleaning, part 3: closes #716 --- scratchpad-scripts/ghacks-clear-[removed].js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 8c4b8c0..ae61fd9 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 03-May-2019 + Last updated: 05-May-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -127,10 +127,12 @@ 'browser.cache.disk.capacity', 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', + 'browser.cache.offline.insecure.enable', 'browser.safebrowsing.downloads.remote.url', 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', 'browser.safebrowsing.provider.google.reportPhishMistakeURL', 'browser.safebrowsing.provider.google.reportURL', + 'browser.safebrowsing.provider.google4.dataSharing.enabled', 'browser.safebrowsing.provider.google4.dataSharingURL', 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', @@ -150,6 +152,8 @@ 'media.gmp-manager.url.override', 'media.gmp.trial-create.enabled', 'media.gmp-widevinecdm.autoupdate', + 'network.cookie.leave-secure-alone', + 'network.cookie.same-site.enabled', 'network.dnsCacheEntries', 'network.dnsCacheExpiration', 'network.proxy.autoconfig_url.include_path', @@ -157,10 +161,12 @@ 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', + 'security.data_uri.block_toplevel_data_uri_navigations', 'security.insecure_field_warning.contextual.enabled', 'security.insecure_password.ui.enabled', 'signon.autofillForms.http', 'signon.storeWhenAutocompleteOff', + 'xpinstall.whitelist.required', /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.enabled', 'browser.safebrowsing.downloads.remote.block_dangerous', From 540f5ce868a06d44b5c2912f34712551ba6cae8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 May 2019 05:18:16 +0000 Subject: [PATCH 1160/1961] FF68+ letterboxing changes --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 49392d9..18c3c38 100644 --- a/user.js +++ b/user.js @@ -1497,9 +1497,9 @@ user_pref("privacy.resistFingerprinting", true); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] /* 4504: enable RFP letterboxing [FF67+] - * Dynamically resizes the inner window in 200w x100h steps by applying letterboxing, using dimensions - * which waste the least content area, If you use the dimension pref, then it will only apply those - * resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") + * Dynamically resizes the inner window (FF67; 200w x100h: FF68+; stepped ranges) by applying letterboxing, + * using dimensions which waste the least content area, If you use the dimension pref, then it will only apply + * those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * [NOTE] This does NOT require RFP (see 4501) **for now** * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it * [1] https://bugzilla.mozilla.org/1407366 ***/ From 842a78692e86faa1cf29b5e83f7997b12c94a30d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 May 2019 09:19:32 +0000 Subject: [PATCH 1161/1961] Delete exceptions01.png --- wikipiki/exceptions01.png | Bin 47041 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/exceptions01.png diff --git a/wikipiki/exceptions01.png b/wikipiki/exceptions01.png deleted file mode 100644 index 1733fbb8593c7b33b2fc12c50810f956495bd304..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 47041 zcmV){Kz+Z7P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z006A)NkldvXeq^^ zltK#yiaQh!5F<+5eUo*)GBfA*$6T4YckbQ0Nw9wB;k9J<%E*}`&v`y3O8bs$GW1v| z(%vMENC&mO%IMp-H$8%M{gv)s1%Yt>*@I)cd`%Si1qwfQp%6Vdm)mEBu-+H856Q%5 zW%A1|jU^nP5`1AH3TrXZgSL|{pGdWYz5nd%W|4c;)!c7RX1|?!qQZ7Ak?X!i#w%i< zKBCOmq;&6RGUs1n-!!;=zQ|~N$(IdsAIv6Se2AR4Blm4T?ZH?S`>el+tohsR!17b> zHDX_WS9G&J@8k8*^*RMYAiFeOZwp3R+XFSFJ`OtW7!En)Fs4kMifNh!-k@|&TGH)( znPYJgS=~iCCP9}on$mrN7Rk>iz9_8gk-5f#lpsXvngw8D=6s6M`M)gEAQBg0O4Hdc zCM2&y%H($?(sbUhl+rq0;()1t0cpzA{YhzB_m=p+DJ3F7PmpG+4WyJvA#KfX9aAC` z=duoHCp}hs351Z=dotZl$^KWVYOxCKFW?=RQA~RNB+vhTSg-D&rx@$AD z8%mkcpE8b+@eI=wi|ElX>lrc0F>0ht4St#Kyoo!r{!2c;}oge2;Pu?_KV3 zPq%j&k@-T-&x^tjFZO&a3P-z(T&q}~_7W~n!bz4z4mKv;`meBmaqj3YXy|olP#SCBi;wBJGo-%+uus(uK!bhf2O?rWf^$7En^n<|Ig_v|Xo6 z+>Vf0Go_UF1>3YO80iHeb>GQrQc~@gv4C2iGfkN~Hkg>EMJS}1BpN1W>RbszkRV9b z?*?Y-caT_wLz+hFv!-b#{!K5$rkQvKsdLzmY1*zU{aTuQ*xNioOpvK|OErlp69mpW zuQX+f0Ez@rk}^$fgep=bD%n?3?Uy2T$>R%95=2o5*U8!Hme#ckq1f8l;;fJ+c-Etl zU^oek=}JuKc0v-ik!zm>3f-w8rGqRaNu`Z~qS*UeVsl_hnYwRlFq?Sr;NgoT0gD{} zlIL|LG3O;-QDKsbm?iu@^xV>4$F8j&?8Szi^oiHYrfp$KbTO}r+A zKv6{Axl$C!e>1sI>Pkgo{euue|mKKA%QWQP^c$l#B06$HJ4M z5{B8W$eX+#nV}iWEOKMI?84K{EQLTwCoz$BBH^-KOD@3Dw)@OfiR=ncni$FSjyVnUrhYe!Y+{lmFUjwxln+x{>Wz)~*nhB{ z!$IJr^*tq_CRt=kIs~iaGf93|NRd94lnGLiIFD_&>riVPyQLhvLXqa`Qkph$B5f*} zbXT=(>X2PdlhQ>+=~gun`FDFgn8F;yBtfF=V@*v-W6Ab5K}rlMF(nwLMKF^j+TQN= zXDc(tL+TkwnZ2WR^28ob&Z*;x^yF)QHg@&TZ8I)hO+zxHjYaNVy)67$BrkYxG=v^& zFanpk$2NbtJgZb2$nMpzd<%x$lRK2zuiLLmxITa3=m!~Vp8M)0Ga5plZTtRT0P(LDBm3tzzauhw$;jMfiLgs;XvxJJ+DdA=~Gd zkcG@|5>WXQpThjKPG_&qoN{Mco3FSg!=WEI9 zOAWLHk#RgNn*x+>H&XJXByE#TJue}VQpwV0Ez?y--$;DdG-VDoQY08}&n(K)_Ut~3 zO_qYQ-Ias_B!oyU2O=dGTLeWYA|d=)-&GXF@jS@cm(!Dsot*3`Dak8%i%i1|h0O=H zkJ}fJE$>x8f?j6Ebzd+fU5MoOeBHOWUxL}J_t zJK-$ULMoHWdwQXh-58f#pMdO!6y`PKWbNZ~epY0zgF-rVRZ~jWF_|=>+vhaLSe0oL zhqT#BGdE%BaV)adJ%n|BH*!)~7ZHV%Z?PvtF$WE_eO9Zks$k66aV-7!F5~J;d_xe=-ei>T)R()r6<*? z5*^9rOOhfIDf3Cf93u^zDJA2Fq{3oXN)jd-({x;q^EHWK%9Na8rW7NYGHWGw;f7(P zZo zQsgyAdb*a0o;QKa^QIs_mrTwr1rbM)pIL}~bloz?`}v8RaQHho<~NtcrpN50 zN5op@{afbIiqfP+WbNwr3`t+99Q{DJk%Mj=t$XZd<4#I4U)vKe96Q0bZ-N}pJn2Iz zZ02p3wJE=HD;>lp^nUd6L{KN1@8f-k5m`o#>M$&P>^= zJ2PWm(qiAS6>{ZSHa6)P147{PoSpxs6%#kpoOJ0sZpU_#lkOTid-&(^uC|>oQ#FyP z4YbX4BYO7yUCog>`k9@GBvtPup;Hva3U*KghGAHLOUt}twR3tLTkmCWZpd&gNPi|V z$VAV2Xx>g;z#-g46_J{g+&--3+)=n$aHMp%>PW{^&px0ahZ1AIvE&J}2UVtxUM8F; zGnJCOCL|#e&Y$@|YgbByEo#SU7P8tQc|1i)kQO6N22$#zX%T_sJ(yBrnudcIrF~M& z#Bt3O32~ZroGJ={VI;mIO)zc#BZh&QG@aN?IWld7OaGm8%FVQIV~-ZH_U;H_Ic3^9 zNVcs!yPeHc|1ncGODWRi#57IkaTNP;GdfHzq9E-)B|Tj%a?6(v|8wDt#F7OH_9BB# z*&|-0!~ACv4f|Rulj<*uQm>Wd;z1Q-kzAQ;O_G zB40R8Dz01PIEmb2lUt$WV{b`{=oyW2)k%a+!Am=Rn+{V*&(xE>Bqh?#Eayf_NRbjp zV~Fk>BP$JpD5L@Ntb%z>I5K0yk?yDVzhyy6OQE`gaBQZW=E(G1m8pWHh>B@#bnU9V zWVE}`NW0HRy7On-a2<}VE=0#+)=4<~+B=A0ChY$Rn@NUrRF1U! zf~3tQ(&1m?R6iVkA&9Kk?0zXu9}=4>$uQE+u+m9#k_w64;n#8hNm7%kDw)}Gx|vc& zY=#myl}tEy$3mtZK+};u>1ZF*p;m}2B5XN5>q zWk$$%(lO12l%z~5_FZkpWR-MKvpN`0| zi5pk2#cX6aJE!M-*ESLP$%$+G2shQl%@ay=f1CMujLf|}(#^ATO(7t%H#pL+Y`U0N za+!0bOsMpv35}hIkYmGf71k`Wj%%7} zLXuQIGD(P?oa8m(nCZXm(LPDPljMMKoI^T&LQ;;nW~M`LMt+hkM_+4VGEJEwcG={~ zq|>T&Q4o^HOXhbG0)*+DAnc|&+yc{bDK#1SOKh3S>|P~ylUmXPzB?biye6AW{}-F{ zpRn8G6NJc4;_aDP9R3P6n{$eYD9#)(f`nx(V~8n2AQNHQZp*g&#ActQW$wA%T@206 z#Zo8{klo4f-S13uFM77NHS;JV-AG@18j&Lk+|kR7oI8ayMV5TuQ&Qr#*vqVG*D-GG z3QC%Q7Zxho^TcKaNRow+6iJ@sgauiQ5Yo-G<~*={{MawsIW{xrDd9@ArEQ~^N_~*I zDNC

    EH`{pD-oX)F#|FSuS^7aI9JmMjMHNUns^%UQmN~{2nPQrW zj^K>GNva{4lguQQjkLKb@t%;`c~g=yW5VIpOpq&) zOg3VQgvWW(7H(piNe9dX(J<4}V%pi2l!H_DB$_;K(hWqU!jm1tJ8^y1_f5M&CHW8% zE-TJGs>9jUo`7!eX38FKqXo_gl{ASMZOgI$2QY zvB=&g)8n+CGB?R`nssE3xwd<@l+zq1bDM55zo>}hI2Gya)HYI5Z~}|&NX1?!uFib` zDTQkq+T5f>cKX(r2$EYV&vXS|y=eTi8|Vo-+oiX=X<7WP}N))DBxNj}#ej z?#S(mN6O@q{K+6Hc4Cqhbt97mMq+o2mD0p;BQY}V5Sfn3v51VljjZFD>E~q+@5RWl z1WJbrl^h60>KTeO2}u2&R;3({ml=ydqUGHU%~GVyJwnLr$yvHf^+|J!kj}`jRJ0!U z#X3!CL;-VOuC(k9QX-uTj6-CxC9D&v7ESw$6eP(e$wqPtNo=jGJ5W+8oj^fRZ00s8 zk(T6@Q|-WEYRbK!IGp}6ccz)%jj}+}l1t3UMT(LpB$<&jLT2x$rHf+ZW_pl$`jpdR zBC^#cX;VS=ko@M7`Ex4FHs^FlAI@w%*^P&-U35vdjS!AZpo%LgD@@67&+naiJtA{o zS{TvGNhpN#*w9VXO~xxCzanG#!zorCt)!#BbZ(5Z*GHSGA#4hJGNGC+WIna|5^m`M z5{~kwbP$b{?^)7aQ*nsUkm1v0Im_ahs|2}I#pRNsTpgKRO01+`Gi?OVnZiSJJ*8t5ws;!XEWFsqSn{^^uMUq(9(+5ajg_(}NaO5Ac zDM2Y`(1Z^IGMx?8%xk)_FaAzbPqNdbGOH%9A(6EeGwJkdCd@F-q-$2pBwQ={*Fp@7Q z$1Rmb%E!pz-<$SFO0`i&qO%-IjmUS^!ukCq=@dB^J5jJHBHuG`jq(r~gi^YgYqA)k z(+reJN*wA)4plJg)*K|Wr_4;c?6mh>i`i?q$%UD|B#H4P>}!!Dsbjv>1R`5>6LvD= zv|&i;&|_21?MO47^(ey}gv{^sDjY}5#S2|*Vj}w(g$r8tRas_DvRZP#mi&pwV>C9k zAp#Z7PMkUO%Uof(PMeXdFNw_6$rG|6$+Wz70+S#Wi7c=w>#=kpI^;_HX7gdNElz0y zk}2pp)2llfu$i8K%tS^PfrFZw$#V#cR7gdFVk0+6vx%9!4=b`pk%`WpGDDeGs&ZTU ze23WvGv$z*&ax>T10$93RA$%X$jm9@^v_7kw|3>hxp+D!Ft@Ja2qhI6J5AwKD{@YT znUNzxA=17JJ>HctJ-JVs_Mk5z(ortSNkF>zE9A@dXcz`k$W&&=?nsGDkv5rIPKN@N zNV_7C?S-F|dWFqgB=SuhQuf?jkaOOVIhI`E>|d@bgnPhcPNLx0dWpi9DW|15HMI+e zecYzB*%gM2?6blycsqiTgrkH*_VbkmsSNhJGLxAxMW#O$1(F%*$cUWFE@vktSz}OS zmSK?D{saYtl8S=dq4&@kx_0G;DgyK{UrK99U!p9Kd*eoO?^wg9VCNna`x_kM#j?#i2o1=J(GoO!?sljP8 z?1p9Tu2abMD2hs3OCxPYEKi^6B^3g)(Ry!O- zA~TtubTL>t36x{cD)L*TWZq=wJ#RC2bt}0L=CJ8YyXn+DH-ux?>`0T2tA;4@m``#$ z{pKIVcTmn+5a(Rj`X{t=Q$z;x&0=R3%|%I$aSgiu>!)jpA-^XDFCuee$MD6GUdd~)WnW|3(m@(m#*c{4l7a_l{5OCY3Auy z>EjA}jg>sf(qyjm^&*2X^t9Bhbg3He2v{gYr_1ffTZlJIeu|lcNJ*!{o_SBQhfR<& zyCf>SlPFV>K9)%J`6OXU{v_wXRD#7sA4w%`6Uic}NGuNRhk5tVs_2Df|8;n?FsYNay>znTJSscf~0`5Sj855;m_@nW>hUPV;!u z_G6f&l+u)`*0hm61B45jDX5dSa8*&Pq<~3{MG?tr z02v(1rf#?v49l+oWUXz&o)bc5BxbWO2)Ui=@+bIo`ja@K3zHMO$kr+B0!Q8*v^{Z; z3;B?l$Ll5(H&?__kF*Bi%*W(dtn$?e%2Y)}4#!8Cr5BR3!cwxhq%Bg)9+j1S-?9f| zOcbnk$XpR3d6^bYvh1#v7HoQR_b(Rt$+9Csqup97Y>EO7r&iNGCjbHyX(pmtQ_s{) z6buEDYD%(nnE<4c@Ig@=#4;VQAe=-ouf492oYD4Yk;9Z@oyeXJ-o!Ipc<|8OeCbl2 zK}hEg#$_(dKZO-mgiLWnU|>s2pUml@I3-e<4vkG-b5gQ3ktkANx{?x{$?ojRM1o;B z-F9+&`X?Plo#ig=yKCpfm&}3VzOENgnayP(bky(>nOAHt!+_26FynX`6|dc^;AT5K z3inO&UXc+8NfgeIf7i$^oMtT{GF7d#cd*F2fOi+Al|M)#*XyqBRA5~fdjwu8O3${L zccwBdgbWEsf0I2RliejLbz_RcmKejXa4AaK)MjQ?xfiLl5Xo{DsT?OFF&88<#hSuO zai7e{C~TV%sTc^M+K9H|3}env-pH$@$UIY9hPhM79CBGwF%i-#Hs=u%4<7bFE6FAv z(pK+AEOzBwx3i8?yaN5N`1lqFaqBMbe~|OfW^3 z5|K=fGz5;Y`E23_U>0ci&J|&_w;j-W?q*gSThG!)o`pzNp%&@f3>gl*2@^twFF@`_ z%@JynEiQF`BQjH5a50aFj3^rEOl&S)=%L7w&&KUF;X?c}>8G@h=N^(w=aMe$dl^Kk z{6;cqTOz7X+SDvX!AK<}m5wB!$)bIR75JI*J27qdl>E=ig<{PMGTDcvOhuRpM<(vX zHDxAgluojS=tjFnti^1H9eOU}JskE0^9zhJL? zoFppN9AUbL{|b8~QF_cPsYy(rC^92?pe=cqJ-uo-S->-Qsb;<%w7t%baFP+3xh;kq zJ`9B|4^mp;{fcekwr#jT(5s_|r=Y=iFVWI^Ji^0h>=eUPf_jI|;%(N9go+Gr$>C5&`h1IyP$apbj1iLb&yDk>sT zY~EDT4%Mj*kRxTjYmezxWp?u?ar3Ow_GnUwP_0r$m6NDj0@|rYhaGfs_!98%R?U3}`)$ z3Xa4KhrK!AQ}?QXnGn`76(R6xpWY(=Swh!!UViau*00~l#g}}S($bQ>S4{GGqhqss z=W!y;l1)W-T0r*X>2PYZ{fDa`IG zBW=;3GPgO$?)Y1{s+BuYIIgW}_fgqr+FJLYl!bgs<}}@;GKdOi8zuco6q~st?>S^< zCzRcjj071;=^GOA#vjRSJ;6>2W%sS%-cfATuHBrQ-A0y32{YMwWilg@x+f_o5bVPLO>bv+9inJ1m z86Y7PR6#;aH;L;ep`iAu1&CEvRnpMdSXh{`%Pu)tS|BS;e6GpIZcgo{5!244!Zksa zTj*YT+?hB9k#y>6GN;-+myt@3PulY=d2RM2d~RvMq@%X5a9v1qv+m+K9Mtftsu+CI?prB_d$^{ES-KWS&qn=rK%;) z{+*!+lF(kHVMW+jvBg+ECW?~CNUm5(*%BGkrIM(@l`#3))9Xti-2J;U|IABJGJQ(S z?Cnb8_LQt|i|!YyKGk7;G-x99AZ~{}u)DVkjPx7(2$#>2e!}PJe(2ad( zE0R)DUJ_t%-x30T&6#guACMkZRp?h+L``Lga8TonqlZyd9;7Rx^W8JYFl~(c{d7g* zoPWYd&N^loL;9C6xKA+^r9lSvDWRmupLa0Dbb|rCi@E0FiA)<)lQjssLrgdM&Y5F4 z;gEsUR);z7gb`eD(nwTA>~Ww~XGG`x6Gw2^l)n44jqN0G(&%c&ji{ot%OIwk^sWwb z__Th&rxze*8V06e@@YYkp;~6VE(-j7qu+bQVd{(LBlBk|pd5l+^!~ z)bI8Ui}U+3QPeFXqA&TMqa1>n`Y~m;ecyHCY%?E8GKyD9TNw$Yvm&qK$F$OPOE*%I zS+=1k{UF!=J>wd)E-3r+h5gtjZz&V^h3l~uCGF&_B%GiXk$#3s>b?90)bc;2T#I@x zg3=x7DJ-*Wm6^%`lLXl=dZ8y!-u~S4Rk#Rk__L_-n%5@)7=DS}Tah1}w z&uBeuU?HsC_qN>~{Nwr6Y}nq)jo&|j6Au~0hl}ed3HuTYSRzS_fJjUy8Z$5qi4azG zL;)CviK<%3UUb7u?CJ%EVLC#hG)=)YWvY&gnUJFwEZ@z$3wBUi>_ZU(-7wRMVpPkS z&M=%_%c>$$%8HRlvzTG_a*jjpKeen{U# zvVmf{!Q1n<^U!mv@Tr1;U*(;7+Xx0V0zQSfZlVZ*s#xbuK5WA{rrl52Br7?R5J09Twl9#cwgy#HhB z8alc1yzvYlP)6&$^Z9t?ZbAWV??^~SlBs0fAqkF3&wwM%dm$5x-DKjTNw`ltDH$|> zor(0$$1P32U9oT~5vi)#c3IzTM{BS5BNL?%z>$p2D*C5@X#oN$|P^Z1o?m&2i;W{}-1VlpcxHk}|15Q?oo zDo%5N&7_lD+*5@j%^c4wj}vUVG>E%G;1KpQ)e4ELA5lKjjdY>rx%zAjG zGpZHaoLZ&KBn^qbm2}2rOMyx_RCgyM30!dvWLE%Q$RmUxWhjxJm!oVtQAH(KNv~Pa91ns?!}?B&u`Uzm`$g(3$qZkWg6`V8p;uq=fqB2*162I&aL~h9cnH<44fc8s#tlT*@hj z4QAAkas=?e(6^W4Y(aPdIwU01lp1i*8ERZEofHcQ^69v-juUudJi2 z#LofadhzE+mO3WyP(Y=3b(q8={v2~)e_s1wD;Irb6t$Hhn%iQ$^!_HkdhBrS z`_BqC?`-3;bH=i@u7d@i?B*M%jixB1v3g?*w?4cWiA5Yk0gW?{97FL@nPOGcf@ws-U5%gMU6dmv5gt zlOJC+kyy;2Uu`kZzqyo8R&OWZ53@I3*-}bMOH0r+E!DSmT}KFkrm0j`R!~}6ni{Cl zXpGLz&H~6u#^`fRmX_&4CsWf_(wVJ$Go8$D0+QJidsZ?x7pDq)p|8v;!$JsDAuw=$ zUdXg2V?`!p*JW`g>+HTVN?`_%ZcJa93D{(TbSP($Tj?GZ(gQN#$emJv=wHwUO82a0 z0=Jwb!j`uMo8xGD>9mKS+WUm-W%N`MkOe)uycVjS1}bM?b2k?*rR$~2OuLVuoBXob zCl}q-;K_{Yk!e3IiLlC7NTGv`*Gwc*vtCS_rlm}6 zM3QQXZ!6r_ZzvLGS9#-UUCAb=b1|CrW} z7}e$0;&$R8gLr5D4(@+y1*OG)DocZ?s-UJKgsKS2iv5HG8vpOXMYMIq88@dGKT z&FIfRo?p##Z*QVkWr)(SKefYX?}#(FZwa+kVGf_(kD>ibC@T¥b`VxJgNokIK>@ z4?eS!mi8DAJhPIO8=5IC@)OfdZhBxLrNw?m4lK(uPaH6|7nhwgmh(>>L1k%x(qca$ zzeZ8WM`@9dd!ATMugVaIPw&V33wN@8cL!fRb~ul{yq3o12!DTW6~TbU(FgYDZ_lpc zPY*9))R1zxIrkWF?DPWV}@1o#++^VeF`TY zGKkKIPHk0)Xw0BrO%ZE1w{X&-gYf%RUjJ|_6GvBZ>_G$Q=!zpHj2TwJfIdY$^!#ex zU9f}kBdZu#TY{f)I^#1G2nf(THX1~FLId4-O4l`l= zSXL~Zn|l4D_h08{*Ih+pW7A%%vcg5O&q|4IGfQNCF3aR2({il)j4kast<#?Vw&SPF zFiC~Smd-j;ElR&<&0k95H6`&Q6p?bM#TFW!bw4umryGggMK*VuNOGIQx)bZAyWMCX z{p3@<3N>5gxD)AO5)rm&4qL|7bf_t|q-nxIl0=@yNt*3M=FYZ9>`uDNTisc=a?`xM zS)O`4jAf=tNA~RL6>@axa!=B>VM&Gpo3sRW&Sdyhb`(A({J$bqopUy1^ln`?9OCi`ffzqN##a8=DwVTg3cNc5&VbBdKfXq`o=g z>X2%hlB)6`rNw^UUs%UMlX_Fv(8<8w#q4g1@X^wp)Rc!9Ke7s;z^R-#)(E|{GUsLGUr;^FzhOufx6QSVVnQ{DnKhM4J zDvOpZCmxTdOgU$rc^b_vExh#dYXtljSq+7P%$+-*U@+MIB$F7}&Rue{2(8E!X_>uS zlQO%iv2c$=Nv1x}bPRQ<6&c%3w<3VjW_n9ri$yeS*$YzjwXE=6M0QnDkx}*39{rIS zYU^B}bND#qEEbbqP?eMf?^dKw+V-nC*3$x0t>&uflZ$xly;HxW07HG2hGcha6*foL z^e*37R8NxQ>!q4$uPcF#R@x*K8dbIoAkR?#|F6FB>!J^P8wqdsNl zWl5hXqrAI=1Qgn5ofn->nwU;F=pg=PhN(t49ln$5NYV^gs3W*=C`mGhvgL%9lg$)> zSlmF@CFdPKoR3%T=7YsMIQy8PY~9tt15d9+RRlr5N;s&|r>2PV;s6szS2K6nF4{Ze zsH&Bra^k3J%1iw0Zt7y)<`xc{+LwhZ>pAwI0RXJt*vvr_doy!FZ{{uE#q@EtY~R(9 z8kk8NotE$)@oQFi@8VVU96Yf%Xb9G{|+|n9PVlWjyxcLU!(M z<;n{W<=TrUbMxOnX4S@K0)BOmCznt#$Y1Zghj=`mI(IxC=aiFAVB^NkeE-U;s3sLJItyj8im`PLr=LkG$BK|S4Ky-m{AD_vGMScJahSkm z2H%j*=!-o}(bN;tk#C}w8Mb;M3eAR^ZO%#)5s@On0vF#Xk>O$CVs=v!es>N(lWz0O zWG}_}GpfooxplGcNSQsPWOs%0y0P%>`^dp${}O4}Dwj(TF4vxA&J-E_-A1F++JMY6 z7M%Sgoyaa%h45q=#q5RNVYW#`J(;EiML}SKX*p0Q3jn6-?Ai|go$8f>rY;L7vH)7}+FBIt_h%vn~)56&OQjaM9CrOlO+#?~kcmha-+ z6NYohls=S~_}RFvEupqpJ6Bzo#1ra?VMq*9vUOJnYc@CYqYEdnwXOqS!tpfOC;`99 z>WwYzH>841+uN)V)quvD&8-A{Dsf#B*R7l_(U`%dXYbD)|6WF0M?B?78rNkaQ(n4l z<8d=9VkZ_iF{Q*XtYZQ!S<}FVZEgJi2M5y79AW*|7Cv5CPb_XN3hTGEvS39$KfY)p zaouFa`X+WaMY!&plX>*zH4N!n!Z%OfpFcjd(5660PCI-sM;_3R#+C?w`sY$&af5e1 z-oex{HQe#jS+sY?S-5gH|9EaSYp1p{a!?uTHn$SjOt=r1O&#xkGD)_Yzm^Ez>P0eiy^12sOijL`GyvdROnrt>L!o6uHb|*vvS|HYhA5{b#?w&bNBH79}d^SPpf>?#Sve!S%$k zqx-sO*(7#P8aTVCpUha3q%7p9-8;L8j0(jC)yV9@ow?$X4tIe6cF z_Y)2mVZ=LWj#r}gKMjmX&avjxlvG4VN0**T+$5!?79<@(BQYZts^-%aqH!ylC28^q z_*6_&VkA6{lhH1IpTgzmjl-`g{N|no_n@qZFYlVq<{j;5Hh%|AwN#Jf?}lL}Qh8e)+b|@WD$q2A zc-%}$T*=hk$O%o>RrXsQ*pt`)hld4cN6=w^E$47kz^RX5(k>Ll?8P#nIhRM)=rA!!IjjF)-;gvl2>`D-D z@Weh;mIoNtzm#~~V9jRB^bt=SQ#aCVEa?j(fa4Ath^h(>9AC@&t*taPMaaxG7B|w@ zW&hnUrR{Y|+%U50D%d}hx(~zcH8X?Vrn7Q(Mh&OpqC3Cem1v_R%Z{g z&a<$(I0)q;PtvUtaVq>@q*SDw=XYBr1gSLJ>9yRn)w6NgMT!C^vz)JGw?XQ@_Cis~ zuFl*&$;oy~&P<#p3O>I*v#>N>{Ex`?FUkA7$nM+SDIe1D9QTdDWp9T<%{gw>uqF9o zsL~pz=+V3&dUi40M3#v>Gf3tfB3!OtWc-#i%}AL^L=(|D3R&ss-Tcg)CPZoTQE`%1 z>G(}%jRh@}a7if(nyf_+-YfL8Qd%LTLBEPLB@aBak~imUBUHU*SQ|{!HcX*KS}5*T zJh&GpxCVE(wz#{yy9akDP@uTGyA>!<+}#Pzn_j)2?>N4n+3aq1XLn|2&XHiLPICyG z{~kOYV9IuPgo7%+Dn#>fY_B}eg24$ta}?$|FAk3x>zoH_l*b~yuRRqE=i_Y#i!GUSw^O=914PN8erE)yMHeIVGj}vzFr^9WnqT=AtKwwn!{J z7qBQiZ$4`$A&p{A{tn>MFYl-0q&x%Ba9rR6k{ay$85o`H;y|sOIvg}{MQy9$9oxy} z5F1T6s&x(GLQ2wXZ^yu7du0*s@95{{IlJi)-;e3kzttCvoT+a{m1HHAut**Tfl6w@ z2?+@#CDe_QKfm&HBz!hll;e$%(ilq)Udp{1o2>CedCC4xV=gYl+jbUgT?Gi@jHi+< zlTC|3WW}7Qr{*DdwYs&A%)IXFO0W(9Q06QOs&obkNG3V$@(nMl70M3Z*+jk5!r&1q zcFGpTM_a^p_MAb;?0`M+RNxzS=|#M}t8AC%uOsn94 zs;lHink;Y~J-qbeo4DyB#>V2a3|dMv6@E-+8{`W~vKR_685VsRM^OwF7g@;3j|suF zG{aejPcw`M+67nc=#!91csa!(Di1!IK| z;g@Q=W3?P`NSCaPt>|{_k+qV+e55jqh2--Lh1;pioi5_B62BMsK@F)(%oE_zX*i%> zUZAcLsw>4aO3hHyeX++HxaI>f}l}k`dF=f6n@wjBM-odx_ zqND&;bcw?`XlN#?MHRK*jExNmdHO2;%&=B|%cb$?x}``VjfQDkal39biF={TF8PfK z^^peR7GImA{|%SQarqvHt#g!!&pa*30khs78h~TrIWGl`qU#2MZ9t`(;hA>D$ujqC z5g?sfxpA5FfLprdsx&YI#7Z1T!0lYiHOV8PHyNNmoZ~5tKXhea7oJ}72QVz=-U;VQxKHZ3IO9_EHfc>|M zKjeZphs3v|DtncsFlk{k-4l}POj;|VS}4lv3y{7DZ;h(!;o(Z+qmuA%uN3V$!^P8H z$t@M9|K=%~k%9btUy)QPU&4mKb5QxdIS_4KRX?F#P0Tm}T|}5N34QJ}Uq*2N8H0l{ zB{j9UF*X848Z(^EWqh5S*pO9!Z+pav{uv+Si?<^NU8>3GSlzCO6XDB|dJ#ANG+0$N zNKx5`61K60dxarci<-Dm)#-Gba>W-*na2sFW7aYRGD@w^UFP3anK-NIDj~nswH_K1 z$w^KYtlDy)oLmy%kHc9bXh6hs`UenO~?(l#jnHx=?y0PW(C(sgB7$`pz?+c z+exQYGt#1ErZB-Nj4ErdYfOsW*0oK6R<<&Ysnx*TA+6J+Mmo76ohHpX{odPL!}2}1 zYy>wo@%y6MuIv>T%0#5|78Gw6T6yphd(F>;h}%7rrLj1+K?*4pq_mG)6UbB(vNG?R znP_!ugLkRk3*_PjYnYET`sWTJk7gwekvQ6F6v_M^w~+3qXQlqyvawPIE1UM6lS!p&N7u$5m@=FqH(S`=o}A#ur+jva14K2@)en&7Cm|z=HTIFX zl^Wfc6;tEH5+DCv+car5ku-ZCJ!i8tq$~7cl`O)FW=L1iWyPENKHWG#mCZ$;oQJ0< z5M#WsGw7%CHN8l;SgurfnN*N@zH!w?{BMDxE4zs$A)5kF(Y$RyJSTj>ivZ$zU18nP~_xI@*jP8mQa~3m`%xTo`3w0}{Fm zfVkS*-GKd3i%)dRgh@*Q19IzktBitbv0lyPRRYl!yPKLu+?{imuELEIQnQf7dag+ zPOe_)4`KM`F?Ju;U(Gn>b~R$o}(tFZXc{b7zTd&|&cr@3(wAuoM>I z49B>q#lN-mzJ6wvenyHL^wy#dtXgOlm)M_ zwl*=#+4*>>{zJ~>9?z!7zpcCmD$cM*-fAOyHtf5)xLnS$D{SRGo^3CcS5l&#mqfT> zzwc!MFwt%P)C&Fi>QiuGPEhTZY4{16Lxst`-vxK^=;@<-kH3>YnW3yRqCh)Z`80Mq z`In0PZg)=MNXO3G1?K5>u1C%#t zG*`RK>s#WHcXwN{T0hOup&y0R)V@uCrzsrBu~0e{mdlqp#<{D(F|_?8*^>QxS9vEU zd6MLcaN}7VR?C^;{Eobo1v|>-H}_Am6@5Dt@p<6!Xy}phGOMn z;5pSLvpoMEbbAc9t?_lo)Vs)DE8uvyu}Kz1GMz!5bDA(V$~zgg^*X++;6-u7uPlL- zqC0+7^_&%1;xt9DsPUtZk}lvFk_Ehq&FC2U9-&TdU!~&t_ZUK%nd`)Qwwx+G7rk44 zCy9J|8!r`9JINpYcir8FXntzt3mD-N_Yd#($b)jLtHV+E#zti+k$ZE?$|CFleVbIW zZ=iRjuD-F>Yln_}8X%a1+RLF??SNe%5&dPhc-%>x+}szFjOB*AVqC7TsL1ebor5Z) zn9@{kK~eI&9{j~6#)ymv+DUF{ePEM0`7bo8qMf(i)*PID=hzy`1W{8ne`F+0@!3nB zgZExJGHPQw0wAtQ{su)&`B6eY5{u`*k?T7*Qz5ZHrMbuzC(TOdkn}_cM1W}9-Vf%Nm5ZWz9 z|Ko{`50W5d4mi+gXW>*m9Y(mrtyYQSEDDeY4Y5!^hsT6~-4rDIyt24B{3eu0oRVPt zppLGnu&(ee85RKn;l<-KUU9h5zLQg3$=K)g;%e(h7itimEld&$jrXR%2)bS+~B+YIZ3zm#aQ%5;%?NATQzD3W4`544C+M0?(QZ#}r2f4(+9E7HeonRY&5YcQ(vFe(m4LInHT{6o*5 zb22BBFi;GtW9Q|=&7Hd5tnE$WPUJUy4~%{FB7D_a6OpY;3a5FBd1NAz-=mp4ujSjV zeyy{$e-Ng>TL9`8>GOmdJbw>DeYwZg-{!7-zSqFVJvH{!BW8>yz1U8)o#NP0KIK0X z@>-s+jRxqf`DXH<;M%X)6S`gd>w%sJF0Mb8M&VEA+(w_-Ux`lsES)y&to0d)jU^Qy zEZaFo9?-hFeCF>|MLQ43{7;be;v&khA#@}aTN)L5P2F(MQp-8TVJswmw`lZXP?o`( z8(FM6QvVW1605RYp0X9o7gIB%9QBrG+L>5Q4IO`DC?X%t+IFM2F=uyi&*>xok+zSE z2Wz~1R>u~qiO>oY&b{gRC}GEV{IjG(cYmY(qEfm0?g{F2Y>WS+j|Yb6$bkLnJ+A%G zlzhImD9=mM=-tS+9>YshyxSoBZrkhUcsThD9Rt3I%i@hp&*>9g@57HcKhovSC?u3{ z%qeU#yT`e7hksA(xw+|pw|wmJMIS>h7LdPsRp~QmlWc{NzQkC@mgk?veQ0`WgWJcp zl0+dMbY96ZCSDz_R zow*7(u~Absp6hCeXPWg2*I_S4O7irD>rwC7(udXVQ($@3X2%+7X!VQFVF>ZKvxe?) zJOw3dFConTF8FsamUccJW}YHg$F?)kKM>wwD(awgK}ToV%*uis@0ud0=a!g{HTo&0 zOu9DC9E=s*ON+62hn%7yYc7pcZH6U~y`g9%qg@_4^%`|%XKs#OR759A|L&|2Yr6VS z(8hgRLXczEZYgqsWjEglnWrvnN29%Ki+S>^r75eVE?=}y`?A@wSusT!jM5Ut__2lV zSmynWn7sb5&RP55fT_Gm+0sNM?Vvqm+Gq9tBJt^_l+o(=;iIcQ;wCtph&vy*NVjk2 zMgRIkC6zjcFbC5vF!mM9mpy~$)>RG?r~{+!HO~B647LH}HqQLEn&P$b{YG4Pb%~n2 zJ;9Yn4UG#MOsBq~f=|`*bF;DqTuT@cV?T3|L=4XGpGfgWu<}yO< z&zowwFUseTt+J)=Lv1e>EOYj@4$X;J@A=6?&J&j0{|VrH<4p#UKZ!q8#L+o8I2`(8 zeR>c`$EDjl+z!|#_#qX2@faut*zGdYq^oP|8qu--?w`1)u6KWtpLsFUN`dB7C=cmlkD>g6d)y=ZufRrpuM;BnoOJQHg0cBh?q3FJ8 zZ;V=fv`XYnRM93|Rx07~$kmJg^dAG={=ViH2t#amvH5Xj)!rqkey@S;GaNf=<^&l6 z@z9BHOIo?lCA-VH~@%6Q( ziCuf4d2zPFOpIkNaLkMS-Kuc0k6m(AZhE!}cBV+Pne<)H#h+bl`$~`NbLDCEy9udt z?abkuzd4>$L!bCzb-mIXEW0n-JNthv6vDNH&O zEjLF>obOtNdpIcH)B{ywazQcal-2aR3#)t+xAs;h?mO>3(BJa; zJ4)OX6j&gybzD*sFbjlQE~v5FJAIJFabmISK^!9{{b?skTR;<4f-4Jd_rTqlmUNtn zb6A2W8Byr?9HAjEkY=!e6w$Uh@lPa228QvmF1BQt6`JuPPY+KQ1Kb7dT+^YNj3DmxQadh~pibM3FEm|mESiayA6S*`t=m3FEHeQU zT2X;%K-)F>F+{ZY^nES)>-6~m!>PGNaorFAJzYt@Zb5x%{ME}jKqD5KT#s(B$I~g( zMfmoAkCzyz2E^l;xWtc#JT>*JkJxoB*6&XtWlm6{qC5csfti(+6BaB8=Xz9wNKpwE zEAHyTXJ#X`~Ah{UFY##Hv|RML9xfka&0 zo@X7`f?!#xY&xuY4C^8&np|)|EuJiSakV^I(rJYU3GE_{}n~8ycd~)ZDZ@rNt+7fd40PaU(A_868W6 z79=Tub!AYzf~b?m#bVUdJVAGaqw;xb3YvP`?d?AatJ*I%qUz5x%YjM8+fxb?=Vfg$ z=qSbfY$o9;MT;0BgBW7PoB@v!y_vwaH~8T@E~S{?ObxPkpQYnp%j^97T~JCsu`+pW zWY?$oJ8$8hJgB$W`q2#~#Y_;GK6xg9^k292ZqalwWvvkP#8w!j9C2GcD5UG0AT;g@POsLmnNd}eOe{7BZDk`p=aj~6$Omp@NGI=;! z^_6JhH(Y#noV3?9x6Bb~b&{2}>^Y|X(A1z%GB}diNShU?-~`0lF||^5h}?BhG>X5| z*-ldpl0tKdcVr!Zp)fJW#y7=%$5Hn?byjb;SZEiRGGs;{-yR&N<*j(z#@xJ8>qM$h znl{)FF4O*Pihj9EXE z=}Dqvm&-V>Rz72LYs|2l)^N~y5{EFWBL=2bU!M~O=0O8Y#5E-~OqwvLMeom7`5JP_ zmz?YZl$F+^o3op>cCaCfAMJR6^sL~TKr84x#3=XPD?DzGnJFIk*8f0)Az|T+E%4QV znws1M7QN?rqUcX+NycJ*kac{5CzKnx)M64Bmp)~Hw<#8CTIaf+Ynd>s_vPd1!oY|$ z!ejP`8%qeDA|OHHqA?0;64qgA>e7A*W0}OJx1vZ*V;DA9_0aG#akAYM8^PIHlQ4l} z@|+dQ2GwUo3M+is`=!9@*e`fLB2LKZZ0&r!&sceDe|4*~vNQbtn+aMT%#o7X4=u$w zpd|f&Ak%-7Ss~5y8*lz^w!1%J;ZjuUm{K~s8k5;u|JOPe9{!FtaiVHQ1@!+>fSpyC zoRw8T{r@*q11BW}gl7jO%Kr@|3X`5m6idfoSNp2z!9@L^6oeudli6Uu9UWsSB(S=+ zhXTt#BK@~;u}|?K;YLdZ|0w$RKm`$?Rlz7`I9TQW??9j(C;FiEUJA{P@rpI{e)pP2 zBwaaQ4sy(%;lmTIc|?Y&l^+`jrGJ};{3G!z9&2^Py?ZecY7S!%S_~-`eMGzamc(k) ztu~3k{g-U+BZidc$2GhQZbW~@q~o*yY4-wk+fFvGNHXR7C9p8#~V| zeF6NRi2X`K%_b~U$PriioyZn)uu>ME_baEnixdLvYU9jh=(Ga?%8_MBdIvcnci--_PXE=ZgRohc8&eQVB ztK)YEBt|JIsM3q`%IG4@i^o0}o96@G`*guT4UM>y6R9pl`03V`wvg+;K+-FUvGLph zYZN6-M$h1 z<(xYMGV0;)i0tT0R-cMO@}&~&dy7q%F3!ypFd2NQS2&Q8lUZNtW;G#8mK-)~6S>2Q zw4`i71Duw4+?F`eDIrQSr2L*zCBX{JiKQ>H(X{{`OTKmZ%Tj0OO_WVHcmrd#>;NW3lB^?MJLt~ zOivYI`iBlwro_r-I4i!~OU(QtgX=lcmEaz|Rzf@lR93a7f)cpA?RtdcL=kAFV5 zGiNQQo~K&cZnad}UX51CWA{iEh*>{-1MNhLXMkKahzj-25$ovCmqi2`7H;7aW8V;j$(*MJj*DiU^w zFa19Z>VnLg!sd6!kIjC38~8z%d3!SpAjq6D-c*_&dks@KYDblb_$buM}Cu`*|utESmlCKxg4k+C$lB9!amnHrZ8at;I{zSz(TO=(#lfg=$6*dEPJ{93IPHCmzD*gg zHWmerd&Z|NCoZSnjvrtodOb)Uub7*5iqwv6mPY>cM{2cG#jG)-MZ}_IJwZrcW9d)b zv&OB9x0tSmGoO7sk#m)?QK5|;pDQEv|X7t zcP(vpfsq7nH198opAIKutG}}j6hlb21{aeTT9}W9wA&%p6%u|RQOunfZmCZ2* zz-QK0!o$1u#m#07X8fJ* z#IN!Q3vwvFHeImT=0HW|1N0tP^ph?q4TMR^h?oC^BlD-D z#oJyKen{i8)@@LCN(fWT>%>kJJ#2oseg2)_3jg(b;tza#BvgG5G&+`{wip9}YnDM0 zFUE0Zfu4#;`190GpGf?AAMz~T4#g;qt$?5VUskVN&u15nDqCJWCP*|6n|ea5GgvtQ z^EG(H7K#P6vV(E&U;ISozSHVn-#Fr_zs<^6EBRg*q}YY3C)<1#UKG`Im-=+r)QyHO z{kT-YfO^jWi-)YDj!~EG50t8&!sEDdW8%+EA$|#G3ncTzjNM)Dk58qdX{W&o|kYWGPlJ(qIp@aaDdtp=$ld#e9CuVPHf34>L|Y z_OHex_|C^*|D?9Yup;^+RxWG9uI{xjo%%R$-iL5@2`N$Xadq_A?)DC+8YGI#z>JL0 zqt^%&?H3va807opC^_lKMInkOfJObJ z)8q476UdT!M)4JcjHZDv!Z}I>zd!p5qGq{~-&ihSC}M#={i-7Muc;B>Z(hm*aJ;r8?Bz2U#n+{XAfJkK=GR@w<4`_-fQIOC@pb(Qz6GEKh zRUc?dpuQ{p*0l~8-Sz2_Ppt=XIB~RV>u5F>uU@otI3mzDKBRH~NY9-VlJO6>tL~6F zzgK$Kr>stn&8a}(OU5v(y}2xOLO8f=vs$>)a5RW;$?H%K~f#%>ri8`D=>>f>~JMakj}8LJ<7Q>tdaS1{2O zf^m?h3eeJr#(aEII-Yq^VEWumSGALbB^}P!2_#N{DfkK%-j8pM4iVA5bj)(QTEvx{zT%Q{QJ+qm?E)b$k#gQKTi2qG0VIoS&;)bH_5+&vc|%U zL^T`jF>Ck6Brja_NZ1tT%W(@P1ybv4O-*FN6%f7rXp45P;y!&UPEvnGPw8zi!c#>d z9syrXHVQU|?g8&CX)cx^r|UEtPwDX#j~HyD07yRzYz^ z0X0dKH{KN0n#g*waBn8sj}bUtHeT)f>yPlr8>;7lY2{Vi{%9<>Nw)U=#YcBXw!Xuy z-mo0O@K+VG6BM7e>gpu{q+WCjy4OgltIiY)pYd@&i#&IyCN*26!)hjthK!M@7}oA&K>o z@Ym3@X+k8yV?NY1po41yhQDZ<5I}tiY$drvpz7EEy+Ix80r4-c;*+G#J z+(*-r`1Y5>p5D*IH#f%?=G}-IiaJD}a5w=KOyaWz99GbA*XM`(azjWhkEdzjK$ z-L)uux}uujm&DULN56H~q;=_%e%%%;*nbjm$*(y6Jtt-POYB4Hbd>^j9mk9Xd}$?e zK_4H~-I==xFj4HRu|oK1M#FdHGL4al$S5R!1}%{^OIcW7?cdayG=g!IsT?~sHRa#= zBXcGHZJ8m`;XS%>DODrVuGU6h?cQvJoV6*iuO- zy3?znE^XdLud(r0xMIgUkzkrLIt>W2>`2j0t0t!(%An0}Vj#og{q6*|*tm_KlGXO+ znh^}HxzqS>8sqSv!|26_CG#^54`ERD$6>(j3z(q|KJ75$(8jafqzQ;CIdh7ZS)Lmm9>AA^pH>|HnO)=xi_$OFj zc+bA{m7J?}GV}C{;9erf$CJ$KF1Tw#_K>C|yzmYHW}z5j_phtTy{Nq$({0)kP478& zRF}2B4vY|mO5<@$+lwB{Dz-*zZjIODK_adpOTxb|d3CPVQGgU$f&ehC@+b)lS4Bxb z#3;RQ%f4p=O)nmCC&>tpTG%(vAMPO!kTPklh&LR{ME*)csI?$nPiNcyG|HGT`e z&>Ss#;NsnrSwzB4BwD0cT$#kw*;UOSADcg7LIG}3z%%|3A{V@?*Gt^pKhC%(6%{bZ z*=)gqRqZM92KVnHii-r#^3al4u8t$q4mg9Lc3%f_AEjEK!fD!-B|k}th8*X@%l;z> zuN4?Cg+)u%-)|%n5jpJ)1x-2scrO3-RYQY;;o%r`+k$dlPf^7R>{aVcx5d)oI}#}F zo>xrKymt(q?&G-@^^}8{6IsM5l48?)Y&%`4Cs%!G&KQ^F0qe4CgoQZk8J$n>#LEpf zUIi|hio~yl~jKX~uFQyLV< zhE2y%v|sIze+1v|d1Jg(h?JCswTy*A??B#6QCU`I=T&8}*6|ijxTS^Mul|t{B!CY7 zmLxbh@#S#p4c?%faTmhb&#xJMd$@>XVUiS1;wECPEr`<5WWAw^1eYf180G{}_*WaL z99EItj%6phXg?%PHl1u{QTkUBq7Z<9N?bT7PK-jY4+R@U+{=Nk9hV}~c{u}65A#$1M9_zX-}Fe`MeVm_2X+-2 zEO4OcErcK0lTYJ)Euu;}3pZL$tsxKSkJSqwObKE3_7r| zE%F$`lNU6jE4sjGf&D6`&C56_Ef9nM-u@SU3ENLqaodVs(rEOBXrd1}lmyW=Ya29d zUk&lof0?hgq|>ZvgQhgP&#Pw-NdE-?Sc&y7@^Pui9)HZS%A-0gusT%A!EENRCD~34 zjjMOEl`k)@w2ZV96}psFoH%4IT}a4GC!05|s~i0g9q!YgGVn=9PA<+fmitnbuP2i{ zzHYt&YTkJ6hgwmL5$Mx$s+}YK8U~}BC1d$jHi}*|?}&K6b4$j+`x}XYZ|7v24rZ=+ z6v5!77q7jD^5*Mf{9}vv>{nph^TCX&JwofY<(m#K&y-cM zdhEyuS}Ikvl)5KSs)#)W`~D` z?WO)}uNyvsNtn}T?PaG^%{KyZh!hl%mL>>*`A`Ttf!WCx6)TqnuLQ} z;!xJ)L$egZa|?(``;3m$J`qRT8-BNGm9lleG40J=)e)E=YGLm4;@+@eshUz&XS>?9 zq)wbeeoica;XLj!KW0NSRTZ)Mz{s$=DA9~jP;SY9Yv6;95c8hwDZv_5U??Xk{`!{l zaz%%?yL1DClA&*C85*H|XrfUt?9c8c_IhC;$iM6PbXT46 z{b3o7A0mO91jz0z{s+lTRTz^eCO=~I6^0_jE9ZZI&&fHbnv_ywF|NIN;ifOCPWHB? zvexau0eX6PJYE2~amF9ItsiqHQ;$GmB0yZROD9eJ2B+$zXunh1>Lm(ZZ>>ANst zk;7C|Q+c5u-X~R4Tdey^sG;Wz=bxLS5(^AL$!M&xyHFMphQ#R^4II$n_xwacz|?+K zsC>BSJvLMMG$YaJSh;bQO4_{;3LJXk63oAgG67#6w=%4JXTMlC`Cavk@|(zYC-bbs z#1qR+%6_ft==+soc$tq9@RJ0O0n z?E>toR;Aq#&oBQT*HOW zfzn%8QxhQA?)k><;@w`MR9HTs?P@i&?P9|7*SxCZVfY}_A!-1#w7kqJmpHD|U_WYb z)?Z@o?k#Jqlx2kZXg{LVu6Y@%fc7nJWCX1YSrO=oLde9O9H_t-1~j;G%_ebX2e#ZW z$*<@ssHoX~<{Cu2<4j-k4hF7y0)Y3cuUqlG3p2VZW4pK9f^x(1{Z;o$pC|WXJ0CGM z^zEr2Ks%13WWgwa*5u^t9c6iB4^hQ;vvjp?aq6&Wa!P-woARWH#_=$?AGz|+z_@FN ztSKnpqe$W(*cwbBsSRH@R~ntfE& z5n#vy-8vvbr0c8%Ky>nA4nweML`uYdIA2&81(}%Oj{JA?_+jIsa{>CgcJE zDlR2FlHrwD_suFzWxa9R>5SX%hMe01Fv;`n6BGGjD0`vs2udacQMFRS&Olnx)$-e*1~Z z)=K@4U%N%$M1&_t21#_;O9Z!v!4vGX|8j3D1Xj<}q7B!vRU%dYbm zx1OYIMt^(&h^raT=;IZPX4zZ8|JY#Ne~h16n&x*lw044-rR`o7L~v;B^@iL08OCWg zx49X+b8>J3>V45$c`-y?YJsO!Sk~lgUr}Za>{YBovT+J>+Nm|Y9z{W z9;iyJ&Jr!}VztyaqGqYt;ebNFV3Q~A`b>Ee9nIm|cRRdIWUfCX;OiCkZrs!HLdnH? zX(;_>`S;wCgkvw$e5L+qM6#u3g9GNc-o@+U9*(uG@z#>FSB){sQNw5I5vSAjyqxFw zy?LkGeN71`{Kn@ym)$y^99PpT9Kri9oaGI5Xp^8SN(w9O+L)d4`5Lc&x_K@aBOh~Z zTTIBywnEzifzg2@>g8Uiw@~@kGmd^UzuO99TZ7!%?1V*h z&O{T}f!kdV#fgcrioBv9jJlGcBWhx$`?(^Fw(Hn#qXxe}&sShs7@5d3_Yog1O9#hQ zBI|0)-WwMXFjzK*sDBk697xdd3ZU7hDNdAfklR$M;c_&(y2ijCk+(IemR z?c?zW+v+=gHj#Z@@G9G6a63JFx@l&-UaZ1(q8)o0h~+jZ6yYbJvbjy-O&6n3a#~)< z*TK2y>Yc3dhiTOqy)E(L0tTfVa*MgG1$y*($kta6oGf z(l+he5<{T~v`Tfn+yTN;TCPT-N56}cGFCDryg83*vmbosAo766og@g^+u7Urpa4oh zXD>s0%Q;*;ul!PN_g;@xx=#@?G_pPA0k(?{`>wOd?0|KjZx?3bxt|JIuH$!gphk{? z*iKMy+Gm!o`L9)1*EH5vT8-IRD3fG!j&~DAaAx{~se=ZOe$Y6#Oz(?fo?1%Xz$+Rg%j7RF{SZv0qQyv%gPM z(R$dW;J-Y?n84#fR4eo}v%2yk@pS)uv>b`ge&RNfp8N@iZQ^o)WTRBPA}K~7;Oe8= zMd|x8(%-zHq58k2mTytb(jVAu1d2j-V@b9~B=z^gN^#kw%y;@9Nq6O_uL@)>+%KBv zlGGPw%D?+_Ww)TVLln5(g);lACaKg34JUNU5BRR!L^fblvE8kYD}e2G??EO=zTOV3qNXJM=CuQg$Wskj z3kGiKs0~PT2$P$wrZN4JNndRz^UC>$@*zO#d0(JB@LuuZyWeVmj|R!cy@K&|I&0GR z>pVKY%>vES&E~M7-`#$4@|5Jp^8ya* zWs)PeJBX2Ps>Om#q2uynYk=teQezBF#~r7>PJ2vDgK6Amxz|(A-7L{t8<;n2 zUv+zP@hR|?)#TTNDbo1MP>;1oh!r{_KD+U%Sf;xjSF8CAm$~L_y{@!}p(lpSJgr(j zZB?9fsb_l|(mtDxZx5xJ;A`Sg&eUYTcAS&7Vi~SjK3xpoAg9>_W@V0=Ukzewt3M$t)##vOs9h})sM$_3MPoJlG9j7|$RW3m}mFbvaKy#KFqaoDc z5Pb1Q*K5fz`|0W`ObO2XVgG9i0ma?!LGRsp@Q&Z`Wn<39ZYwUU;o)0qVcIO~V zNr%lJ)qS{a{cyIw(9xFNH@%O-UA);cQgIk)2-f-we7%GAQXhF7GIJzf9X@b%V(-x- zTz?%_nYBu|L(<`Zj0Zs9tVq1;6+_*=+L8a!r@KT1R=Z#piXH$9cD1BP6sF0wq@|S zU1m$Vd39_L4IAmVLCklZVdTo2AH(;;ZgM8Zd@A@ahiH;whz5S9J3OG^_umQctd8t$ zj23_q$_PZS3x|0=jR8W1``N2E}d3{@yT1gFes~~jM5M_;;sO-zU^q|A` z4`HkY>+Sj-OEX?$7V8VV-qBDNcdIbNDFx3GnWm;7V`P1Ihc~^kz?@lBqA>2Cq}E&l z-2vEq+&>ij{2vw8>1l|&?i6{>o*+o`Cn0&9!80!y7T0*h1F2x{GM^st?w|t@l`6&n z&0GJUhTTBYb-t^dyy916rq-IbW^iv`41?-PI~2SPG1dej0FMF{?5eFIE*wmJ_6Uva z)jsr8yC&Pd|W^oSNjnY(8_Lr_I`_pY|8_$y9^pQGsJXIlVYCs|c^gwnwXlS43V^4BfLs(M-uKNZmDs(cKzK43$3rYSUgNht)Z^u;m-914 zU?6{XX>9wL_Qyg?Q9p{0_=7)}0CRy7j(4;O?DY6e!2unpRT%h2+feBZ#9vYEi*!|2=m(VR~8hO|3M1=U36 z>=}GJAYipJJyskder$6x8edC2+o^Tg-EOM_xuM5jC<$SFJemCEpACDuF)9Q~kbosq zhKHMcUhXyZccYY_JIB|32(@J!>DCNkDLw@Lsi_WeyhVi}2JiQo3`6qV$H_^WOmJmP zlgf-{OS`&Qup?x>)c4fYyduI!K6N;sO#gA-vUTt9U`y3?6D;tS$={RQ-={M%TvHUG zW-d|4w!g6UAW!ISNi#qxb(zcN7zT27$EG>3?~ zgGIm#+78(fzy})du-Ou$P@ZSdBUl1Yha{%17#k2EqEz!rOXnjlj3Lftf%k`|q8OW2 zFenKcPKSLz1)~SJn-eR&g$+_d`kpTF{damlTzUjKm2%+x&8XXcWoNFlI4vPtnvAhk zmr$%{HwsC|oniv9uF~5GwE0f`R=2w!ID&7>sM(a!M7?&7+8Sy}OQOOqr)HNc7L2L2 zyF5BI8S^bJojP1kIG+w6z&+D7!4wPfJ|a#4<5eNj9sPjA4ynz?W(_evWCnpFT^P&A zP*JRNiTCC4fo>D#gkEcg34f*&SJ;UBYeIpnYb8_Q+b38QBxN*28tGwpl8zmvrH|=7 z>&zEd7nX1GJwCLOciry%h!z(@EX2Bloqs4zd55l-)u)Ii1;Q`Zs2?fY`Jg$AIMtng zW2uOMS`tDxBC~LL_~#o;I$?p6b6+VQM?~UBx{cvw5@UT)U~yE;`G!^bi|dyStIxMb zat5%-q`Rhb39;s9&Y!TaUWN@wy`nwZv&0>;RG+iy1`kcH*J(dIl4yyHLrMp&YI z$8K}Kqo(U*#yK5EWr8B$_I{MaGmxp2)vYiBpMAF6XOoonq+MDOtBic6!w-_8#n5bX zuY2eb`;CK_b@tvp++T!|O1#|7yW{Jgr2$WVz7%=4h!;bI8Z@x3*DY2F;nEQ@xH{X7O?{2pTw)6WJ-mlXJcQDt{n9p6_z)&P50dr+;obUrO#0K&1Jme|DDgfM z`xX%RqTaSx#; zNIrGG=g9XC?o8vInXP|3`{ZUzqJ&Rrj)MCdE9mf*j!WMiPNg^nJ(l(pmX~l=Y_?la z{Rac#aI>+8c^=gnDGg9b`E0Js18rvWA=Byei2_T#F#vx8dm##bJxEr5GeyT{SCW|? z>*N)iiLWTgtVBLXYmkNd<&$sI0X#L4&-)Em+s%mJ`nrQ6-Rp4`#**3LlB?t*-;IvP zJ-ej?glX(@iCH-8*oW8JHMpc2cGO|;({ zeiG4Ln8wV4`T$yNJ|SHsN5(=8q?NANY}yhJGpZ0|Ey{_hY0SLO$^`rN^df_YmTdOO zm~nXan4D%cKC3!yO_pp0)VG6Cgy8Ta_G|8GrtfKPpHu`}5`hLT0$;sH_kpKxD|tN` z5J(h9ZF4$eTjpi&4y1eAh6j6baiB5x(s~+t&T8i+z-L;h`))rZ98qJ+c8UdA6r#N! zdHvImhO{MeCczkV6^Y$L96N{vA1E*pNHGqGZcR6f7Gp(66fbDYho!(F)72M_x0snz zR>)8muS&q+}_UoI#~%fWXdxI|)z)N+T|ZBB`ytjkS$ckk{C zex1arVn7o;D0&Qi1Ad)dl+;5|A-E z8;*s!73P2}7yXAFq9T8!vRkVzEod4NcDz5I($FysGRvFQW_AUK`3ww@QReW1`KZQ9 z#(0vvW$CC^0+qcBUH%*mTfjsVyrIhi5V2_5QXyDJk^G2&kpU>?8z^26-vIBxMwY^g!FET4=QbHcKYN5RCmFp@OVapV*y_Z#h2W7+q2o$wdU0Q(htw;!3PhQX$2oa zhC7jvogQH3D1waq*IpTEFb#l0B|f50tpS-g@MelTbT^+Akt}OM1TM&0*1-FQFdMj| zVN%Ckelqy^|8r4UWagkVOzJ&<4DQO~bqjTO-G_TG#Dnzx1XX2;d~RhTqaweM2^7oF zWA#sbAykEf@}qVr0eog7qOy_x4kXSN{y!3`Ur+=%0Wwiyp$+MZt0|ZX-Muxu4{wUV zIwOz6mR>&gg_rmDpZV9K75Vm*-%I$9{R{p`xIt1%QW5#H6~hNGZFsh#y*zh1IpvoM#upNV7*@2; z3UkVszaT9Ld!6UP$%?)!skycf516XhgkMbKN+}j{e`W3@c=^u-)sKx{ro$sjZhLS> z$dI5_*7GvIh;{oU*u;_a>sNiJ1NKIdpR)R|>SW4I{}%?ge(_VTpYK%_-uF#yA;A#e zA&5m)l-Z%7>3Wl^nsbL zDaV5I>rERPn)Lq-=24gBSNuO_vEO~IpFAqHXdMPXLZ)k-436ZFd$1MzSi~^FOaX|< z^|2QNJ2XPFz}KCPb+b2fB?@g%@vy#zu82mz`G|Ob;!XqH zaH)t~z2ds~jL+U*cZW5ZO;5=4>mG?VBO~%JhL^gWv4)Wu@*M6cIh!PzA^J@e|N06M5)jJl)qA#q&KEGI`LjU*d+Nx@w%Ngz|2L%GXn;>ayUa(o121euadRb} zOw~{CEj&-H1#pjV0$uUJ$f;vW0d6#El+h&U$89d83V^NByl6(2$IH4BZ;KsTQhgYk zdSI9}I(2pN2#UVF^ZqvNGx9eped6Iu{4>2t1}{+ z6PM|IU_UDAY;>*b5hLE3iDBteZc$tI`R~<7ddrY%#^o6c`+OwAMJ^H3+Yg5=X{m$4 zzEDgbyp#fbN)C-*h`9VtHH^jO_22V?VXt;NLZRT@ma48`zlY@OkREjQoY~|ml$q}b z^;@%qIbDuGB#p&TtL9sMd7p*I^gg3D$Sz^Ecx5lg*L3m(d-surA^?p=uMdf`k!JX| zC(S;^nbS}zoQwuj%|B!{wjiQ$ltnBk@#m~e$J;Gv!%%W>)nt&@#~NDJMNW;eT}CV4 z%d(j!k((>+bKU+5j{&UVVzk(FIo(zH@=*x!xd2Qcg`8_Mp_n?;4P=5R}r$% z1*m=%ud9g$lJ(o^*2Y>4MwZUK4ko2&u=%+W>z!`PX1U)8T8K$ORr!2XyT_N0NM7(> zZge8D<#h{Dot!TtqrtkPe|17)D8Jz+lYAgqu8l>}bSPoKGTV+W=24uSyZeigz)U1?83S>iB$ z^ks3Fu(FZU)xPg_@xVnVp|HvQu`A5ePl-(15vw#zDX7;N>M@2Z;KL4C&d!X)$(T95 ziVP`HW_-QBlN4@WQ0Y%6*D~~1$c`FQ@aT25-c&#?*^%mSNf`sWTSp!w@`k%w5?!qj z_2^`Zud2@M@Jekn?w{*f>ph76Z5|&(Gj6x1j)TUqGiyAhuD%+rp!BE8OI%R^i=F?I zBBMX&)XGuz_!2TPoHXz0VtsRGNJ7640BS;uitdQP#CQGcvLzI3^hpf5wb9e=-C68V z0$iVlSSn{Rm(HU1(4THC<%iK>Kh>=u5gOB>*kVVG>?ZR)zSnL(gZ#34aqxi?Gp(MW z>K5EM?@kX8b>uHh%w#R=XEmR>^Dh>|WA2v&V5q)R`>McgjJXa(*JCcM1xe-C)}g`N zhUG`wuByV;!@*#c80vNtMpoo$g?sB7r9gzichYYE0p@X)2jx-#aBg#WqF)1_ z!LsIPC8ePeU0ikc1E#F}Sn9)w&NZdd+;W4ld7cApj(yeB&djy&XWrYG3Ln?yS%%#5 z0=gL6o4N){ZUE>j(y7qlFKC5t1}RL-I$r}Dl=vcqdkildo+j>biz62I+NIDAg$$9zoK;2 z|5}XAnopyMCgKd-jYi>Q42ZJa)CE(BEf%MNaVUJE(L~g#A14IgE}FASYy%Yez77<8 zctt~>p00EnGk~g>MbGymZog@|oc=y+Vlz;*2Hi=V=<+s`H^IIc-8%pv7(Ew-EBlv!(?l|EAo<83Cy6{YFahgcmc8g z78n?)gG4uD>Wd2a0Ccz6a*DGPO?45h2)PqBz+Z8Ijudj}*@Lj0c%9}4! zV6)9FeKTWRh4$Z&h31BkO(u1fE*~_p=Fp;8UYc4;K@G$JAM85U(VO+RX>U7whx}@> zlIiW4TN<0g06 zuiC1AsSh9%heDfI!pWEVU)B>_kVxT;#krd@-H_^!+;WlSnh~jTFQW%0 z-$RHo|3}M_R--SVBH)8sQ_qQa4yI@AVPiDln^daPgp8ikEqBtQM#t6qm)!+ti)od| zRnMWiw{E&WFQpw1v;6l$N4}XtO2qpk?})YYZ?15sVWBs{R)vZd4^{%>fJ zamp%in3v&wP<|fpQoY28syb|eDhKN1AT~HarjIAm+MvvFx0sp@nSzHeDFVGI5IgFH$Dh=`K*M_cifPJ+!eRODq@RR z+k=EQE~%NOv!|daV}fDf3ueA4+dsHP}^i{>~etmn|M?oX8HnAO-r?*H@K}hS~b8B{5 zTVu6v-|4;IST1~B>GF&M$r!t$AqVw{0`5!~Q|$5*SRJ_iqhD6{g0+FIK%x%gsGH?3 z^moEwGTI*HKzpaDmp=r-EdAR@u%fwu>~zQkX8vxx*fjVQNulMH#Tr3hH()0D$ax@VhCXxr8d+ z$CvJGary3eL&VJ<|G3Twf;I70Gt~a)&yP5Q?ofkD)uwc8a2+>X7rN@BEldLGLxhxF z(wRyIzJXLNF}wA|(I(@RnE8}eU+gj_Pu-2DxE-iH{2O;VEw$Bws9X3(ZyOz#@D9Fe zM-?fV;f6!nSNpc}@Z8L>({@>AoVd zy;0*&eWTsA+gOaQ%P}8IqBGp7T2=<~j*Vp##<~63MC(^qAET9Bsq>>Mf<)dQ9)2+I zkBYm#6f!*cgl2U17l=V8TuPi6mcs0K(+ovS)%yr+Hv$rt~JK5Bvj>3yY#*wLX(0i^UtV4Pj)a{uk0Xs0fei=&oI&H zQ$OCFH)rMkY9?wuN`j{2A747Ii%|@%fz z$VB?c_*;8jlW#mABVwgDS1P>AtJ4hJ)(>%_mn-)PTk73MIi`JEHCSammFCdhSO34Uvf%)Rn9&5PXZSkpe4$=n?LFB#Sp8KZDYjSSE-r$Q2l*D1t zBa3nGn+=Z3tbQXqMBpnr{~wetHRu3;grOX`fK0ffE(j^a@OECWZp3-A{h4Z4vcpZ>5MStY%sqK#$9vGZ+{mbwz!3iuu-L%u`O5GS5Jff??;~ zvN>F=K&uSd^X(Y|?`!gB%m<754?#}HXy=~4#?d$SMlbgpZW{Obb`LtuuGANyRTRbQ z%Au~l8dtxsF+nyI=1S=afh zk*X&}qQdZ~xuKc{%abfyzrRO7_A{dzQN(o+?L=?+h0Yu>uTnzzu{!buMdl$A8I@3+ zcRU?pQ4+XYd}rpoI&sBM^>|+5@e+5;jcHfL2MIJsR9rkkr!+AgJ_Purm-s&HRI>bj zTm!ui)@xyt#kGadDXqsX)V#%jy=%d{BmnNWeYB)U)+yIp?M3eiR>^3ly?4uty#=pS z7T7F#VkFcT=gEx#@p9VVheEwbo*%)+T<<^fkch8RbPbJtg%9EpfIYn?f-yr{U3@;w zC=&8xqElUs*BeLPj;@&4`rN_7R?yvEPZE-_$i2k6{jW&wh^Yrk)K-+B?%$DJWU+b0 z>YsQkguD{E1z2)oBfluN?(-_9aicHV=K(bVS7Wk~$u(xWtz2(m*hLct<;qudw6wMR zzhGP6y7_2`coWzZi6mIiu>4x%>o@0k%(Q+`v=0zBPS_E@9-(EwS`n`HsAPUrIXVk- zq}rdR{iYt9unnVX9Qc^t^dFYdFo+}mSU+m>9P?;qlEY5kgc1=!rNI)19Qvu1KeQZE zM-H5ek?ekwj2UHOsgnQ%)D0M1#|*)d(n>%V2KT6Xtn^*y3kp!zt~@Nk8M9~y{Erq|D9wwx}y+cNEC#8PQWicOw;sm9xH30G2=+KMkg2b zmVm6F!+YA)7uwV1+uHv9AUOE?T9Kyh!TP|@38|D(>GQ1k?zE&fk%4-&QPS*m*tvBW zM7Q&_^%e%3{dbh%D5mg!!?Nw|DaNbqjoW%E?RE-Efd&v8(@>NjcAsf-ov}E(eWtiv?|2-jf4sg z(lw76t{|#+6|}zlOyCqdC+H;@^10TAPVX6`k+Y|6xR-3$?LA$Jn|YK^z5qX9fCE;(i5r+WnSMpE(L(0JK<=p3K5py1Ltowo){3e?vr zOkitg1qCY=&sIh^zq7)8WSIR$JO?;dAH7M`G_Vj+xlTAE9;2B)9opap(fgS=e4?X@ z^V=oQM7(xs&k@t}6N*~Td>amLZm{!5f*zhOXnlFp#k#a8WWq+7JZ}{o^q3u;rFKI z5*WoaXNZlI`y59)>IUcs=045c!dr|@W2WO6~ zpgua5_ghP%fGe?QM7rXybNS>1<^#vWF0U%1jo=-lfF{6`4{6^RN6-T9p3yriWy#(| z{u>OwE@ypSe#FyhSR&lM(`+b}GluY11OYZUgxFU%*AQ=vU8N^=ZrbFDfeB1u2y}Lh z<1^xGiY_!88+`Tn62IKDA>MYD^O1U`LliIYuEt0!~SDn`w`9Q6c<$= zKBY3WMJf@`N6G+-$~2jcd178h3%8FXihf7mpGvm zV&F^0y337urh0Oe3n6kT^u>Eq9vmf}R=XR+VSJ7Anu6v{Rif`MaDo+%_D^_k(PYQ{ zZrD^w(?OMIDTphn3nv=qS8t?dvT6cvkho^&q-;f?%9HhDc0?L4JT6Yz5%PQW;QCF* z(|(R%L}fr?CxA0*gjjuG-j(SHmMb9fbSkGmy0^2Ij8D5|1$x&`zmq@`Nm5OE`lsxB zd+C?J=Vz?^1kx`z&6i{OoqS}<47uA$NGWsvc_Sry<5G>Wv%3qgt;rf`@(FY0YZ&MC+PG3~ zd3Bb6QBEJlR~VtTE1PQWJlLx9m1w+#;YD}i+4xWQNey*vK^+kO5e_S&F)ds8bOott zR5_zbstSF|)IY_ZU~6=1j*de)(i?i}w%dlHXz!D2AQx|C)G!&XyJN51KHw`Xv)}HAbtY z8*gxgY3S|7G#QKeO&LA?j%pqqy{GX--2{t#1&^dT?ssv{(J? zP&V7Wyk1t|pdIvyvG3m=der8q>>Z?eZ_i-krhB2O>iAoG}fGf|1Mx>3FWH^yPU=Sm1QHO-qA8#GZqg+fiSD8Wd+=6GIeZU(zu=BK>S`*DGa9~alj`GsJSbMq6gx7 z2x-%2@09wTY(tkBg(9;jWRIGN*ZoNNPf6K+6eTs?p~Rbw=>!LJsAt2!H2r^NpYwTN zEkI9f&E)Kq92u!ig92X3vJt!*SD-V2y>}D1DL0M{;eAE@Y5sjK7oAry1}AAE-?|f9 z?^bF2?7u;Gw>|J?e|y4+O`WQ0_?Z@-Slt>wDb$%Wjxw&Ty4BFcijc;F!iLMgzj!TxD9B5$N&#bq9y?%dEZ+YCmCmw}f%IqJZ z&u#koMAxk9(T8;VUP_4mcQOLt;|xk{aUJ}wS07nF`hbo>96)sB@P^ys|3bN{PNa5} zIavm&ptIz-GX>(8?Yp#&!*&|tnzB4pk#L$1oTu9Jz)N9gIV_AwA}}k~+E`<{F)(8H zOm>HoUGX~}YFocc+;Y03i?r&T{_EN`##7+(v>oc(`Y_q4g@c&E6PKY#N0}Sh=HvqX zu;oq|=f#78oYmJ-eT-l?%#2xGHF7MFl;}%^kaNmqIjgQVdPR0~%=PF(`ElLdwmX#K zY^p8)vg#du@=IYdUH08;7=eGiKUct#eCxLbX_|oiR8C_sY`gu@bIm=4@*88o;}fXN zrXgZzHjVwk?vQ9BQELM(+0SqtT)gx3~hw+-0KqLs^aGG=c!al}W^ zoRJ5_`YSd4^;ZGHcT4i5P~+6^fDfnuAxKHL3{`bbT*mV6JSbw>-#3t7{g5#r*JAv` zfnEGCSo}zyn%`@7hNt@kDEE_k#MtuonHL6e!6`XoHhoU3^7udR?KYd zf~pNN3}nC`7)5r`-+Q~JKa;VBW(7U^Bw#D|F>64^YlMa`-0-mU2!IqXcG-z5mVWDy zOBQ;-R`Zp+%kLLMe4Yr8RZ}9ITru22&y22ZUlvj{z7+~?R7x_lJpL3d`q-#GL>=lS zl5A=6ZmIB5INcB6DRUd+j1?a|N)j$P8AIR>pLl@^I-}Okg#VZEPOXr|kSJWlM6AZ2 zbly^AjVnaG%6NH!5rlEZP@*prFjxBFt*3y$%W)eI;`v#NsloN%3qymcnIvt=gDkbc z5sIH-@kQ_TN$t;DA9KYD!y&Eq3R?CCO~ujS`PqAo@bc7?GJiCpxeFlDiThAH#eenq zFdgcxrB6CSZL!x|>c7+TGc*qE3uzSdWsg0@h5Ag=SJuVZb(BzR@5VebY*6ZhTxXTk z3j2*aCO3ya_7`>u1NyKA<&F~`g!{H_JR0(u=d1TJJhr(u>|3WEU#xv<$o+4OmIAc= z*eFLRX_Rngj^!)3b9fX#2_H$FrI*nbYsWZaUzi{xn4O-k8nuV>XP}FOmpw(ejbBOD zq6e%YtPBb)3+8s4I2jr`@LC`ZO_{iXFwUxwaP96=Be2m4P7bmw4iJS}C*VdMgPQx9 zlAE(SudeaAwFT0k1?4s*7 zA}-1rguRD`#4@~w4T;m*FMlq`KMX7OO_Ar?=q#cM`8a*n>{~)F+D{qlS=s9JQ;JhXB;)wu z<;j_!uwf}h;YbF$f@Cbm(aGG^uJhqYLQr?%SRj&At*T~p_8`XM_L6^YQl3O~da zIOr^Mnq2<9ktEj0DE~Js4Ivm)1I^#U=$(%^$%W0}fqpWeSFXtEkyesWL_ z3E5XAiuX|xAhYa+j3yCs1d8_!J^1flLG_0rn(VgDQ1|zE5crkZ{_80eY{stwzvuub z=3x(l%D_>Ll+5Yll8M5yw$Pl-H~dZguE>bJ;miJv>LMvcPL$Ux_-x=+jkqbx=j6~u zo%lFl0Poc+~rNf&~i$K%}GBc^NgO62SjhGM-_oPCsw~OE=6-iqI5uSNzzJ zkkdC>my4?D>AK5x4L|e0`{^xFV0>Y9e#QAjO9ws(drA>vVP=Uo6CB>CkzQg(bKdho_ z%9=`H_=ew)m|*y@ONf6;uBIdQ$a~#+8r1sKKAy(!%wK)F%Z*&T2+opVViN;;A=WCbGU z!*oZzk$)X@*Z*C}z}ars8HJ8P{8OA4eb_k_8>a=c z{K%~gIXZWC5UAZqCqy2SFT3a753vXyMoeogMX{Y2+%Io5up|?tvK#|nD#dufmqEw? zhTIpEa9{>Z;7QL_z<2!~9G+HhTXwg{Rjqlj9_{1mJ>4Pv(NWXYRB|?kh}|>7N#~)O zHrnBnD_hZzGf#(&kjH4J5gnhRPV0}VT|6g8oyrgBW}ZZ1fI@irgv9;CW0qod-<9!| z$o-PdhxsZ5fE!=N%%72^%XzgJhSwLQHxx}QUA&=q*h5MR0#V|~Z9fY}q~^Qzz)=!p zDIL6;S9;J7O{Wg!+Qs188uyQxSC*r&nf;ZPg@mu1C1v#hZO5Qw;BdIp2eT=dC@fU! zb;gcy0@P$J|1DpoLZhu+&8j=gY*qq9sO8HYtmLj1^eT=n6cqkv@|KTX0~?Pe7MEqz zuA9m6w*8KV*7wLL8HDi1IW;Dy@oC^_^7VO^fa3Ly3l2+Rw0NK3V;Evg+H(KY*m-N3 z{~wFMO67Qn9d3jc5P5V>X3mHi}k%7B{sE3<%YQT)ThIV zROu~`;J$Y)VBIS$UcH*~pHb$ByR6*w{Ww zoKSy305Eppl*@Tdzx(jK2sB3&laDAN>GM2{C8kq696KcGk-EG;yVo3bS<)Ul)Q6n{+n^?mKtJZgBpe)IMkeE?mhoQ~`I z_Eo{o-iE>$$87&@_pHGpUh5qu;CajZY>Gd9?-_cfeaC-siKE_j1(}+`^siIO{SSr4 zx=hQ%n!VsLELH^8E6@2l=fRiPyQe35TR2qC17QGIiwbJU&*0`2KBwY@FAopY%ctwE zJ`RG2hQ4YWqQhxbYIjFy*m5fC=!ICPu{Sl=I?P$DlAfDc6gE_}CxfL%C%P9Ie8d%Vgdan@l)FJ^m}HT?V0EY0S~+K;sqNM1yi~slyu={(^~L7 zLs&)9QFx{DF|wXconLi=Qf!Tz+qlulo_^y+RvWIEDlPD4b_B_%H^!b|x_dQ8Y^e8E zCMlc#d*JRpWdyZVbA6UAaI z6~e5!$uz`=#aEauyoMZ9^d5c%cism4*iSD@QB z)qGq?8kx+0EMK>uJ;H8NM56zzPxD1y{a9ZkhUA+~GZ$ik(gu-EIbo&IkCAF5{;T{^ zYc-{v^qDGdTH%{!3jXE}bfI+sSHjnw_-B28yS1Ua&vu5*f!!g9hknNuS|Gu(8>Wul z4s9ye!Fc#(UUA=rmyVr&VJZ>+ot+oK*uBIx-_Iqngi5}8Gqo4`Sd~hs$kGY_46my) z!9A%sB0~SmURW_D{wt{C(S?NH0z_hYO+hnlguwyd zayTKq?q^;`#wH%u-Q}A8hj5g1p;W=vU_jwAM1xB^D|Wa}m36%IGIwl0z9ZAY)E2+6 zoULtrLb5R`B9xcoAT97=#FU+b3lKBp1SX*nK)d_K>Z2$$C4wF;PXvoFyoh4=cDYCG z%jSdq0=5noWN2oY`dZ&>oVB!LYY)SN|#s7LRz( zNUEHGG?c|^%hTp8cCHrmFVI)NF=Mro2kB~<3hT?m#QQ9y2CL(8BFO$NhL8Q8{XbEL zNMNjrXL|fX2d}jVAtE#U0M_BKwo9f)sE9CTaKiue0PH=>6TL(!u>_rj4mYBcu=1<` zH+;BgJuJ8xxH?B8m)bl6@MEGs`WbjEOmRvb25V$-M_gLLN-~6-G$=xLQuSCz|DW7~ zZEa}EFk_<&HhrztlBj8>Ejd*CxEae`0r2A4m6;l2L3BGgq+xKU+^xOx501{?j80=s z$o`bjMXy~O@*qTSv^e5-nXcV*N!ZNw8=S#yI)p?(MHawJYNy+jw1D|r1-BDN$d(_v zvB7+hmNc{gcaATn{hV%PQFSDBrW2lGRr|M>;K8JzwSe!>l?xSqAn6;M88KK;j$~L( z^D)8}adZlj5^S0o2aLZc>Ro2eV;>hG5~xU@PMxzu97JK)iJ_QXjGA82an&~oey>MN zw|UrwiR6CYPrF^f>}aq82ns4R{VsJ>{3MuAtW$ofa~Wtqe%P?UaPX+6XzZ06figZW zL_!Ci>D?dDl)^_kJYlM;I;62@BGyoU!eH*}D>!9+JOVeWkb%CCm`zm!_Q8#Pn}~S4 zfoF|~vFXfE4PB8o>_LGMi=&WQ)&Mo#Rs#xM8;<@sVkscC^l>VyEbClC!dLKUzVcWF za}+h+vY<)*P$;a6X(TGzH`;q7s&dElTRsz0bcDH`kbL5xHqTW}2;C_`LrzV7d?YG+ zK|*w+9r6&-g%Z;b?}VZN&m>PLw}L?)o>dXAqpArhGF47BWf-k{!)hial@W|1!b|Q6cA4XxDdS%*lv1fiOZw^h#FNjDqbN`jssSN(#RDkhO z@)B4aC|n_XLr5| zq?Xf}z*)p@-`<4n`Vfs;_fd}F4AB_khMl&xX2&g3^4{STJa8XovB4}UEh^v^?#6ZG zO}vkRNeLRD>)9#PC!XtP1h7!CGP59(@vup?cSZJ3_58t8JB@oqF5&%>V09)oNcLrm8{3}=oee@KXO6*Mah?5Q0{I}xg z-*EwHW#Iq7co!@6EQjSd^B0-KKjlbVhqB@1c~9lYP5(pBgsH-s51Qs9q`?0*)&~aiPNXXTL+r6;MzbvX zTAu;`G!cOeW&FuwdOG77MG1o3amByZkz4%1ujbJGXS;=Pugib6Ab$d*Z>D4P|J5*n eL4E0l_>^p;+V4f%JpKv%laWvquNF1>{{H}Gx%-g- From 7a766cd2a77e288c35a12f302228c6e43309f8c0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 May 2019 09:19:45 +0000 Subject: [PATCH 1162/1961] Delete exceptions02.png --- wikipiki/exceptions02.png | Bin 87107 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/exceptions02.png diff --git a/wikipiki/exceptions02.png b/wikipiki/exceptions02.png deleted file mode 100644 index c6c56869dce078f4fd5d76d6366df576fffbb6d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87107 zcmd421Cu7f(gr#^wryj_-mz`lw%)OJY}?wgZN9@D+qP}pJ?A_3{)U?o71dE4U7ej( zm6iF_(-DgD5(u!kupl5H2vU-w${--1lpr8Kf}tV*wSeB8^Z%=093{0}KtSNo{!@N{ zWM*T7fWRtPiHImFS~>t6Tr3?NiKRqDh#j3B%&lzAKtMd!a#So-RZcPap0^%^Wx{_a z%Qz@wKoctqNBu@mp!`V!gDf3RQm~4l)Q=)2297tH9}X59`#Ty#i4Hyzb_MEyq%bz9 zC_M7-`>uD9%~IF%(d1Y2GXHVaeNN*vR39{aswArt`)~MiVM3Ihppn7h-2(=}09bNI z5M<~^Qxca?vL7HXe!RT2qHm`j4xwSx3bA;UF*K*NJDDTRm7fPj00 z7><&Wd4L3GfS`-tY4G0C)*v7M{Aa0*2HtjZF0lX|XnH3o4GjiD>M1EKT67L0P@_yi zh5^qE9F_n!q@DW-5Rm)?jDKHy|LHM>STi-n5!-@jK!4T?`AuqUy#IALUFj$Y0&wZNxDJ_X2cbE!lp5DG~k?`yn>^;XVvGf`!Qk2ZWJ@VNHMII~&qe1qxG#PSz3pG-O;5Bw*`P zvJ6dfL}VCHYeVF7M0zuV&h4k}3V;C@8ihtPB3TRnVH~MR77LA)5%NOPFA0tsMNT{x zj;=&1lfW*?tQ@IItR_it$L9>n6{aiRk-#$w!V>rq+9ko99MGV|w*cQP(q6`i8!TQ3 zH)9H5&Wyv%&zf;=!sUzRC^(*}v_x8q;};oW>N~-PVjZ+)Vi*Pr*Z-n}NirF)C#{07 z9LB9vuLA3gcr=-=cLzre5bJ~C0CyKAHX;;~)RfhfUy&>$#wTY(S%cw(0Si_dpdw8w zlWC&tKzSX+HfCWC)0CtmTSARPV?_227a8OvM~x6+p=yr@m8$=vI)^$ZK4-5?c1l;C z#U_bMmNd3zYSRG4l}txWI~sD3a{xSGJ-|C4xzmBoF&1?C^P;jxt^C(o8s`xCknIrC zES*J2tteA@v#dZBg*{GNxVoT4xmGEx42{h-lWQ^vQ%a_|x-exP*AmO}*{b#g(1Eg< zLMWd$qcJyrDshr_0`}kzj}VFxG!kw>jgy59g>8Z3j$NBBTY@tmg)^ec#L0Y~ew=}n z;h?7Zv*o7`M#5j%6zLSo6uh5|s^t|W6YWHg6s&VD|D!w)1YOE^z7xTcmQjc{)!w%PhxP$63o++pUJ$9@=y*Wi4%H zQVj>%C0bW4UG^c`Tw2ANYT9~@;?+6T6ic1eouw$H?eatM$=2Z5TfbY;l z>M5gz<}~v33hRCg+BnUiRgOy5yo3doMY~JTeRx!aOyD>}8b3o8-tgvV_klFv(MfOD zYwj^8t1)ZfvTVKfisQ=aDr_Tff-R3GSBuqU1~@9RqjWec0GF4-WV2o6ry!ybV9|U` z#%RKrpi#YC*IMje@oaRB#s9?boVU-v&&#>RvZZA(!P(b3+B&WPbjURb*%t99`!@ad z`kny(v`X-txx|LQs1v*9Zu zx<3i!?<9Z9c_m&Xbg_Gq53v^09kvHkmB)9?Gy6L4`x12kbvLo4I8;W1oH=HO@My?-@yLnA2#Q3YOsePzULdumwF1Cj9S~xMsJ}xc>EX< zku~V+SZNskE7Thvhj?KQe|s}FlAFpa2ir}j&F9QdkGAM@br4f4(vH#)?GaYjnh>_t zn=T)p#MT+pCaKpugIYw|i+Xw6y39()rY3m=RR5?xsJ^LkT+MAZ8!f-s&tBnqcRjIP zEUxQxJ%93#^{lJ?P?K9UUo?A{dT)FdsEMdJeMx<{)2o)ZbGjS>n*;lVB13FhZeLg= znB!Abj$5KVmp~jL>iNpKcBe<+Kv0Xx9^NB!6!knfeTLb7CPd&~bBp$_+J%}YawD)H zV6+y_yvr2NQptSRG1lo&nBbpXI@|L4kXR=|%4Xx$@|3<;9kW_H4V+K1xSNj7Ny+i` zV|d*#TrX_#J~o-!wnlQe?m!0Y&WU|T9rJYYOzGaW0qz>s579K*G%{i&`S-IM63>t!LDOFek8wyM5OEoC zz6!s_Yp^gG{azN&m#1daXA9Eq(vo`Ze2PEM z`p$7`*M|p&346voSef-7)ZZ`r-8b9`u8X#j6b^id{i(k#U+W)LW=h|aaFUX~!NJn+ zKTKHZ*Z;+v#3qu;av&gH6d)kKgFrxDzyH;zARw+xARuRkARyf7ARt%{i3UUBAU~w+ zr9_2PJ=QLAT+{JKZtJ#lGY(D67jopO%u~&@8qCbYGjK#=_kWX|{4zI}p&UzuNVR2_ z!DJ zPrmJgk=r)yJ1uQ(+2}B%PLtFBPd-Kxf{{y9jQ>yWws+IhNtu}cPYBTdCrL>JXkf?# z=)n>Hl`(%pF;;L)aKodF^z;t}6Ul!oThr{Oljr0P=Nn3&8(nxHTQW4XwGu6E?Y__q z8?)(UE_x$

    K7dCX+(^I8n+(ZWuZF)$57CwSz$4a z7L7gXOg?`@WXGF#Z}Gm_2a?d?II8~3?Yo_ph4WMtD{< zFb9XGKkB@{jWTuCusNNX8tC#GSXch5b&ZrFF-%ZRDlXy`qhMqN3HL(i?)kvd)o{Ei zojjHB;!P*tOMLxmm8NOH(f!`jDK#dodSzgrpyAH*>&+WGc@#pYnm93XXz23!P;JoS zQQuFz7oVTP>Wb(v0EE1eAj(ch%k`H-Uk9aB?o2XB5N~H(bvNjCrb>rY5W{mYE4YDa-n{(KMSu1+`ldGHwcTB zck}ze?0xZJ%&bF2!HJ!`Q9gcF(mNI(1vQ03%t8(S1ru=fy!TlCLkcHfvwDRN7Tm1# z&BsFxEI68MP^@e`Rt!=^-SJno|6b2FInS8NF!^Jb$eB*)*q%6!zPu+cPdyRGa*-Nm1Yh zM`07MD9*DxJ-()9MaMw=em-3qt`=~hYk;qU-AOTP)BJLbzY9gQz5T?_BNEZ@k1A#V z9ngjw^=keq?Z(k+;-p&d`>8Js70m2-CPwZ}%&{6Pk>V60yn3~XZ+B0|G;;tQ3O`OV zuvb*y6P*Lmd~)lHvtw(jqsFQalybAD98;1f2g=PpZ7#fl%4gJx&(#{hGTc5}{DE1O zpKOVH*{s?uOQkN^^84q*d4es=g9?kFemO5hQgT7x;+p}dtW`zwZTtr2AX$DbhAi)o zpjej{H3Sn##O`9TR2Y%aQ-y83AaiTSne)Zj}Ki8LjzAj;-rqY8gR?x?tMT7uGH~gF7A}=3)b1G;V z{GPlv9QONBL$n~!_3IgKN1A&kMYrz?F{zoc5fNk0qAhDyTwMuq7V3uc?0auVNjU0L zBaB_+v9Xr+FZ+!jbkePA{CKfFtt=nrn6 zH3}ri3)C+66rQgN_8x6+re7n)!~$*n-z@w*Tf*24Y7c^1kLud1AbOECg<0Dl{#Ld< zf8Da7GaR?ZO$ZVBGZb~bYc};_R_#Xjz7hJluUks@d?g=my(I?G>-+E%r5>D4eBAuF zvzyz-k&0KWLZH*>it<_<9)+vfEr1K%Ik7EP!y>0ZBqdvyzx=AM$`D98?%|h|NsAKhe2;}4A{+mM*m$h(=> zP~RO-pQ=QX@%bEr>S}6Ag!5w$>Xp4b*je-BeO*hl6_|^**ObBoPzt?FBb4GsEDv(zwu%~Pd9uN&)Yv6DJKqSU#sp)9MmR+6S4_KH4(pp+# z=Owgd>od}Q3`Pcp?swU{x~rq6+#6*JB6QYU9yei?hZuebJ2~3PQ zRGBV!RA1y;n{8$`|>o!3akQRQ49C(g-?O zE8);cWD^v#sy$K523g}j-obPIop4EVNw?naODD9G1>X|D@GqR1Uqj#9oK&f+^?7{v z@cR#${<9OJR}Kxd=y`K#s|VEB820TJ8qcYqo+hQ(i~rjZ{o*-6-0`H2w}uQD@#KRq zgjzbGPaV;?A1Up(Jk#AIbaZe)HwLM@ysR0tpPXXmhvUw~aL^%TJFh4-+zJc(ChyP?%a1P6>y^UK;I&0A$BR$w;RjM(JMlUnvfY5{fVW$vEr!11_@Bot@v}Q}Cnou(2~E4LE1m_~I?g%Pp}jy=X7(Va8@) zu2Mx3^SjG~TAt+NAsQBAH*v(B#R-cfN_GKofJqSW22!XkVqU_o&>x^|i%9m2+I7Nv z5$kpk!X76NfW1c*IouOXtB%@m+y zY}1T#N2&q;hmJY^jd6nartIhnz8gLw4`LWt)?8(JQ-Lvcx#`Gi{DvL+8kr3af)x`0*8gnx7O2cJ;gGRa)GAso7y! zBE-CSX8MOoS*EzIEL+gqp>sc1(%6)2k-t9T{B&mD&X=cXa9Dv=sW=6O7WNT|A0_2B zm{k3oQcoC#K_?7`z0Z=Sc-(bdhchJ6r6q~)D9!^CqtRDjdl%2oFacSdsbD1~TdkHf z1uVv47rKu|EoX7c9ZDO+nYIiS!!1NN4^kGw^e>$$`3 zU&c*>WVk>#ulx6(QJ84BD{!a&SgC0GSwiw?&>xAF=G{{rpspM(KrVaRaf-N zXPFSx{*mc~PUn-@q!q?uw?=NPx1&yQ05936 z(i7F~g{Yw)KhV+~MZ>F$Sr%sOML|jV&D2q2Qcs=jK7|g@8##s(B@RP8i$ezOHQ=lM zHexvZ7h>c<3qE^0dLu}4P92tG@T=xw(b#}5qa&0!k7;Kv(AoRHAeN*snr>%uX57!= znXda!q_}TOSuKyyW#98>2`t}m&$XR%`XB6`vy@l7(h~XKvC#@BGWlGtNNf*XZ0m=R z!UHrwo$M$kKE_Frj`8tn30bweH`(%%bFcPnJ zU5gX;xS=OJbvL!T&Ka}qDc}xQ3uI1|Y)_euy)(`U-17P)N=tY{*%1W3pjh0U_^R>V zezEv{y};557cb@wE97WME9In*JLFILtJ{>$8j(-bK!hTJti;o zCUjC{W@f@`rOJ(Eq<>UPMlhXNRunXK1YPYBh6Wrok$JN7+9RdLTQ=OOIJ!0|>uU*# zgb~sF%u4VDTGdwPpID-GkOtUNP%`I42P<+{M$uH+i=m+kFC!N?JxIYHpIZE23MtTv7>gFIbSPXU3zw3npqUE*?(UCn zk+FHOgL7x{rIL8kXu2ZFO^#6Wto=sG5S4dEk31@=xPV6JQJiZWu&k{roh&5_4yaj` zB1#rZF4+Ccc`6+64I7hW6 zou)H{LOQRjG?h@n0gt0PCgi1#X;l!|QbQ>XS9z+aOHNUmfVwoc3shrsJq?x!-B;~e z;PeWY9HV4k6N0vnl!X)ix(ScIPDygNcMsOyul9GNph!OS+2nxNDxKSVWJr&3Rd+mBvk z*jyz(B%tC9TUb~LRP5>_GXUixZKpUefQl*2Syr|Os^e&6 z|10auukXi=mp2r`jH*DUmot-4{`+Tk*Q*Fi-}a)A4PIL}zfUL<@RH9=OGw3+N`Jm| z_u2}=(U`}pRbp9bq=xMKLlm|zi3LZXfG?n-jgjYu%U=)f&$`S9QI9? zF2nWDqZO~{8m*Xu^_If5Y8(>r1}+Z{{sT#1#h_>Pf=B;d_CgtG@bv6EASar_{^!fGvT1Q!2T-^AHR_6Z$Y?8h~gDWb`|K(Bt!)qY^-U3}F8Xo>%Fvx0x z9shsW&i`rm->&{YyyyQ^1Nyb_HuNOne$;Q7;q)EUVY~Sv_A5NgpB9Kw%dZluO z6ThAxF7x8AX@I(;)RECIKSYU5A;h>&x7}BAh}NdEpI*O?VOCP-`P1UR;4WgJCycg% z!`~XeD21T`3RsKmt^jM)254y2gb%ibg}Ie-(l162Dq&%D9%@GVea+6uc#PoMq`!qg zbbK3;Z>ml;Nyw`s%C(MBs= zCcy%yCzCt@_Gn}v^0)s(88Re6OiYvaBO1PScTwy>(ITK?FE4W;Vh{f(V{R5+XIU1m-&Gj->>?)gA9u&sgfSZokI?~mbq9~iN9xFM7I zhT7sVgW0VyKK&50tpJe0A+4wSPZ@mOLFU=fk5tNhiIotc6s?VW%9{!iM#)U)cY&k5yNDHayW@AzCv*NNA8x|XIUrFsj5>+bG|7XNx) z3>@p{+MU|#OVLYTMv{UT9U5wyq5_ro+NIv!b^cNPrS4Zu1FTjuh|6kZ7V9B-{*2aG z*t`z~Zc0=NJgl29Dx&+5(ys}|?-xu5AKox6+Q{2axI#+MpjZ=$RfE+4Qd(+fo^gG@ zphfnd-|W{c!aEMsCJI{P0wp4e(V`Tr+xmTPh3d&$ZhFcmKMkhy3^qkeKl18%8o-;w zH102m^!GN+c*@*lB)|7gitd8C<&)K#>bMawVG_f>e1}?H>wl? zY7$Cb_T@IX9Y(~#fph>iy%CV$LSh`q%#xflEotRx=ir(mFiGVZAPW;4!Xh#sN$LLG zJR2Ku=iu2>O3AB>RZnC-h{S-PqgilS(Ur{OJC_0%s0hQx+!pQhp`Y;CcAwxE@V%`( z+Oy^+{`mq?GYvMQ6bJQh1!_UVtBGBINs2>*sV#!-T1X8*x9Cx$5|hxdG*sn>3%<{S zHNX+M(kR5R%&=qh5+(Bo(nXL_2>3#Oz$hD<%FfTg!?eG@;bxjUO6MQ{vBANHCMnVk z92QDIsR(t_6&KPfq#g|os5lQe?8?_a%Y-D&@60TLxS|3zvMR8`P7DTo_?0fI1r$D{ zQ|!Nd%HR9&IiFHI+dC0ny96M!@Np=L&4X?)yCUdu1|n)HDzL>XoVZ};?YB+QMg|&LmQ|qWqGDQBM51)H)L3DM%EtZ67@iO6t?U14 z(#@4)wpIozq+Xcqt!l8)%Yy2`eO-BMLtVr>MG_8*@>xu;?1(OvV3O*}j%a7x`K@c#J`~Br0nVwDG@&X%Th(qtS zo{KBv925=yiE!F(+w}VQyBnXHjyC^i(Lx!}zz(!{DMe#(MsI8IT07*r&$}_-<@XT5 z!lOQC{mQK2a{*X5-qxW&IvQdcYGsF%V580Vx|M$K()|a^k6?j3oV3B7hz&k8vYCCo+%90&%oI+KxP0vn9tAN>5;v~L3tQkN+Ag}9| z!(l>uYAMisF7%OV>C9~TV+fx`TkCF*r>oP0NZc8cE5ayTAD3(lcBIAUuZqKjS%0A( zK)hs*vpUF(wPhYte{7<3`>1izJH7!j9_>;vRqcr}YaFiD@9&=7yJEx0EEPVvmdWvj zyXS5a#Dqat)RSXKrkxlY&xh^ji3#RadHzEmVJy1CPX25d3Qd7!Vsx=R6r;ai`e2tT zDcuh;XTW9Y1bs6r8!cwLAJMg63#Pvhht;m1n}a40(E)o_Eo5PY+V=ZKWlO&o6tmxUr@!;m^m{;9BNN zdqZN~4?oPWT|0BS^-xZdG`|R=(Oj=ozc=n_->&RMyto9ecBCAhmb%@1>9(dQ4FOI0 z{s6vYwpXdKONpwYOf7%EB+g@cbBQ2f`(C;MdTue=t;6!xUent|Fi9;f(~;1phtewI z*s9%DM*l%9gPOxK#%RCK#Ck95SMx1YH&vpe>f=9k2J_K?`<(hEE zH-qN}b&j`$J}~76DFRWj{ zE$8|q;mBwxnva<~swCCC!g2bFG!q6)qYVeomQ!~SrZ4cyRps3Oa9P51 zKA2(Py#-aMDA*y3?Rle6ITiK1-WIarG@5MXu;Ccw19-pVJFP5v)f2(}46LCU>;~JOS zd>N+wpAaOFuKsLXl9w7l#;mu_64KV66}P?^YB7_1I!nd@3MIKEI2eyYjs=XrhA&^{ zhi4eY&ko5YsbN(wbcgS!{YJ6QIrpWq1pRGj@_d@YwKXugoYdVIzk_SfRIpL>#m1A=itnlO zd~OJ9eOsa@-_NCRIO2ba5z~yk?6tRgd`1=HS5y^OP(*fpu(6orun}lYNA>!rO)uN! zOS{glp$==Iu~O@F2X2}{Ok}plyFzdS#fzOCzeae!pN{EP)q-i=(KC!tuLcf34j(go zT6XZHJB4wWh;dxMN&TMRN_~19;n+oI1vr1$xPL>Mx>(Li@ILqBAJuHgM6t(^Xpz{y zKiF+)ImI^sd1$Os#{N!H&aKI~e`lpRgEFK>%0oWuFXg#rr82!YHXq3KW~=@PT^QIn z);BB1{;P1+o3$?9=K0*bivI2kSkO>X)C?1N;h0s{o5=k;rC;j_Du$wJn?7`XOl0&x z!FjXOjK#$E7x*;C;4Ch8G#ln%EUZaE4$m@(BfNZv? zR#uMBY`H&+mLA@8!|QF^gP$8H2*Tv>y`{OHDz`YBCfq5t7-70ToL;Fu#b5uzAo86b zP1d&WneH(^Hgp2sc2|5_sgw@yvz`5%)1*mF}dAnmMog)~1c+O+z=KWoXs@Y%r zkx-TW$_|A96E(B?b*Q0=Cf&9eX#^g~7D4h8&rO5m2ZmU&tyW!vu{)Ku1?_vQ!%(=S zV5*Mh?JnY6O=m)931yx2EY?MZQbLnC;$@8})YG(A5SBZwuFF0BhUeEW)G9qdB!~Lc zirAA}tK)Jqb}D`LNG>js^3414??I**hbQ$ym|yDZ!<_dViVL%mXV=EtM-FwA;woK^ zkOr+(F3)k-N7>2pJwE;z2*HId*GEaMQ8=$Vn;&-#bW2_LIOllUTy5rDw11V`_v@kB z+;wsFrHYC>5(9y1nk*yEV=sQ>hIdWm$_3zN1s=PP|{^>)0#paqaid$_70t z?wA0le&F+66r4Ef)r{jaOGd-*K-ir7+TMWeEiR1dF9*%8MwHbv^Z8{NEd$IEJ%Qd# zl=_?r-&?e^Q2oF2y&bV--7@K&J@~zU9_BcL_Ov5t?R#^!w^&jmW6m{o=0fX6Pq@j0 z`@aIMak)*ug~L-F;cyYum&Vo!GK?*U4JWlO2jsW_=xiGc#2v(S)o4U!V8C&I4)F zw*-=x5?wz|Cl^KKIx-D5ToKx_PmxqqCnrKYLqt_4FHzLe859vS8!t_kV; z_6GMaZw)fm6sIVTO(_eK)v_WT94?U^5uEZ1_f8XbLYxc;<>&()Lx!IL9PNGNBg1ocUkJ86QXH*NR|O~gPA zx;iqap>OP_!+^Bmi^mx|Nlwm}*EsS><}|vx;nk0gS}oqn`UkqK`h?tW)Wh%Vrdl?J zXZXGGDF8le%R6q-S>USsnxVu@d`8y~q;@g3*HwV1s}+BFb@}$*+n(}YMEvMS1UsYE zoz!YhXt)!S<~V-{R<_ENrGQwb>%82(;bTr`vz;lE(wdraeM#!|_mJ1?+$>t&W!4OT zchVg(-uJfoV=ojA8=Yzv5Ez4k?)Uj)y2|SK!^Yu|N&~6X>rvL+zMR7UEhL+jG-6{c z&E>vHNR(zc0;S;FYXp2ojlgP#t)wz+B?*AIjEHUt8J_8DTP3^O(pi#_nmrotQfru5 zoe6e$If_ZkVKY5QtYf?49i~Tt)0I-CuO_&6aG%cqGp$Diip6scd-%XKi4adp$A+hZ z72ZaRt9n$k$|>7_{7_ap!s2DfVs85=zoQWV)s6D|1T^${()1>y z2wT9B$*CjY&#!Pf84`Y$;K2g`>U3KqTp?1Ovp_ypLkC?V^L_(#EBL@uC~Pc>368pU z-&U%%TeB863wQ3*UlY}(RF!$A-?vUPtA~bnk7MSBtS)(`U)DLSY1 z;!<6$RMB)9{DTSmzqdFy*;CIa!DTcS$0SeuQjLqmpsv{J-}OS0*FeSE_QTm%MwP^ApXaYs=^F_pvs6qX)~UelnWnLuaDpgql5qJG`CQN zY<+5|b4z%}Lm@2UyMW12czDdj!v4de7P-@0u$NUFFu&4l@!A#K4b*MnR{X=6Q(gC=U%Ka%?6m^BP|x!RT%)NoySf{#A>9}`_;gE>@}m?DZUi!Ti8u-6 z%6eGRZPm$Yok+@Eo#5^p9t?TOa@yiVC9(t(gSW-ohS(eN6c@KJqGDo+iL+tQQE>x$ z5R$$nj+3ikQj;e@E-ZP90svlE_Y6-RoerI5^+*~OMC4GY9LjHD%iz2>vPl5NAhU-c z=4_Y-b1!LTf-kxCd5-8xT>X*Y54|lx7Me)#Av{e@^r0B{96534pG6FL!{Eia1S#bk zZp&JKC@GjO0%^Ha7>e?nQa^cQB5<8K(sF0xnl5~%viNgn_Ac><0_AQSF2`}Y+=(;8 z{5@Is(W;@z=|~uaKPc!{^%Vfxq={!DmarJE>nkcXsA!e5j!hX;>6VZPQxrlPubpI1 zPac%HT+lj)^03@}I_+t|rCC{p`n|_cr=^%QXL~=&u}><;+ZXCHMEs-C;g~8b88g$j z+a8{QJHBFU@oCfw3f|m@7ii%^Rfkw~I3%#l}4gW=H^&0z!P6hN!IhzcK6>t(@k zik!Iz)g=8c_L;o;l?@^w8yUJfYR_(+%X*xWsv>H*1e)9z%iz+U;yF-e^rGVEe#krB zYyZ_$hs5aLpDRES%gYncFu39lLWgq>%nNs?%bfW!c{#JekR&df6UDniVaLIe#8m7k zm8Fg%n2M65_&f=DW4g=9>KEaG`ZSGsDHxll5XYOz;suEM!gh;%yUw+$&wL)XKuR1r2z4BT_2s>Ks^}5i(4c z<+jC(SL6<&4E25l-pSG?TC4=SDDc=zaewwdX{GYj>fCgAOc=QHV8B>USxrf?;$#ah zZ;X7DXiNt~kW&)nly%wM3O;3uCl z%C>FfLE?PKsEJ}sj6YyjD}Emb7c(lV`Ak7478WLe$U$j&(0rS-vn~@As?6WAx$cF_ zocc8;V89T>vk^!o%1?AHt2LF8@ZP~?EE{A@+vw;k#obt zu5Fm^6*o9y!F7e*c6^R<^~Uv8w|m$vHbC)okJt*3>4$@23qHb0L3r6*nD6lfx2BLLcB^gM*Vu zbtmdUK<6PDn1Y^?O!axSkdQ^qWM*Ri0ssfp%HoVmX+>aRv7{B%&_?p zq@;~5X6S4a2`!_^$y!tEomaKh(UPlae<`r)bBzTOAJRCQ(XTEHn>`hY)@aKjfeRZc~uO~$!s_<5al8ya0aBrmRI|X^~ zp8JbjT@5sexAQf}g$c9NWhbDPRYmF=;Z5tz(SkKmDv7h~7-|~OuHt9}gfpjT_n6T; ze`s9KBjZ8aArf~>+iSv$qt0&H)c%yAM9apK{wycDOGH3VRo~NB65eVS2%O@x)c%*B zRh1g`1|MmhvU-5hFyv^Xh$+kNY;8Iy2@5lKP_K98#w`>4(ObN21{lXkb3G#HrY4-( zl&9c}>R*5wV5H@La zL)WwMbiNrgRD=rsm|X=yFfd2q1(hE1SU+ai;pHUeRRv3n>S6pX(QEQQ$XEZ7gLmh> zzgGk~!7*u0Oe69q=X{8d?`9Yok0&*bZin463RJERBv4o?N>k-%Q|rfS$s)jqqpyPW z&YETS?o9?u6O0mO0{10qYKymU#iQXn3`81MoTMQATCVZ8u?h+~`7)h<@)L zSr&)Ablqyk7+&??*31fF=b&G`g|?eve((!KycS8yod6dMbjNfUefrls0dH}gxi%#w zd&+$?YE8Yjp|;rZOqR&?=jux8x>Dn*!Yqtl;flO30IYiE8v9$ZVD8&;f)_r&4ZFiC zt-09gA`%+U=xI682Wto7Ua66pW;9gCP8VJP7)?5W7KcAJ<dC_B>^JP8R{M+uajW^D@`%+QTuy&V`)HJ4zP0dV^t7da(zPF;ZjQ@C2%Fu4Mk zAHW9e(=br*J|P|e?ZFY&aDuXs&_g1lnL3s&QpD9ruhd~B3CB}x1j#PwS`H>))*;CTD5oyDNa!#_$* z^YJx$R+Zq8TZ`1E$4OdmiE00NSDPseFf6*L`x9B_AK}!}nQfuU+)0WqO*bLbUksXt zi>&RqUuqCwP!`Re=Rdi|rBMh;tMAf&6bSrksS!a8gBDqniRoQsWzG zYm*{XrllI4KUw9vAge8W#;^EiiyE>91%ndAQ-wzj*4Hyb7+;5OMBNlo9fEKtjoTBh z)9xDg;FcOt%$f?Li6N_*h8T!2eAzCN#I-~|OEAVg_x-8;`@D^jz|W$#y5;rK0xL`D znL)~-L}DJP?gM#yf*Dpx-eR4VQ~drSg=q6-9fiC83cKhDfhf(0zCP}j5G<^gyFoYs z5`m^jE&rGJj-6B~;EXrrxs%F$;lxvC#CugXueS$(^o^DvIjp!N{W96Uo}Bq}8dGjuu6NQbD3lux*!8#l zGV9CVl=k146?KM>vuHhyts$E(jH}oC+sYh;(dZwf)~7CNE889u>dD19c6{$ep5$@* zU44P^I>wSs&5lPoNK7#MbhM!)yWmK&;@f(^W^!!?&@gQNdw{>WH( z_=THVWudb!C>{z^5#{E{MwwSh0G{NI&?lbW9ksV7orx{our}4NXGX1pKhqUANno|{ zes7>$Zw%?L$CkH?6ivM8l|IYKI}j2R@&30n{C-9uw+T~>Se45f1N2xU|L6VH{YgQuQMQ+ zb=pWW8C`be12boiEtoaVDr0@6?Gf!r_3^O$T=+MK?UM9S^-trsbhavS1lpD~lr&#< zn$L>xRyLO-y=PYD1JU+}7OBvhBH9+TjmxBN(oO4r6bvC{Wn9kh10Q8C`c(pjP;sTY z5z$0^qVY$8_T*^&G)tbQbS??w^u(FI5rfp*llDs=CU2xy&MlxT8E}>77=yoDdDbLJ z(o%o20XW}g<3aAFMp2AN#bQYPWaw-K`q%pXKWb`X4453Im z%bl$FjFFXf+~e2n>jyJC&^M=Iqd?up(pjBjPKY3Zd{4D2*b?ZWO8D|<8#pE1zz|;R zYxFo+LIG6z14&x&5svTP36BbcXkYfvT~_9gy-3MO+YS@*W}963{ogz|-iJS;>rsS0 zqa@87Rk7|lF82yi=EG;sSG3fE64}y!jpaXV@5X%a;G@A8QEe1eo+N;^zZW?1zCPr6 zI0{h{*dbDG0>D0t2qZ;9lUiTFa@)?Cm5oJUBA{Vf2*S9!gjmFu|1 za5!?|O37KjlLTD0@1UzWn4F%s7Kx!v8}gDN8RsYdAJ*Qnv63g+9-f(GV%t2i zZQGjIw(W^++qP{d6DJefw)H>ryZ3&A=h?4LS65f9RBBR5E@6N=#zwgA{g~q6u!{+?C3J#iUB(<{zu{$u)^F2ew zv(6a4Xwm5>j#;?v;CqjL>o@Mqij(d+1Dk@bIRbv8(o2>qnhHHS%m70)h2(U`iseX; zsNdWV(&Y`NqQPnU+h<17Dr|z$x9|#G6U?H2vYaf_79rbY0xEyeNgw%UF9I6t4ynu*ljATKKnt}-$Jjw9s^ns2A3 zg*%+MFWlf_TDzy)pSz-ekRt8R#|9CjO_!hi27gL@>w#Z`+a-LB!`2Uw9=1S+6z#Dn zrM);=^!Y^?h)JXIRwLfj2bia-@Lnt=*+vw%9Om|isoohcH;J9*9GQa~-L6rP387=F z7RK9hdGt_bHQyO1?o(74_r^v_-Hst`GJPOblX`}zo<0*} zg~?hS+8*M@0x>8pYA3OvK*(YUZJtKn->WAJhuLR@`X!h_M=z+oPHO)AQeL&U|NC=k zhL0no!-jUdCWdFc9u&HJ3bguptVwz-bWomUhULCipW98BW}5ejd2J76RnwsDa2DI` zI1Vk_W7m~C6;smG6GF+RBQBF1eYak!E%zKZyY0x7-4KVI;ol#cLELFq^}{WSxw`w! zL?g#L$kSJA#MUQ0jQZDV*g<*6^j;gE&!2#bUrqykzs*&zdsir>ay;VTH+(pQ0w9kz zdga9+pJ>zu3ianPu#P*Gth{1uFwJ^@*PVF1-y`A7`v_}@+m*nU!8Bj(wa8f&cGU-5 z`uPs>EQKYN6%3P-GIVAeLQieQ{2c0eDqGt z^k*7)zR~Jxe(QZVHoGT3>*JE{&e4TZ+r_KY33hq@DQ94zSw0Zv{ z))n=*n|6H}qE3=$hImH&v$8`t#Yxd59BYJsLEHXQuDazK{IP) zZJIez>O&KhHey%trmK1PVl#ceA=<^_nl(nRtJ@(L6ccCEFr|X6!hMdbRm&0<4Khgi zsVx)5+}3p*pLBgqPo0im$yym7y>td1fm(AP7u8+0sP3)foRKeEd`LA(6Sa|RA&&!!mW+<7XiFkX%!`U<2rBruab{x zQ)ohDv|mjF^dzFc6xy)`x^>?h@_P5NxkcgFg%A?}Cr@8EQ2n~;C5}etG^2x`Jv1z8 zkoN4ETbsG1agVJR2}{PS)PL!suSRMaR|Swar?4d*Vnocy{i9?tx2roFtp}_n7RAFjcml~oj0)CT`&fmGHUqgsM6eFROIyb%1UZ79-k(KV;|$Ae z36`EZP$Xop{+_Y3K5+G~v``4RzU!`{)$#>Y{LD=|ixr`ZQSa7@-}EWWyUN|%;rEh( za3ZN(4|5xfJSlKbaZp;P$~;+W!I{=uSiI%bVeB4`7N4ujAlACg#X%d8$u1wq;y3IXDqa^KZSZe1CyvRYUu)K5P4%yGzeS|h*J6#*qnvgB)w zd@VE>TXa~NDmPfaNmLQ9z=OgTw^(CHIWa03YnwnTV!)p;1V&n_Mpl;j6J>@<*?i&w z`%ymz+!+pBn4sEH2(675{t?UAGM-!yX@ zxXg`>d%z_^s4y5zRazcAebHCDYOjInb*X}-!Q5YviJ^mAF%c~jciqT5zkDLV1nQ!S z5r?SKj+J5l^vZw&uAmUt3ZSdH;H8#5qWGW+^qbxjLS|&mAgPt6o{(<}e$!nZL51HO z-bWz|6+QfLCzQq-DeWY`rwy37Chynw+hA0z=|)zAjDZ}P_4HN;C7pVFHEE{?jz^Gw zT^oZHTt$LF{^VS-Zq-_i2CBUyVE9m_Q=B|JU^G>}vP)+lpgw%r;-cp+mdIC~d%H}A*YQ(%0bA5sl6N`=^cOVI6 zL(@SWOkrS%5kz5x&17wqYF&oReV;xqeQ)ouf}?%jH^DZV5F#&)gk~$Q<@rqnAwWmE zuJ@L>XwPgrJ|(6NGgnQ@$iA)P(y*(ecT2(dJZNlOS5p3_HuzIAtA+Fc)AOusr$z?xva&s`H}Fz zGuPXb?OEfdp%KFI7h1`_Zf9aa4k^-%rvn!UWvTBG)}gESl@nZ~{hUwnJeN+1c?`

    {ZVKL!_sDdTA4#`=t@ht9G^n+a0{Q*wC~gA zuyZ?W7Q0^e1m;Keo9|jv%$G2e?8n;J@CLg+$Lao=_u4~LPo4wk>Xt{c@2LivO#;`f zUQT0B^;0ff_w&n|#Y)EqeVpmmAWeax$HUi_&9rND*41*yllEROedPT8Vwv?9u;HaH zIp3__{n4?Bsx1wVXZti@hsbCeJ5{t1FDxt=fVu z$4ngj0YRi(5Av0|sMF`0b^8@zB5FUucqo@w863Z4lwiC+=r1J)4!itZ_R^oY-maWo z$2_zi``6a5cRUyKEs+5|57-xhb*~q!Z%)%diL$Gw)Q~7&xw*3*UV~e{h)5!67#Web zyc+6>jkpY@iq-V@FWFoRdjhzE&k89rAV-mlEPf9)mQZb_)ig{po&@m0oRlsjEj2(`+#C8FBH%QJAzZd>j}1Q1KO z2p^4jU^6K<9Q}`bT$U;75yeFlj0^Wl=)VH2PrVJ;e&>~!_9Y1Re69Li-z(d{vU9MRIDoq+HJw| zj=wS$6j2flxt`A|?#$$H#bpCg3B!=3FuuM55&DF{dyG5s0mRVs^8wu(D|V{3riZ&4 zw_s$3Jo?x<5Xtqd{K?0hDx={dnhLkKp>bc%WTsGrJ7<)7pMM4l;p%FiAD&kBtZ1T^HwA(8_LU8dFfytH7N6Z+jc zzhwJknYCWwZ{msMQSdWNJExd*tp;)VLcc>c_ZWtZKpw)2+%z1Wt#Ch$n|jrGK!<1& zVRFzT9^hLQ#G-V9_w1fvYKGx*2MT9=+R{irR23_sE#Rv4LpMAkr0~VMbwmTOf8no= z-?Bs*!8z2PRw+9j7RKqR(#wR8`QCdgzUQvikG(@31YSU*t=LKw9z^%(*wF#AfYKz2?zkw-pfmn?CT5y`da-wx~g z1;=lx)CKq5Pxk6AsMm93x^-8nvyQC7EqSvPT6`I%s(*n_OgBaA>MD3#Eb@)zg1-@7 z^H8`w3SV#LAI;zrK511P%@*=&#(e1{ds5~}bs29pn0^NGD(vg@K#o2>AC)MJ5@ucF za;QPe@=BPLbmUM=ZC4xm>ht(`oWc=Mk!!#<9QpLA{?sud%yVIJytkvk9VwvR_;7u7 z!Rl*q7U9e~mvs>x4D&d!Ew+17I86dA*0x7Qhl><4)7Z9(y6jGv>Cj-;keAHZBwj;y zQWeL@W(}u|iQ_!b!1H~!8SZGlSwjDtZz!*;B`PAM>beoW=}jOzt4+clY@{(Bt>{q+ zD}%7`9h0!zaxS3Qn~R)gc_P2+!0EM7uj?mW61Wt{-;;q29kJOw4X^K$oK@K_F*1A4 zt?b|3C{U93C=E?Y`qx&C8Vxw5z&!!)?}`l9NA)J=**MFGq!rb16BxGl;=%LRo%L! z^mrHC=qXRJTvs&zohN&v)pxG)^c9~{$iN>MPOOWHTFbwKQ|7vgn4g=r+4;uMutfFF z@mquhL9Mi|bp$yj*kq(XF;)AY^R$o&3Cna&;qdpb^RRaF4MQ^-f2h|Xp_R?s75bO2 zYGm540MV^KdV=%Kew}Yj#IeHbkDc64NDmg5@$AS+2waw%JmpbpbTKkeq}|K7>YHB^ z?G-dVBfP<*%~BhTM&gKwHsb2uF+AeZ7RjiMVz7rYhwv|YvfeHwrwBNahPi;CLKaj+ z3yl!4alut}$7_pGnzLB}08b=zi(%Eyir$5=sunPL^^yD5J7x{Cg3_R@9B$I-fZ1Qp zfi7Y{%Hn7PTjJt1=oldFh1EV57MJ#vh{Wxg>-P9LE_4J0JxJRq6fnAFu})We3CXv7 zL0hQ8`T`j3%z3e(;2f^?F!Oe1g*k&0kVwJd?Gx;l(CQs^8G?Ahf4UorON0)PRQ$qU z7qPEEAIlz`dHn*t|JV~7%-a#=ng!Gu= za-_#37Gm{*QT#-yM%YzsteZ8!Dpica=7NZ{1DrQgKf^EBS%raQA!Rq_v_xL-(MV_^ zMwrHGw8tyDdPUi8mn0e0{15a~54XtoEhBtXwO#`LdB*V4+zuQ%L;i*zo5UoijFq0f>k` zI>~olAt>8`n2P_nkp;3&k?brU&>qjJ2C#C3bTWD5(Mi?jx3I88eyOn5-O$_cGwPlr zi9?`N{EWaMME87Np0zsvxWOy7URAgcHPL9b{zW- zx6o8Tp>Th-7LqDoN<$?YAx%ax82(pbU ztiIIJijY5+*jb81>30iD3Qg!!J4+YEdZw{ZcoADleM

      F zmPK?Zob?qQmEP`jlXpc7@7Mi!9Fn~!m!BhzDa1h+g|K6U6boQo;n6Q^k9BQ^jIKF* z+t<|>%#pkq7@+Z1eHO~!AS*WfBl+Wv8xIZ7DQJt-l|yAmjrB~(ah*{Y%;Dk<3+hg_ ze<`yO1OZ|(^0sYwM3dG8Wc|ve{WwHjS-EQXnU%w3O!w7%?cUcI3-GE>}T5ouGWDS|abxwVB-8^aKtck%% zfNZMDWZ9EBv>V{OV5L1mD#w`cI;7Ng39aLEWeLaDsL<#MKf!uQY;sS|n8{dVd3ZZ} zNM!MNspqT@PVw=Uux(~Mx&GvSH9_3ylw5E4A$sUr!1Qq5t!BY?vp#XRqNy^lli#)A zRLDe62gQLQnu3CPHOu4mxv1!Z_RC&x!lgVvgr0h(|8*&6ugg}ltg6gpE!^44YypFp zIt5|2w_g2<$#6_TW7UG3Q&Auw`_Dp{`mz(Q5QNc&)J?N7^|Fe9rxa85y?{}OORf8g z#^c{+c^$36@E|Jl3${T08$ze#nteJtUlDy7)HisXT=fZkyX5|*>GwD}cxHK3^(i*p z8iNkR@#S}?$}ZXMMAWE{3EsVf7}nWibN#3Kfa8FE^R)^_D-Em+ozKXRWH&IA)@AlL zkWKB@jNxd~$4ZKRPUh%pf3(+3hD5^#-J`Svl0aiP6TN&Idf`COZrR7muXNl4ywwVq z>#=&ysg65~TOw~1E8ajhh5$cIS=Py{zK%QBx#gAqDH*O(`(k4N70uSg|}_S?DRu}ls(=eom8H9ivVj?f{l7bdP*0y;X3Z-?B|CAdPV z$;g5yDYmzF@Zp%wW90c%Jv%S%nxW$Oq8f$#1hc>DLyRZb9In;KbaF(c1p$_P9yugj zl4WIOMiY;M)M+21;S1_F@47E;wyf zKL{tBaMZ_hbk)b>+MyoL`J_V@Qv5J=(7HZ(p`%rlnu=1BkA)rP^=GNB?wk)8%6lk^ ziAka&TP-$U4m9Fvv1HvQWp&(cm|Rj86*PX0{vB`z>_3pqF7}r6cn1d=XDuY*8*lg@ z;6zIs3aYG|FPRvN_ij1U_uloMJD8ekbjgc+!)>6?G|;RuW+dI#3CYirL$)9}t$q6Xb02x*rDj z>Uw}^8Yy3Czd(@O+A&I;+L<+mmByKcR~^v#yk9;`EQZs!@&M&J>ghcn7LY!{zU4`o zmzI`AW{C62T@)5ln$@z;bRToCyj690c|oTKC=}N#4jn-rty9?=c;yej%IO-9%`r~3 z$?jdqQE{Bj=Gd9HC)A5Dxf?Dby*{+XGh>$u{w_%s!N%g)I|1&rfVi;1M>~zZfa*u< z%XOsNjcm3yifRwMyQ4;-&KhZ-65zhs4Fcrfywuj^`&TM$&jiDue^RhZHl zKP9!n%tEQxD%edrrk#JB(>$&Q-<@q~@e}brQoH56-2G*^{`6_p`g=(NN=V_ycCFK$ zSuF6FNCD{9kVQAQ;y@GF8ihN>&L}O$a@G8y1O~;OWO_XqW2lhGiq^>&(v<;?;cgEq z$UZvCm(VdSIpk`G_T=3j@oJyKu#v{9@G(Oqv_y5-haw2v^SzotTo_ z&RB)`@p_+a_SR${@c?EP((sIBTwdD(6F-T@z# zXKwGATAd^v?mHhbYJ9i$Q{m{x<==y4#ms2gHs^9?Akf90==Lu-GEQ)O;8ZG-5Ttx< zdVCoXC)b`QBQ!bW=Yn^)hUc;f*Kg){B4cyChR(Pf+Ef|12KbdSVc6dcikoc-D!)jy z7?wpeMIf_jsRE{21F67*mFf;rM1Pz0Ye}tqJHR*i| zpA4U*oUip{u&p`SP440DOWWaB!X274ZdB*7%HfLu5kq!AS5=L}C(0@|u&Zrsf-qf} zVWw=p8p%oukk*sPFLHoxNNKU((aqjJ7ni3}xm}>rbu@Zj#BuXv6~Q#U`;&zXdG~US zJz1I26{=E{`lLhA%XaCq*=qNVwaZn}^2#kt^rVj{x(ygP#m+|}OQ%gyMbP5UX6y7#oB%tu@b# zGn)B<*cAAEuk9M=Vs0d5Pp&DUOn25ON*f&T@pzkBy>-&ZN~|m84AagVo&y@mD^;E zmS0tSnd+ccuaEcxls+~Fr{G9%+g_Kx?{8cG*zvI#If&Qeps0{0hd5Qg--KF_;M)z8 z0@us)bD!=RiEmP0=N^jIrlYd|B973&ZG$ zkpGkgunLa>nMkRtBT2~ld=c9h2NP4B-rq=zz<43*(90ZZyT~#n; zABm<)OYxhfFxfQQD@w5^x+1 z4fFa%OeLLE5@(Yc6A>l10TcUq-jG`bgr2MBr=o& zF6uEg-9Q#c_*h(S1(xDF0a(y^-isOtss`|_=l~JStRDEHCl@(1`A3dV5Z95;R-64> zM)mFzNZ7LI)rPa+@58+FUXA3cJ0%6jZ#!4{jh(m?=^9`;6`AP)f0d>ENFprX$n=iE z1SO5-y&ya{bTTRG0$Xg1KV*|mYwe0<{s6O96tJ)TO1x$^$SvvQoY`5tcIVl)DQx^J zvzn`K6#83dxcHvLSq@R=H}wd;i6G_iD&$0ZZr%ywiMQDGG5(%<&%5KM#~zP^Ew)s~ z6Naa0=lCZF+Iv;gf-wA!!IGViy)KE|))Vp}T-u;Eo3^0rxSNlcBM9B*BR#|3)Is;z z6rnmJJpePJC)~dpK@@HZ7Ec0S)WrcxWJJU42|9D9?mjIRbJSK!oNQAun#-*^UjLp_ zl@>(C7-w#m!%)xTT5kyBHr}A@sd4ti83{Q<@-h}-#*-!pOflh@vo}-D336!qS!bqHG~wjz9ehh5ElTKDISed%c4N>F}mEDVljtl;F$u;6%xOxB7Avo z|Ga@`5dm-i>tsYkwl_8o_Cs?Tosr?C0|$8!UTa)<2}BblY40c=tCSZt2TmNUTo)FD zIpb#qP1>DJPj=Y};W0#@d@UtqIT{9_eOgZV%hB!dg#yJkZ8F2xBPNzl+h6I#nNElx zu~#^E3~uffZnuOlLo#qHgp^`bQ1mRC*$g3haPW`C)0*&f2HxU<{@3$MI z!haUj1^Uxwxuw7?C{&CKYsf~0owNsUK`-}R&Chgh_Ueav=uwr(C{m<4WrV)4Fzq+sa43W4R+B+wEF z21g48{d$}4CE^#Re|?W=^Yvhj*ByvOp{|cE4(InT??`<5yoGEcrrQbPs;5xr2;snf zxCE*3vVnz_{{<_v1Qf)ydNwbsC`1!a{%IWoT{>GYOS5c<@qL4XR`Ywi?!Xa<)sMv* z1BmZvkc1*kC-qdV#)43#oPzbcc22c3C4}o1*916CZ}hdB+3j|#3h!BsrwICWzo(^2 ze98*|TvppBxwxS)+3#zI3SrpX(G`Xlf4L`Ey2{?~T!!Ng7M^UEbGI2_Ys}(;ofwlVU#@Ldc4(cP z3}wfj>0`(Vr`8M$7bl{@SD~geU2gRO6a~+{pE^9kAQ{0F=?HTf3xWn2fB+O_JEUgh?c6*gsE|#C{u-7}>#tvIV4vZH>0pUws%eiu6D2h; z;}mSxo9#R%uHKJQII4HP)a?A+P2qm-4cgCf2D!>~COk9g9G9wDbK6dKqej9AM-A!l zi!U}|Hi%U)e{{;F3|lVjb+NBm`z`<7$M<@M9YoHODl0gs)((8`22!VP=eV?}wk@jx z@@FTr$2vp^Yy{|!17?vj0N_`14He)j+_UxK4>dr7Fy9%w=XqX~bumX^Q-X^TR-&)k zML|hbgsLqN1kaV&Ivy9B-c9QVG+ZJg31%cv%M5#SqxWyYTkOb|Bn+iBkWhmPu3wFu zWs96}h0gFom^AWDPzd6p)MUPVF;Lq9E&g!ef^{Z9RPn*{*y_qZmQagbkH*oork{ZV zF=s^d?~IoNQa?g@FyRDwl%|`H1o26k1ja}^ghVKrqQZ&U)AkY!gfmicQ?2O(W4+-N zso}bvB3spNfx3%mF@>2Tj?l=F-q|Lpg`OUCWUdk+Bv zQ99vxN2e!!R*7v~-el0kWr@KN?cb!v+5>(H25(R#&g?1L_YpF*0Wq->w%8W5U7`i= zNE#|tM32j~eGw|25CI7!mlWx}bY-i_EXl8KQ^$)?zPqV;CI;H^0-r6?$HJI{uzQ4i zWZA2^Yp3>r=$~djY`DBtZ?N?h^8u>hQbz2GjwBsywn9`}Q#)WYu`^ye>v+0$Yb}0T zM|tySA+dIu4rF4@7rk_<^;M-?=EM2sXEeJ^2tpKRYEU`+#~9(M!08p`|zG#`}?Fe5;pJKC?E(CcUIT-~qD z{0Hp|#x&nKfY^qy`);H+)}-x+lI&KQjc+(`g62oPrw2IVsj~jndzTKbOLp|kbhy@8 zZU?i{_}EiaQmS=YlLIEBgQiCe%p>774GG!M6;3W5*Whv)U?9x6XTKGsp+0`2>%PZF zh>0k6RYaGT$*$Y*ac(<$+P^s)j6?x^cTBmTiuEkI6HY;*24x}(3s(A8__`Bzu6QSF zzV5$2>2PJ$1?(yO;@RFNzGhWcXw^qGe_#z?qRnIUq;wT|R$n>nyI2fOb7M8FcJoX5 zqED$HC37@7(>M**73_IN8C*8Y)?`nSYY#@6TMR=)jz;h?dgI6QvO=KadF14)?#M1F zX};Nq7FmBDgoS~x%f<9dkd+^$D&_S`k1l>W zvACHr=ZV0c)*P6p`vW+8>)M)luFlZSb8CW>)2HpD~Q#qra^DZg6AT-6>Mp5TDejloV3)?(>tA_~$U+TawY($%=liPKBTacRdT6;i|eBO99%AxM48 z5mS0MIX(MPuAPzNzn1F^@#B+Ohc=uOa7|d2R$mek5og_}A_P_k5XK7j-z1|u)?PzADE=_jarzEI z1mwR6NV@!pi?%bMp)?MG+l!tyHOuLS8Fx@cMy z7%84PYyS~JlUbN*=O6|{)K`XpXgZX{?SG>lHyRCEpH+pkt}9%$W3WBSgt3op53{F0_hjLk!M-Bw3Bj zti$*LoJwH?t@EPq2AjSG?gB%E7u0a3JwW zW8w0`Y=A8jX~ z^+ZrtB=&?yQ#@f6KVeJElh6+w1jHsM4*h{3NG6NeQRE*K-n;SJf6e z53Pfda>}>xOUFfvKo)Do&0z8e3R)V>A%(f9*$0ZmWui)1=U91Dfh<`RF%X6N0KX^fHz1_u4SbG7gpqQ|YUL)7(1Wl-3^Ni9*^87V=Gzn;%Nsyp zbBg1=7p%rdkMRpfKr@)153|p1Z3IZDoVRDpeSlMxTNcj8_ZqWlN#bJz?y-dpEHSyH z#!D-02C%Zkr+&k5!e1QlD{xpNzGyl1VH%OHnlJaH1dt>-4Z`k)-;KndDl!1!zHg*R zDVb9EK=>qdIK@RR!_J=wb}BlQ#Tr5?I3&jT&}J}~-O(vC#VnmiG_(Yc7q3^5$8-NV zX8~y!zPXQwb4pIZHZuRaV%^?SCvaZn0Rw0f3gRe;vJ#a9+7 zFV{noZ_hA;wA`+EGUF(JCP)S(QF$u=KCf1!m>?%3NzS}kALYGGY|&i{_ZXSd#@?4svyUc)LxR)9-sm-#;@uu?@`{6{mKJE7*Jhy zEGQ5+Xr6O$Rrc;N-qf+S!lVN-?eb3UiK~1OXDnq7c{%E4Aeb4dgFI!wW`AqG5}pt0 zavj=>q%U`%iu%Dd{Bd)G&7PNh$>7v(Q5la@N{1wV&)wvI2Dul#jdUZyX&2r_@Bbl@ zTRaZwjhA`e!8gb3L^$iIYM8r$6pl0cr65BsaG* z-&nTPc@IQE56YkZn#m-Llebo%l+_-!D zW&HqC%aXN<*EhKU=2QY&w8XS#n0xmhU%^AY@s0oBVI2yebi9om9O;Z~|8#y|u7nvy z^!_*F(?5;q|FL4j|1C23|EKJWDLO1x0p(?I??~BM&Jlvn? z3*iD`w7!4qO&pka$Y|^y2MB2c+Q@!LY9L8hKzzQU#`_j4CiHcag2H0tS7DEoU_n!z z->M1xF5iBpc)0)O=BOX;+KTdKu;261KH*y_6`yE@+>x!eq+m%^eQcHpOKV&l3Z}Y( zv^C5B2plK)nqjFJrMr0j*^}%36Y|C*UJ}7B&gk*s^7*>TnO>w5_nnYfBFjprJylLM znONeshsS~d@KeIlV8vg~-SSY7703LO3>O(wV&P_}ps>0>uF?P%xVb!Ld6Les(rF2)M##)@W#$sWTsxMNHTm?@&6Q~f1>Rd;I{8ld{yeH=D>O-zEVNl!0V23A~?QMLQM2Wd%Q zL4^iABaxvS<;%XDZA0@|h{eR-Wk|KYnj0#UPTJTj6n@9kXZ-jX-tHm8jT(Tx`30J{ zEP7`cniTPZ<{%*^#Q@VCQxz^I&tT$5w;6Vy(0sqz=Vi#BEuHYh%*n-;je)?y-%5Mt zD`U{pbcVJidiMuxcJu0O%REt)@B1{otDC{vMh+87OYw?LDG#24sa~SsS3qT~*ISwQ zW$oUFmd(-HQc9B#chZXSGsp|B;5D1Jc%N0;&(~9z;Z1w!Jp+CgV0JQ~C433^Tq`5} zWN*A7FduLfpO7SG<4OF;i1-HS>-e2X=Pf;y>gwR71kbooK_H+5B;)sPjmeEjT7;(W z4F=!KY}@ig%N)_#H@=|`*1B_k6h7ZaA6jgyg9&sKMV@m?9p3|cQtXh_4m7vcbSAxJB(-N0#&0DKlSO(slS5_?uTQ#Hx+l* zUiY_TIM<{OC(bGKF2a1Y9UlVKxM*QO7$^a6-%#AH2j>S?l{3q^Msvz|vj(@>`I`w> zo%#*V%PDelW6|wAAMen>JhJ-J<541Vc#@FUs|KMV{u>7!A7fH^kmGZGZT4IiRhlnB zl5Xd-XLg$lifo6hm?d%1ka8@0^x71@#A#}T+kLVW2F`)WMF)NZl?{@w`)7+*+Gd}B zT1A=CPa0SmCyQdm|GN@?Q~z%J9s2L$jJ!*z^O~#D?9AZoMn~yPucpgy19O0CcATi0 z8HQo8EYZ+OKQO7zQ^yIH3AfN3QRu|D$^G&Ud#BE~%pC>kbRV!21w?jB*Bj-sC}vZT zjOJf6o9>Y`BtM;w^8iCmwHIgBC?kWje5~o>st^o>G*&Mb*hOPwFyYa{vjKUa>i(x) zR@PHHj~T;=mr#U`{X^35RVCZ0IWwgYf|)Kv21s@*sJ*@Nevx^R<`ky7?kpje*kPDF zp|yWCC{H6e8}KYclg9gn5)+%0R_lS>*(^002`!f|)W~S4fh0$;6qxzt zo(d!mKsInFac3QK`91E1uM#!mSO{2J<^glY z{lwse&_%!aQCLl@!PU`g0?jP0dh@p48la9|k0YTaY}dR91Je{m{1bfTebOZS0c8q{ zCo!>8VcqfTSLAM!7qcNNbPF3|x+B`t2Fv%S9aOL9Pn_fnOP~Iw?>HUN%AD~p(%0!*0CFhio&1A z3$A75P1&!yc}x_;?M17=cBA`TM-+>c6Fbi^eCDVQ8w}aIO_I*1N3FjpZF0*|M#r4P zH|rR%GhAil6nYbfRXAqOj6UmtIiY|U|~?1+yMafM~EqXN;nPIJ&|bKmil8Y5B1v)376I$06IisEE5i)Wpd zhl-ua-gUeQTgBk8x7IN#;h|tRGYE4?x!8c+-t3;9L!@ito zlMP*;;S{cD2hmTxbAgf2KYcLwT_YoBWOvW|D5bBy=Nry$%3_T0FO(_5t(WROiV-FWm6(vHN&wX@6d_W*4a$ z3|dJkzjcxx+OwJGr_H$A+46pPV0H|w+KX9m{aMUVYqg=WzU+p1Ul#^n4THiTwq9~2 z+@3L&vh%1$CZ|vKjxxMdyRD74}v@N69aF!etA=?cO+jLqO`k)f&me- znJQm4L#jf{?4sMri>nI(`-8>u_Wby^;nZ=CF7sAv zVBy#QX338bWqW&oA%k@O0(aWKq0&Sqz&2~YQWLc!v+*@T*~{^XSTkL*ZzXQKZuX7E zq7bMHETC4AfQ}mcs(v_5Wqk`<0+`>cik-ZxHEsTvYO5&<5dr*b~l@B_;!^E|9UzN3(pimsOAlv?Y`W2Z8%Ff$2Y8oMI4mWp8%r& zi(u@)A+5X|?~?KvT3TqN0$Yt*#R#sMU0fW)%{ifR-3z7$I%FVdDYo`)je#YgwiaQv zQF{2yWoG}Lh=S6k0~Q8ZNf}U8Cz>+htBOM{Zx)(&F zgjpxtjb64O4X}-qesl5V3!h~gB)kxi5Y+)@5^7d#mx##XlTlwiXLSJtPyzNTkc0sJ z(VHxS?!O^RTW^u&r&uV9EhZu6{%d=Ajv>wKw=q<+4+DD~((}UcUVM(v_+rCga|(Q( z3rl|nRPFL>a9t-uqK)yK(~-9(cD98XV<5T<4S78m^x(Ii;5LW*u5i;1$+{m0TD;Gn ze9u1RRCuBO&AT}wkhpPbOI=};eyAW2MgUyS5T?anr(o3Js&c5H|M`Yk=U(;Sj*`fP zO@rMvDbYbLU^RccV)is1A~F{GI6&Cz>%YvdBD9eI8pY&SRyHs+l+!2}9Mc>TPBu3) z%WZ8<&CMl6V_l+pCB$ltE~zx4wANkotMpL_q`w~2tc>;Iht;~xnLb;!B@4YgkaQd$`4 zf4Uq8B{g8v`&R`)Hmz3};P+pR|LY&Y?|)|P|F)lP!AT8X>;9`#BCSVc^73CR*QRA; zXZ*$HNGK@6+S<5pj~B=kRR8vraH#*AAoj8-r1*&gMrCCl3T^s$z>Y(k9Xk$D%Rkq4 zU~A2lzF1jfDJc3E)u22W)yeXJOJlqEda%!>r zag2D(Jn?kzQj>l0L7F}W*@Ig-`7Q8*1;s2=P*-G^2?4>c?E9A0T~-E}GT|)RB@YS;s#m8byUD;~lR`mNo_a_H(Z5yR-j1cL zJe}GiBQr0L5;QY2v**vCo?KR5E*K9$5kU;vL(xws)u~CjzP{cYF9S%hXUPJSE7fXL znQEm61_fm`>f@B_hb#XD6?lH5VryBGF*4f6yh}cD;siqS2&t*h1OFdq?-(7~^G1y( zlZiD+$DY{sBoo`VZEIrN?r4(C#I|kQwr##WzyEsIz4zFIgA|iqjVYkUoA%T>K068M>8wQ5!K;0XD202B3SxH_IENGA@ z+kfhPz8^bRif!C>N+C0uUd~;6YJMe^=wXavA!mG+iz-HmCi^#_h%&jmW5mDwcXx&L ziT`)U5ts&qzXi=+MoTHgBfEHJ906m7yP3X_hg=U1REyUH1YL*nJ#My}L1F`RI5^#t zLoYGWM0z-PJShVIP*NrYSsWetGTV?!h$3NHCYs8h{q^ zZDFB!GUsuARdhy#s9AIC6c}mH7#vSyRYjAZKN6jlL6gD?AC50_cbHqqEoFa$uo3UP zEhZaAy?DXlsfqRj`!PfH1QusvKc_PDM*{{PUVzCZP6p4#;h4`KZso8OF`VZUO#KVK3!6Uugm^m=#x zmP*jf$}7W4q+GFLfT}Zs*|It=T#`1np(M>7I?!wW>-hE+DQO5Uq5#=;(OC{89xkc$ zruw*__&xH<_x6qcq`3r|kvsNolieI1&tZkYGQ5w>KSh)Y$5xtrkh=0F{eLRz@KUkG z6n_iLsL-K==MMRmQBy{IEeNtyiSJtc>(ck09^zkdI#dz?D#?{GwbpKUf)hgZodz!L zCAWfB1L_2>xNdOPj33$X-Pu`3P$gDQPU9NVDS=er_RdVN5h!8egTa-Yo9WU|lm}K` zk)(+rJ?rM9S7l^)!rd{dC=blXm}O;RMMS&5T10@LV~htEN{n|#Ja3xBI%;vCj3t|0 zB!*(m*;Tf5h>P13y?JmqU#=&+fM_-kw~3bl<>OPJ>u^?4hE#g^J3GB@*ule};=TT} zCB|ZB)U21E10fC_ZI~yC{NIFzae?x6yUysyT}PImxbt`XP)b&nLleBvm%0$cg-Ug) zTrt51yWy(s_3%5Tc$35(e5<9lPOwm0iUJu-%_j}{xN33o)z#mg|!^pi!_G&k z%k*lK;e`4z7UJW3xdGNpRG{6G)bqcI+OfFucmpR+{5lH^h(Va)yT!ip;)!tZ2<7+c zpi`)t9dfH)?iuD$#z3KCW^;sd664I^RrLn4z!q}&YMU08Dm|L0wP@On6sg2sNyWpT zcb6zV+5ONkgmb~}zVPVB8Ov!Y0uZh}2`wyM`c~HNL+efP1!?xw9GAbl@Wl_mLmVZb z#yAW6y>N(S4$UtcL)DuYC-D6kbxly14T&+Ju!Ty9cStI%btq>*F3ZKoVk@Cpm}xI# zaGt7gvdg23{$sbsFCxzYm(55xYX7jL+vHklVv>^TPr^W|=%}rE2yO{o25n4MU4M=R0C$R zs#;SqHgPqb`prTyrkvP%QKi2?D zA66>Qt&^Vf29ew4L^3FSFk-(I_LLXs5dM*LrZaw%40o8d4%@3S_OJ#PlEo4L(+U|` z@eJjF^9^+~yh8_9o!tS>MCf&@T*yjLIdO(pOTrFryUd}tngdUN^uY}d$@oyg@ zXQ-1P?HotTR5a>BWo6#{^5OKfrTp%U{cdh`NxZ&D-cPq5G_I;MCP$EUa0^^jHuy9g znppD;C}u9;Kj5W9^qjGEoH%OSC+Q7)p#Zp)@5laa6!+V-LJqDd)pReYc-wOBMST0u z`_2fFTt6w}$$0KP%5>`^r*sb)L9V?SZ!7f%o-BAMsBOv0{O)aX=HKBx@90=rG!7^t zBBtd266LbZ4xENjAZSsDK0C#9mg|ho6f;`U6j2%?Qfst~6A`aKs+StjSP+I&Pv@<) zE03NW*1&5)r>3BzC1WeVJAJMw5rNRhz#7%GhY^&glw2Q<{v-1anSeB$^^(Nxqo8Q994&P*ynfWg9a^__fcxh;9I|9MN~< zC5fMmcIv8G2lqR-Ap7M7Ds#ekCtz#Kupoifpmw>cNcHW^b!~p%JU8oTn)}PVAxVRd z8!At55;!Ux75?fsbey1ZQ!bvWdDdwJc!}cPCP!_Ky0YXkt$JKDC0-Ge`X>L99_br+ ztDI+#tAw~a{SU?{jq*i7KH?YR;V7umMM06 zEGvFWI?YCsrfNS+V`V8yorx2HIuWum8C*j;kjvY4Olez3N3~mN=pstgGSW$6a;%`G zBqSp5%SqI3Xrg$5fRG8*Mx5-OIlzMw8CAz4X=&G@_(yShSwTqy0$nrWv?JpDgl5Eu zkwi>Gwqx!1KeW(eftB?%;OFO$y%EtMkesA~Up7S+HSi0^1f6DFt6>xlF2s(zd_5M7 z?+5ci?r}OQl&p@JiZl=pYKE$&GMn^R`C#8j4yIQ{Q_`V0vdSGE`^W7S5k9ZHT0&eK zJ&;FNUKwdZEuIWk8vl=e&+f_aP>~QDFzj?LeqhJa@`Pq;H~*TCm=~#_nkro%#~l~f zo*IMJ&myfum1g$pz3o`ePw)2kwowQY==rxWSI^^S-pPv$FI^c~_(Flv-!-o+C89yK ze@~yM=}g8>n$!UCl4$NGAD2F`5WPGHkeEby4_7%Emf4(Wun}phA{r&K&|Q;-*6k0N z!4sCOiJJ4$K`mhDl<6|h&hv_JCK_U9#lYA?to!{-2b7UH|78_4a40&V{D*|-Bx=44HAT8Q z{-)1NgPC#x%(7OAk^vUdCK`Ik(IO)X-I3E5I1PIPVCq{aM@9;#ljPYL?p4Uf>+& z$s#avb(xWjcNs~q7UGnYBGGWfstmuAlSQnxYhX#zPES_{C7C7Ys>=zMQZn8F`h3Yl z{(Qs3kJPRX^;Xd}R>{pZXAlvf>Vp7!?69$uBH&ov4AFCVf#(kfn|?(_MHl})F3E4t z%nOZdvQ)K=aIqY(&YKg3id_DRU|{~}+64C?uc9kz8!SEeVa8Nsgo@bQT6Cuw$23*$ z-zN&GnAMm{Od)Qbl)NWTxDY@YqvzJogAVKh5{@z>-8kaHNFEPg83bZ+JHxz(MjObt z$$D5o%Ia`ASCi{Y!U;@Q7bSZxuVz9=i+EDONPbrh_>ED{XjL;ria1CM z0klVs2=Af@U2+YxuKd1uQj08ygIPxrSx+(T7FKHJcO!kS7o+@xs0ZVkex7^Z6cYoy zSO`C222+U@vN}>vhDbw-pnwZ&U-Cp}N`j;B0;su{X*-tbK>5^zFyYHX?g|Yrs7>Y8 z0_j)7Z5I=B&xyNPuizs{Rx~5f()|J?9U}y7MNsJi1Quf=-@Iyp(pOSPU0oIRWf{*b zt$}4jK2!)?t@zX-c9z$$?45~dknpldwCUXsU^EGf63UBC$7m=~cnhH~Ca3B5y`~7u zlERV#aPr==4NcVpefOY3YfD`D*`WI(%i{J`i!I|)}mfC^!EWW04ap=Pg>EB6K4LF=(#K|>QWL2%H{VAUYSC%la zq_p*kBCNA158gayyZ$3gB5dj*1)f&Z3M4c%upJy6e2eK5NW&8nP+2Q6^P4?%6VT99 zdL~UNn5j>uDk>Ach7{yxbSyweir8L+#C1-z=<2pR$9w4+H$N#9UV{7Xtc$=4C2B}BO{JS+`?c=Zio7C`ZYz18}qscB~j z0IZ5iJlU;1L!^bFWQV?J&z%fritJq*JCn?CqiWdRDdcqh!Mv&odMUL5)_ALk)Qm$r zX@P~JqW0OVv{MME9AwVCsI)dh$N_IAbV5MhO98`a$fbKk345jUDo^zD)}k~Z|5-Pl zlysKgD%*mDiW)J+D07Nnr6;Yyza9wzUt{&7U>gr258#?MKCU`OA zBO^5O==VjL$&Ay8iBC^YLWg|L>!0Mv`~e3wj>a9?QOyiuDJqfuj*5n`(}w@%cA*4P zW@cu4?kq80V^$dwcJ`E`v@{`PgxNdZA|%xSQ>WPu3oO5=Jc8#G-z#ua!?fQ;CsdA| z%oIMud>^?^jJ#gR#@H&!v2cblPu)Vha$^U(nNJE%eOzOKr};&p1JHPQ^3Phxp0ljW zjlQ1>$o4vm;bCD!?DQD7OFWF;MrufU4a;o=5tZm?LzVd4g~#xev165i>ym@Ii^a@B zDk&yFAl}(VJ$&i>uO8>fn3x0oz@BZ-_j4Yw+o0!PBMrYIN~A$?Y_I_q0^!d$4#FT{ zLAWrt$WYDL(R9AZPkfy8=A*pGkMqgQiFUkyB*u1K=@MkT+UMxR-Iny&$p4FF z8RSk>&HLbeq*gruxk;qk)TaN<5>(yR*;Ec^)}gcY%%8kQUqJ-8X>GVhVxc_tJ1-xJ z#0<7V%%^zETka+@laBhgASD5BZ(iHR*Ql05KR>W9U%teY`jScHRac`F&QhHmDAE3| zQ>Xn34V`1J8aud~+tERwvpAWi3Y!0`HOqs7f->toG5&Ebh0>6R*X|Q(ugNCZk^MJz zz5~10VJ**S2+}^M;ItB`pem9M5NhSBrxJ*L|E<+jD%Uv{-D%>;@n(gdz&C~e!7Cd` ziW#AA9uJ*j|DU#kxPd{%=g4u{8rn!7`Tytvuuay-&Y8b|4RL&5dO-}0Gq(eG7BR(t zYZ>q+hw!t65)Kj)Qdv!H_wtef>ir+5(1R_RKzed|YB67e4oZRI`)j4H zM4a50Ei)`OmV$@pt?0ZI@;^eysi;I!K%iUC_K!R`>6274u?-UgS z7EjTocwq`b+c_iu1?@pBAr`LqG(bY3T60dwj9CU& zrQT2lS@fKIh+4HYc+*lN$pk%8MC8S{@OwHDm3kSwGKw>Z^?QSaQ_Vok7!Mh@6=@rS z`$YV_UJo{z7gRF&z7ML|kz%Wl%@?Z0>d&+7KCe zLe0}N6tG1toGZfAYsI0%M;!N`v-#A@vXNnz_J3)CjxF*G=0oLpJA|->x0GSGQnk&S z`%6-c@z$ntrp=Yeg$q9=136EvlvNv?j9Y6lqa1@YLWTwk=bbrl8%=krwB$d|VaZ5^ zde2?AnM}&ExtU#UDJpw{MbO_%K>gKuI89W_cBWpN#mtBYxlX7Oo*A1S3iO z@;e<<8;+zm)id_-lU9N`{%LGMAnkBkfq!_=-Vc!Pstz>%x|@VWY=_JyC&;<=yqScI zAnfOp6t)!<*eFz*UxyK5ev6&Tw*ei5@y|+?WQ>*D!}G@8vHE6ze*ac!OQ5q!pcQKL z@{p8FN~$zBOw9N^DN61h00@hW8>V;5ceYnj(TcA3HcNoF8lqja5I{`c*CqZDf_he{ zlw2Dxayv79ru&v4=6Dg8G6X^oD%IZic#^KEhD$<6UJuWAF^%#qE|8-Sdppk5L5;@~ zSGTB3JQe_dh*!h)<{0n(dG%6L`NNhV1>P@IOSMrdrEuT7h|1odqfW4c)7U{0jD6Jx zJL9_$EaF{UBT1-bC)yc!uJE$U4abCmw=0>g6Mf>nLe$wh&SHgLdVM89~_=< zP<-QH{*1arkm?gX^zq9Jc~Z555Cks+wse$OA(b~5ywq;9m$I4VgN^ZWiq2e=H4I%ZmxhSJe!tQcAA4FlVq=p5X0M)w0oh?yeTR68Aq6z&E9g>~j zj)XL77&8WEhzOT^2G@@)>aCMG1mAH)EFkOf-N4n>FvQje^qyVrMHT7IyHm=!`l8z- z6yh;PMyRLRkm*AqB6q|peS|38Y`ZJpH4x6eNqQ`ZF8poAa-O$wj%3(hti-Hhx*?vB ztlmaHMFc&IU^v{vQF!a2Tuuv&#pam2lU$*;+aGmD9vFdmQp1QRgTe2+7M6}m7n}Z8 zwx=S}HaL9aOQNQuSic?#WrLmYO-FMx=gBf7^0YH$IYLOkfA?REo`qnyLs@0N?3=mu zvOPzYGm^!a*VU;@%k2K3!S^jF0IX4`@QZQ%kfNb1en3T=OF$Z)ZjyXd(9jCHAe6BG zL%6XfP0ceU-{kLc>!zrwB_bg}29zSEuE*u&{-b|?^0n?*wyrR(Esvku6{*nt-7>}c zhabjr$X8aqZ9dbgWaFcz8>eCx1WBYacN2ZSge8oUbAjRLvkV%MRoZ9=Q zSs(e=U=t&yY)#t5{fDMxi#Z*N|FAC)bN7{*cfYE4 z2OEO>_2G&^yDq5X#|Q386G8hqP*GK2ryWiUo?ypbP`n!-V6kdPD)eK}Xu4LTULO+M zMYSwq=nF{MF(Uy;lZ44i_@JGQ3nPaUubl`sHju93uxaTmD9bAwe9kQ(?P#kSEha4zmKG z6~VF0bs2O?%c!Q+K|H#{Iu_?|Lf#hF0+A@fkR=xJZ(nnthxG+)mj+kpxHxqPfF&bE z6{%rih+-<;))h)@5OpVBjwfG^dEFV;cZj=oIrHj!`EP$su~w;nnZ}76Ue^mHU5ran z2v}6EUNoz=uwqv<)PuS^iBe1yut*FbF2KyGp8H%$m&W&$=DD6GhlLIQ>dwYf5Pj67 z-eXA|CIvIFd#?|B-qU<|LYu`A3}J;XO_J1+ib$ay{YT3R`7gHAQpcJ<9c8w_?k|*+ ziGlRa?Bi9{JQ|<6W2T@96mIknfh95kFK1@Z9??PtP$JqBFW(c32oTMi)LYtv1B{^>?r;EUjr?80i!KOCf+|Tu-q{7k`Bp?) z##1f`fXyfZjUHBK=U$$>Pm)-M08|i+_!^NHmz*r3t&Qi}`o1~$jyi(kLQ~*hL3k#q z=H*gXoO?=C8d2%6!Yc4U2XH95P$89GS9_GKaWubIpZz*Kca76wm4H0I-Ej-^nPE~2 z!s=UF`UwdMQ+0fpIwha;rR*-Om(_YRF}QoiKq#QAbT=!a^EhXBWlVU5)u0cG&<~#X zMMmeCsPvfkPLOhAuN~~|wLY?q$$uWkt;%-;{^!$G#|npgP<0peNmo@Q0Dinr8SNj? zq1$8ZPvhR6`x`;}Pv>(wYLQh`M2*M`0~6sS8xA>|{r7FYI&I2<$rj``2tW$=(Spuz zigMp!Ppw3UG0(yCQYp+)v&QpFOLz;k><8G3LZOxX0zt8PR%!XaeE69|HPQ+SD9Opm z#A^Rj?8qcgkwODOdRQk$+S@$*v`f}PxfTE&J-8wg|JOgLx9yu{0sMy%?|)UVo{QB7 ziGy?_;GnlmiU}MX+*7HMn%qbkUSxkjNl8&j+8)V2#8(IbLi$H`8Y#YN`i{(|p5fwx z|5VAKe2~~j*~NLYDdzLJ>3vWc*S}=_A7qt9H{4hI@8}~gaGj^nOMl0rBsZ@PIjS58viMJXm_y}iB7ud7S)^Yi;00&-GNFFqwr3%8#j>o{-T@9xIh4e<=_iZ+G6`mSRk}j5q#oS`dgm!bD>$*Fh z^=>y-Ym2yt7x!%`jUNZR=OQ=BK(Md3fa=ozwR3~0@^~vl1(7Ak+rM}`?ufL)>a}xX676QK%-i}Rx5_9NMJ<{kY4)>8A`s{ zjjq#+J29fuo}k=Z*c0IX6u|ClltQ)iW=%Pg^HyisZ>qwzEHyWO zXlFFj%0~#G1u5vPr8?a^A+DK(S_5V6=%KpobnLjQBBCiO)~=;TkC+0m1_lPw8SK#% z+3o>LOX?lZ2e=WDk=Kupd@c|GV|af>uG$Xw(AA1h3cW%VrFJ)Vmefkq?xfhJ%i5gh z{n_HORle9zJ)oeh3&!onN0c6>>|V#{;PqBxX%WO2(7D6&j=ZAz0cS%iPImZVx$S2C zKxox)(M}Jnm;U>WereZ&$C1zgs!C38Kygk@D+*EUFoTaI5P~SjBC@gOX!I~W=NPKZ z`uX@r0mE`A?B1cRNe?L9o&K}nh>U%T?au3>4>59AZHAqxZSOfRF|qUc&iU)*R?K1c zetWF1{zE1{XW7S-7HduFXWx6O-atNISt0oETt7YCj_gyrrtlv>btR3Q_|*CjG>kep920Q&S^Kd+ji7s3*n#@P@5i^PpSYbi@U?5iAcV_pB}cG+vn`bbOyz zbNmdgrF4GoP|9Qv_SNyl=U96px4La)dEb?=9@3dGlJoApP@GmEh3T1&STI9DOXz}h zi~VaafOFyd*n5HB_TII=W6gh>$!ygLxTc|SNd7E@0JN?Tzo@)c)wTN#R@(Gu zHu`oiAJa}?&qVt7RvvVpGVEp2h)uPR+h4SMpUKQJ9Ak;UZJdcV9(3;4$uz}4uH=4= z`)_E2SEYnI*{}3O#>=cJ2S187IYQlh)rB5^Y;4_|5gG~SL9Q#y&xxk^+(VJAS8QEu zkSnE@cTYdsZg}3Z(VP1k3$OIW%-^PIEJRQ0bzrX!K#px_MwJ@iZ?@HkT)6QJ3myJS zYbi+CNR25FixgP%UQ}_8QtY!!C4vzv(wAx$kanh~q7$2%tOv5OQM_=$`?#k+^kvN5 zw*@zD_(UL~TRoi&+NhI2q_^zYx4(!uwF6sykeVfn#CK+cW{>}Pzdm@q92fH3O$kL| zvxGQJ@}~MjK$k>?B9)Y3Y=1Hn5;?#V41)$&x zi0gAwO*4z5Zo{rOJv3|wi6QTmbjz!%h?z^nZJT6h)Uo9J3e8wT`P_Lmo4nRJJ0L?t z!j)W{I)J|4P}y@i7aR;?lqWGq!3(UX4JPAfXE%#N@~FOB>iYwtA#x= zpWpIrwT6!bDmE{9yFXe$T-kF#ha)VmfdreNTtRCEOeUE2bstyv(-_GEu^!720(ypd zN=VF6_mXr6HStPp0Ox4ZUxMLUL4%>9^$#Za_HjB9p$Lj6Hppoav?D#^W=C4v z5O%)m#6RBCJ`WdVM1Ne| zT0C&YCuMiLI_yOe?=UUAKWC^mbhR~iX$y<=FcD+9Wr-s zarCneYbw<#?VP=e+BOm+n-S!MYf;IB zX8Q)BNo#F93qNwH-HGiLF!?>5F{Ht@*66)(Y?^+zMYlYh;WK?WTUjx2XZoaOxsDls z9aVsTT(<^Co1bm}FLaSI-8jv>ggCPwcukOuV~xiKLzzWefQ6p#aIg+4e=00&!;bk_ z?opWY?0UU0C=D3J<q)Xk0vc zWkGdkxr^5;rH-cyv5qz;PSxRXQ#@Ha5D+*JL-c&KGh3wxm>mcfOy~;7kVJIpI8k*Y zpT^5U&-RgmWpJb>kZ-S=dqfOXkg1B$ z%MZeay_|JvE53%R6B0Vl^H(hnT+*BB-;{dS=YrtjZC0SKdiT^kW^TCUT&#jM?l_U# z<|Eubv14<#_0NM+mvrhAnLpt@e(`&jG`@97B|dJeB@1@a>^fYe_l-(HG3EtIYG}iY z)>&@(nYStTU}Y^R?EfRr2&QSEGhXI9Jxi8 z$q~o}s3(};tj)R39bX>G+;VA{-FfqqyI^SQ9w!@X8tQYP(c@_!O}Ets?_9(!h6o01 zg1VtxLu}C3yT{2Wz+10$d}o$J&&2i@*K`49qpALpt~RLr0m`6Dqsv};s-C`86>eiW zKyA~BU^_uru@I}qcZlevLtHaStZF~IPUyab=xv)EDRtDOq~xVAk3dCbxzUbLK|w)S zRCLF-=uZg-aUyXwP$p?_?%Nu5JeV67_A5&YFGa+eIi&9kw4^DrWt0$)5QXB2!5JCh?W+$H=oiry#a6IMxK1VQ0;%TM0ut9> zHH=FlBCl5h!lGdYPRk1N)}(|b5!mtYmJ-7a+^RkX|IU%-jPr8b|7CB5`NRnSI)bC} zO!f^$EJ!BbeABgN&ESvl695>;4=M!s2&!BoKNM1DPqcr z(tv}sw`h1PS0EN^92Ejra)O=*2rM3^>Q0CgFPi^T@#kwQT~wOAFON*}pG$83K!ZHt zhQD?hjFvYuOG*Gi%fW`A=kN;;yr>@+MVL@K?LF>NcicjOGbmGX!h)~AU`$oGX=mmp_ zNJd2kEA#3EpqI7OzZuj*ZM^Og(POsXDU5>q@Le^!YI2FAeZt6Ox&Fn5pwn;qX@}vH zI1qt)(#D+qCgXLr&EVYr2w{6d_+7FF6sQn=N$kW*duz{llE`%?Sc^>CoNpyEs>fe8 zpfaddf4W4@jvLZ`1KIF5g|cWeKQMVm?ujY?QT{=Rw@L3>S|DrGzu;*9EsKuaa12Bw z{)<8oP}2Ur2iRLel7EJK4E;MMg7M{KoOanQ@*(~&-U#ZXV?<&4pEVNX8p@+){?94~ zI-P8AS05|*wDo^pyPo22X<`4OGEhLIoXc~2H#e>LRW5mwWb;Rt+T(s{IwlUm%sz z?oOFq&nAhRgw%-Tno7ze@Aj>z6nev9tMT8nM#jA!#=lt7!PdpVzpbk+t5=2VEn=cB zlB0C)%BGH%6(^?G>yy1kmWG`##Sj(y>%cE6;9|)A`P}Xgj2@6akk0N-*r!pi&ks0C zDTiUHP2+Ol9#yR{9>3t;(JK6A$v3UoDf?ifJ&?kjoN}Fegve#B>jUPQAsj=ifymXG z{(SC6yQV4beAp1ADBFB=F(7+Mc^`H}8Be^wfcJWr<)RP!~ zt>!Q4S`Hi>ONUo)b{O2Yx-kW1ModiW^rE;=;anMj_BZ0&lueU8u+vq-zAgOhscA<& z-*Hy`xPqKjwHp*S7m^Gk%$`9wc)wz+UAPpKv5+&|n%*B?j~h+df32>Uc#G_W?kS$g zsLj+kCeZ8?F^u=_j6EJ*RJg$O&tZuz$Gw5IL=V*=oyYFqw%5mk0$IEp(^ler3Evt? zCFT|u3>#NrVPU%&5vC0l6Kk_AHfevKRkD*5`+S9d{k*?_$wDvtd=RVo8yKq!z3TfE zUyhxTezy(p^)!QNEnR7e1lE>TBrGOIVnVyM-{06`Y8z)xEX-^^SSPn`@6LU5PD|y3R54mraCj8{-q}_;yw^zB)9~oq!Wu#Y`vH!GCS8c9b1y#WwK~Kdymy<>x{2TGY@$4wek%lPwBj+ zhG!uagz)v9*KTn@())Q!o-xwCHO(j;T$F}I+Z^e!8@Rt`Qn{V~sJlIStyfcDb-Y!W z_S!G)x*#q*AdGr+i9E-08I7!=WBv^rU*PvTRFnG0L@Dh^lJ6~$+2g2Zw{B`+E`#{2x^y~vkm*2TUyjoYVR zZ?At;JdqYzHoYfL#;8kfIhgK8pM9Hk(StUnc+-1z#}AIgZ+~4KZC%>+UU54#bzj&G z&a5#To#4=?!s{qrJw6JtBl6f%5XcDDQ;QcZl?`^P-~usIM}v!>w(Sz9+jNaH5Fr8h z(I;;@Wg3d28K;Ba^1l>>uTBSHqPMQcl%!z+{li0g{}OhP&+JPFE=iRU5WqUIUZR^r{88tUgA(5>+m%@oh`LT4cNP$ot-xGMqx9q%)yXn#krPM_ z8Z{Z$g3q|V^{D8@J+_$Nn2Xm$jN6LEcin*+?Ls;qFm5X}oHnd21^p5_lvza^ z)VP}&x%yoS>NTPKjn#_7HUxl$8r5mI?HbqxDPLs}t2gwG4uPd~inI6qiNq)Lg60HhvExlS|!U zBvOZR231ah7D}jIdC%B=1W^|F;?yhz+4BV#)epc`IY6w_D*VE z5=P`kH;dP{|h|CscT*Hev zz{3`!!0V+qw`RMhi@1#Hms6gCzglXs`1z}Xrx8#>l6~qKx+7W~8gMLKcuG$06llfI_Vav;c~DYysmVWnke z_CCSseuPN8J@wMp3ByCPTYtY_IJC&%_0Pe$5V~;VApGfqeZ9bp;d70YGdbLkF(saQ z+PPDVVq4Ju_(jRJ)ncr)V13>0dYY|xQ2EV-HtPx!pk{1T+hDe4)Vp-sPrCDQ{ZkFt zX@8kS-1A6l=4pZWnk~DRKUhIRYsJjqRTK3BsWeX!<1Lkvd*7NP zmxCQj=gDOk`x$jd9^KK{Ievfc^nCM|PWxs*-T3Pc}NODZer^e zcQdy}46iknelYn3dBgJo;}3e}^<9j>+tVB)7+h*O`Slql(z;-G&wd|52WF=qSi+YT zzzKzd(G!7q&DV+(Lr2Nd(QqMPBCkq;nnb z3qN!OQDir#XDO9pvDNUdx|(G+`H4@-CrCMHP~jpcO`X(8Rc-gh@fy>9#zW_1iOG&> z@Lcx+5Mp2kV~f}LOuy5Kt#{=k>xjA=V=2x)t}*?>z^8A{2))1(nyW^XVp}fLDR$gW zOEErtc~Ff*M_<+%%aq&LYVW_D4&j>&g7%!{a;55QdnCA>ofU6CK{qt|bfWpOKj; zj>!nHtWBm{cb9RzQDWDpV%twCYTCRgA9XTGQ8k{7+A$~|^%1RCHKZ?Je9C2$KQiY`5DgJiI!)b8stKf?l2{Z|+z*+&)j~FFdwQ zMekYy+`V zgT6QGbJ#qrCFmswUHi<}z1^`4vZN;?hw02t^sxxnMjNqw3bI6O_voD5YyAwj9mf13 zI8v^A`cfx?n@HoaI!+Kujn2l#t%22>^gbI&W4}|N2Yv81e=0PakpX_X2SSq3akZLI z$`2+rc9Kh-cd0C9Mvu2=>$$3->}?KZ2Yl82wBWAH#2qVi#P4dzcEdyW{lTCMrE;0cN7%>+Xy zqtn7@pUr1-I6RWROtW8Xp^U-7U11e{c3%`?aMKA(+UqDO`A41K`#vICxd#7q*r@nC z8tq4iAeEG^TLi3cb>Sho1)*kxK%q5siB{8BBF{6$!w^P(Zx4`27#;(i-!J{JrC zpKq*F!rI=2`fySXIkU}yDNcMovVsDw~RG#JLVA|8V8=R*Zky z+X;!Je=|dypy{Vr`ps!&oA>0pw&$x#)G>S5YL0IpuII|oW^)7;pN#QIRP-DKHVfZ= zA@4TN!ziuK#{*y@-nF{ACMHhT3~o9ryVpUnJ+U z{`#JTvHFB*Pi5zoxF5RH>pBF;Q)l`6!8gt^neU15~R29WG6Lz=oX*z=L^G8@((jDuT<86mD9RK8K+EQK#iR zp&1?>{?1W}P`Dac+8sD+n9FTO106*lWrHcCe%YXGI<>PHB_(7U#?X45_sG(*U$& zLo4^9z?J%fJ@psh08YMbK!?4&NhqFYg~hrs?2P9Oi}`f9b;H;`;qD`V@ixdQz%78dthzJhhL_ zNmU=|RCLt5b5pvr@4MRVjM*m3hha2w&Rdih538k5S~lE+DY`-I<>VCxIbw`BeMc^z z>TeT8ylqRedRYhvh)vU&<+Gt!Bl$uMF$C37qVg)TUZvd(mi5t@=2I#luYYCdXMFOp zR@x6YWFWDEPNtl!D*+k$eUtx$+Rr}d9G|gy*dHG6e~0I`Vr68uW^g^fpk`?X8_Zgo z-w>4bw#>A;!0(OVXhX{pPKEkVO&_V;H)Y4*k$L}~z1lsFFo9qMhF=#iMU z)U5=m2Kg?9wo!O^NPSGd^8fFHb$nvFdjoflN~wmb%XhM-(s+jAU7`2}CtQy`7FXpsa$2*jG82KK zvlCkcWJ5r3uKaq$y1+`<`Wq)2r^a!;Z}2`(=k{B2-Wk62hXc7(=WCqCa%=kQxO5Hg zH;yf4-KR6pjV8tI*+D+T$1xvt$nvY2&3_jvuiklK}e^E3EmS zg}-?j(Z*)@UDyk;w<`jP2O_rwZIL(_pI2n92^9yx?Q<^^eg>lfj?K8uXVnTUENEpV z3An75JCd(3=MLZ7WdN~76mnV@W!~1AKZA>Fe{P>I>TVy(tfsy0{_1kQ>lILqEB-Tb zCYoyegJ`-?3oYIUom0qjy3>>-(sdCv&Wiw3%W65NF{Lg5De8h~M*V5E#Sw`;4cC2* zTo-IOP-*eX+)t+0=!mi;`ZtVyk~LZAw6pojM9+8@*Qe}IHfzQ}*lja08@S(Iwvk8G z;gZnc#DfwnjKwh5XIoCicqdc86(-8`f#S>Jd{t*#IOTHVW$f2)7_vdeGdFM0%^fDU zyZzPRjf0V+h(#S%%m^?Mm;HPfr+p80m)rUCtw%hlQ!dVV;q~W6Zm#%7Kg8l1YJoUv zo~RH!?!3TDPIGr@2oWZ#73RR= z$|W^gC=!{xjevZM+1XS%Rn}%ddsjn=NoG%9TB`~Vm2^9@0-|MiP)Xv#49~_NnID=; zXRd%4f|?CP2>6w%T`P3anW;rJ1{nZ0s^F_YBQYtpDn^>viF_rb@tbL1}^?Jo*SprzMrI<$#A8V=HExN@sihtOFXo zl4K&bZ~X*9gQ}=fvyBOrE@T>zS0pY^=zoy-?li@#HN{pozKpQSQ#V#o8F8j+TbqpR zu!?d{3^e#6;sRG3M8s)YNcXCo#Xv1`?u*}8XuF?v z|D$xlgtoz_DYJzsS!fP2?vZiTSCT-*la=APhFu=hcV_r~-dI{1`fG>E`*U zoDPxzLt>Zv^q;>`&u;U8=@8A*&)f4_xLD#p?@v`|H6h29`2-|EZr^PgimkYg7}4*A zRNGv$TGmOzn2ok9pXDL5FL&9zXx>Td^b!Hh$)fSO=tKInG&+}qF*2nMwP{{NEB5|s z=-Rd&=&fPBu;)}17qktYkDF+J`xxjFZdkg$<;Wnhf%ozMP$$*fw?c&JVx_Iaa)-pc z^oXRGzzt<1%7oAUm6JXH!^3DBnYK90WK?3enE+3<8*)QZu`~_(Nz%kl0pD#NWI8A-U09 zh~J$n5Lz*effdwm8CU;=Pw-|)^0DDgPq679*Y&;xp{%{se9(;ReiMG!v==FA*pfN= zE|)FEcwFQUJ`O=^QuYDN zOSms~j_hv|5LKNf^SC^NHMF_$<&@FN5>%dIx#lhe@^pX2I#hRBbZE4BILGx_||Giz_ zs0-mNVq9f&a(rb+ckiKI7;q*5H`^y?TCAQZV+eehlxyK;#G7MA{(QSF)W=wukVA1G zlE-sjJt~ZTjq$@Izz;sVGt#@Uv)cqv5`N*vCHK=C5@h-dg<>NtJrCxv_qo93ar+R7 z!x~kQ^PcF>2lzXV6qtVVwDo;+QoEUfx2qlB5A9qFZte8M>CC!yKNyc)QqLpdeI?RR z;~k^JuXTT{x8vMGB&yqQj`B768lJKdwR%hYsQc?@%G1v^ZXY~XNrf*E)l}TyhKf9G zO&4b`9ZsKfeuq*x4GTRc;t&LMu19Fm7(6HGEo)%+Ct4)h<5K6_HHV(0--=r;4G5if z_5@}*O!|(SU}|@*q;70SL>A6?m?O7@P#SKX9*-!1R&x4xyN|S5PYymfykO2!KGWL^ z!GvBRhf=r%!`@B3ZW)-yc4szZ9tVchjsw!_PjsHA$=oIXBZ9#2waV!V+^=3ZNy^Qh3 zkSg)MyG|{Y3j8SwU>XWwpl##v=-3GO<6tTZaiolFh~umRit_USTS}lLG}& z${)=C#E7Kt|MT2``@cy6i2i?mmc<>JmE(JFqy21t0{u1Uia@Cqx;8gI>m-s++H0S; zZlg&N&qa^)xDztGPYamXXaauH1%Oe?WQO~aaSli1xkxne#9%r< zTq!Uo%8jets~mE3U>P|4yjVf&`# zoNptI4*0movh(7|vZl+dD5hG9krlycyJr)DJ+HznGhUf{C%v-~>-tPJX3KDYPqs5R zpU-H>Rkbg;-Cy1HcuyR*W{5Nt&LNdleH)TuXd9c`M{3DleU~RV#;$e0X%FtZyA+Gs zf83KJDgF5h)G@`gK@EsqLLMA1K_=M!KRmrA$$Z>Xe@qLI4VXw1%T_&$pLjHFjbw<(kyDo3B$Z z*ZQhi9S^XJt4jZvbmfR1YkA-F!?j$^lTTOz}XqrsAx+Z75H)I$g-KFq>~(6pfQCV~gn9?q){W>@*#s7xLTNM0jVA!h}Li(ElnyPb)Ts_fqfK$QxG`8Wp4?3vW|-Hw)e<(}P1h^3>%I0y4ysja zJd8y=R+dki5V4{@M+JQXNy|Z?p!<>%p90&Y* zIq4%Fh2NyQdbNR+d53gZ?pJ&Vu)W#-j2QhoD3YAUKg!_ehlm3IJ7nBCmb#Bje&1;}&Rx|YC~B4R>&61p3Kf_gz(R2h&e3t&s;!rAWk@v&|K%ET@czBI>M z{Fw~>J_KXE_TT*eGj&v_E%X;Z-1}Z zeKt`^M6}}YCpk;3Nx3kd?*+g|;fZTrcodNYwHHVarsEtX0N@ zKa2&3_>8+{oMDoZZC((U&h}oRB-z*za27FzJphjPbYs z^ywj?&FUOqIle~zTUv2H?-!#TF-lAx5G=G|?Bs+-!O^5CyITZa{K8j^e*GpUtLcXb z7fAbKsUiNZ3kCdoe^F2eT^?;dC!xC5^e;m$Pt>DR?d%m68o$!hm0B#$=@oW9VF+jk zlf2sL)FgU9C-IEInCe~0`TliQY1|kmVI|y~EP?iH*xGw$D%vW;#|>?G)6`+NTAM5s zxa0)o%V5=qArpUg$*Ame{1|n zNtfu@h=RvSo31cLhbl*Rw~hWmF%;DHxEH}jBbFCl_EdkLi%#8e4+5!OI8PR1(0iWf zc8jg_cer#t9*f+A_CvD^V~8CO--iZ+ICMI}>k3@tL*hn`sWX;m(O*l)H^HE*(Mp_!tlQs0xD7hVEul4NG80RFS3;?pd}&Qd#r(S6m2q?DtIEP>RhYvwBN zw_m~{$V)nZr@2-{D$|DpLe4FY)(p9ot# zs1unB)w`=U;H^)mX1>dRbLIQ0R{ZEjeYB~@qGCsVM63Zp@c2sqV9U)9Xz#g#FIJm< zNBEy7w0Z@U52rz)-xZak;h@a>Vt@<5JXVp4vtdHwV9u?y+l9f;1COSgN#qq`zy!sp zEk%PLG8#QVtb`KrGa2WUh`1UBBxjx5Mw5h42ye3eu+IH*xlPK}j%yLfRQ#=mj;lW0 zMo@!A z_XKCJy?5iD0^6Wx_F)F*Mce97in)>1wUQLL;lsD_^?j$t7K7hsvr_kFaujdIm3?x} zizNIQt@FWK&`cjrY{FzA;SM|1vnFV0`Xv9^<6!oldnj=NQXyQ11dPXD%G5FNj68Xw zGK}vg!IS+mFZ<@n)p73azqs)dM#FR_x{x8YhY`fUorPv{zMUQ`xR>z9squ7#;;BN% z<2;09e4SJ#jVad99pF3^=1k>Wzkw2l{vJI?XR&Y!SKskqx8eIJW_OAkxM=eSjzyrA z><6ur7{+7zb7^mcsdT?RGpg4|X?QKb=on`xLt448+%RaRml;c|C zz{Qv;EYL;;P_jZoM)4PRbB6u}#JODD#TnZS_O&G;X@1=Gmk-t6FDxRN#h|LW(W+(An{Hy@O@E{cPh4GS@3p70IBMVKU!xkCe<27G znqF1S&q^Cl4?MpY{r=S|e=RqC&~A-Wd{IS8t^UJF9kUlhTyqSMBjnF&?)OG}zu`;D z)WMc3{jJ`_>qSIl`uMnXy(=AsUURBu5Pc^cx*5OI37G=f@IDis{*w^pqE2ACbyIiv zW&@S!pbn8vm2+N0Owb*`XOqlUVmQ=OwHCm3g6~vXME}N%dT`a)9@{2MB@c(f)brd0 zNL*eoYf$^TNfwg%Nc=LmXxe2{XDTa}64rHN8gHH!k*#=KKG>p*J0UD2;^RrSHU22I zmKfA`#ppxOAL&SSD>6OM{mscvHHwIFZ0bDAd0KKsssIl^MRXK|0%-i)S`Yu3dfH%cU-8Ion$4T2 zDbAj>ooGKxqq!jwRVpRUVJBrb{Jsh93o(YQsw4v=?!z*-SgFq-<--}osH1;> z@C>v8ua0b$5}UG?H*^PY!76W_7!EnXR?mu5jpIjNK*gcNBZy{gx0^^EsSBn z|40X;5wqR?Q>alRARxdPv1HX>^uzB8%wnA(W^_*dfw(XD^5Jx$uE-0{-_Fd}JX+>5 zdFqK)l5@(CLq|nz1f50ZeOV#m4(EZLy792uP7_5MGn2atiw13S9QmG-J&!@^H(g2MF79IdJHxF|%nx zR%HvDV1j(XUl#?rHxSjCrDXf}6V`3w?YHap`__IYJnX#a(45Lifqlc56BSe#9DeE{VC{ z>*A<{){Bd-^C@^H>1<57Llx(%@uWVCh(um*9xv>$2B{~#l<4ClZDml}H(`SHFB_3Y z=fFqmGkQ!c`z;&=K?Ela&^%8Vjj<@fI}-vG6r;Pnb+NXwi6uO=&N#@cPA`^naA3Aw zZ4^^V>heB^QXOd-nS;D_9)OU@r$K66{qEvz2kv+f<}5Xl$1&}J{fPqlz3_oW^g#~9 zbLQNm~f> zHVa+koSkkw(S_FqGXx|WTVg+o*2!g?8ko_#zL%6b6PGS!ULv|OKs_U1NGdeel=y|m z-{+>drmy{jmmUUR#@5V~VSAM{5-oWgjD#LM@@rD2HbLT-RR!TD%Fa`uW%hJ zuAmd(|GQxWv-U5^NBLHvsy_W z{&i+_I4uF|tH2uTRgYWijPa+8Iu8))!)*8);<(w6Y#(IY% z!0vL!*BxC|mQ&$5V2rbA25iW?94k*#Teo!7$i_J~m=hvBa>}}2F0?(Iju|VEEPV7P zpjogwWuuBx{mLJz|9Z0Ym0*B_IMFf1RQa%8sm%xJ<^-^|%<=n7C<@%>L+tJY_@MQC zkC8SPuc<)bym(4|*n7h5ZoYmpc$DOTH73-R-j8Zcankt~xBQ&IU1DHQR8;3-vqRnr zp*Q!_B?mUi_iHyGS|koF<|wBtxHTXH#ds4_ZHv}zNuB>Tggje}m1y{USanGb=ulCx zGb4L>9rJ9g&<(x2Zc1}gz+H>xtx90vQ~l!Bgbyzl(!p&vPoSFX<+of4%VWznS11FQv*e7brd$C@U)dba7$#dAjXk zmm53y)_>+yZ~|X!^@kANE;TbFgP^vqPD)nxWfZKI<8yEXE=pwATUu2OO#I9X0YrBl z71nAN?01uh{v~jw;s|m%l(!xtp$x)dyQ{0#YCx~@+=o#nbk=IJ#qhd`TyD2U)r!7C zIZk$&`!?vm6jKPjaJQUPv)zh~Zxs6_E4dyI$cEd%V0us{{)B!Wti+s{%jtQz?EKMW zBHVnuX_MLFku?QZ`)HBl(=kfIGmu7l{x98Ms#Y0`B)D0Rw?NWmrKDaCE`7;NW~K%; zRtAK^852v3>x1{P{-g3guUaoR2YDZ-B+c>?3*S1z>Im7B)UcKsu@GVG2m&#~7&b&( z8a{P+HFcvU*=mZr`F!Y@kfxG^)sQ0C?0Un01{gI*%np}E8!BF4Yr9C1`K`kG>a}8c z#UkUA;LBfk*B#D*axO|33WC&8gvu!@wTE^Y+)T{)HhsFHrs8)WhL+AxpN_wFrU`~N zJYuZfb_b%^Vg*5Mq7QlV3){If;dAOrcoVz?0zEE=vpGMHm%BJJaSDdwp9q}+6uhWZ z=9}yr&t`B&fsEizy4ISj0^q|A7$0C2wlm^I`p1v`&)_um-<*QwYZ`b(9*T&5! zMXQ#CL<)p02_8azqvzeD?)wm5&A6Hs+lS@6D%FxR(1s|f7o9YA<*8Xk8cVpE*%b=u zR79iRsz_1lPo6}pF2+LIe75&yR}`t5zoO^az0Wtbhn&Z5RfO1|%o(1W%x16G99?4G zqT_LlY{M9`M!{^eQ?RSd-l}{AXr{_~>2fO}cNMxdQMKJ@QAEyyZ*-fxl^hPs9Pg%@ zUdhP@ojn?C2Q^j95jrH^aWD)<&rmpE5vRuE&U&FjFLJ{Z&z9lqo+>R0H<0^kTn;a1 zkU-Z7o7k(q*P!9g$lDe`6iL2VCe?ID$4yx0MeqV}z57IHpKo7F99tgq1TVyUe<8a3 z`{Kd0*EHp{qIj`cqQ%UezVV?d2=JN%#7Sj&_`TX(4{RMXQhxHZa(bF>wU_Wjx0yU2-ej?YPz%FH?GHNofM5~~K7_FS zRsy?FGSdc~63a!kyL@(ZlPbJ<2d%dOu}Dc3pf~0>GBPq5R+3oU>f$^bc(jtpl~!I; zsr>x>tTbqh9B0%ZgOQ#`k8u|2&^aKzkWyDmhH{b^U%!f(nil>O`#^NMo*?p56X{1K z91QxhSKXy$jmsecb%F$x%Xr9T_IvYQskahwa$>b>LeN`eaS2>`f?s3AZLQjM^Mcy3 z{;?*de4V9gK=$?ZrKF)O7G*MZs$N^zP!*6y?gw<6h zN~&vi=*36fXKs<*qW`_*9W8P|`j@Yu4yQdeIV&c#f<`v*PxnvZzFx;R2FnbI|JlJ` zz&|2n&CRKE{jPW{a(y6q19LmOyPr{zgw<642eVvmZr^zxEp$M0J`f(LY#VBfbkT#O zbXosXQ*&LIqws&)QM`}X?mexKcRwBE*5oBvG;6A|&sMgA;ez_{mZL4M`&eJuE6hSP8p6aWRnsHW6zuBm*IJ zsQ#24Mo^jc&O97OQdj$x(!J|sBB^|{sH$52N$Y;g!Q%f#9D5Qoxj*?G%=MN9Mr`9v8zmw$`x+yS{>$e}p(_t)(t+6wTTSp>uKUboYg$&d zoYa@|6FZk2BU9}FsZb_Lnk6(3-h@kx7&(sKCMF2^$eqo|zAjp$dDW!j*Cxvj4j3@+ zv%BlCJ(Nd4TL(4FXDMeK`rSE5BMbH$5#f}ab@3T#eR7?Esbzl zdp*)8mQss<&qZNIB^E(g&L>I?q0Sf$9xXSLzRt6qQd9d?LFCh_>Z#9P{97y~^JWgJ zZ;Ja$Iov%ZugVz277VqN$)qy2ze4ylZ8@``H%75Z2E1KUYHO?bwDEN&I){cp0|zge zqtQ$9VA1hw-Q!^@!Q0hLW&IN!ZXw?i_oEMv#9DtHxF1##bV!`Df+zYcAhY~;MUj|; zJ@|I7QOC3Pdi-J-`8xE8mI#C5ac?#BM+S3Ftc9HjI)1N-5dZJ@UVHbONGkTA6~`1c zjHzAP4c}MlO}kbJsolWmO$(@A>dhAZYKt&-dc8HB%kJI3QY|_NNIL#Hx%sPPZJGb& z7{!`)RB0t3ICR?r>7DqlaY zBQor?;pZfP>;25W{??^kX~$Q+!A4T$lN}1rb^TTetv=BPo!sqdP+z_zafR#N<5zdJ z!2=Dyh>&_Dw;@o2{H`?GpO>puE&s0F?%(KsA#?zUgG`Qx#wKlhY-9CA`!O~hZL|B= zFDCzt;rITLA=wMJSz*5K7fHVy@m7PujU@SEYH#hRGJiuC4tj# z84?~lA!Hv(U3*`>-DkO6e8H&VV(-r=-!}x4tGmkgTG1~Ai`V!xZ|*X^+f2E{|457J zqng5$@mf59^!WQigLf&znF{bd?s=K((t7C zuoMuT(GD$DiPvpUm@Z=m+x3pNsSQt^jy7@CgVb-ze`Lf;a&~^I6((l}1Q~@0zh# ze-&Yb zu&M8`7h^h1ddcFOLQj4-S%C65@9me;op0v^f6|!Fy>hAO?y)e1Vso85*=!HII=A{t z4@!n`rg!^(c;hww9y-q%h|vG5o94M^9*?Qt6uMbARAQB8NpgXRlZIxvv_8ppYS*pP zousfyQzusTSy~?VymE{-EMKP2?ZAA|L59ZQak`y^y|14=!!J}!I(z!R{I+agx8<8j z#-QJx?tkPg0r)<46pO#=KARe z&I$$9+54rD^?apIzh;oRKM4|r|1y83Y=@uYw5DS}xUejn-U`D2VCK@_3|Ob*!~ni= z+=9;cGOd=I7skzP)KT{h3a|G#z+XzvcW$_R$%ej8ep=KU-;&qol+#vFF~veoJxGQMeS#J7GW%ff?u%hTffXxdLHLx1ImF+$QR-V3a;(a9cG_bh3 zm3`88W(wsKKGx)bsVkpKK>#qx#+J>A}shT~X>{f1@0}JtlgvWo<)|N|7 z%9Z$ld)RR-cK;%m=;(BFgf$*HFCBEGy$!Lar`INbD@yo;)kQ{A9glIpCUM&}8j4YJ+H---bbAI2WVm-kPIwNs~Qo?#_xi%ci?n~iczyxFP95d2A z!_JU>3MO+gI`4vrp3m14@a1mr{2T(c(+2AO3{6?Q+AMV~ZATVp5AP*8P$+$<5a?$r zk)G@e)*Ymx@HT5@5y~8MiH6}CjLdjqS8DUcRhC53*dQLkMTQu=5CqBIP~RgMe5d^T z2&|18CVlxgk>H7m5VZq6M%>lB#}Z>;EKq0;E3u*5`RKq1IR~>9MkkUQ zJVbR={nU0l9M$UE8O~|Nq8RgCt0{*-_pJ(iQbdkqaKdiaqXC{#Gv1sN`hC|->eH6U zd1lr~@jZwxGPV+7RH;8E--GDx0F0-5W@6d|Ee$QQPg^3?7QxP13UqaXFFE5yuBRLP znJx1_vbda}t;vB7>gVR${rhvUIzq&g`M;Ur(NBUchG09hKycCU2i{LG28GMb_4eQC zIy1U!qpWEmO#7i?=?Izlnh$aUA_$>GNZbcLdSYEUd7<`Yo;=9MUd-*g7#H&cGFqnu z|9GSnXTL~`N@D)Z~9-7HMyYrtE+GY7H{9GA;H>tDSE4(n>WlZc5>D7AL zc&?xobPN8;W%ayRBSGBFGrh&{)Fgd@bAUTE(_xF50&2YFql;fg&mFp(v?~Fdoq-N< zUMkPRU=>e4{*C6&h+#VLeM3_pUlr}(2!I$3yxdNd0IF-0RLf>Moe9Zh7Oo(v$lv32 z;-GcesGt=!z=pN81dnNklw4m^+D$? z$AFRmPqoBnuls5X9b4x(?dD)xFC;4=YrJfx&MzmmS5a-}VyyF~Pe72r((oy+J@{Hj zux}Yigo_SJ%s!75xiV3WWlr&X6S#p08{SeMoP8RjUr4>k>#kHbXpXYq$O&0_Hs(#T zw_d z;(IOYVr||EZW@jmfQ;*w2>w&#$jz;9tv>W>ehZ+1UV$Fg1JY_kK(jZUhB#Zdvjey(HURBnpPz?YIhf*7l_m~l^bKdy4jKb}BA4cE=uKUyN9D71k#TQtu4A zg-D9Z+md)T$IO2FeQrXl+Ii&LFtRXXHaUO51?n&1xBSSh?s|gPxUj&>`GB0OEjxO1 zQ7GugB!?yhm8b7jT8L@G-pi8=^|)mXVlw49X5)FSYr@0F4y<``ctu!C2{LEnZlud3 zc97n8u%<+PYO{Ravn*SjpHb8Zh5HP1ylDI92U$c+W$z_+rN#V{an-vez5rb@+gtJl z3saQnViq?HCER#D*6D@uu7ds5M4_B!{t)w9=IV4d(iuY3*376lmdYaHZf59m5?`45 z-&cGNCv2zkpT}K~@s*ymmBz$)Py;TWB;HTsl1@suW09z$hznf%yyFN%U*9b)oRYRf zw{sznmyK-~Zm?$#vF7Ocfb+v?ouPg^Q^uXn>{7PAY?Zb|YbDL=>?~4$f+z{aj!GWU*khDUGgp@YT5Tr`lBE z1&!l=V!QAcf}7|{8WnFS{KlS}MT$y!t<~m=K)CPibS7t7ntjN-2Dc5ezroRtYJrO^ zEmuHK)-qK)*xh`?)OF=$sp0YF>hRCeAjR?+p;dR%?BGdq-XtEs?Ek{6Jjm5zbCtyw zaoC`hbRPMw&=zxA3)R&8lnPkVucZ(g4jn(zNI?atr0XKaB&UNczhK3b(3+~UodUwi zu<)?`yI?J8^B{)5D?T8-;ouK{kYZ)IJy^!!wgOz!Fr#pTvckpIn-3xwKe!OM(riYz z!^J771?r(^XFf4ghn@rK79XIObB#lKXk(PCsmIOr`JK` zb0<<0XOV4>;iWyX{rHgn!dn;i2F{MoMKJ^c>_~`tqsXtPn#W)dsv$G?*KQA_BR8@K zmFjp-K;)m~EM(aB>TnJIs##J>ntYo}_$GA7T%xQ`BZ1@4mO!p_I(^RoKNms%k9S#b z6g?F?i;J5S6znL@V!TRlSYdYf60s1%?@SZd+TYC7hDuMR%apNAt@{$%NnA8^e$cf(5}x?)l}%X2|jFixA|TuRVg+e(M1^Vk>3md4Wjw z<=gEBR4rck_d60qe_>;E<r;Eo`k~CzH9pt70Grip>1rm``VtnMuL$N=Su^dIVdS9k%-eb=q z^ZI`KQ})UiZF#q4#hL~ZA(8IWg802O?UdbBR%doL^MJ7k^eqh}nav9%CiywNW?5hC zB|(_J;Ykp1-OEoa%!dKIHs)_G8=bB+lI(W^m(MoOe~?PZZ z`g&1ba{#;5>`+BjJWk!f2`Naug#$cu)XDm;^N(g+Gue|Jy z5NY&nCOma(N&E^y!O@_FXK7{GfbEAvcGbn-i^5K+kbZBzOpOvv$@qIm%0p_B@Ueq+ ziH)7GB8tt`(It}U#2VcC9dLR!D?=NQ(sJ0M{Z^JD8?)kpvZ=St{D*YcVl&qTU9tD^ zsH;HVCCQ&oocnx_hAN>L@W!X}ACclhNl zSaU9hQtUgPIGk&;+8oA&7{!Z+>yrh0V~vVKea75&Q~bAN6+QjP@<;CI23O10P>N02 z?L1=K+LupE2qtaJjDp2Sw>Df(-@31Ic^IJ$+(^5EXohSQ3kCztDLYOT8j%$%yzAJzzD`=c1*pGpcj zHXH30?t8mPcFk{Ig6<_LAbF9N%ZqAeZK!jrV-$R%ItWqdw}NM`zgU#*05h~UsfC@p z;&%v}jl`T8Z;yGHLU*f)tWlvenY4Urwoe}iO5pCtvS8S+=htK7*tV=0!<44btIdbc zg`WhLP(OVRkEEWm|7zdy!eiAK4RA#>Q{J4YSi7gF%gyQKwZXTo>Im2TAjZ?-kjco( zMQ?I|!USoLPU_zr*t9P-yH+7(b5%yOp8i$Vx;Z(JI(Kzzl6&nofkvQ95NJ;ncE3f? zso54g@&pe#|7&!pbeNl)P14;F@{@Em=V_*>qZ;mqU=0o7o$9-~Z*C6g_wtMbA3Tu?ir^3jS3Z98i zIY#WfDtH{n-qPm2{du>mN0b>d6R0_?jTPD=F9M`29=bOo^2@*Up;P?G8}Z#s&Z)!s zX*I4pwR!e0lb}fY_V+!c5Xj9u#YEVc7(>&HddRY=hnfd zTZR9n5H2C%Xgr0)KmLT}Ij0$29jV$m?24Qj=^gN{j4Xg2+EF3&rn?^wb+>A#ym#zS zjIx@UnLRu`K}QFH12q0iI6wM_LX4A%g8HcwvM>X4D=@#{%Na|PV_^I!EDTY}OpP8| zPNB0W7Pi!*XjSRK$3bBv_HrP%8YV0GYR&O2-OZNbDhX#hfkD%oTuLg6?Cj;-#qvTy zFPh2fY!#E#NOAg5;UvZOi1iPfVDivk2*FlVzTPNKKMhs<967v@7TGt}l%xejO+qB@ zIJF?`ndll3PfX%d1$SLo$8e?o`V;ZElC&M`#Cl&ao6}ELB&43{E6S#*K7(Y(5Q+G- z3|UzKCNZzLa;1uaE$pL^B$`keY6>&xL(6Z#LM&hdR=s$yrZ{3s+^f_BM?Z?GSL zBB()>Y`0~I^)~^aTf2{(I7+%E2`hfg6bSW$uD2hS%{bVH*UU|GKqf zG(NGu6i*lCnxRZ1b{ZM=Q#E}f{}-SWc)1tja)K9|3mah%%dje{k_(Iymmn{&Ba+Wo z`1ZHv>L154J9W&#LSCifgmPBpTa62VI5=;S{8PR8X#?Enx}g~=#H4Sy`2ncMB)WKq2wY$gc#65=udNH%IKs4f1Hp2do}EwNc; zo&@uFjO~`(>xtfoQ5W(yJh>eWMo=x?kJm)+;bqsj1bB2KJtpI|OS_LF-*|Q5gSA*B4uhn;yx=3vj~{=JE~MoAc6N541I47|WFx2+42nrH zzjf5m{J&b<*QN{uRki)@061uEECvCsxIWjFvbt*I{CTY3A0$iFsff1iW=aMHrGc>b%xdohB= z68T@7%yukhS{VF)>s!9OF$aYIuWI(~yYFm=)5O=R5qh^XxHL?aRHPY5#Q(#4p7 zJ4$6nyGXEP-mfKj8xohq+(fBgfyrM=h!IPf_~ebGC6e3%2VL^1m=3rIuO8M?(C7 zgnT6dD7#vmnVRx9!YeKF9K60Md3*2Qgti!!l^qLh(1Ej%WRIoMYJ8xv1gZF?_rTpb zTvO0>$!maNjQgAz3ZLT=H+RIYXi;lH2o2Fw)RZZ?X|yg4YrnxVK3Xh44;=a zWS_Kskc$v`c(o%$Zvk>^gYo%i&&=@JTmK?uETK&89Uf^rgi*+rM{;n1xVa7O+qj1{ zM_J9|?xH4Wz0hV;^>jnI(|yZRko!x2Ft};=Awt3ZefNl7Pfe;xspB(jOqEyg@GL|z zw<&&K0!15WCvmxa{_}2Gwqw^5N41!_9*E4ED!+SnUsC5;Eqj5?yM>Teq>~0Yy&0R7 z`=cQYL)tEsTF`b6I?()a)zOCO*jU;JFx*Gxy6L@!pCDXL^!H=&aOUiqkhw5Z%|gOnrx)RXR%+lqDSHKCkly zIXIjNr&I{Zz7;>x^J4aO3rdwFuhs_2xLeFvd+Q+7+?@d3cL(f06FMSRW+~SDP#Ji0 zWTWdp$1l}TSUFzf3RGl!(<%7r4g0hBeC8eXI1(Feer|0VPJqUE@8Xsivq8u9ExS+X z-$8SUx%P1hIpWQ^wC7`f7&bya@id#8lJ}AD80LuqNC!ff^v?x+SbB9CO$JZlNit8I zXJrgw-Fsa`X;~`3oRNZ6Eq=Dt%U{Ir`y*!nSY>!el@a?d-_=gdyi9;3r&vq6@8{-L z`a0ACY$4wUKPXZGX^P7N}BG%zUD ze&c!e_PXj{)llp>_1JhYWH8CW_Z~T)#VlJ#2(|k4iS}B(W^nztoi8oHA8xpC+r>|t zD9CbR#SsjVXv}++TDl~)xe_G$gEbXM$}8}>)7nn-U>Y|ohNDBe0yt|$JSkgV46Th@ zwx7QiFd_)~t{2)&tlXb@%bo?tS9h_Ch3-k{Qc1{sPSX)r6+yoT8m?|{>vH%fy1oe3 zdb}~hcRu~l5FOV~% z?>Gk5TH}Fj3*6VY-uE$k)rAbZ{m0d=?Zn}WO9ZWH=KX;z*0=d?4_^ad5PY!}Ptz7i%f-;Q;CJ{#p+<~8 z%Rp|DWH<41Ly0{j#bnGSPya0aQKS8<)k zAZ~?b{pSIu_}e))F5+8t5{vg^TF+R^*txC2588JvK|Phie{YWEhGrnF;Q5w{&8CRd zV!!_1asjvY`v{`bwEqw^e&IA&gxCYJ62+<``AqICvr3#V~9sbH;D>--ZucbETPGpzR{tQyp700GSjLcI#g5otU)ygFmvVqfP-h_GUHsKs!4H5Z4qI+lE*(=x zO3CI^#`tRIPUan-*24yJdz)bHpE&phdf#}Nq0OEbpZ)KwOW4G*@WDEbI|NhNx5ZO2 z9!x_2l6PsC&CGD{;Cues;w@C;q9Nm%&pw8@;&q#WU4O;*@bB~0Zr2su;%(q(LfuwR zF$(AVPvNO-kn>cn%p#MkI%Sp4v=fO~@G?H#UwH3R#VoE=L=$Rej}38x44oIKBaWb| z^%{xs{TaNc9{Ix?oS!AP{E@o=&vW#%wEC&#$g_b;UA%=|OU~#}%wE-S-9L`4B@G2; z3n1KtVYcm*=$+K6J=dLCHDzX9=#> z?e0G5$XWGb9w_PL8sWKM}jHJVly)q)G8R@c<b8cIrF~oGu=v zrZi>c%@HwqBXd2YGbWm@uhwE)D0jGXW%Z;vXc2&RhM~6D2Hw}7f32!tp5=J+Cj^W- z@9?;i8u${AZB5WTiPk(C>;+4ln1l@ zk`KzKmODcow?(nG8C+ut(YIwh$RP~HGC`&2wz9GwP|D0ebYXWwKQoy;7r|B~wDjsa zSS{^Daey~0n;CXKbwBc1d+i=aVU7V=4{#pe!9tC6)Vhy2&K5pn#JKfTjW&G3XxmY__8AKI3~otYahv$vn6ZaE)cM21Gnwu-S;fXu=)&-R-VDZ+%=btvYD4T@IVt z(^ct@kq(PEmjs;te3By6(sOFO*SgGu&LX>_&6ak@a&BPY#!-s>YGJ&DVK-ls5Oe5} zkkoIMA-k%oiwRASUbJw+VwlKX_J%u-%SUc+9$A|VMDK1LJeyoOXh-s4r}DYXfvvqr z(l_gx1zxipL_~;vc&iMdW3Y(J<{+nST4VdREd5`C{~u-V_}|F?fB#oo+ithEwzjdg zZQI%!TW(WZTidp6+qSJ=_VxaL{(#?=T**vs&&(v5$vKa6?)&FjlU~Y&*NbbBT#M6! zBCcE#uyxOlpR8u~_GCIvv!}WIDi^Q*1&>s(jS+)ehJ9wP$on9rup{LqrdPMA-q#zx ztQ!Dj=I}puW5aiQ#O-)K!mc!<@Tgjiq@CUbKd>0~6fF6uFv}6~)Bw);?c^J+gL~F+ zhJstHyWY`G?Ly>atcf*P4IzI4_kbEjbq(ore{GKsK$h$U2(6j|-znIvjjU=#ry)iG z_^%kuQ{Gg)wyq6vo2EuG&TU}Y{KnXjHy)F5?=G49W&=+7*~%7Db*-tE(wMI;qIRX# zQviV-Nl%^)_pdc1;R+TM7yeCKjP$QTLnKRyD+UpZ@1{2c^Qz0EKQubofA@iL!?}%@Fl3hx1xJpoqF&xU1w+#~$B(=(1`swFeN@&Q~WoGut>d zN?^-siA0N3!`{1##y#NT3&?ckdadbgdk5PnTK!{CR(Pjie z1u0YQDH=eAY>F62RR1%iJ6sxFbh|o!V4}Ly8q1I|!Pi-y2b%nqo}Rz8F_8RAg=xc&i*Nu%ZHj%fUu!B4Phc0gdX?<3 z>`sT~MF|?ief?{b(Bos|=bk?WN-DSin|^0hK3XP-S0gI+N+u>-RKnu%Fg7uVfZ^-& zHsx>T=hPkP`lJ*OWtnBq@qRrM+tj_AYb!3bYR_5!W5+d@Z zTtw&tNjW~%huGlP<6}q*E#~x*j;1sy2K@XP;llgXl*kV>GrV*TIKS5ccg9Zf6vPhY<=$Xw`Whgg^Xk z8RS=4S@xv7p&)DqY&)bj-f$D>ZCwVzS#jCk^CIC+t|@*n!752eM?U5nfAp!*!G|*# zBGIhL&H%yaDdzc{Eas7W*8$8!+lp`X?5Vq26LxF$2`7hGW^GRHaMdSVv@&vh%eY;D zyYAb$>X&%zJDD^z-$a4WwcxA;h$so(CC>v?8x5ZL*m8WTsjcp;A*n?|W3wGo)-!}l z&rYe!TylOZ(lNshM&)6eT%K%TQY|`q6t#*paGPXLt$Q?GlqdLg(D)%6J_HDj;~;>j~fB!P~u3-*>FbEoF9&3#Y;? zII<}1PNE(XLNe=x`c7JJR4)m<_!OBtAsVja_j4K`0KV}>fUe28EANRsG^LuP%^rIB z-*=lISk7nk)*cq`Y~EO;GcmkrMO9HCx^FKT?YNlj`{f`0MP^q$RTLqeevt!)e1C>E z1PMT8+U=2%WIVI*3cYF|ikufVnotIPadoql0ejy>ia7W1%+5Q*m@6VnELQ-{$A@O) zfl(^Kzhf6!PL3ew55`u^qxa+XnLxOah=yA?h#cP%1$M2=@(03}xCGcB2`~Sg@O3B9 z&mFs3B593=*RMYFBI$QPdnpOnd6mO~s7J%^zfxZAht@0HdxwWvQ0hu#OnLq>+e#+7 zeXxTHS`Dc^`51aOcwlh4!&`RD&MYD%oG@*YxZUkvOFc>t<#FSU&M$h;y@dh(2R%Cp z9XUkOGp=aD@QL@Frq5q-1yguT-VeHxo91d6AT%el0sJa;~+_B3ed`MVdT*_zk07hKf0sg3^g z2hDjLfts%6zOrZ}38fFF=!(My3B(=x@w|uNC#f;Lk$v~V+mBD-1PP*}<74fXuZYL4 z=NM#$7Go+Tz6S~p#yUX@otVqlk0m&;G z=6za*MR(vxalu4VBEW0(eiKfYC1H&srZ9fbe&rXyvrfQdA=ap~B74wnQ%|Hh1PFlbapuc+Hxw7^(r$A2Kq^63!gcf)Gm^OYumE}~VE)H$^u;Nvg6DmmqDceQM~xUR*%>szZqcVz&i@MFXbNAxuK0j~8gM8?WK2wP z3k#~WGC(UNnt3(afQz!ORx}?ScDjjzy52Wm(B~C&odyhiMylR2PASRozC+u;?d366 zSQdl?WquGaGoa@8KU%D5Iept9n(_^95J&`XjH3VaP8E|>4U^H#Mi0*7-{QSX{)z1W z-o}-cC|#l6cMn5OJxb)R3f?$PY!fG^>&aG|E#PDfqbas9{F4|4CUzMeYXQT~yAQ0! zKp`nzR^KgnsWN7S~M`-LIyin21W zKot;97MyKC;~JZtC>>-&IgArrB{p#BLJYncqIJ5#@+s6gzfY7m{!J}iG;dAV#hX=b zLAqzg#)=gh5J|p1^`xF1vC**53{N`=f~VRtR6MOxUK%iVM$EvBn!YJ18x^8&F^7v= zxl31DO5RJd2lMdtPzf@jE3cag(7#*7tBkX8DwTbI&w%*G<+yAssfRScwW8wTnt=i% z`b~?9-|deTBg8;I^3Ij}pl5nv=xQ7;?t|87Sw}D>IkHha)yQa}TBD&*Uywj}xZ(7& zps_4MVpK!33!Ec8YR#g$LX3Xk&R)>Yqrpuy8UOlK`I3Teg1nR}ecCQDD>trR1!43; zc(!UDCuJy2bigj2tdb2#gqpme9U&X8qPnP}9VyXR&@%6I|@t$k|+2 zG9sun={`ofG{KUHJu$Xne)e_-g0E_960r2qz{`@NM)4tzddm$McT2<-RqoEtPl(Xh z-4d#T`cgt&S5y=N>6mCCRUvlr20M6Z5Jl!0h-FaaqDH33cSzbEIiif7fM*R+2d7Dw zJ#5?t)q`PBl;_Mp$F8T=WjCdr%Q^_h{Brnl>8q<~K;t;>oNg2k0j!TC9M)D#LFkTE zL3xjyi4_Eg@jz^WlT^4S;;=!${)I^v2rs(+uU}72S4}jIOlFSPxV4&Y%*50b1shuu zh>A@s{P+wApI&b;28o+*-|PxE1S<@tYd!v#`2qrp_m+jpzU()lA0k2Wxdc(<5&!uo z*Ye@!9{)07|G&HUKF0&Xml;+5ONI%^{4YNhcs)d{=F1m(YHa;-8j8!%?g*jyH51!z zLbNI=u8V8j%4)l)9$S}nb&J+gDnE{MRk_lUHib!_H+$uM*?t8E_Bk-c*=z&~r+(3M zU@gJ!BS|zLUtJ2uZnG{Mv=L&oYWZWEgaJ1NaHR=QNN$SYD6GnzoDHl|*Ohz9*FXQJ zT>G2DjG-vMHg?$#i^k8m zfO!SZ`@JLY_FXEsw#?6^^?~i+LLWhkVUx)~+j@NNkV=%tIRJ33C5X$Ofo!NWcbGje z5EaLF4FlrhC3eNRE3bbg0_I6igf>*TC*&%n=~?2mkDF=dl2%FylsupiOP5&u;snFBJBE}dEHCZi)D$? zYzElMpNkyJAE(W57A7`jcsb5E%(*HVxvB1S2Q84~&64g4MGNys&R`yaV`lJZsS^UH zo!|DGZ-s>8+(5;E><<2thXIT;FstgVVD7Ez56OaA(R;iejV?`?&Y?1Q5Z4(TmX9hL zIr1gHvO|>ma3~D>)wj0{W@M3`<-Pdx{i`4+ST@^N)<;m`4z9r_jVqgm=twg+sKdK? zp9eSh7qaplTYT5pE0%!hcdAYd-M2?W!Dts7QylM(lBD2!H5^lEU zOOBc2R}?pyl!?rIff^qRBx*;^ju=-)E43tAh&bc^4Ac`h4tT{~?|0Uk1WZlUzMUn@7^eFPg!B`budeAkG>=Bt>+zk;co7H1;cB*93Any? zO|w}p*1oo#lrOeA_#P7$dbcD&B2i6Rydq+YZVdxNUYE{@9JWNVn~xZD9v32RNxvrl zoD=NSpRB|ac0f+^vmU3^Ax6NDF)O2`Jn9YKiKpSGm)_*v75&nEDa(Gr& z#&b^scPdTLl`j33#*2^scv|T^!1c1sRZOy5yn7=dfK)y(w^)E)TtA< z59Lo?DMvhPeBm4_stUSSy(svL|*zo6$)Poi>}#{)A<04W|;UqA#jn{Duh? z@LiS%-kQxcVX-y#q7$OP?J#grQ1`p(S~4orG1xAe>Mq)vuo#6zQ$^vzU;c^2+VHa4 zlv{Cv>}u@VBR@&KR}Dgf*=XcYjIxJuk{z_U0HGR!nBu-f?U8^yjDEyRF(n=*7WL{v zW7v+iL8W&$dfh5~i7B;Io0T_$D2#_=cG}PH;Vzdy!qm9`W>jo94{x@ml`s3cGzLL( zYCrDWHg+zbbmsskty`?gE7>g9nf8QNrvu8<^$pHqnRWO~s0acg?A7KRpFQi5`0LgU zJW5Kaau(?gk;40{E}`2vh>E`Urhc%pq#f+3*E#F>{c^_AH~U>Q0dsa+_Au8Pa;Ecdpy?0T<&KpgBcf4P_3UW* zf}f8*w9k&fm|dcj4(H9!N$GmyI!%8aw+q*qUl!`WTqFEP!OQ9ChXe}wX57AYc<|7= znan=aj{G@24xO<2_LJ#`w9^&p_5MN{WV+fNcx|wTZ}|mwM7dVIQjSgGg2RcA!%3(< zmBZmw42A!Yh`z-7mlhGMFX-lbG9MIK>&8NqT!ol{)8yEDY#;wci{m}0n%$^*cQLx) z;N?-Mm7;)CqeTY@{n{h08{V%MLQiBG~X%|Mls^C5b z+{52nUISlr9`1~GzP)YR$u#I-ax3!@b>a__4W$ub|ufH~Z>_}jebduViaI-&D z!sm+qG{@TCoJ+!u@&C%ILTskm@X1(2Y9HZIujl(9)$uG(xnY)eOWqY>4Z7lrCY>`w z`!$fRQ!sU~V?P$oc~9yEM>FF4@I$ZbisihG|0t1><$7_nKGOpajd9xJYjh;xNvgo( zgJx7~tAGBes@HelOV9J=M+9r8+>*SRw-dz`UrVZEHos8W_zUmLIY)wLDRZEf(?SR1 zkM;%T&9+C+pREN7^(PV$MvOZTNA^RtujGX5%>GqbcZ`=354~au_`Xp-w{`9CNEsG}28qFM_Zf0*}s(n1|-o0&Q&W?3CuffwlI#*`f0? zHVY14&P6sM(WbS2V~$QC9}j^`&t2wUU%6jDV_5-LW80FG%x*Nk_XMj^h11gJOPwO~ zt#cMwG<)s`#FrkA_W0HX%J%oB!bJw&x5Cgjnmx*W3=~e&4ZI#xZMD8*52hf03q!Xu^B zI$!6Ixs>C(iL||vm)OG*->#hI0-vxSXUAN|OS_fMci*P6w#Ed0)F2-}!q($+uD z1=PAbgN7^|KM;b!zG-)D2MuU*s-6AayS8po_zaJdKveqLF*%=1ZfUH`ZdT6fbGx7- zUyl{OVy0ht-{&3`FF^j4vSJRxc+#ICR*+r%t(@TbR)#x>Gc7_ z{yTavHQlSueS=Od327&w#*rlU_m{c)q&+9KMC^tMQ8G5?&XxE3jV*r04d`X8{q;+n z`*B>??}-+2eC?)SRVbsB+G8~Smvh&5HU5d*2oDA?2V7^0XrukGwU;;33aa(C2uu6U zk+v&8kI4M&}WO=H9%Pe7UVfg5nJplmGI?-|YHeBT&~ajZ67lB(56ayzPc zfvl1CfhpupQ)X$7gIR@|bonixbdIeQX>lR)6>BvGj$Ib5X7uvTBGyuiZ{DAubQYO% zRgD{#Yd6r!pN|xEN8Xc%HUwWF+Rif7S-OiLz{$4&cyyxo*c1DX5g-YEV#kUx&X0A2 zu_MdZha1($gWlT7Dh8c$5sgC!hfK3aH+F20{7yp~ThhyqhfU0jOG8mgVJj!N#ntAM zWt-f2jsrOLsx9+jLH>=h6@XZ7AnyT7uou*=EFxGg(Bn$cGZT(ZL`70-&5|`+(Ehxx zQaGV0m9vyh+!m>0&HdE*j5(Lxma%cw6;L!KE5m7zj7H>>`I4sS@Y*}Epq(x{)&|$V|?@{RL3A+Kc)Wo&Yt;ewePJ8;t9pTW8?b6diuD>iB+vx zSFhgRon^$%uSe}#zLESD9S`7?H|dGMK1r*DH2#Yj+IP~g!RE@3mY0$vQ3a>UIe?=^ ze3;~gSd2baNdMKrm=CwPO(=urP0pWaz1J+e==Ra_7U|})y7a3~orsPx1%QnJ?199z z58O(Yw$#pz5x{;++C%~+0s2eafMld=g9)ukx> zs8hU$gD%qoq~seo4~K#pOw5FJ_Br{>D1R_D%`mK58Akd-V6JtumFs>CwD=w6blfxh546$RHL%O<;5h&ATN|72tRYW4{mLL$yqS6 zQ)`S>gjN9Fp0meANoY#P0cWd?Se&UzX)#%1LRevCvf2nr|8F&ARmPnoyuQD7pn}*X zJ?!^ZNIeykd#5?{pq%V)5`lv*l%uQn-xy!55FSBo!;qBye_3rHdJBKdup#x>GVCS! z^0VTaHiL9@0&uw!kZ(CPu%((XXE@~wo!CQvq8`VizDDZBDlPiyk9dl#eXJ{OQ=5#f z{(?lXMO3u{#OSWY_LNYz^0>ewv=)Ydb-LK4$|R`Bb`)`4*kYou^a~aoMaf@}!Xd?I zb!J#*R~CUfU>rG||NZ$Dup`L7)m{TgXv+d-us`J_+#$=B&U?ISZ5c8VYf!LNT`h_= zY}IVop)jQxwkAGfeTewR&ZLuSj82xym-RtCR$doe7T==xUu*ajtC^pZD6zL@koZ_L zu)Qc}chkY*gYW>`_tB(milFdhVgpvTr%AOMvQ~)Y`*lrS1quihB%|STOW{@e%&xNG z!oP=*LUo4-fmI25-l6J1D(Py|mQl~;hD|zKc9ouQnrG;b=hKTRuEWF{O%)qf>>>LDBS7!aOK_V2Nk)QJ#mPN6uuKc_6ioT(M;SU zt2!}N(4E8`hM0s4JIbmx5QOUNS=5c$l)KcJ1K1VrG0Ks^smp+mv zGBEt8K$1r<*?hCxvq5YZbJY5p_x57>cr>2%Kqt@p&O}tc*)uxj2WC^WrB8+v{O7b!o0552TzfcJ0})9DmQ)c@eNfAXMQzM=4WcoH@t2?+ zr^%_L2k5MsZI6g}f!S)HQxY(=M%Z=ACZ5hD3ZSkZ;zFup*6}sPiHZ$QuQ$sAN#K$V zh!U?Jm1ol`0hS2q4lV1ft)QxX6_(hL&k#)}%WOCOK2Ati=iGu4o#F_R(Z z^5juvzXReO{0QC>&8w2=;*2&ISL_M2gMUf?r*fGY}S|jhcC3dSM zHRvqw<-DS=*e{Fht?bL=!WVLtS_~m+@3Y!toqlpmuBMi&LS27`!w3ct9OJ)H>sL~5 z&j_LX?VqWXCMELe3RR?!(`ca%4bcOKeu^}C?#BZrD5u+-WpUCqrJ~N|U6e@pyB`b{c`&qoQx}B_dP5#- zG(nyAb5X92l<^qr)Y+)L3U^4oz`^6h=S;v!F1($5!mH*&y|%vrr(If_<2T@YQ(AQ} z_D9&*6OXqoZW)-TtS>NMg2TC1<8H8GxchPI@OUm9mWw=XO10$9Rj{sZXE3wLJzHrX zO~ACTH9C4)>>?tgOAv<|G2vgW=93z;7)hkx5`VBkxbv!Z=3%gB_J{>fdD89vu8=&5 z-Cpi;;<3REdgIgbv|({t{zA8!96DRTxS@?}!)#XVR+UUkC#|Ux(+dvczZPXyQ?nP@ zw1UEwLfMus^I`$lb|*e}c-&N8ZZ~w-BYQQ65&v2%j!)2rQf7Npz^7N~eTj<-i+R0T z^yQkIUL`MNrr_u1ICbYOk*#D7p@M==ec{ zgVSZ95^W$PLU&?7(BDaWnM`PFbO)VZrk7G&Ryc*Z@JhPsg6mG2uUG@QDgaNbcd_MDFU0n(>O4T&*5$x;dz0 zr^5<8nGn1hgXW}EM#D$k)Lu8;XhX9+qjDKZ{9{)jaioHvP315QF!0)ZRgMFh)s`WClZ~NyIq*_ zQtEfmp!r|4Akebfeka@g@@Kx9kNb7w!|Q!?rt`di@drm$V)O;A#oi|LN1@fl`~A1g zS36482j6-kH@+wRI7l;`&>wgwtnKo5@v5*K@~y!`gdG9Wx)`De?TJHBjYboZO-w%K zFb!s?XjeWND3+gHoUK8{Y8BzV-MlW)?y4j={J3SwU!o)Y@#c0qLdHSqn;cv4&WE*~ zt?1V2vAnO{Y-Gzh{6CVltjT=Znw}GtEJ-WA#PS)uLKK@^b35o`7Q>}nqVanYhQxo2 zyYb7*wT3Ft$Co?_Og>?-l$Mb%b$vkF24*7T!}dFHx>8OuR6uh|gB!o>(2W8?%Tc&gJK}QYc>vvA3+!g_Izt8T~b_W!0cJXm^ zcw@;~RsRm%xiS`t^|qX$CJ3XXb%m<87jlVou*1uqu%7y}3r89duB=B%?M1-&`C;0~ zzFGtH{C-O%$LxbQWhM`$`{9XI=yNx9{(#xK(7&BdNHzK84HM284Yh>_eJpc)M}M{D zN1!B$yD>MX5OW<3FVRT7i|8pgME-!Dq|UruN_!l$s8fw+Og%ETyWQ!%Yn;b)PE$G| zB`M0M_ul+iknV9G0EKhc7?~i1)@<)BPbcWHlv6+XI9n!HzKnv zTKYuDhMmAmon_i_D`04Er^#kN=6`ghE>{IrRW65Z5JN-5;E;%!w~44c8_gPUZBbkT z?qD#xN844o2Fk3>4`Z?0e?bku2*LdFa`>vH$PK%pp`p+qD5SX5)bQwNq!2@crZq?I z%>4ZPZ3j*!+4%BuIxukX@W@D!x%#cH0a1|ag0~poBEFiYixq9M$bU9OQ9&sU0s?|e z8f!SP;?l^-$YP_FjqlezF&7t(RGe>}8ruI=$002&F3#pjAYsyJbk|$XNlHuSSua)A z+pM4hmr`gs+%;o@TcZvDz9=zt*UvaI6V1ZL#-!zCjm!2sIbi0+VkY++VKh|q&|SK3 zmId>FG@_kybTOg0{CGcHJUkdg#6pQ^LSTZl@@%-)`*!R9y5aoTn7B|pG8|5UOtGpj zHKA~5nSb;mp=Z@vI?}OQOK@#d%|WI=KL!)RF#lf$g;vgGf+`{~m&$y+SrPp}-S5a9 zNd~^J`@m`E#$(!5cfau8GT%p13&Y0_a&vNa%7unks3LCD;e$V-fs+V+ei0E7RP^*1 zT-5*G&QX|O(L*28pZLg%kG1T#?DBV5fhPf&e?AWJaqB11H;OJPb$}r@3FZG57X6_P z*%g7AAOJwaqyHf7I(T>9nbL#=J~=tk4YZKj^%xnFrSs2;f^(@j@d19%Ss@{i%nmP% zdjD){-C$`NXz5|ayp?A$a$+T*KXMDhm}w6Aaagqx59Eotx;U-8fYh)d614?6)GBBL%MFi2KM} z+qe!x7-ju;fR*aU(A=g9MuQU^Bkw(@K2e28BCC~EX$i2xg%kLtf}r@4t}G=H_R=5F zc0R0jI7AaAe9KtsngkUS6BbfkI254Ng43=N}^^w+@)Cv3co#~SFZgu>%db51=yKv#D0`-qyvW^f=4Eap5l;ELN~s1d}E}H zUUFfoS`#zQ1Hem`MwHS}(h_QN9o!*+^X(XIdYoxO22*dZPDp3_$cif}!->tIJxmRK zVY%miA`qUkt*7-2$WItPX8e}v&^g$6I*eB@`!0Qpb7Yc+TI>Cbf4KJb?hXAQ0Yp|< zQSRmA@Z?Z-=#}e-iI|WoI@z7R6gZ4(AVFPM-wH*zF0C8bPiLGN%W~HoFBk<8Xhg*x72nt`iq<7rag7np(J+Ay zh>Cv6;kin42s(FQpEoW9(;@awZ~+kLG#U?^bnHnBvCDp(#*l7x{5#Jh3dtRjznzm}f}-@)H%GT2;3(L^-d)@n(uZ0nhM?uH z`kHG#9MiTZHG4w!ZHr2KvKd6gne*Ei*D#5`@4TA;{OW=`tnX%|Bd+!CI3}eX7218+ zB0IGu3hbGJsyY(wKq=C0x`tVB=B~kD!?Es3pF@2TTHE`%2+-}n0>ri|ie@=d?y5SX zDupOs)*6+L%Ifw)CrnaN;9E{vNZjbmdRjl8DUeKe`|Xz7xg*4OhBxz>Di^RjvuzO~nyrT+qTA|B=BjEJ-yxX~H#AMp$n)?an0y=G zpqsFk`YLNhOwAMm40dNYtczu^{x)g}jiEHBtG6A7|3Dr4I!8u<*aR(JBdJF?6|M z@4zb5#-`r+kyP~xTRlZKn^@qtC0|k$%j0g!Mrw3fQTlpGLpN+rie2=T@Fey0wrs^v zuATTSOk`jkAyw+A`E zm{tm8wgtzx81Qe|asw(^8|n?LQmkl#pde~3)%g`h0XlxG2pzFGJv__0@aHT2HU5ID zjZ(pbedDQ*h+dKfB6z7ph2th&6lll_lkPwGO+|8qewIN;_@<1N!LbO98XhK?&WrZP zpI-gVsf@sl(B!lI)}jFe1KTqt;6FW#-3xZne7khLQ_e^QCrQec8!^B*aTxX~a0(VL z*sux`PvD%4hCCPd%mh{0z992v;ycInTm9xiI$POa_+^pNVD{1ZERo(4Li58v;iE?z+uCtT_zI{vK3?>w-&&4}Jp2~WO%6_pfCGb`%0 zOq2`2)i+@aC-sDNC9QYCerj-9GH_*NK}Ntwr7!K+5y+G!Ox9oQ?xg>Q@@010Kc^R= zK*R?Da#v>t?SXG2_IO{p@f$?`z1w$MLYP$#ff=sURj zuI2rXw^DDyuw_I0y--(rxhdsnYYi;n$5+$4n~BEvJg3&&ASN~R2lCx)Nd5z zZFvI^c$5Hs4{Jo`x4x%k%A&X|ikjO*d9LN<;mIn@8s5CD=SF&%GFnnB<_|;uUx6xn4Uy=5yI_ij zqM=|%`0$YV+cu99D^3nM{4m)_qb)RTDw>jhR|^6OUOvzJa6Bmxt5vAmOP*|JoBceU zjYDm$~gT0_N6Kz{oZl8Uz<@r&&W0Q57ExKyoC?{KJ%P*@HRR z3ODwI5BrB9?+E5GCY(KkR)3BVR;==Fu5^{6PTYPZ7EEe~MkYI1dVI52}yn zJzRz9!Ti-oG|osu8$)jufAs7_Qw^Ch{*znN?UoIDEE&!^kfLx3tA?#-1O?cOg<_;g zu-3es8N!!0Jg9>7}ZJc3R}=n8n8^6iz!5W(4P3n#J)x$Yho^nEvB zORN~Y9kvasR>MDxl0~|?xRh?G$Xicz;T+{8`-`X8@K;5i-_!CB>RhB%-dwlaSz@QWA?}NgHfV?{{ce z+gG3LYLMP{<7!YzH*XBu+9k1<8?gFd6f%%PL!+BWN-bS6W+nqs?yD(*?wd&pFE>Jp zo5{8uE4+aMoc6D2+4i!aoyza`xl}f{Clx%6$0}MQ&YG>W(#34S`Iv}-Clb@+SDKi4 z$f#?vR2a3mw8QHSzbWl?q=Lo-lLL>h^0pr#W=eHwbLnJ5;gO;Tw$g;$jCu6DzfcL= z&#W**8q9VpfHu1<*Ua2ELWI5x;iV2)Mvt+T8YhY;{P&DONF=>3GI7nXH-zUx%fN+X z#c01#2vY`kKj4peFEbe#=q5{JRYngVlo>~6{EyVJ3hp$!@4VdACBKE$U@TFj!>Yii z1t0n(RR4ZLhnAzPBje0__xSd6`iwlW@8T__sa4R~tZ2#pdQfU7kU%~vi`k(z9UCoK zZ!w0f6zACNMrUX`rCftI`9{S(UXxql-9;MxK`S8cr0P^nk&%d3)>4vuK%`#|8r(p! z(HTs{F=UvaEoE;`I=vBHZ2v>!$YBTJRN9(o+Nx}1YO{a8t#QvOH6=~F3?S!Hg#<&t z8gstoq6vh=^h07*7cnJy@i+fYzVywY6>wuZO=GTGL)2Z>>ku+D&wIn9SHMApZ;5~SCH!~t2J)$PFTNSdsm(C} z_>gATnn8>?2(?-!X=tPJch~%=j$j=xdA%2JCay^Ry@Mq^lGn_$8fw-Du47!il|Y*s zP~2Mj6vPk4!v@Nb9bOz(R{54s#-rpF-o%BjJJHLlW?-5{Pxy$Mw0c?On9~5gir;N! z#2IXPcQO5O3zP`~enZfnUv`d(8G*nXO|m?Fpf+ge1Y-+q*jzpnF4P_wlRONuqD?V@ zIhsh$jv2e99AWZbPV2@St#ntDcWJqTHx^ zXRU+xd(yTak<0o%Fdg83dA$fit!7)en&Wy0JqSInluzC1_g{{#C@=5SZ@3(VLjV-i zDT{@)eT*qdmX^Fviw&Y#ob7FKxx3u2@3t&?Uv3#3gL3=v`Ks>~Kd^IGME@J1^n#Zs zMLi!IX-irea$>-c7I3I>$nqIY`E!B#p>hH zkyj&&dSJk1rOlL(H`oVs-OXaS$1gI()H-EuHt~zL=jTa>>#(aFMVx52*xafvGcy}O zIlqPJw)>6wlw0iumGP&cxc@0q7e+30Be@2(QQOT!9pSG>qW+Mg^9ROr{|=Mf*7DZ> zd;ph0eTz0)er@u2Uk#O#sSTWs)y~2W$aynlTFx_l;?tAEb*=0=L6M!j<3hDGPafD)Hfn5vsz(uG1f%a?Fm<+VF@Ozmr zJobFnK(?)!yB%xmS`?y(uAPqCm8Mo0agHlgM0S?Qhbqz@6fyZUNkvE#hq}{4W{!VA z-G@Wv#UpM!C9k9tEiIutELv7Oe%pRfN2`B9cKi5k@6Vskr6>2-W%V~(qi~FLh06zm z%vKKf1aer?d|qXEFtaY#aFnqun4K;}0EukF`M=UQtv3jSZI{G1;g}}c9Clq*XgtYs z#*b>WBRf&(g?jybHxu-H|0ErdkprjH($dc%ycX&RVJRsX3=E9?f`X6J%ida=J(`Jv zYB_QmeoUfo*GbM6@)S-g5?bOT_*x&N61aTWX#y2qt`yAE`NtODeMjhFRC01y<9SKr zl6K_K>q7E|N?{@Z#LH75ZDi2|Yi^2Gqt6oVh6Y7ph0d{L#f(NnJ65YMwm~9yMn5sp z>jJ>7eRora;5G$kUtLI;mjg<^yo-{_98?dSsiwqq&K83;UExLYSgi$qi(^|>7%8$L zXsX^M5K$V>x&0)^DI*WDJ8BBpOWdv?uj35OC1H%cAvl?#Mylqh#DKK{e2>`($=2|$JAIt<3kT2hXaXwW>Ova1tZbu+=qUcczXQ_}WItWQ(Jvb%3 zFNG>@3U&MR)m0#O`M+Nfi z2r1uMiFmWt+s$TEC^g@xVQ_lyz44d}YGm0NKG}x6SXSVbY;~r-&d(3nr&3cBJ3cPM z?RrY)_JR5D`qxzsjYPyhE)vZv?mq`rH8iJ!BS~ZDP8!YYA+X`~$p3ND;HfGj7R#Kb zE}Dq`O_ODs4J}3y9cRws)HgPNZmDs)A$zGrP*H&#=C0pmyAVshlEZ2D?!GQxY|b&g z6#;%vG^T)r!(ADha;qq#@iQdnB&F8rb+oZCJjWWlnCf)Ox|)?hTUgZuUROjyI2OYM zhl!1~!_o&?lmCJ9wThqai#O68h+PbtlO|uwHDCD)8l$KJ9B}da;0y(H(umuthIb*xyg3GCfLjZOe8ro0U1p&dO zG!vGdqYsi!&NwWwrfFdEnnHtuKPKY><04A^4J|0|w3Sp7^u0G3@7Cslr=S0#0qv-m zG%w4k0tjldq$n-*&&f$I(n&ALJ2~u9$dX~bSXvwVhbrmKp7^S#m6&6Vi;qtgu%E2j z6!p6pEID~S>FJwlvbtB+;z%3Rc^`#2e$_N%JbtHrI;|sEny&v52sXz%b_0Jw7jH%; zC?T*{C(HWLA9#Ogi9u@q{@&$ec2H!A3#9sur}7-B-@VR9XbKzvTT4Wj;$6f)KS-FT z;s(Fy5XS40zt0KUPX@<}jZFJ?K<(4L*jlaP92}Lu*k*OeNSU{&N#$}0^1L;CoE=F0 z?b3UWG5Ux!>}|rKLd1j_^OZx^IV=m-k&=Ta;Bcuelk! zX^kGJCz}FmtdNkfDpG)2Ffhg^rr0kNC4jBF(&73yuYx+j)Nn}z92?+{7=9iPxt!7a4`nnF#qo~%Z$c=dqIkCfr z90CyZO-)^K(AxiZv^j^s(5jZC4GgyR%_5p}sh*#o-}~6=flB`8=cf@@?RA8NARG$4=_tz{pF-x4v@G6&tWM?_Y4C*@}kH<)9 zMA132^H%DF(41ftes{%EhD3^PFO%;XvXGc+$9_fXC=@MR4K=qY;^C$?oEl82mBaB`$@*>6w-m>VlbJRm@c4Fo&i43oNCk|O{mT8K z$-vnB!tC@<+1>dUW~IBgf1ir9!0c@O_%!f%65q6rkiEkz6=o^eUww9k{2wel-m_fx zf__@_mj>E~7>AZev>f{B!E~9PnX{TzS2jXY{B=aXVz4k(XIu2;Tivc?C0yaQ2ptuZ zJECQ+8Iez~P7|c?RdN zyL;)45Q{7BX=zER>-RGLU@-{NmeZ0s*>gmFbY&nQ6kbz5)Ce4|+e#e#UqUL&MbOT2s_s z=GN!pR#EKWAxrwt0d^jCUE5++iWy1->mZRaPeV;`sY)Z%v}HYA=?krTmIR;&SgTj) zi&^HA5)>{Ls-YlI&X0mj(kv=}M$q6go8p1?fG*R+z9SWB{SQY4G;wm1=mjdpB5_Ad zgYvqkr{O_p<=PN5LyV=j_GVt*s#WGu_;)c0J0FDKVcnVUGBxK#$>X|Q@m|<~q_>;M zKVkPGRTCz!%2Rcn%VNgAqY(G(_A0GaHec4X&+q1q!Y%sx*Yvjo*=f4YX3Y!3No&8+ z|9^Fzc{J2tAIFnXvSi<8NSGm8mdHL7S%x8d%DyCP5o2Gn4`Z8<>{McetYJv@WM3ys zCR<_{zp~5ne5>Dc&hyXn{qK9u=iGDeId^;C`?{aEdaL6%JV~da8p3zu$v&kK@*+_` zyK{Y`ZXfRysIqhMojhS{blh~i#Ywuu*yPGg?|F&lCyIwivTJLMv*$t7SvQ`^O!%xf zL48}#L{f%_mCaHqv!;LGdr)@@=lz4mAU&GPYN;jfK8|OsJGZ5+C{+JCQ#Uy|yEj5y zU4C)9CID^_+JK#|K6f-tKVPBc`KqNns?h+hYh9LPQeoA1auynQ6M&BP*)t|j1oG+exv$IOY zeab3gJ-jHgYu}Hv2mg3QYBi8{%XuAyJ6LOcwl9oQ-VB2$Q`t24sjNWy{R80?a;if) z2ML)zUWyRFDBCWXvh3%tXu;xAhaaT&+{&ZGaM?}oA<8|eOR)}Yuov8+KV zDf*)ZM~0X#gq4@@j<>nsKwjT0$IL$+IleOXDN>}z*SWsba;s6y5Y4`puJD@@AnTM+P)MM3GeSKzjJUiYi|mjqVi*d+_SXY` zXA3pS_HfB)QN{DAVGp<-BB$bJhIG{}Xre(Jk=Z&-*q|{&|sXSeF&XThda1zeqHahB>7I$H^z`ka+0YBxmhx+Nf+ANIa4wZ zXOaw<&AhH^GK8}B|HtiS%*FXn^0_-?-qdDfIaf@@*q!qr3QvwEXyF5}r}Bec76?aR z$tOhw`W57gh#8SH&`Lf>gO@8U;YYIj4Sx+u4x2DlkHd%eC!CD~T1R7*Bs?M~Sgn3% z&1^qy=+(G(IdoY2DnfK|1aED-u}jIVkkwUHu4~bNQfidF6c09GW?@DfLFBD749bNg zOBcO@^e>WSkP;P5ns4iuj~b-e!|LOBVyi#n0|oARxA^F%E1+IJNr~g+?{GlV(sp`E zJtE-4p1HIS*M_3Y9ATS-mOZI2rk1$(GdxT$Y;S_qkydOwMrVX|(4cXr$F=qEOR@F7 z%UKj`!Kx0Ieg$D%!IF@%=WT`Q>ng5{JP>uqJ9Jfc`fu240**?O?jK4nyhn425|@(9 z*`Ef9J&lY_t`6G~3VuEn=Lq&!78)JXAha~J2y*%^nUFLzyO}v`3yYViyRxDp(1hi~ zfMX8ho-be9mocxLvm}18hjv$E+>9(9Rx4CU)K6C{^E? z*FWZ_5k=S;rq$PrKgVTrdrsd<=>{wSIg2x#nDT$`oJ8Xj63`gT(Yw1y$0;4xWIMXu zKBo~Z%zd`{d0lkq_9gk8i!Qw&XK|-)XPc_7MJ;?op3f>)J1$uVnW(S#3kA{@oa+`5 z0Uzm*GPPYR^W;&Xea<%GOR>k%pm*T53G=*Uza8%T!7Wjn&o(=GMkBV<)I_|&XwpQM zE&7x&)+p9DP9Q9LH&O$ThQsT7I@l{BBK-XP3k12tryth-;oBrBh|N_;BeNOCPGW)@ zn{}Dz=PA<4PolVNDhe)FNl-@G>yT%#XN>t}I@=~At-Gz{BIL85+y{-WwkM@YWVZD$ z_gORs^Jcu1x!Xgw;eGc1+ zS_MryN^Xu(aeo|pAXOreC7KqRYrHD`l3t;vSlVp@VJ5DMv6=BPvWEdy5?5_PYH}!< zIvQ7SZBYvQ6TX%J_ft|5my*H=cyc~ufi_uQH8wS^A{7DMzj2ssm$g3Ek_|XTp0tul z@kO^SEPBUFjSX4Z5|Vk}U#Dfh{M=gP)2GJuPh~m?jOsCmFAonug-H7FbbtUvLVCoP zo`vd`Le+b%Et=}UvGJv+QW16q5M8xy2l*ns_CedS8ZxBWXinnF5Pm^BCEXNiP(+3>b1}%>#mTI42SR!Gt4{C(OYj=eP{pp9diE{KsFFHzbIK_bD;xRNp zf64gP+CWZ=NX}fGxUEX@6t@DGZi}A_K%@a3JY9`26l%LM-g(W}2YJ)f6yYcCa2Weo zzWCrwUF~;YIX|CzyX(9w{cpxcFhn`tzkZ&!oaf+hIEGjC#GLqobQtEMb4biDcCqxI zk9PJjJa}wfgZ2dPclj+~vjrXiR+b5o4YejY#WB0*$xx<0LhB!)%BV0%Q$@Zp!C~#( zWVobJB)@*ZMlw&@zY1^AuGp@Ct2=)!r^|;MSW4y%46sls^ddLk@0BI$@rLk}%nyI% zR=Dggce6FXmf=nUg~G-98orQQ^|FpCBW_d@ekJfEghejKueJlT>WZ0@p|!PsXy}Q} zxA&e|f+Dr+ ze@i{}6>9Q?>a@Gojeht8rKO)BnzI)^^CZ?u_W@g>MkV%CC zlPRXStOeu<-Ko0)+78knJBmi5$tCH-O9_ zO%(~OEWZn$Z$%ig(sjryOllB(fx|-~p`Md4$} Date: Wed, 8 May 2019 09:19:55 +0000 Subject: [PATCH 1163/1961] Delete exceptions03.png --- wikipiki/exceptions03.png | Bin 97305 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/exceptions03.png diff --git a/wikipiki/exceptions03.png b/wikipiki/exceptions03.png deleted file mode 100644 index d6ce963bf5687d3bfb6170c33fbb5e69c99417f0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 97305 zcmX`S1ymK?_dk54L8L*YyHmPLq(Qn{y1N^sXseNw5M+M1ODEKH42;`Nt)O%$J1cn;?evX6yzL)18%7P!r4pLgq5XejH z=dTx#lpk*(5EMmAaq*8IE$m(Foh|GgNTtQaNgbT*%`9z9ArO!GG!=7Im0di+tL1Ys z+36WXl;m6t;q3x2hwCYjB4kXkBDRw2!0MtS;V$8q6{XKoF8_Xhs zD3lHm45aE$WX=y1FCf=`0s;)=9f)m^7akKYksuxNsU56@VNd9LV#&HM0zzJNxWw|v zA_d?;M7*G4c@U8gF9On%s8t|8;UI=XCdTWKk4z9l8vm^cNI=?kviA#!PCOazi=VL& zQf$-k_YezyNXe*rqy$8h6@p_X+rtZ)WrDCuYnVwvD(WE}BN#8MAV{bXR;BPzItZLM z#PAmdg$E=g8G`fSR72o|p$uc29;{Syl|UmUuSB2@5|bmMh6Xb+?TGYi1{^LU7^4&s z<}T0Vx9n1)%XGY2m!W_SyV@G7WyxLx?V+@RiTU2LVoVfYn(YeuZ=|J*T%WI&5ey&nI176 zqd^VdNAoU&4vhz!8$W^jtBb#FYm|ZS^a3T}uK#xZK9|cS9Q}qIV!XH&BY9u{^68#v zg1krCxKWcHXI%-)5&Aym%h|hJ@(8hSbiGvLPoLIS81G<(RyZLQRzfelW0?x{Okgi% zX)rWhI@Ycrkke-S&PiG%*Z_;*)lv7SW8nwMpHz?lGwE-R5QzSJN@mr;YT7+%g7eNdj2#Gso$!mDFYgVxLc}P0y2LQVP(B3^IvLWH1c}jp9!yz zviKb5fX3XV)_^AHfPQO)l-^0(5{L{Z`U?r$h-^Omg>j@N1r+IZa_BW#rxYAk6ea0E zIF1szY%He~n{uQoshSkgsh|@KZ^C#}=k3#Yi!Y6@$%!;T|LO0Sjx;NN22sX%0bx_ibMI3XkRn};g2d!k@Zenb5 zY$BK@y%SZ-PElSe$W+DTjL{Y=&8$-{R|+e@=5S5n9S+8mmd!2A`aXeg@!I0bvV6y- z33KT?u|nb>jq#yf$(_U<*mHN(SD$f%`@_v?-=@And}IFB{Y`n2T;AJ>sJH#9tlVt- zN!!Wj$@XfR^mX(;xUqvM-(|j2ev2R$*f-$ ze|8Pz?4hn4p7U{|Z%%q3YK{^tD$L{+XP05us8&9UHxou&PjbBe;i7=NO`D&1<`=n) zb4<5JN07%M*T`n7Yh9F(n4noKRjgDjx!=lFc9@@**DBGhbr*;x+Al++OCxC>GXkHs ztum*wl#h~+Cojl%QN~xjeFQ=ou01-?7!ikc&Ubl#NuF-d+#MO}4#xa5HsSnW~(7#yr>8?|* z+xFS^Wm6+ilTpjc@5vvfD9bnI(dF^W@yqoO{~pd7o=)aW6=a)vx1GA3I+MCmZ>a5| z%~)4Z*I+7LwV|D-byU}47pl#xm8+?ytyle_G_90sy1BGDA2YvEAx@znaxYjt|Cg11>LBv;Kb7;jx+C+ZNHBLBu>U_&7 zBR`IWeS6Onc3I3dM=?fc+1Kl^hv<4N(^OI?B+Xx&H#!HOg-1om1`RPM3Nfb=^ez2r z-H>s)aMWA%8ox+OtxoMaELbQ%;ySWC3R}$h&5=QuuEp;Br~8-qU!~14;g=cTS*=$} z{1n9%1I=r{20UkhCdIc2O1tqX83zgyNa_|4r>|EqpTvD-e~ zAaq6CpW^A$lh@N2BtL-ag*j|QplF~D%-yw@4_P}@m~X-KvTE*7^vlmiQC!iOpwght z&QdaqUk6`H$*#7OMq)=S(Lz7^?M(kcG}h?pW2@MO?_$&-{2-n0PV@u?8A6pc6 zUU`4}KH>dxsyUk?Z#k0;C%sS+vz5R+cN0gGa38ao*6%6JG)-w6SwdcB`Z6v%o3@qv z!?Uopw6&M(-mjBbe(5=QW{z~7hvwrIGGj6FC5Xs{EAYhs6UCq}!23dVitSDXMe*z+ z>M|#18RHrYpB2}oCssI>qL=sjb`aab=}Fnkp3At|7(!F{wMFig+)^rEI$nw!sqH&K zzE-y2Z?Rt;#fr$}KKxxhxbT(x$8pBfAyyaG>bJVw&$1d!M4DTzC04vu0*;;w zDC@ZJ44>5zN(34r>*#H#6pIfv63hHrslDW_1NA!xgF0(pSnt17L)i@V-CvwJ)Kk=C z(ORiBy8WC+AcPwcS%$OlIuX}@mUhu&lOW7~uswM(zNWCar}5LM*|^#6)-qGN4q8G{ z;#MM>-K)9znpZ38HHR0M5(_Me!?X*{!FA$|+3f-iEvEScBg6c{syV9Xs<*0KN8?Mi zMl;uTV@CwuEtebzQwusRR}Vr1Z3}8I)a0kkrcCdo@2ana%OZ+)uM_TU^-2|N9S{3q z$6+53DbVU>8YicS#syWCW2PDQCDHmx+8)!6-I-o-y;6(*(YHq7@ZNJ{_X>ICiue`Z zyxSM=l2ybB5;r1qA{HyLl+%tIpiob=%ruUY;?j;vU(0_0UXnD$i8nV*h+N&BAW>&JYvXtlW9&r?x;T7Ha?H@@SD*LOd4za**MyxOcJK4WM?Z~Hr@wy8dK@ZyjmP45J+(hG zGL|%!nRuEQ*KX^R`>@xs|F(Rgud9!^ZNP(_P5)f|?y%E+(Vgfxdj(x_!-v$L_Q~R= z@3R)0D0l~Ui!VLs>l36nro8Y)J4UL??|KHHdOY*+R+CXOe8EZGB_5ADE?6L zUKFNyu@hz5f89$oi5UJ|Kjy7x3w;>y_|=U zdV$aUe@8oG!gN-ALu5qMf5#9DbS<)@_rGJ)KXj=kzJSS}{zdiXN(R_RAYN{Vqb!8Onn2Yja6>z6pMpN~Ym-p>6CZ*o6|_OFxC&>%`65vsObxkZp9 zG#|<$k0a=s_B}7xW_?(mC8I&xkCqkzCnu-N1}EbbYEDkhf+8zh4Ym_AwThWz=D)uu z6wJ;8$dymtOw}T1vB3^GeZ)aRXvNt;_{9?b5xd%RZL{3ts`qZLVuym`6(x%Dp!)Y> zQ_9OfM} z^Z%B5h4^aG8U60Co+KC%eR+Kp`XQUp`8OL59-j6>O}q!i63AMYJBR^syfWaZQaLeWqWWlPm`NFF6SAo40--{Yk1*f~G7Jf{~i^ znb1YNYNmkghua7*>fuD3haTs}K0|wbPR%_7H=8OF*{_&S&X0}eD${MSih}nL&i(0o z+RTEYNK>tijg6oCd};*v17mHZe~ZNmaFb3X-t5vQY|=2)qxQ2o5)v%LzWGdgcpmUq zpLD|R*wqmnH}aSf?=7sXjMw|3RW&rS_iwrU>!;pS?s~Ng682}B^h0OsqKk@j>f>ow zFXeci)JKG!VJ`Nkt6fYfBI2dB>!tIU@J;yg4lz(HLVSo@^g}fVbJ)sMmcE*Klw*~( z-r(6?M@dX%X`I}`Nd4r@tCU+Ft)FUT)6RC(00uVhdYa zqN4t8zdO|KD#rBt_B+dx<$u{Y*zyw6&h+g{KH64MsqbCun`VX6;b zbTdWDg!%Sq$@o0l`XhOE2ip?y!GBGdDyF6ufv zK5WI2MYlNm5>z|v11Psr^JsKKnHr<-6xugrj_!w0K3U<>b{=!SdXZrC)j+oov!771 zr(CJtNKmXsQ=N-WfqILAV4=>^4r*Mds*FiW6lUSfE{=$1I6T|!vHg9U^wR=!}_CE}YViZrp2KqQi$h9Dzl@6XJqu!yX+^Ev6(ADY#5V*iXjKpZbw@ z(#%zc5-UfUuBy5^;zM@Q78IA9j;g5WTU=alo+SqdhhfT=f@Q6;3``(|mzUSpG`xSk zXZ=J_-++#)v9U2nxsb$S6a0Bvn!Jk2#3=sHMQ!Sg(V5Fu4*>=8*y~|MDgE-q#YNrm zU5;Isl#jIUO-v}jzle~EI6I$R9cd?Kv@nTfV#v$O>wIsF$C97;H9QReGc(gDu`eS2 zTS-Yt-Q(ffcpiRDNmQy|-Fp=rflku;5-2uaPT_E|6njQqqOj>9ldxzi@J z^@?o&m}HAj%clr?#t58BX+?P)1X+BDXe`@{+1}2Rk7=|17H{bmGPw#>2)GNNxpT8Q z)p^vN$0QV5ph7ry9849tiox&y zkwyPWg8V%>X3#1IouE7iUM?>lMY;@TG#7TM-e^JW-Je>G6)q|h_mJhH_4%DZjYyjtCPD2 ze%mtGe|HZXo13<0_8}MrMT4zZ%R|4D*}1J>lED#h+59zlx_v!nac<5(y`=s0bl3i5 zZ5`Z=F8pIu=&r;TYh{{}1SRy>$jIZA!iUJL3a<+*sPLl)xI(l%g|tCj4P8;bG_$@h zZw3B!z$WG0M3Gcpd9`kAZyzfg+;i6Tc7?udygO=^&Yu7ewST>n6_vUD-f4t)o6yS2 z%B{&(TZOvi{&cA2q>q3HD(>ee6e!Z6_g&9z(I1jAI+RbKa=#MfB?Gg^OeJHz^si_y z!9QPumV_r=Xz5I|B`duzL|T0OCv}-hDl3muJM{ji#%Azx(4s*@WZi}|u#3rjV*w%1P7 ztQvK*_LTHeunX^Ep%E@NjMZ-$mcE$wh|(ghntGeZ0z9m!`092zUu*dTe9Nw=a7b-V znU*+Na$hlBYH~e4UdiYTMpV((j$Ap;my98X3+_xycOmw_cNBU!S7~zD72_dX-c2jZ zv;3Vdn99$(fn6^9jW`DM~kQHdUO^uCA`MGVfyQr$L5tjHuo>JPxF-UKeY(`{mo9lxD4X zwKpG@y^l}+h@;mg)49)RW21!neUrK-ij|_gURZhj9RCeU#Q)s!^>$1DyjmGGD*|Tp zy_q(CGF;uHVs#$MyZ$=nc52F^*{OqsA~6a7TzIfx>D; zdVa%^)q{}*8@s!;_k{vcD~UH_jIhPIPrT6TZoe@r!daUOv<>w?nKKS+1C#^=${e|J zdus^M$iXYeGqKhE?le1hkBa)KHJ@vv>EOQBsktn4CcqSG(ki7LH1Y6C_J&78tQ5@+qjM%KRn@4txnD2TA;ZD=oDFmP+@JK{-;DZyP*Vdi4_LvLztw^x z(slvBebcIpA%AQ@nzUwg*Efekoioh^1u|A|*?iEiUJUgs@` zWzX%*eLiIwKw?U2xOy}0gH)RUR@bAs!8-h{8e%p9oyMQLQPXtzZGduaZjJ{!F}=0w z&`>HLH$XY?>D!MVKkAkoot@bMNg1;Ksxlq&*e|W$nJy(5vxvu}`0!_PG9=H^7LS6C zDpo3IcxiTW@;&|c`7#?$d6TW*$v(Hc`HOA~w)}c5KZi@Hb17q`zAEH<9=BdKY=W@TlpA?s}3V*O(}MwadUo6lnj&1Cq|Ff{`*G9V>~ z{apD_122>jgD!mkRjpXvahP-FKv_?a7#(yMZKRmG`n1_Q^sw$vrlw@Ml=#tDXkp3R z_QW*l9^~8U-psD9uGbHKfLbBo_O`anKv%9hB=z-u0L+hrvU+y&$F)_S*wfQf?gvk- z1CN}Y9do5-2@`_7j_dv3VDy5Ll8vI`viV%Tru%n;PW!hFxu#wk0_dfqCmz1P_2P2M zxOzJt8##JalGJ5=A}}_#KlK@lJHybWm5#hBwf<*je~IuC89{84GdFx6&ruwUo2oy0 zwM?QOfe?f9a5;kb+C|?F*Wi_<2-pi#%Mb!axM7TYtc^!=wcJU zMusJ3RNk*EtrfyqiqqKcAW4vN;7X{8Vsc1imz3y68{sF_h1%+DY;P(ntA@YFQlysJ zv&6^WKe=mx6T|fJ6Yex*RdHlOYV>~i7gx{y=>n2@FQQ}JUH26lT!U(((my$~K1)5$ z^;I2(Vd_h=RaYezZ68+2ENaNwLYeaEtVxXHS_F-&B#tBGntz)02LZi9!_`V0lKIM+N&$ zVg&oF%Uk=NDfwnQLs4G-6%a%!3cR8EtzKj02ExFMNpRqA{%{_#T;OcI-78)MO%@`S zSyv4zHVOEll+;v5Lh#1jyxTv-N7Ds&$FdPs^5jG(YU-RGHd*{Lt!K(~y>@edr*KAz zqw$7BVAE8&>?-#`iDWG;>GFR#p{S{;f#LvdoGj;by&5)AZ*Q>dwa>&MZ%rT)nf3R= z>jsp-&SW7rXq)vhNs=YHdO(W;7n3SK+?PG$zkfgccA6qZX<=gn3eV|ufCd{BpRm7B z#QUJLQQ-`QG(I-7-*4J(_ZWm8uT74c_L-Oc?rhP7?;R4D^#*$)u;21JQ4;aF{2iBN zSz1MFpVF?jTjF~b3Hp9Frh`L6?pBgbj_V(o8~(y9`#hVI832oBI8~&!=rqK1ez=ebnEni)8U{)zAkOE`LnGpI0O;lnVAOfV_o|i-7Emcu z8lS6iN5Bh4{T7dAym@tozn@TkAP16`&TSQGKVErr(s1Y zv!dVy4p`Hl=A-HV;Ss1BAK*KmZ$Q`gVhZ5)^Mkm(Ivx#p0qe1o8HR)q{5zF9=2>O} zwGJ*intS^uIeVptX9s;uX(vjxU2kW@89K%%Nlx%8gNo4}|0$rVtn?`DB7xM*4J@YWxAIO zfvQc(BZmyXpr1_U@Sr9XL=o@5MN(;2TfK_R`dNTNJQZA2c+J65Tlqm%UK|^bc%cWA zSU{gdG$T>FW5SYAu;G^;==6(BF8N((c8m}{=yOC8pN?mIIre|@er~FC z|3}ZG_9s8UWkU%}*`VDI>R0?MQu-YGi6jA#zt;C4%lsHlVAl}nx`dr^R~7y(9NV0d^FXs`Y{Tf2r;1fbZj?^d2h z(%hHl@&tbPUd}xixm*fI#MO#_hAeYq$k9@Bwk5v*-NFinm;)%dv(+#Xr@pu5q`4aa zIySSSn6ol71DlVUqKE~(Y6hg#)Y={{b@V+};h*mTD*`U+HH+Ep`R@7tjD54@oHj*A zhR0e&-POU~QQ1_@;nkg`jZF`zMo{}sdxiO@hxIF`JJ~T#6Y|`S0KBT5Hf5NbcE}?m zBg5a5FM92l@<6*m)sEI!PR!baR=#dicb}Ux&xp>VCGctwMYh@^FQK^0D-ld-I%x+9bkcIS+H+UdtO-f z5uRXN2KDE@VE6cEI9;OE9Z#piikfZfzJB55xe+U=+2}+SBmBrytWj=uwAkpf^C$4z zH!Q}X`7%z(-=_UCahXQ(sINsuav4HtMMd<$-fex6ZFDwQ5W4x4?y-i<+_-^tx$JG9 z?z#2$`H7dcoXS*HRe79`Ndn>Z!*yEA=VD3&m^?=SR&~+CuxLC1;5@`0e_x;pT^p*G zYWEIvulxo=QASksh5Mo-Vj92u7NC_?DF2a&%)m1deWQ|1;;>ZKS+ETg2$}|j6A=dgr|1(c0+5lI8w=y!3Ms1>$wj;X#!f>w&!OqVY zzK((p&CR@>curM~`>Dfeya?4Y)s3Fr_T(^MR;z-wV;;Vm$3+!Q<8k#L2`v>QEmBN} z$-=TM2K`j|{%(LJdBPJe@MA#HceWONbg@|}IH^$8cf;eoLz?YwoDrXb?iY0jPtU@& z@t_p3Vy6#pzEbMQ6(sMVe^kYlSD9;Yd&Qt$M$Yg};`mXVRhdseCee^K1Ouko?Zv)< zUzA_}kD#fn9|ig(C$*fatrzc-I2TYipEI~g$DCl(yozx)n}wdr3C+5W@y_YgSYq5& z774zg`r8~J@a&p)sm*>Tb($vX^@U?nG=N2aBkU)jq3=mW;&;8uwZu~zouQEboHOuj zC7ED|eN<8kEGoKwc;pH#%E<{q#-{$0uSk;ab1MBz)@GyWOK#uRfDyDEvg3F7E0U6u zqS@lX=Krv7zzb~um}?rHO5R5`wW+#hq5YETYmkSEw);IK33$GN=&U`rzF>5|NbhBstz38s}+Q}oY33)J|; zmebyREd$7D=gN%7%`mEMiM<|YEovS_Me!9$n_UMN4IS!;#+yhK3vKR(>4 zC@YJV>$igB8fbnDRD{C9!d0*WrhAixlarHQr6|8DXVDHSXxRZb(@*41h%R`J@vNsn ze6^rQ3wV$B>^J*cb~99P`TsSCy87DL%^OxjkyK@V`(=S=)c_SZl~PqRJ>3{6F=$VR zMHl!AJk4ix5(O=-x8J{iPlXp?h!g|y3ZMspn~k_TKD4Z(TqqNA#~VYS)AVvPpgZ%FCnnx;h#r3nQ$W5FG*F_^e{*=e0-pk6R8en*kUB zgS`F284c)GO~yVIML`L0W4)2ME$8F1&-|vz_(4etGe+PP322AsBqUwXJIfOPvysC9 zRbox!D;>R((nH!@5IFulyP1Dnsk6Pk*q4-+Mt-=xF!}YBtT{fir51W|aRE?`w^^W0 z*UyWve=G1QeelJd!K<3GZMw_(Vuq)NUCp(V9R6PRC%|L-7nO+a%qQN zI$R{TCbwn<%93P+S(6v-lE-z%~EQA^ND^>@|T8jpDuajOS@WL2S? zF4dFWW=_K_GE`xSi?1>jk^1_UA(C7*fl+U8jVel-`dd#5zU4|GBGeM=pT|EhK~gw{ z2^4%9q3)I~9N&Jz&~=`kRDz_d&TP%%b_oC2B~+e?8m7V)acI(!5PL|<_^l=3f|xeK zxH9W2f_}Nb)e{zLcOr8nTtB2GB;XBvFL1LzL}vkQ$f(=!RZ;jM{+TXTyTi^v)r>7J zwk*8~i;P48z|I1+Ulrrp$+cPZyj75Vt};jh+U|~q1g{pw>A!bvpDBTiV!ymyK|uj6 z&l2SFAQ)(0i7|Qugs+{Q-NFp;`+yWw0J>PF>@UW$UoVy(XCtT-A%9D0; z<0@1wVnSd5_M8U|h`P<^NDlPUdo?v;pMRo^Lt-*>ZeDUqIA9=FP+s28ipn^&2EvVX zU{WP!T!D-Pc77qcefB@j#8%)j3VRr-Vg#8GxI4`R2@w0}ypz(K;RUqaxcZquiaHKN zJ~Fbh(v(=X>o&maJ$r>`Kmozc;{#Ber0Iq_lEOMB)~MYUsn~9z&s;2gzl#1}s}ZlA z@K8v)7!AgI&w3vhL(pLnFOA1@QrU(%UcIU$s%yju`a~~rl|@>v&-WGk_!doGY3IlB z_7p=HtGOwA{)734zP;m_kD;XLRXoSS?2X4QfvEe0Kj{+Y>w4kHlyG2igu8Um82kTi zI4pH%7+IqvW>g6$?EaOCkW^{BZznmKPmHQ$A|QhdK`gWPxhfH`F_8kPV%tV&`+RVQ zMMVdG=*J?|Sz;i;v7>~*6(Z%yKSAGCo7=XL%1Rsgy}0{A7$`YR$uYqZy~&_)x^(_F zDKA2D;@{1KMbYPuzU{Nq2U9MrHEYWsXZUCGQI|wsZ2q_2v)0sgbW}QMgp24vL)kWa{q9Y+V)R)iT$dx-5N<-Fw4u} zw8l%+_o6FSFI}r16t%-Jje|&uWdFHsm z(b0S`iD+u#`w)#UK^{AstEUHe>KRTlKU(CwU6i6oTi=Wb-Pw%r?K6V9)C5WywA%dy0ppw>%*Cy(8PhW`Ea;N+o1|H)$sD!a*(n!JqP-TQqXMDT zvl<2$R{;VG5S;_O0!E+Tw%)T2L3k9HRSP z8g>M5Q5j0gXzY*nLy3lDSz1FZQ}}IO%1`XfR#Jd0lPk}%%CHm0>tb(eOaCPZ&&2Z>N=$IvULFnsnXK9B<*HM$^E}Gln<`eq34O-U z@p0wT(^DiknBQsqiNcR3F)koWkhfgWf>u?E2cE@*n7pa3csXkS z3XIx8mxV%{y5;m|$pPHglfu;4W+EAO!_x1cqMJT9o5H-0*LTTm>v-P=;D(1Q(}cWO zKr*PP980pXEBo1@x4YWovMMvjH5e__Pw1}SB0;0~dXzvmsi`5|`teVy@WBdZca2oe zxUlB-yFjWHMK-BwG&SmzO;ytBDvZ!x&AH9{i@DwVvqBaNE4!@5!ic6OFJ@sk4DSm& z$=3V;e0zA#N9d#n{~tnH@vZM73UHjdUxYCboZ%xYFllMUIH$elu(RGu6hTBjjo zp^p3Qd$jj6e_E~u@rEDanw`isPfD5jQqkJJFwlhN(o~L1+pteLNkT(i& zX(9{E3MWcx0gmr<9{O^jP9BI32?+^)*DqGq^VZf}ZPUoju9ZAHKZALIetRCIft1PQ zd}r+0=KlCWsH$e`z4AP60V$JA46z{3UO{#P7+!%YAh2(V1)Zlp9qwfh3Xm$> z)=%?c))T+*1|A5^VOXAXWH1!p1c6X)R+e$K6EYd-PDBtb0|I6@=|g?ih0m!I!Ylmu zwzf=Q{{w()eSKmusx!>+y)-(Qt$bz@kSEj$jye*8ByR}hUIQQ!Ytka>Uj2tAmxKmn zwC#%&es)I`G7#+OdTxFP#h3~m78$b$V8?^g9djmzGn~>)bCFnVj zWdkv@29{v;n=G@@^}p5gy{V|@8C!2ANcOoBz>XH64uQP=j7BsFOt4%cvz`NC7zi)I zo&!;!^qqlkkITqVR9DAqDmxqXf5ethdY*)VviRY1IsgXWHr(M_GSULX=Isxc>i}!) zs&x;;0d_sx^5^G;#`6~f=Ca@gwt)kP#2%#Ck}=dQEHPlIDjinEfK&g713y&thQk5_ zD53*^*}Cpat}X|&nEj4BATFekgnsG?#{`p}&p>*sfHpLmZ|17VLj4Q_t3vKi+}B7k^1%KXOn*J1zAS&tOU_SD zfus<`r9V6li)0*}>eW`g?{L(H;r^VqI+4P;>`g|b3pSb5s~Uod_V2WM(zr=!H3!C* znMGgTG?G-CGxf+#O;nn|Gia230s$$1t2Z&QeE=wb_}%V)A>vQC?c-2*2u7L9_ zh_=nODAJ2a{v32qno@p&MG_HB!g(wOBN0Y%m_bdjH_bPcxAL^A_ui>mqMQ?IWUZdS z#Q$L*u6EbC?&4~}d*pJkcDK2%M$^{wi>=P+f;N%6dOAPBOr@Zw-Trp!wCM!VLET<+ z^9Hjv%GPi^wZgQUMPA>w~Ml^72m(&{ys51 zSl#MawR>Dk&kD4w|NS}%2;xAN6j`>PYU|^cTUOfMUVPLnfA>4@>FD>H75!$L!$uwJ ziHvM0b2}ryRkajlm!A7lFYuYee=^1E-}cXV4eK$ie$5z+MlNf%C)cAtZP+_srJYSm zXw@QNVrJfoS5Y7n7Jj;uz0ZMLkjcuM3Bb*7SP?1GU=a7)@JM29HOV4nf7#s{ZL zwZn+%ue52#<>T0*;l{aQ$NL=Nl!yDKoxWN@e#nWG$n5n~xx83*Enf7$A@;w^qY0P%F-QU)kws&X8wlDg4 zZ~(L1WU}P6x}uL3m}c2-P{mZIF_K0%3cbz7fazu}C@$_^KVb!={v3u_=BL%ob+tEZ znYo*HE-%l{kAVlERnL9tCzskJGf+NJTP>M>2FnuC=bbT{Raq7}!7`s1ph1@Kr=FjS z8{O|an%jijMr2~dmj>i)`>%alJTlU61Enx}8CNSWiY*+n&Ii=4D+YTOG6@=&ZBQqu z)9Nbs3H~9#)G+Lav$>L|N0+aUDt%R6%K7_E$}MD9r7g3jhRFBsmErW4W2syfi=ug_ zLWjO8WgR_v9-N*UM&MqeY=LiwF}YY zx$o!c;(xt>>!MIvAClr87K>r-xqL<0Y{8*L<*QU9rNb^o=)g#*l#x${>OmiPC9x9RTqLn>T!6QndHSV*{;bus_cmJo!B zqpzy`=Ylhg z$PetSJL>(xTRng3`H6!GzMCVt-Own?UI(5`yJ|pGOM=(?kn;!p%Y=!^kMbG%df?)} zGiV&u*;lI>Lf1)i(8T@@?1gfV$Ao{xl*;*?lT%-sv!J8*Xl^-EMl>q?OQA?&uZo`n!evZz&=USO;oCT|{VwB8Qxna64X1)UXjDOAV@h z569u~<4?6GetaFeeEd-kW~uM3mWW#&X|0Zi}(cEcGmIC zJ=4+Pz(!&Pa;R8HeDtKB2aSPxxoNv_hRDpSAckn*gz?2!rlD#I9bFa#N{0R9hpw>S zUTe~kE!D^&FjDVCOLY*Iq<2ZFHnz4WH0u+_1l1ST;E{yHOZU+%8dBT`Z2K2PPIAEL5QpgQ9a*yq4%JI?{8_ydE3 z^QGGj{~hVQ- zBtEFH=x-G)k1yd+s+1mt2p2xsLnkWoK7U^sG3~oE_{r=a^X;9mp8;fezdySONkVjD za+rLRTVB9a8}CH(%X|~9@9lZEPJP)Y$*!NYv{HnY;8?W^jOqiE@wvq*&zB`_)DEcXaf z3JS|!SOUAreR}rt*_4535$u+53VXe3iyqTI;TAD=^l9DYc{it{HQ3?+Y^rN3Q`${l zRO`&XZ8Kf{#h|VKP-#ag^0+p(Cp=7GLe16-@>oV-@Q(uene_ti5lIORI5!m-{ERXZw#jRF7rTJEK%Hr1vcs;z{0_F)-g;4*6|a7@dFqJ zxtNIj-%0#c<^Jz{x_)TA?;TD5{l$;F<87l&ZE5PL=4DSXU>GBV;;X&%Z zl~SC!W8_*MSLa$JFQCcPV}$)*vFM0Y4Z>eGAheUBZd4crXK6VNk6cG zNeRlLms)s?jY{s3;xP7dLiU#U@HP&uDKlFZw>^&9(lUhHNPtK9xQmX;t0f_c8AD8z zmeiI&m87%8MvQn?Ehf!mKWCjf{eZFMfLB5UDI!_H=nag4Iz}{}gmR@cH;qHfi+dq- zV+Q+ps3^VF-+{SmQ>W*3y4h4x3*4GL==i=)p{(26tdZ8~8sqc9#7-#vy`ZUi%SiEd z%KiFm|Bli*8?uZd64&9-qc!e_=D@23`h z7D^8cl1RY_DOrspga5Oh*jiCoqtm1=GszWdce-DSiZ^XfF_y>6Q)Jra_9W?rzY_#^ z|2|#~_&B&peuIV?t}~|lU%pr#x`j>TX#M5Cb+K90&tm>l?(1#iyRDajanREvgFC0* z1!4~6o^@*Cj1O)Z-PdQfqyO@aP@)IYn7)c!ys^|ro58!<$#%s zmh-wM5jfEfm=JD=^OgQu^YH0)`QJ`)X5))%>&A^1Sh`rc5_x=CC0l$3gRRfO`sPo& zBo1PiqqHXfZO6|b>_=eA)!~r1IMhbA@ei6WV!g|FfZ1L-MQoBG5KJS@WLV@n)cj%b z#bdH30mVxG?_lz~n!)DDgO|=PH z>q?)}ADl-|iyW~@s~N#Fm2T4De|e%gtc1U}yn0MQVlbTxDicbtJ(yd7WMs5Qt$dOx1v?ZQ5VSS% z^>ZMTC@p=FL&d?8TB;A>b-7u>Qli;#{Zqf*_Q=M+F27H!#1zav54y1xlopkQG#b^uYH6v<&-@4JU ziEY&GE5zu-(^@)nm*B#Xy;X9p(U;EcSXhS?VhWs^~RYS2SSDuUuB1Sd#@%m5wq!V?1fjV*SmJ%zfmsk zT4c_c%as{B(+GRh250?x)a2rp&t(j%?|spwBAoWA;x)XMJ`QK+Z88DU<&gr^_^Se! zGSS6YB}a=2o3Ku|jAR5q-#|QcHz~&$<0_ApF#6|8mff&GLU{=_JdP`YOrl$30W?}N zs@i8upa>g5`D{G%sZBLx_{(oh+LR!7 zkw25lz3IIKTg(1gS@nfdw7}IM;3*i0*p5RK5pR!GpycoK6Rqi`ClG&>gK?Yh_ABEAdAmgL zd5Gl~CVdkEE{9Ji1K-S=(pmBI$p#=X=o$W8?hhv@k;JWm=ZA{y6ng!O-j6bymhNXg zbgh;O$<1VJxCVD)U*@(yw55~tH2HH{Yba(O^&q~HVNz^6QPh8|`{BIO5O;7>e$r(d zb9Qm-b&vvc>HSyfGR=wpDvWsh2s+;50eFE#0GO7Gr$47ug8K9j>{ zCa5-;oIZ7siGp8Iq*wETYxMq*SwA(6@~=*0{>ntA~r%Gckpiv$WG* ze1vD1_4kE{k-utM4WuiL$FX(&*PoP3tZE3HUnJ^#3Q~y%ZybdyA#s#bYIBCMtawG? z8^3{uiHvxe*;|nAoUFatv$@}Ke7rkG*J6>6*F=Z}m*gWT3G~$nTbI_B<;Vje=y0tX}d;->A??7K=)=d4dv!-(3X7rhhyi zb|+Xwk_cf^QnY$7EQ+L;24`-LgR5uvh0)(BJVkQT_;$0GlXQ2|;Ko9en{{Q#a5!Qp ziPJ_F(3gL2SBic3;lw2FPvdcPL}R&gXD;-^2O%wg>31NDJQX#(mSi<`!2?V7#7#}gCTo7U%+ZG=oO>9Ld0*c?%d-<5f(Z{@SC zCci~YS~YX+L-94z4TIW3tKL3Hp5m*$TPNVvfZ6J&EDzC;#8aFGOW_MbnWXI+zY z5W*n&Ld}tN&2g`oicN~4|kMN&D2Uyy?TkZK`}ly!3fXAKpr$GzGY~qj2|o&Zhj$F>9xH?d$ic zADq;ML-XRRbxc)p5c$(`GV!e}s7>$w$nHh#A}9y^dbQ5h@}=>F%8tL`3xt#@ZdWC- zZc<)UC2o?t#L$$JaEhUCyPB&avx(tQMwCxj0s2239IhWk9THTf_cAClFMv5EoR<$P zu!xqHwjfeI2tgGQr0DJ;h=pZeq$F7y0Um zs;R2_e^DDUSQ~i>(_%6snh$mrm01T zl^&Y+MBkkfUP*KI;Zs#W14*kUVTn}+jYA-QItC$q)_c}wynj->I3@Tis6Q_9W-w8F zm_9;XiD~;G(4g0nIea=xTXpf$bK>aSL{Sk7%Y}ntA}9S~e?yr&X?86a?B6K*qciA& z?YaI`Qa}eO-xn>1M8NhgTU7xBNKzos%kl{T*_B4OCvkHm?|(f!`QZmA2JXEDP_bsQ zlmHLz&A6HN-ap?`DaSV(OuYFYcy|q8v5zwD+tj)KSD_kfuwo#d%r6=QhC1>A(SKee zWCxbG4~>kJl@xGyL?D+KZyMb63N?`9A2TU zigynR5`iG{0e{@~%WRtcsiFSs7cW6@E2>p3!%&3hj0_!7ZK|Fmm;c^mC;bR5iP14aOLHpLHw)HD z6UmvXbQ@2FGAQHiq7uo#SC2EcRFiKkiu^pdix}%&%##^dyA7L()@O;A5@d6UuwW!Au-d`1n&6uoV+`d`TP(Q zp^ir)(SUZ~N)tp?#BV?JV&4?3;S;e-jND(^6Q&>9vV0`dxkq}T5YqX5F4Cx!+^Ib) zioC5PkGlbD@vqPOLJ(aiQ7=^Mu>)}q8%#O5L(7 zTI{ToDxQ~&UEY(DSqzbXa8_&GH}p%_09r!|ovnUbxdhLD1gIF-!KqWWG8aZy)eibO zfe*txAc^aUAw>ET{A}A;YOrRCFtB4^PmML%-3<|nq%bPJpsQcWWQn6sO=m{gGcRHq zo7w>hn^8tfBFRpsfWnix3y2QDLYNRfwBVQz-MPjBdQE}59`TesXIB(|pJqm7v(Zt5 zAxnyEF=?@AMSx!t4Sq73I~9>Bt$@qkcoPXxCmC@T8KrN40&0bwdJfk`3gc@yNQGRE zXnm))L{G}UCD~@*XfioIK~kjLF%suK9|5<5?#H|tA{i~N!zr@na_D2z=*M~o?XO=R zH~-|RTM3R$o7w=g0cN(yw9Xwo{~c;wLgc1(rIt-84y)~oSbUxreH9(jU`4`eCs>LH zZ~ZL0aJtm;#WcyDh5Z5=0+d=*>4{XHP;{Xs+N+B(5W9@qB|P=ep;3iJiDQ^R1yGm8 zbP%?=|D#ia&tRi_Htv=5@)S=WS!5Ht@)$(27H8=wxwD9ML65V`^GXSkbwEa4=w#%Y8 zoSVj3BE+gK@qnsAo>Eo^Z?SmCj`Dxgpr#EH;ou^$;xKibH6t$tpkM7g`f|0wE5S$g z&n!JC=MT$i;xsh833~<7StcnF2=92E*Cyu@tpQ29S?qVNIYyY9=n%=GBp~$}vupJM zm@mv)EsU?pgT;xd`@JqLn&}Fg4Gh)<5H*mJ%~4>%?fwpSX)&xijVJYT_J3CV(a)5A zz+SzCz;VX7i@aO^_D!`IB6d7*5KgP7ug7Eazh=?f$}sBpG%m{*0ekMv(El0uV@8={ zt3sj%lFIgZYWx4IlEHN{?!V>-$D#}xAZ1BP8MHR*|LqOAJeQ_&$Tw0hT`1Q4@Ba+E z`YctDSrp50uS);FOZC7Y78C(}Ox*bYI&aUVi3PGxqCG7CowDF7T@izkyRXFvd$mZ~ zB9_2)@(2?%QB}b}8T7wF)OmNWao`oNnI*2>9D;7UI`FhL>sNml^G_(N3I`X3Sn`6M zyzYW=w%=rEr#VpaH{&-+{+-@#E&V(hxuBz}r62s?0JK4l8GvM3ix|u#9Mqx~17@aD zK&DdhDHZAUb2~KD$LBIdYZZBgL)7$A&Ju_m)+j#0d?nk~yd`Dtz#=i7U|>VN@|Pr) zw27*}Es;jPNGfLU8%pzbyvQ`RSl-xT8l!Bf z=shBbq#6DVZlfz*Rmdci)XH*=vMlXYQ&XYsh;ccN7R}Rp!BWDMeyw-{U!%5k0V{r?i>{CAWZEL?HKH6A|iC z8*^D$)(iBgwkGCWJJ@JD5aHA6NmpzgiD?$m*8tcFlnF`<>Ir2I=pM-OLA)i`Zw^>$ z=^a724_n#aZKC~>G;q&(w)&gCoRBliW@Op?#=+j+WS|MG4eiLOIU{f1Mhv4y!-ip> zkIJnjn{EP~tr@_gtVZ5ETt$e5Hy}`+v znNXg+66>ZW$b9a1-GRydHq{YCiaOzBVyP~O7*|c7*=2!8Ac67z>R#q+3(sIp{qwedy@Z6(K2k8b}8lYm0 zry#xdiu*S;Ill?9G^(3#d=0UCYx{HFH^)n*K~qj8C_ft2i|J4gBEkiPDiLYlu(jQ- z=b|9-(`zjJ=agSNE%&zG&VE24*cY9qvw8%}*1f;XOrrtmSZ9K?t=He=@P`V;AIW>V zdbpb6@XP!(WsA&(2Rt4yIYnj_P8Mpc{d1+BgAi{5O4dqM;70-S2V;k$`z$s#Brh6a z|JGLiIGQ{h5+I%1h zNBHK8E0;%Ggwrz9Q|w(&|JD9VOD)-}5zf8wnI*K&Kh@}Ky@G>l@{UHN=<#JWk&xT* z886=&Oxnx%Zzpd@_%u%^X}3@B z@i!`(sQx`%wyS%$FymemdhN2tqI>!CRd>FIeG26rq-Zml)g;-55-|xbm=XWIQG{*xfh+&* z*5W-)49S6Kc^vz9?tZ9Lf01a|sK6U#fiYvq{|ATbKsGMAUT2gor{T9hPE4Bu9}LEa zME~+@m-B1YE~fNuvo+%BY73I8LB2r|~d zg})jFX2})0{Ux%ph=X^O4W7J6+I;S7<@|=t-;(ov6Qj*|aMyW2MqLeD*kVbb$^DC4 zV$)|A>Dm2=U0U1%pIL^N9mBj2h8XsIo;cN=!6Czf=faP+Nw2L=v?m?BZpB>w**0@{ zTYKJGn4wYu&;9DVfNjr-ngqs?$dJWstLMFVuP4c25@UgQsJ@BV^UbS_#H5AKGOckd z6Qe-FLDQKOye21OsYujwRh;muB`Ld^dkHbinoS)=!*MA@q#GIs?O$*U{{*Wuyae%Y z(|%Iq&DFQaa8N;)%vw>QbEXwlRN>K*CSvtWc@Pc`EJK~PqC>6*Kf76hpP2>UOo%_5 zsgmW7&+(f32@Rg*%m1tUWv`fHy`ek7PO|7a7C?kRPoK$mOn{p0j4Y<<$xF(G_0|f< zKqbbW@wp-{V9-SpFUS#W8Zh-;`(`t6ZBQ{@^J*z|{rb4z`5%-{tN0i?bZAHrVhc(O zqUQ*eL+DqHVKqJc;fRQmIBE53xGw~6c4cGNP2!>I6SCSl(VH$dt^kO5pmft26QPa5 zN>~p?!TR3+b8m)%P7Zq^>VnY7=?4%jeL?JnkFc!3-6jZ~a!v569_> zU#8ya0$?-}S+AvMmCD}3#7F_~kRWKd;2jk7Vbv*nm3KPPak5-bmQpzu8WsDYyvaRWekDl!xFj3e8&P#yvH}OwlphAO&~-X0oqv!_b_H3Fq1YQwN9%9F_wmpX^K@z@O@Z zyX+T+tYOSXyeW`)=Kh*Qr&aDLCJD{}nJFYP$^JtThI5k@OvZwQQiK%6*A5kg2$94B zIa!Wv(snuw<1)cnsj`5EexjOZoHv=7h(5c-w&aOe*+ROfjsPGmVb6N+mqPaETUmiy zi6l4F6D2eafkJdL%Gn5AG0H8OqRO9_2b`J-L@F(O3o~VakH(RX`7Dfr8bi375Tw6{ z%`}g>_}vm)*Kor?=qbWqI57Fj=yPoTfV`&qb~>R!GFuq{T_L&-ZFUn>RvG4%jF~K) z3OubW)wqrnn>CG4dn~fUSX0k@-Rpp}6*iR?uSKdK))8UJ?yocbjzE9&Q{$ z9==^DTtz+;(>5}N3_c77_$5DRAnZLmj?$elDy-L!)ti_i6z*nu@9*9Da(E+15M8`y z<%DM*>@e8D*WGZns?(Vm9*i~5|5&$?<1bNrKxKR(RzzPO5J+U992Q(MCdzclpX2I7 z7qg#FHP8AA`K#2T*wl(4APq%rXX)XQ+A<(^-bfStNYiS3#1i{!Dx0qZvGGLouBL`WSUx=BL;mMbE)*@M#e#{;Q%$I4eHIHt(KUm zZQkT8Nkz{4l$X!)R|0dy4;fxKLT~h#ytfE%_j3DgfrCl?@tZJ3t;r7F`yj%y&JVIn zWn=k=;MW;zMJQd0$eG^^V>7?=51PYaLDVr1uS7kPp-?pj&9SA)+$PxN&sWu&O{d&B z2yn=SfvT~?mt!UM6=)se^j^1(&oyyXdk5YuzzEmrB}WTh`9Gg|bvoxyG*#b5D$DPw z(3_q69RvM&AP)SdTLleGEXa1DcSxj%Bb=!N&@we#S*r{Q>$ z)z_cvl~6aV%xmb8^J;nY^7^P<4iS|Pm<*SWeh1b-P^X(6aI^Y*3rXh+C6saJ?Vsb& z=_w(I4-${jc2G8U>W_?sr`FUfaxF+63)%@wJzU7t;)=z^JU@PCr6OEPZ)do)diP%* zp)>NiHAlR0<950&qX~VzH#rOFbt!qv1kK5#Lvjwrb9Y9?FA$H&;^^*STP0pP>`};5 zEaF-}3}Sijo`#1>#e#tW?!_EPTK@M`bxL(qRld<@>>&9^CP1puVBcX{(une}rWUC3 zd~SHwPyGvT7pi$V)>lHFEb+(hk(kXY@A#)>etlIY#^6Us6x=ia`Ub5ri21Yf{z6up z;#@L5IGZphPj)SdOeByRcd%xcy8LK6>*uQHy~J>A;$~sNH(PwJ8k3O| zmR;$T9U8vT1BLC-N$o}s!`@Kkz(EqUr5KETRw1u_tWF&rdCWM|!S}pgK8xnN*)bgr z>|i7Q^i`7Q2%B=T26aSU;_^}j+RpbU`Hc@Bm^k;HA@xV=d`GIy&R;yviJ0jf(|Bge-PP#HV$jFbloIpzV&9X z#KIt(=LxQ9xMYEue;LA?W}n)>qII;yrl#J@(0YGv_#YV%OHqvXq{><`-LurlvsP;} z6MAq0SkeH9iKj+ z@`GddTkf0vQK##nzPO<79B$!*4%t+RW>Qh(pb)mu=*NHovGpFzQ?J7fG+hj);_oi- z^#SY?9wUk19RN+)vFC6W9ll*R-2GT1h`S}_H_1nm zrj5qrTi7e{OIT(-1K;te*G)|3*vb()V$Xo=`vNBS)%oT{ej5Gk49XVbCgHF z%>(ZB$(TC-sB;-?&1c=!H4I``IM9AWXnVWQ`?$fw7TlOpC<#p6q{&6Bw}Rf1givbx z-4%a(^B>|~s2-9+Ls?oP{v*HJfBFhl&8%vp-uoNYUID?90eNEQRhjMAbM9t19pAo1 z*V}9xbn3zdC~nc9S7!IV=Z{${VmExZz8Y(+yPCR#B_y!3>KL7EEG{AVdOgsa-zX6Q z|H7#u*?ag{L`x?Wm_=(mY4xyz4KrZ&aryE1WG0R*ugP@^h1V8jG7(~F;M?2PmHs;Z zxqpni+3%W@Z+P)@P@YkmqD}qBKs<~0t+8=K8VfN16UO-4LDwe&iBeVfVkPeT+gjW@MW21v<7Wpcm?y<$Z z?MgKIXuD@@+EMS5i^nH>2YmS!9VZ;w25$)FwP$Q&DWs?pGlqP@$o`El+bj$pcWxV> zW`cI*M#xt+2gRAG_P+=+ZqC@>4vU+0s^B2Hf&>Ed&_u-DVtWUXEziC`vIKmZj_Ll2 z4Sav}HVSxW2ZYGDU<}&a6V_W{8ou5ilyVF25BTO;4ByDL8#zQy!e#K8Lo6C~4GXyJ z`nSIwQ1gIon7%Dt7h?!tXdMJZ=6*%tf2AEAaIpuwt0^qe5ji-y3J_!+=0+nZ(Lr=N10J8tGS^@qz*%hPo@PML8+Y{- zA<}x7(E952NXoHH8L=Q$}Z1?58 z%dKGiG(Yrb&^{ReGV*R~5yG>BvYEl}U z-+cYFy-9P)Z@nHeQIJ0-#|;+LCAqs@@SmB$z(a!GU+5cOf`cM*BP@nQk>IYqIp$ux z1s=nDy0uA0X~o@a@;(S>g^eO|mDJi?V42&wyJIK;kZax7ebWI(w^&JR1Wxe*D3vG(wF$~ z)~ORrwU{aV!TsUczkJ4T#u6>@Vm;|yV6#u?zA(Jk{(@LH{sDIQKf3gC7GtD^pMM`5 z+9Vq0?SM_-*+)p5FznCzct*ZZ9q^r{YHaySY;GvXZimu}LlXv+JMsW~H247Bhs=T# zwsI14Iep)bI*EbX{%RE`!? ziRZEe->+aPu(j_j@{1#Wo#^HY=Lm(o`+EowDN=-<^IjblKlw*q)bPJ~A23x~dC3O- za&Y)6V`z{t`7`hxYgt#<@2TGc5`x6?9QbFup^?YA%M^gg2fDq5QGzF%_JA9${{_!( zvuBE&^-TL)`FzwiAea(o&Vpz&fHzgy3ehK0Aj1R6`{CyU;bUY#)M9mo@;&v(vw&Ru z(Fjoa;8%+qhJ4vP`_Us#pE<2rL}XHDD9_P9%A*)Lp685!yL6<#C;gljB(7|Myp1He zHT7YWT}jbMkCq~}eNtwpvUYY~uZFXj44&66c~z>n_g@#TmmuL1?JZ8Y)t^lolqQ|O z=>ASf*FJQ+`t|YD7@~3J@hv@n3L#S_Str4m z-y8N8GKS(30RqF*evzU{(v+xEm03DG65&{$|GB*kJUD10*&n54zxEac^Cd#N3|&x* zABZzDsUH$}<zg-T%`7Tl&7&fe83X>{l)B>j8VqQNDEoqrNoH8)Z%@sf*W@M9K-{Q8h=p`9hnIa zH*pS57wbq%laVs0dED1H((V6K%e5Gh76pVE2YXo(jVChQRSijT=>k?B3!IL=t5NCP zv;RF^n2e4)kxX}oE^o!`Z;~ZIl;nMOrw@ZAg5)K0&2~3y4Goo8!8C+(m5|NWi%ti<~SmgsEG!w6}2xKX}FITky)8JevLji(M5$j=O--L%F_SnB{P?Dets@b z$j`n-LbikJZK}^zSZC-Zw+#EXMoE&HreSG0%eq& zljT>CQODa{zk-5%KMPxT{Y+X$S-5G$aY5T<6ToIAp7B2#h8Rb_nAof?FZk*ktgDyEf?jopd+Z8H9I9o&@5u8mpztwOc2~C8(4(AQx&7!%c7XZ zU_6eJo;yBd8Y)BOahCrcAs>v+1;jBKLO7gi+q7Q0IVu;p(WC~Y2Jm^%7s!)wEEC@} z2+oy>^l9C0u5MV{M!NdAA4kr6;|m>|WEI#hryR&saZ5yVBZ(3Du+;>zezX!Q5p94( za|Jp27#UUzS-bct#<(khj3yT;gi?9aNEb$ZBR^KjP*P;iCIwjySl>W%RjF z?x!?N3QmQ59?oTS(eZ1(oRcGZu*SHrbW?K)mzwLMO2RxFcyE)iD#R?`raQmqPnwMl z6?R3fh1>9g(7qu=Yb}NQqw4h)*9nbVuk&H5GS&?6OuKWPzotyp>66(FL)S7MOF44K zVAMbAVjE7p9QVhz*`Oz1WQ?}AvXw2|Z;d%3)|Z5aOVZ_$<1fk{!^Vv#OcnP@^2;Im zAF1ZbWsVngCcz*e8BX@a^R~uq*cZDKi*S!ygdP|F(pPRBTae|Zj4JC%xjz{Sx(K(S zjJ!@Sa&!k}C~)?;)2P_kD_|u&I6ZvpbP#v+3>!3hMOI~jKD}2y-fZK?LS4pP|5fQ^ zQ&v`$^;+b@(G@RoPL9fJ!U6777yac`B(JoFl>PmCM3-v6wBO*ioP7!(^6s-wdSJb3=Nw|m$4u0t`91L1Qt25_$zUv@)d;C z*c#t@t7AcNpg8PvSeRA1NT9nCRAnr#g@HsE8A~c|9E6MofB|r@mHwAlLdi+&95{@^LBhlo zYo8`er%BiTQpJ3nE?AnX+{w}CLC#ZgW6(7ANa}PICy&Q5+=}LFX5*6zX=43{wk8WR zD1=s`{F`c>8A-}*NFmUWiZaJ0dYJw7QB1kRz9S}OInG}Qg#8jv4%fgIhe4p zs#8^f4@t%Wn3TxKp##B4ZDfKldxX9F7x=pDiR9{D1Mg$60OO`GH{+}b`|GyfBTCQ$ zPYs$W62O^lbKajsGSX_B_EQNQsyJ}sr~e>ADV00l>5zINU3CJC8(#c-w6PScUgJy3 z7Ykb*`1iM#xIkBl=}5XpFwvo=dKswjg9EN?^%%gJg*D-fv(;2==YE*-hALOVSJ1au z$BeGnHT@ZTYfN|EBj}@*AMkLDULpD)PB8utB#~*^k`fM7RwyQ8PvYOcLfgu6l@JXe zdu5gz`{Y)6cI`g3gS=Whh7XOu_racvqs^24ZD!s20`rVrL9f%v0Cf8mkGep9@z#_9 z()PXf(bGUs>`p!u&3vRaUX0u8GhufMd_`ezr{E>yS4g84?Kzncii|biWJuuRSeE}q zL@=1MY&wvP=9hm{N)318)ieqzzB?f6BSBGOJ-^bC8t!KmBI+IUmeaF zvem5%u+IcbNG8UME6b94YM=w+l?=t%$+`fT2@2WTik6z}_v6Hfw;?oOQ*f#NUpaqq zqW<%d1W{4dQBRH1Bwto-fR-7a$Ntf-*)?!Z4eNCPdQ8dwpDREbmd0Kge2 z$Mx>Z$KB9uEXgB-KkA7n=x*1|KF86Qec~0}`Xhj@^9)k%%@!G9hE1k#CL@R(V8y3M zZo5TeLY16Rm2c@J(A!}gAUd1W@Av#mBrSG3tqb|^O_*_OWb~ttyPp`@iRm4cKbn6a zeKw_`rO2P32W0W7DxQd`F!~`0o6WpuJsg>Td((D#m8dX%TEQZ_3UF8&N;CAJOOt3M zOsR3q@!Q{6b6ro3rM*FCu$h!iHx{w3OpZG3^XTrTfW7(1;pR2((cnWK7yqd+Jv$ve z9Ur4qvxWBgPMt4Qq{3Q5ab6^w)DpSF^m;Y8t92Eh%(Qo}ma6lI0xRGX?n8hte*i!O z3{6x>nqw?UII0I!wg}L3RoaAHqU~E)S+tcBF-ivIQDw3?W5e|#Vi`T6a2xX{pDr*_ z^4yWvo-TtDD#-8@lRQPLh#P!REw*kaou?3t(Z7OGd`R`^G>nrC(D3xp8y6xVhW6ys zw6xoFrBdt{Kufa&`VVeJZ9EE)+&^w@bP;cPm`>Qqk zem8Wq1U!-oc66dlk^(^1V=a<`{$e{Xrfw^5284~rDhENUm^2NDps24wUw>RlH~%U$ z`BU0>sF*UOtUVyde?&Ehhcw$}rAJPDaayp_|G;A)_S~)JKFskxw!1PHQUJAw?Ax*RV;#4G6NH~+i455`i!N)v7u|P)1>Bm4 z0aA;n^jFnFD`-rn2f5Wx>s`uWTFD@Wcv9)6leo;-bUo0bP?8AMQQ*-mS`E1?n=98Yw=4k>X1Dqib!OJ8!*Rq};1z zm9v*#TR=paa@ouYCn3{9QY?m*-@eRDe$E)5yyg6po%b;5#=i8qd`*W@y=cWe+(TJ9 zU#qo`kk5=p{FOWYVS_?L6VMA*(YtMeN2r+)6;N*sIvyKr*HFXAvD z?FR=MVigK%E=aM1O)VLwKn|CQYlJNh>MA;8H{l_KlmkK?{tP;4RJln_%m}ViSCD)u z2bhXn4P|m$G)ApWp?T*HT1<6Tb<=RBs|y#+w*GT01iJ(A+A7#6jGE)^^W!`+9L5PV zpj;Xi4`kb9dwZ%ZwPD)fZf0nqObbO#6i(IbqBlF@PBXrDN50H!L$@jVMHRe8j1Ty5 zh-l_6^sZ?I|6EBeT{4VufZn3S*ji<_3!c=@%cMI#D+20lWaiZjF_tgFm9f+rcR!`kz#KdeQcbJ9+TXH zyZ%oDC}kU+hJhSYeutKkY7xn^H9EEWM25_z=?mD+sj=tv%U(qzxvWac-8k&cFZEyq zHYZ2GRh$@GZB9$-x`m#6wK1AR7_Yc~gR0G+iGyn@=OID+>p+Dgd1<*VmwOUz_8Sn? zgygF#nUuvjZbKQq=LMst$MN&0g}+`uE_@=%4E({Nh&t4`ZCuU{;oFi;BFkxB7wEOf zoaZ%))qR}JlkT&RdHn+3`3#yM&7lATBJayHWvTmc>YOGw<}9Zx&<(*BtidB-_0!$M z3Hw#GsJficcO^x0$NO{>Go+?I_fsC7hMv60Dg{q)kgSj1 zT~}IJZQmEYmqhSTbY|lH*1wO+}yMG$~eBlIUXh#6XgXB!m#$&OnO753=6yUcjcI;GTM|-cuY{wi6go4QQ*>Y zG%Mdk?PxfG_v6n!A9!9jpXd;B9gxT{_z^|&-)y5ix zJQE>arxz>X=GfgkNW_{`3FrkzSJ5csHUh)rNx`^MXP&0fYXxD;Kopoaf!Bq@GvOvA@fY_#mKu_Fe*C!G z^g!Y9PTZXSY^O;{j1c0E5qJ)!2+Hp~pCOGlAgTbr_Lu|H>9@=p1CDIqgQ53nwvW+= z7fN_I@7ntz8S=S)kLHh`CKs5g8-|>qC1WyOVG?64REohj)WPNZIDf~b@8`VzfX1vH z&8{xDsg|=ALRer?5siudR}eOh5eZqB6e%)&{wEx@Fz!KBU~W&;4tkY}ioSv_>Xr_d z8cjvjzj_9HS`|(lNg4Z5(F!`CyYtW+=qUgx%$8TCaBDgx?a~?q!khREz_%`>v8e*i zV19;FkrGm4@rQ`qR>+LnCAu7ZrYc%o!oz6VCT0!^$YbG+8zUyN_Vc^4Kg+C&R>`fp zg%|BCmnaggPGp?u7u9LR0~1iw7*#oc_J=XAj@%nP$=Usy3;S}s zr1QXaQdvp!^IbfN_xI)t!z`?E2KiUlUE!{x^SWtwj=&t`Zf; zW-%?}Zf)s1N3gjbkC>=Br^dEPb5prkjJ#sV!E%%E8{fl*{scY@zQ4~nDIA{-NFs?_8mliEzwYwy{JDZ8N zpu3Nu@6*>-=rs8(%>6dgCVp@wR&5JE?OF5Dz@NXhlwDg;D1-n>zASp+_k?iLFmK?z zz3eN&s;YrQk!$sECp+h;BQ7avy}(uB$K92vv(|lx@J09T1i#Q2H@P(~CJ{LBEAcfs zIXm9rlcv9KE?~e>f^>)F^zY!`$7Wj%Ip*UmF{O@Ed(fq}+&|B?HZ=p!HmB!Cz^##g z$SO&e#6@(vb3ZE-?YsiRBccOt`X&QtH$kDCeb4}+YcjH|(m|M8A-T!XqUK9g#O9%- z>Ie7lvciJ=Md6o-)au2ZTRZTb(s>3?S-3;?Qd)RnxvjmO)U9v5L!;#_lWmQY$yx?$ zj>`!Nc%wXK?4-+4>NePLRi`tMVk4@nXvk>+NF=9a07V>J8nY_;lA>*hFUU(VIcp*7 zT2HRMdB$R_w!?^aM@JE<%j<=h@Gnzg{QnFd6gK5fxw3?V7K=&OP8$skK7_x$W;2uO zGsR|q7<`~jB8XX-5p)S3Q~Z{RrPg<41uB@-*vCl^gP|)|UIM=DATf+N$C@J7eKjr( z%^4lzQ1jKWMmJg}+VXaBYdStpN!2-$`@Bn>3#nrYy{-a=JpJjUaAI5{W{2!aY4^t8x z3jZknFV6&QTj&aDxu28%f3id-VQxr8I>tdL!~Z8s3=l0LpE9E*=;zG%PX`IU-g^4f zxK?^7=?!K7yp;_b$aa2*FjH#*_S!D@ha2cXsmUBF5+kao$2Txl%oYy)w*}or{Fz~`hcnl7|P|flShcdX2U)sKqwZnEhrs+xbr`=Qw`NP1boVE9>% zdhB3#4Z=mU|7^lH$vb*-0f-$EL8*FCbLB-(FXjMT(?0D4IlH~II|+47`&F?Wlk6mk zajAw?lEYSn|2td#eK_69P3k|?XgUd-REX`I1wI6_pOUC6ofK4O3YmqBzm$X~)|9)9 zw<{Es(zh6s09%L0^Yv*e^xwL6dH$@F|2KEl8ET2 zFr*BaK?cq3`>Vt|A|NU$6upjJ8{F;W*zfip7gG`%i*p4kCsfl~F*~_$b zysUbb`|=$}^XGmqLG6BvuTZ(&4;+ZXBD(wb>)&Ad`7~#2>kACA&y^~%uylioksv3l z=k{Mdg7is?gB%rw`85LRP9 z5^vJ-RN#+WcGCFa0@(ibbFr@Z(`otx-Xq4kX(V8@p?U6masZhFfi=?KRkZ?py;{Zf z)9kyrg};7{oTDwK?7GcOq2F1b<4E;j3mvwXs9G#dOBT(tX$eRB>fLKJu;rb47R=$x zgUjOb9d_-$;Am>jDh?G{6x%wB=ki4{cf(q6B86| zs~d!mJ$xFP))U_!UHXk8U7lRTqxRhQLw;{=N3VW}42nBiO8Idqzg<{d_&MPq6c*7K z-~RrfzP2xw^y?)s;C|8|_BrQ@KolJw+VwJl_=ni()tKmh%}Ut$8x2hIZK=0p3g@F zpH*kD)nIp|d&im}nu|*cfgIs8>g5(YOGE`DF(OP^JkNB%2)_SN%m0!8F57QW!6-hO z5vF#@mMkB@jIEel^!m(2S>8W3EFB;AmedzbJT*-ZwAKY|oaPf=(4`MF8Y9OC^{Jho zE2H7-XQFoXZ!IVA_B(70G?+-m6&_@>)bC=?%!bYThb2FL$!IPnshOpFHL{P4EIBlZ zv|IUYbf1|)OjZBod4T)rJ*qzE@ywt|ZuHS=U2)TKKP8r6@XwAJVoVGe4^J*!M^OxV zf=mAS^N))rPV;F)*#ybRsQ zDmp*!`G7k*lw^Hp)_g$C7$PmU2LHg0^hDukMb}kxJ-wqHj%IFO9F)@Du;l_3Qmu%l zW)^PeNWVXf81l|sm$K-zeP`!20JaLk6&OQfr!676pz`t3ZI>jr9!;+YJ~Rt&iuHM` zLPJ!r2Miy{>F;8*{bn}N3Ii+iRTg;L)$^sQApNgfXrXAHM<-n)m1TRFc_tLzrbvg#ZtkV~Z3_^+7I1HO0pISS!NSAsQ+l zEUQ+8(XU>s?+Al7YYQ2noRe=QsC6(4B7{Y zuM?5AX7lH#@Z$z`SzBaQL0em!z9a@XqmC8>9YYmEMFbnVBt=RLP}0`MADIaOn{koM z9}t+s&hl^TJ|GbHeq*wo1dP?>y=Z*UySz90-m$>X+hTzyubh8yw(Mpg)DX^lsR@RO z)6(H>A!vpI$Xv3n1B3 zA+!|HC6RbTHhWZpq`Zu{&&q2(08vWHXY#H({;)ths%6N3ifPE1L#FCzo*Uy^+rhN$ zY83FJ3&D4aHr?_3j=x@a_1jq;`8{gsQPLqP*dlb)T7XBkV@WJ!C=_Gdez z65R7F<#AnGCK2}3#S*U^v&zsu4foAwUGbS*`tt)tvO?TN^Io-{^hc- z%@%n()WMvOA>W;9v3blIHYkG%KY!vYtPze5U!!?j?^wAiux0Va#GZMMb$W)MQvaxT zRZ#ES(-)9oo$-soJD(vR$=U3gs(VxmxN&^|r!V*PXRqnrP`y-SrJ#BYD)RJXq<57M zKS7;kPsfR9u+1=Eudawcm0Khf!|g1v2fW+153Kh!bg;JlU@)1-V|Py1?TFZ&G2S+SeYMQJhw&Zu``7V3k@(&r>%pyD)_jc9i(4l?wy#;PAKi#p zkpmJfMY2{F+3M;=OGGE!l9Be~QtAvgMG;2spSyZYlJcs%E9GOYyW$;o;*~@dP=43w zab9o{7zd|7i%BwvSsS^|F4ztROoLkHFAd}QGt;IVwr5b#+lME>HtR2@AD}qhDZ&Fx zvPp}uFdCZ*V6aL4!5#i)vI&~a%wNuQb}d&f$1jexnz#MEQyY^Av4#SUzENM_u11wVWIuj=^Piq^XC zTIN=NkES?adb5dwWj;P(wU9#o%~h%=0*(_s0nBvLvm7;Ar}=PHRj}aSf~=#GN~j?z zl~7~j$=<*V)olMUhjme0T)dzdjxKO zcT>g4BxR1xX~h1us%ZemOqgCYE}vCo1(BYxe3OV|s0Pz>8;Z!~`0n_Kih{(=0rX&| za0Pc!y1_L9N74@>91a*Tg8Yk_s#rNUDFR|uQBfs6A|0@ZOxDM}^=(T=JXLc_7G|T0 zLs3$lC{j&yNmL!1qg;+a1Di5x@oR2*vNvx2I~Uq^rU!$0WA&fbVH=tFMWEfFmHLzh zgu4$i-|*i634mz7V|@`kIiGmmfM}n|RiE;qqVq4fDgcj>vn7oF8S$T&R5G1pRhS^c z8MaZ?dNY>p4~Rc9sLxFRfxU|kEROSf==gFM1oXB&0#JHQPg@7SDx=1~TD&Q@FqFnD z_AN0AAY9un|C4`~_H#I6CG%~Sut|FTGLFHzMdYwF`t24h9|Sg@#WIiqe@eEeQ2u^BpBZz^a-3|o_&xSuu z;9g=R*t=hRefLyItoE$W;jucr!uk4V^Io$jFX^{f+;AXmW!8z#6c-#z;!mn_;ATYG zlFHd%kc#PY$bS5dJ`EyJE47~A>@S;`sfB|eN~eGntW-IXs)z{L?pXXCG0s?Uj=dS$ zEN?FV#Qu9SXNeN}srDyu}VC^mGHYtfV77@32w=KbB%rF-u>jP*|1LguS|7Mm(5aEX;f~vg9=baGt4{r47Tf;OXjVsqhQ|Kga^LM6l`=1A zPC8%n=40o>ubcA$*^-sgc#DM`f`^7~jwn`1mm~*s7X$9!Pf=;$L!N9v+r)4!t?Hbo zWX2uZaQ_FuKtI2|WTgE!r$|GOfD^1CV$_EbUivuKVgM33KL2eZ-HjCM_y#|nk@0rd zApnBj6?fBNzUthFa94LK3|T{5rlVAYm`|=G!Op|@8|>WT#o%`$$jucn0B29+5O7Om z$BecJf}Z+ARuj)dZl5hlM6eGo2FHb~f_9DDaWc7?H(0U6z_9nCF`Jbq{6q4_C<+3S zB$BZH1KL*haqzzL_gqhQ@?MZhKRumR!NG(@m*wp>w^2-4q{dXIY!pBsMZ+Zw_hY&5 z^oxOOtpCN6s?jwF4H7}+iSdb|gq(Sog?+v8^$*0eY(rjObQ4jhM<L8YiD-Qf0Z1tcBV7ShqfpU5ixSd%Cq>LoDFL{0%8&DH<*=R?;8Fb0@`wl6ar%<^6C?y2+(ud)a$U!sx*I zC^(%-F<^87Yt}tt6BQtu>Wve)dE+KGZzXYW!zO-}Ehw6RAlk{!KEdWKw=gH3;K<&) zBpP0)o);AFG>{0>?+hF;icJ@?NP3vagR=`*x+ew8wTE0U?}H)vAql6pvGuGSRdOM) zS{>>}ui(2Muac1%&)tU^4rvz@6is<_D5%INvK_lyMe0ZF=cgZbbMxjM?j6(%co?HnDiE@0B+%{*v4fg{(F z$;n*7`;i~AdVE_9LJkk&;)son=Waqaf{?@I&GVT)U1d_DhIVEcMNB7%sXCeuLqdqz zK8c|p-sZKJW^&^GUOotK$kAk0AYR7GE_}cf?*4+eYeLImps|XURn&^L_&N6Yr3mn?X{1JaKpKkY;hj zMk$sw9^Q}T?t_POD#Qtl@ZfBzoI*)l2u0#E1O zk&uKOE^hpesWUQ|m8B6ovp>OUyV$205rDw1vsimLnR^*K775LzVbcpk9vz0Y2H-nGn?C*hW213_2L)v;U~MWr|e+4rb8E5m1xzDCdrtIX4vs% zyc5uviF@MN@Lm~*3DA_q{lf=1(6T3OTpbq{OJ)*xVq%DiNydf+y=Y~9N=d$3e-`__ zc_e-JB?~UOQm)M|e)xVbF)_EewtfLWTzA9U1MVM~#n)fOF(p;w&Z6N&rEO)0X2b;p zp6<7pIsXQACvGKCJ4mx_Q<%LkmTbG3;wUIzBuByJs8&2M#IqOEGjE{I5g zi)LYWN+_>|RA%he<-G0Fgek}3S@Du5H?}WfdA*ltr`oX# z0urDqzWDft5%6fZ7BU}1^TF~33@P7?F)OaH>+=S9MZeDagd{T368L?PnU5Qd;IOM7 zUak>@8=QTA;xbtXO#UZKIf^P{x0#Wx4vmRoGoz_0U`JCO;6y_}P!)_h_t2gPNkswD z4)N7{9Vi(YK-IxE+PA4rxKx$S!*u-qQ41PT_bJBP9S~bhqSC&hUy1gc)vsm{0yMshPN1v;n;fw z6l=uS7i_%!b8m_uBYW56i}gpDT<$UhYll&;Tm;4X-6Awnk4vM$%&4%B5p5gLa8eSD zx)i}v1DEg?44XC%hE*pdx(x06f5twWKOvzZgogOy@aoXx8(x%P9|8&RM6qTes8)yP{4=XuLAF=n zi|_jrX^_x0Xv4cMb!pYm4e+8^-KsQ8k0DM?B{3l!zp^c;*BI=r%oSVYw1yBv-Cm4P)v32ru+Z@0&wWtE`$jG7#t zK8np1s?oH02_P346~*p|1khsRxRi5&$(<@tx=veOoqY{AF&&G|pN3W2(5IOZC`psD zzJ%Y7B{8rOuVntt%xOQf>F5;_GZlxHOaMVsvEP2keYZZeE)U>CsfI1-+T=V}9)Q^v zMCZos=vWQVSE54+3AZ~YRLe;wz1EhR<=Qau$gd1<(S!!|8#4W*h$vZkcz7BeqN~z= zz({`BIFoKg!f88r3MaAwF@{y2zDD)1It<^mlyL)Iqe1CtKKd=5T)6;~j{wLSq-Ocx z-ti;4dji1?>D;s&M>Fw-Fuj%YpwMb!{RFl8rkXy1O? zz0?*xfRw_CB_nBCsw5?&yYu<|UWp?$H~4q3ax!f(&euYnJzFU65&&EQ^)9mwF+;t`L=ICj}ZtN@38;?;Hz z-p{?4g6yh8L`4v5GjV!fLeS$?p$D&bIM20PGKw0*ec3Swstl^`v473E-+w2#Trp}E z4{=O=`VL04X-eIiwQ1P&TTV+NVn!VMzwAj+L@l}xSxQV%ALo7wmlh9U%$0B&y*_{l ztf;zJ?mx`M;xMFR*YrpRrw^W@f~zmpUVV!WY3I3aa>&~4-^Vj%XA048j-!b`D6#`& zoLIMx64lF4CCJ|?qY5e-sw|U}aeI^QLOD(U_f=hs3XlNX5jY?f>g z6jZz2>5HJE$_lC~qd1MIo}@80Y%a2E=jWSpf?6?seQSQm=S-+53Y7;PGNd&hD@S{=*W;N ztHtQEYM~=cQBhFzO__P}Dl?xl!~By-k!57N(_Ck>Alob`s)8Wf&}0$WW(CDWip7r2 zrs6GV1v*yRtcoKnPm!@Z=gQ%`qM!%@f~ZI5l7l5D8I$u@_wEX)Zbm%(fE6Q|95|of z8x_Y*4{F%~Y<)N&-#d~xDtl4B_86ug8%z28uRoHGn_m#_$vNbv10kSj0(uvRe}w8{ z#LKrUi|;O??V}&%aB7JKMUk;_HJ$v_cd~xrS=ufdNl7#`RYq3J(SQCf-kGnk;f*gazx@&&8&<>}1w~Pv zW*#FtLBimgr!>(a2^MULv7`clq?3~QkaVLrA+`g&`SvmDf3k(muSK$`V`uJRbB0x> zlaQ=Hl!h($5~q%N6Ez~w)a00lgp>#5x`hxF?#_XEKk)0e8RR4+k#%7rMH|IIpSJ{?vdH-R7}i&wKX#=StO^b+#5NWYHL5G@z5p23|;bAR&&?W^X=m_{(LK2 zdquFYLnrQQHXNCtGDt{KAX0}l_aY~cgb?{j6yBA#5T62sBycmqj5VS(kpP_Jx8J=e z_i7!A1v&SxpzbWW(*5!K*;frl4)ET~w&l?*66;USw zhgrQogc`%E6XXY|`PB#-f|QNbl*06G&9Rv>NlMa@^T}$4wy8jH)HNRD0It_Ko9>BE zR5(5;|jy|OkNCWfYGBY z`pj6&Irot*W)yoCcAE{!7>?1q2s(Ek=iv;3TL?bE^`9TN|D0Izrw{3Z&urz<_kzH) z{u7$^OxvOa8g|U835ywURi178x$*5P&%+K5VDr5G3C_F;Prl=yp1fU=Wdv(J&6wSa zrfF!J9ZeC@WCbrtX2ESMu67F_g+CpeqhJ+sv8tL=#caon3A^e9CRi~mIhgRKT74f@ zP5GU93#-xDe+#p>RiOS?Z7C`*rQ1hGY58Rp&K};%1-FtktQ(2vBL@r-N%Eyc^%4Y5 zp3SJyifX}v37aP3 z5?zTVMQ1YqtG(!}-{JJ8gWPfbm@iz+9JE@nXg24(YuGVi)$&Y{8VFYWE0@4k07X?F zYoHVrBn6$9k$^Jcjy+saou(QURdM*3c$W!7=jnn9Xo`R!nu$GnfOGfubHyHuvT+y1 zE0?2T)exd1eDFT~9UsoE#h{=~tUPj@geI>cW$VyYuyZr+2>bSIW!0g0%D&}zkCm(J zShJd1$!;W{S;uw%&lwh-!o}_TiNlZdGpm_@{vM6TOs8M#5c<704oF~H&AvSR;0r!# zUj#k3F>4N)5Co93AF_Me49<32LUSExPSC35%K;)uzO;G28b5rqoF#L7=q|5ieqseC zl!V)RcMzX#!7j(Jan>nX&HauD^dv?E6L#@C2G6R;u<)I%+;@l@Wm=*`LUen`*`pg- z|63UKlohPK*M~v%!|{+bhl8^7y>6jBnSG}xVCC|Ks8V`fmc zeg^wIe5u!~0iHne^69L^i(&Oj5#X@CKb2QSKvEr=zTBt;_8(YJ%x~*CmK;sz>pK}Y zb`hD8?^4OWj}2>5@vq#0y1g6o@x-O9(Pt8HWgqH?L#bo1ar@97u4D?>((kc;-Wv2H zx6>eJKi_=z4X1Q(@uT};Hmpg(Gol)`t4Cp4Foji~;Y_Mg3?FCTL}aX(u*w2%ew~;W z(}`)=xVdvS;|HGM&AA`YG<6@x_HX3p35#(LKFQ_UZoQa_u5Uoq&s8e9GP`kd?R< zFgk#VY{qWM#gdbTh=7Z$h$w1Ef=Z&<8!t75@}1CS6FC>I;a00E^?G)tZM}Oe z-*ShriXCWN`5fz)tY)L7GH*3)O1++?xjbzOKW*R1juY3(DA9nf;UdYI{#0yNjbOn} zMr;aVu^KduOkmoCiOl$U0lRKB;j?isQ{GqR{^@Lrwr@s-kZ7v4E5?pbKVt6Ii#$l4u7nqUQfZbY;`JC2*q7fQB)7gwyr~Qy;Q)u6Y&fwL8S&2 z@qGq3YiOE*h=w&O73_;%RnZWU#58t&J(zD+#bPMu$Gro)IcqCR=VsCP7cEP0&_jOs zYz!ydB56>y2knc75Z}mc;x}cay2PmDiBv8mj`FFDbltH zW&QQY*1McPcAKiN52bz)vA_$ArfIkoZ$V4(7OQ`n!gqW98N23dUN4!&>H!}!ed9Lv zAHPk7aR>Oiu@OZT@eD3a(Guy*`0P`T2_e+3)0@s=p+q)_z#gk3!atL}2Ujw0*#+9p zn!+2^!*M}_JGthA4;{YNoZhIngmFkSU8$dYoYJVFBsaaD8_&WGN~c zgf7i%6X^P!gl>8x9^oYjK0Jv}S6nAMq!I7*j6l^%B%a>Kjk}lGx^64mHm@VWy)un^ zyiV8jP0W}*hu;nFv;E6X__-vp`OAS!T)u;Sr(y{1zMNkNmnZes1&-`JKtkFLHvhJT zZCln8E0v*s^Gc+j+>2bM9bFq$!PiA~M#JTB|BQ*^9h*|h(+O5YJLZfBBtP_^RQo!F zdz7H2mz9ePM)2vCYD^gM5nU^|0w$6!rr}qwA(bNp4ow-%_{Ce;b?_u=vjyz@q8=h1 zL=-K7_UnfX*`=plpRf3$P4M5LrB(%5mhFX_lNWcwKa=qhoEZYue|X;=s%K4mQU&TFX{lxH%LIx8+b?wjIBIwc5sT8ey; zSBir2^f;er?{OQV=oqi6DyV8+U8fgWNp+0BdDWG`hAM*aG46T}mraI-(*^a8J|H2vm&n9~-KsKI`{U_&Ndm`&=!EHR* zx2NUePw-t;Q8g6}$;r2ZdFAM5LA?4~GQY}&z@(7==e1Wa5}0Hs9UwRD0_L0qEZKK4 z=O$yZ8u9Y0L||BP1f7c`uZgI~)hiMYzsg8@&%z4Bg;Yp|R7lSOCWU~ckP7Ml9roZ8 z+63>A#+b7c$w|M4Ip;otp&0(5m2vm*EKoC12ucd6kP4}go==6qnp()a|1y$u z_aW*fG>TwO--6X-K@sHx9eCDxv5@{7W*SX1qjM{Q z-lGWaVISZc*q-dH6tYZu+yctt7E}?>po)MQyE&1@NC4yEPW{5kAlGzF@g`@GE~uojGYl@rn9QkNPD#3avVt zQ3}o}l7Bwcr_~P6iHItY|M{bQ)W0nvvruF5B3Y}6Xi6%mu}JzNNTQyMmhP;?Xom{u5QUVav@xkxj_fOcccm|26uOyuxY!spcf4 zhiiGKP9K(BxBcUQr6ft%Pkc|4&L6Wq*;&BNmdL3&eF-iSNmN7xT}Dplviv-rNJ!Ep z=63&(RabJISx6t9+DKX^XIH#WU{n*{|LOcQ2k5^z1(7s6iQ6X9w8uD(n)0d@KXo9d zA7*_2mV_6NCL$t|;lEuZOLO#VPWKO4b~C|@d)B2~IFVpS}n zn97c+187vH4CP7|C#>N}Hrz-@kfZ`q_lroXncM5WpxLXFIc<~B>2kQZW+vZ!w3Mqt zett^FX*hhkDg2Qnq3Z znhxDShE#9`Y9tBCeu-}fH^sZk09Ia1DR_L(`>idW^^*qCZPZHQL>;=ULyUX71w~3k z6B!Z3h;^69)|_&5bsnuc4q;84f*=S;f|Z9yX3(=*B`TDTqF9v<3|@EvbUJigVaBM= z6b}m~wBArwIr}9gZ{+3H)hN|<23IWdv)hO$A!#WboZlCps5Xq<9!J9Q8T73lN>EsF z2K>CAWKBYnG!B2+iTagFQMyu1emH00$$|`y%Hp^8FJj_bGdZjM2ls$NjmbZa^k_;l zU_+5*&{XW^OcYx#nr26_W&c0AmgMCp_=ny=|F7VZe3PeXplTKr#SWs3qFRuxnW%OX ziroaF_+J1`BqZqyv)fO{@Yy(Ctr>*znWS3(Hj~i2Yct@RV)%#tleQcYNqWH2H(K+R zP>RTXDa2VEXwzah;!?gVOP0QkU+O_-Oxw)xiM3esc|ANR=+>Ifm4inJ%8>K%Nkg8f;1D*+j~{

      dgj&6W2)s6f z9wTN@EMhW)t7UWbz!8F<>K9l^y&X$zdNqcvA3#KgNMPw=z$MP^O~9j8ABKKV9}lY^ z6~Y|aUG15^X_!s1tp9m2cds{a)T1%Vq~5*6nbQF@(jNC!k|1GSUuI;7)AyStRE(R; zE2CFXZvLB;bJzVzhFG|J;UpKVRp|KmKHvaXGi>{533tjCAq%jX{b}{;Q0lxMNZ{2ObpL1; zr7C`m|ExZY%?>1JR|0pkRcD87WZa46#{KdP+B}ew83KOMB@swr^N4TQbTyKX7mc8_ zt0$$3`y+6N#jg$|IeIML^lm{BgY*=yL?ppV{NCBjn|y|z<2N%nNKif7)f10d{p%v6ta@8bLMCoHPydQbx{aR zUf6-<*nS*SjRTk{j*qI^k!@L^*io!ms88Op{^a3to^KmY#rykd^r`BDuFw$l_sp|X z*Qu%ss8%$^jH1X$k`>i%LN;fh*h~mWnA0!d>Rkc7Yf!!@tb%SO3L1}Za1NEKR)G55 zkzftMQ4;=%779eG0)mw9_p0;c5S>+$1!oy|R1(fz#Y0vQCBY%U`ERIykRVD`9qM04 zvbB6FV`DhgnuI?F(ofuYpO=*Dahs2mOgRDhb5z=bAR!9RGnY8b41$)Yx>r$EUs`>- zm{Q6`7O(roQG#AmkzBnfRl6OP3_74B-Or}6<@OCysE3E(REa;H20+AsD+Zl}B#BRG zM9jGYvRISX-!4m(vpAn1=GT1WsoI_W%f~lOmNB3DiKRYmXs+EuE8w6|6$O`|XljI( zMz0g0@d#f2{#%r+Ok^aCxMGlWPxedG&@>N1{YufcT0O!Zfh8H$7D9!xjc8N50d7ti zSD#6XDj?cTWS&{fD&O|B(6UjTeUmf;M#1RdsmZUjFVo%!xK?4*Q8; z#7q3N=0|k-=S_1b*t-U8tJkNP^Q-J5Kd?G6osJ{s^L|rTr`!XWh`kj~vrn4Swm}J8 z6b1E(wdnXycBY8rUYpl@6(PXpL+z5)spsK^JD$Aq)BD7oyvW1%TJu^7Jsx^JQj5WK z`1Tu4-yTlAXc0}wYg0le8Zin6{?2--g{GVrK|AG{uG{+mNkU z4i&#G7ZfvD4-X@V&)1uYVxD?EZ$q<_d?S{0SwqT`AVGTkj3hdXrU?l7z83}I$+q$z zAW!^0?|J8eCg%J8zvAZq*N`Jasf;SykZn2GEO#7*8f7br&5Ufxz-CED6cx3~gJf_eykPbY_^R=1 zyg#f9f*=s}(iiN#C!*7doSf2~>S1oU7$kcC9EVvv$+$`{@$*$1lAw@rdMXV(Jn`^! zr*z|&So=VSPM5*K*%O)EwJ)#sZHXudlzV43=Tk(djEhK8BER(cjO|$_)F;50fF!Bh zJHCxMBW82$8FPu#lrVfEt4>@a$EoJmGy}n4@y38FA4(2ytMasPOvLE7HgyW zlmHMfGoyDS!i*xK*o}FYQvp4KphtISDV@SX2r6Ed_ckYDj$OjArXR92<`-VA-Hjhk z3P?JM_zh!eU(Au=v-u~#am(a5WOt8jNU0ESe0;naxIPoJ?H(I`$e{0_s%TcF!0U$w z=yejhynW!{V%C(8q+)0=I#g6ahjeGLvtMNx@Ovf*dW>!WJSI|2cje(NfH^Ce`P>f0YNa*aNs~Dj+w&r zrE8co?M+(royD0%@$nv-e-oEunBK}CPcLsuRBFV6ILN#jL(Fj_FZV5jHOKCl4=Eq- z4=iR)#YidyhEcR=87hSbJf-0h(YvH^>Bev(Jc`ip)mg*>mkuQnk|46oT3V81n&R{nl?d6%G8`)M4AUBc)dV_ABBK0O-0$-)~R zczJl?fHz4bg;b$JsZe~~-SE~)4j`SBN@}_0)DM#o1evrGlc}vY5?;R<;}6ROx=DZQ zRkskBys(?Jf~v@jPHl})IM4OOwCSTeC&Gmvdrh(Z>biTj^PUH^DPl{h`~ zb!r9c5e13fOPBI#t+!c_bcoMeMp0zwCIn-eVg zRVM6xfRFAb3lE$kv;Gfg@hhlv>o~L4U4*n1jEb$ypyg+HkZ_ObFGb)%4ypGZl4V!P zN!`Gw9i~xxbs{No$C%pMg&(?q$p!rIww_|rj_VY8Z5itI9|_*Ig`f9c#Dst(3V=#> zVj5;ASQnny%0yJFnatEIhc+cYaB%``b7}@THu>>aXef&E)Qwp{l0=d({=(bE1%$@a zP+Co7(OV^f`>gCUfop+pvmsH%y15KHcVFh7UBPHL!x!JDG3MBD_Rr|VxpzKfhyQC# zSo0a(ioDG9b!!=16K<^;#<2P4X|ebL*(vu~@o`5=dC2Veum)e{zQVEt*SLP|Dqpqq zL^&{Ej2}tdtiHrRWn?Nl`R6O0@Z!iz#U&9Qu)Z2@B{qVm|l$Tse3*fcB#n zqF(%g+(mPkupxz)*3YDGcwGj~-pAqrH82Q!7}IP$ZMI)0{`^L!c8O>4<;HxoWCUGH z_GR{(MZ8f)K~o(o;>cH@kyJF2+V#s~L_tvnBr%z#AB-UM{r*&Rhs^tH__Xs(8gI$r z#^Xk%TDApY2zucP%C#KUous)xxImgwnTVqOJ&&YN&Xu36r+|=tVdNqu> z-9~T{Kin**Ig}p2J3p^xPQOS>*8ZFoN76~P?P27F4XikDA2TNyRsSPGr<~)~h0_eq zTEVO|D|#c`*)gB#lk9w*qM=hMzLFw?Pg?KF0w5LRguvY zD~fDJwq>H&GSO5KK`<6jlS4tVSLEZb-=kJUaf){9!E5#?8nuW*7gm;PZR$|}{yA=v zM*K}rT*|efSy>>U3-9y-Nxngn$$(!_AeX-#hW@)Tyi`00<=T(5^7F;hGn8_5z9$9= z`QcSIU7XJwWn;OBtKbm?4+U_5b^^mzIQ6XN3nao0GM zu#?fvOA=YNA#Eq@;O@iwD2gAoE4AgVF2$f&V>(v$#`oF{()=n?|KeOG{d|CXsy}}2 zqC@qMgoKLiRvcH=o^)&HhKqki>bL7e>xw%#lLB^o0Bss{q-Tp@DAk6Zkt*EIM6(`Y zMEx=ZxR+$;-k*6rq9{Q@p^Q1;aM(-OIhsnM8|6Co;mZ}{sIC{N(0v5^G9@JGD)ag^ zB3Sg}wG}fM(!K$~dVyXGZjmiZ1zZR;6h+0aY!808W<@*t8KFx@&}7I?hi``Y21};( zqj_{7q20b_&7O-WiWOC^$jGnXqeijfL^b+=ciZgdOpGi3AzrxY-0=+oxXz)inHWP~ z;iaY_c=(49;Nt?e9jshihW0&MQ?XPi!NFm8yTq|*>RE=p+XPFt2?Z6K9UzqxbKfFT z6cNRWygp$M=|I&tXRsqlMVnik2`%1Z!r}W4uqIbvrF`Y zmh|Y+kP??qaTCya`{D2HLeXv?@J6IU){QK*tep&~5=nrUC;kD0*qnWxUuIrp_<*M5 zWac7k3U-@Ao=rL4G;Gj|_ui_4=-QmOUh^a<=mOJTZ_3V+W7!^~p&h8j_?p95o05z5 z=3X`(?aJUmRq^o;AtX2uPh%3t=DtOQC?blLczwcQR9vuTg!1aZ{`6=bfib)fAH8;) z`-xeYEh?>Bv?Z))1f^aXz@V_XY&;|L@XQ6SrS<0hmx|-+8%&^&I|3efxVz!u;g7#J z2ANd>FZMS};ve!hfMX-wBwTT=4sDK6gCs9d2uwJU~0 zh4=ZmeJn|5u8>L)-bMqS{=xWrNeFS*IQnoOV_TJ>WR?1~{9-%zQnLvN@x|TXfnOkq zIsrk1gf;zn_qZ=jUhYLre^3;Mx$NNBdJOaYf(e}hF{m<@JNJpLI+|fE^|(h=r`1cn zXquCY>2KUu3w=ypj3vimmz8a3k_FjjL6vQ&iVaOsQ57AsEgMa-fT$sg`adq}SE3?K z?|#MXS#DG)Hh_kau7C>$LBinXj=Mp?bnyJCUx?|(?g(o|AF+JvjN#6V@bNjt{V$k zSLS!#%}po0R8J8tO7Ex@V+HQDlo?faa1m5um~yv&+m`o{o3&=7bW%BiUus-{OLIVuF} z@@eBl0R-7Zy0H~g4qau6n82J?UlX)qA{~4@5K&PSSHfG4=YskLF?%-g>yjI^T{Mcy zvWzS!C`wuS|8#)&7G?758{^6B`x@PwRKZ(O&`=!qbxA}(M3f$DS|ptjH$C85j%pPH zxppyz1WJ&d9L<~GP36lEo8YfG{d9yQ*c2Hz(b0FS9LMcz28;&KavUaIO?3=N6dmEA zc@BqSo(4p4B;(85Ljn%)$Gy}sCkl4E9o6{^j|wnav8fcsilV+i z!*>{7u`daC?P!9CD9DerTml-Z8bHl=ej?`47!vk>}8>YsmOr=NSLUOeLYlI1ApX&dVV(ikiUbjZ2ss zyaByAn{2ZO$s@}$`@3F5ySSqVDBp!y4%CSp1KJ^i*B z>Hq1^yj|NDO>>z1;}^Y3@3gU;o7RgUPaUYvC?Cbie>7A@LHV0)^@SRf7j=`?RAjpq z*=llpEG9=7sbY29rfs<>b`!E}A;a!0)mre$he9Pr{C=J5pSv@qbpZ9hI7AwHL{UK0 zNr;jJl7OIPW6k@S&59}41s9j6npSu6{%hMQ^Y#Yh+$@%MD~GROL6LL_=5$PU#|EwB zWRfF*AShVOUX-sff#b<3q?r`7b1V6%f$!f@4*Q=s&$9i=Iks7x4xl#2JloB9h%(D# z&1_Dv;Gugus6s;#Im6(edS(?i3>zFd}5clug=2q-IQdJw0_;g=o6ajQ9q$S+u zZt0;c7}X7fmW0)2MG+JfL=4f%nbeZYPkg zX7V8R9uJapk(FGM;;(ZfE`ikJd)WOzL+jX>aEef+!aWYGUc=Tyw@HYP;l}+OryI|C zHg7)6%^TObx@RK?QwGtcyn@B9IQXOhl%jqIKkWB^VabLV67SsPPI4~j+t9n$EjBLQ z$cZzzh>f{LVonpjPfQ{`Es2|_X7jp#Yrfevm1eFE2jaZ>6(s>%RwDOeZgBHXA{m>0 zV|~f`RI3$+D=LccWWNrl4x&?aJLz#ZxP3Q~a~qd3YtwGT*Sb-a9PYPu9 z&&D9CHY`aXdH!mSy3u;K4$R3+Co}CKm-kGicUWg8Z5>M$GO%!eQ>;iQ#tqJu>YMXUs=3 z?3{apYaB<8?&rjrWU{X=V9nVM)UWjly+@`pWA_aAf*Nf=vhuq2I{l?!|U#bB$Y6qiBy-$4nUDDJn660csdzg)^T1dTfgWGrR zb7A`$X02RJc9%~W_Hr>EXzN+L;u@Tq&ky@Fmlvz!aBM!Bf6)bgFq z@}F){y!Ks={Hy8=86of~@V!oc$oUfW0NK!m0TC^Bp-nxHL3jKedWZ4E*Gj^*P z#cn~Ctq7V1nvAOI5H&~iii5lKvC{jfHC zcF>GIRL`N8o3pv+x2zgz;QKC}nU~;>mJ>nukyDuec3IG%&CEsId3PY6wX2RvvXRwh z8rK(8BCK>TTG-~(yxA#q9>EM-dzSK;h;t33NK_Uc&gqEiJf2VQjbi9a75P%I&}8_p z%pBF7reAO3osKW@cB`++6g7IyzrmFDzUXx-g5*v}bP?Q?XKlTr0Jk@O!-r$$a>8uH zn$eu;hi1^Vv=^WwsN~Bux6F0+D}<51pP^#H4nFPCh1s`V(7Y@2`ls9Y@$Hht{Prn> zKl+w~={l?>`ti%sujpRE=TU^q6aEs4!{Jykco7;Ij;jplG>rZYXj^(0r)IXn^|#Zs z`0N*kHfuw4n-Eev51@Db;pC$6#v631edDE=p~zYBO0EZ zL=E>M-RQ{$z8~C>ekbF2Wx*NR7jeOR_+fs0vkonqO~ECoJxh*_q^znzxt@&tJdMH4 zt5Za;P_fge%>897Va19PCV4vm?6WFN5K7Q*(Mn=Uzf6@`Hhha!VC1rWyi?XOcB4-q zA>jdd0x=uDX27TOIB7Ow&1}IBhkvA7vwZS}*yzxE ziV|-uy3NFG-@`S;g_@dJCl(MvMk#R0m^@tBuOIe?kdcgClPdh z*e%(pvW@hI*D>W<@bhxT)!lKE%~U*Dklc+?Q6~wlKIvI4gd`y)?&PCEpYrpb>j+90 zrtkZf-jxHn_H!HhOu0lxr=Pg-O-r(47V}!;PdK4?Qo6xg%=+yUDv`nQpJ%iAbTF^{ z*pG6+&80&b^5uLE7kh&@LUO4xbR0cv6vy-GENZ;;9qFo`+5_Ih_v@oHy}gniZaG}u zG>Nx+|45usBdcT=zMk|ggX{bK!l8`7@(FrLA$Y=vn_E#Tml^+^z;=7pC(!MA6}_gEeZ3KxEwKY0L2D_|b;+AfIK zd2RhGxq4oo^4iSb))S6rC|dqd<0raRfLu8=iQ*s1L_S{q;abf5&7ZzO7qA}xXb%3G z`(7b1d11h04Ve$Nq2cDJFsnjVS}Zx4CVahJad8u!OHIXHFQEiP)<=%r6&)xCv!{u-vuTa2^+{x zIg8btj@^=u-I_^mjvZHzNCJXG5OhXVMMeiU!0ZYyU%sKb4TT`)H(y&@=NUkMt3y8qr?gLJwE4T;Y8(16ldFT9dYHK_L zVhXq=3qsy)G!N+)oVZAoOkCT!p5qBN?B-nd%-%@Rk2VwKfH(!H#tR8F{EBtOw@7Dl z(r=QLe1@Eic-%sx2r1qOZ@=IIH4}xPq>u`!kP7MfR0vF70I77<`TR1lJ-UtP(oC;hCGgs{UOEmVkhX8@pGs>_iqe)ktW~MXVZJ2V)^1`9o4H z38+d2t}X)ZCF&tcO+d3_vm{|kyXVaCDj*sB(Yb~pNQOeD6;dG;QX&1(iBxFHdBF$% zqtLMYw`T2+!-M}8D!>-~KLAQztSJXF5iokP4}g3h60&Y|0UwsmcrK#giku;D14Kvj2hXt}og-S5tE^c$Ymv=ifo6Y3r z=3=+opY`xBq(b^HBvn=M_4R#$@+^QLp=owB93U-m6|1akjr)v*7a((VrbEJ4T@0ppCo5GA32`ccmt>%SS5Q-D)@!O;>=|6YAE zoc~YFL0*KkdkKe= z+cJLE5So@rW7T_O`Snf;Hl2iE^r1vZMY?`AoF)Oz?4eKbHtzSIm_B_GCxvpnId&wk zH;TrHg#%+gX3p8`WEg8P`sYt+;3blE=to|fxE-AU0p)5jc>GwZ8J=#}k#0P8?bm#} zY!_E@+<0l+Ox~>0&*guuh@|9jW9KryKjOzHU%rg6cQ%tg|CL+5?&x$z+zFu3+e7Kst_+tZjNpgE z=Xoeql8U zao;s;#d|Ped|&E@DQx~=2n+6}q7P`s=($6wB<44@OGr`<*LQ5@=oL>I4{1k)SWrKo zB-wI?m7g6UV(dWbdF7vLM|)S+&u9A7jl}!9qtm(IDFo4M;4peNj>1Ry7qapH2bgG@ zMn-x%-rhdAxVjdabN<>pJy-EMIlcB+D=3FzD-G5AzKkX)Zg zOI}F-inJFR)|}s0NJBzXZ78x0Q7@yZc4S*7s@;riH(~s*sLCuMNw--wXgP-d@6)!t zAA0@+@@5R7V*Sb#aTottvVk{I^&8UIYDd(pWE@||j9-0eKd?DfS~SPi!;=8>HC8V; zz}BKY8EQGfh~?Wz328-V`(B2vielBMCX}pGkA_iMD58jPWeuPGYNXqwXYUb`Bw)X@ zgt_Y%a4+grdRSL6Wy*Z~qbAYf-XJEQwos*R8-n7tGT`$qY@XB>yUm^E&0Ao!CUR}h zI{JUqm_0Ka<4wMUNfP1iA&#Z%2yEDsUf1XI`GB7Y`F$jvig_StS?pW*9jkv9sWNmB zb$p(8$I0dLp0#Xu6{*&%HX#mt`g{m03Rp8@+4%i9*4%4Hk1t=QPH0JLwroLBA74T< z5A)5mllXKrka}(;laJmdvSxeg-rvfgFE+C7+a9JTJpRY+;ZUwO#Ts>``sI0i^7aCX?;J_sw%3{Ypej9E`jdQiBX50Mi|xZoU^fQS zrb8zJ(vPub@y~o>sKxSk!`buEc-CAqQnghlLi|b*#wOg5q z^!6nzeJ^9Do+P+i4zG&93p|E&nx#SsG0(oTEQ|%)VfttvU6jnyR8{R#erDqR1fG zP-K&%P@~O+fPgjY7B=5%PvtQwI006EA0$UXNJr8$;ZG)5E6}&*=>%))qf5LajlLi_ z%iG(zuy!k6ulJ*!Bp@iD5621Z&T>`50U} z`Bk7}wo~;iJkK29RJCh)YI_w`DN5512GJD2n#NIi8C$CMr$JyD__VC!XEzsfD^ni)WwF9^} zWGlC5O!a5LUojf?C{G7(Up%SIi4wy&cIgdT6!XOM`cF)?)}RA1=%qhW)r%N4Pds$4 zj%>S5eixXxNDvY1S=_(AniX1Ox(a%1HgGT7f;Yyta6EH7mW}s(Y2G}H%j1txq|fIJ zeW^L2Y5;R;Tp-z8n_~;+QKIjChP-Cx!os`s8nu?>BkvIS3?>pWYF>EgT^y=@;qltJ zx%@3wMh@r1<2dFbLh7THDKtJ#s)=%5VC$oZ(Ol9cMq7S3ruZzyP ze$}Vc3!11SsP5~GY;FKdT&fYk=#RE?i$+v0C|RLPBrST?Ai&cLH_CA+WHd)_w!<(d zfp&|wGbBRc_F0K_gAR~ByebvizDG@0JTXzBVQSBf-2GJW&!3~{IkZDOpRkSD8vLw0Tffp{4 zQy%i0mo!(3RBKDW8f_haA2`P^_akXkwKVR)i%j}0=52hMra5X-Xj9Cg5ctV z5(6M28BBLu(t9~`AjNXD()}Gab zh$gOX{gOt3{se@!XUwv5oY_2@_dofTBbg$)+-CBSEvwYjNK9xpo!K#Aw z!Af2!6-9}t8no@bj%-Qd_MYX;?=zAw#=VKZZvc&l{>bSx5uHxp=FjiZwn_<#gop6{ z@;g|#$d8?d@@tG8Nrdd%%jg*$L5YY+8uomjJ-Iq`x-3rpGLNN$M>FKZo&@>_(fW(k z+|151Es01{GQW?U&cR#@>Jwm0K#~+5oM8OLo2Niwm2@?17wyiM*Su%I|< zSZOjj*=Jcd(@4*rW%8M^Y@FSDnTMAmY2QfV%s~?&LUE#k0M9x!A)eUS6f&KMo1&d# z`6P|5U8*2xAW3%ao%o)XAwdKeY01zZHgMNHlpv`T5dbu%L$y>A;}faZu_Xt;+{DSG z>nwidTdKbFGLd>6o~};QmpPfcXATfouQ}D9R(L21N?=jKy}fZ)0c6zhs#Feg$Auhr zjlWFuck1Kz=vM-gBx1U?m$6NP@DB>6+1r!3NFeU69)!EZuxMx>D*6Y~{`&(Y+Qer7 zv>}V^^YG zV>z?81Z}Fi07iUDSEAzGqnvm;^KRaHlRODGTxE9uo>T}5rQ4iyj`!h9~Fp z(f(7wBtJMQ{QR{akU&$=lzRw53VN3!*v;vr+`U3>atxZ?f?~~flvV#X+Eq0WMFXxz zJv!9q{8mMk3>aNpaCI>v{abS2xEbs9F1YGNgnuZgy z8@(1YaBcC&%>MZ&ckmY$Ot{Y*d#-YEaaTMuPH?GsLyDb_u z%^C>uVZQJ1D^+K2Vb_Yu45)F6$!AhI~zc| zQFB0TX-9BNiWoq-_lUc{}Fn zBRK!l>m)7ug#`z0V0+~E;zH`VSj?)1B<4FTB@xggXIV+Pa?hbHk(}BS!C5sJS2C~M zBRk8C=(un{K7!w@PefP>s^`TIEKYcT3^#YQtu&OX*S?AR-tg46+5QB@ayI$*@Bs;N=y=ci-+n zX#4>ye(6W@_^()e>O2q9gE*NT!nEnr7+cH6pdPch9RFfzlM_W1rNahTZD8`!; zmvivw34R&i#?O7nF#C7{HtEUnNdj0hPxDRlKzu56W0E$AV{=*nIhC$fzr2Ld zU^;2dzhLGorO3KxWmk+RZTgR9-=tRj_Tfx^x#Lc;vMZUp{T{L+U^}^p3Ae4N3gq5e z%%s!1yu_8tAM^dJ zIkb;i#WF-(43Kec9kYjAr2E$MoLTk`l{}6x|D5dbM9tjCinLJtt5qe+@WOFPK44M^ zPX4BYGY^}qXlj~MZ7-wAHe_oKvONdcnu#h~9V+xc^${?-=5l%C_YCVefn&JgDi#1< zbZ)rcT}IoQ#qew}jx$-7e?txoxVznFRsVMwJAFU*1vlJWT`@?)ztPXX0{FdPFCkTS z6z{WJkgd7M)=V@-c2pLYO~|%PWNSLA-~p0Pf%$7BduiSr`YxSYG^feHzO;QHP^m+6 zDmCv&hgTa@?%H9llEJmpX5>;G>D?`wQVmBjxLXccNhf(I7NJ_*`UD>Ofq+lHWmvT+ zwCi(e7ZyrjU<6eg&)_x!x$(zXad;jhIyIt6?*WXO`8)S=n=@)wGxkjG!8c-g-h8DS zbxKwy+~`Mi_4+g_69jk8vhnPCzIn4fZF=+T>rT(!J*eZijKi5A z+I^{0qdl+otVLMY0lXGzBkNi+vi&%tn^mD`UYso&AtpBI`Jy=-)%*44~ z6FV0X^-32a^WhTHjSJjLzDTupEdVR3m_ll52D#6%*&o|Dm+&6#sG!q8vy&Tpg4L&% zF{XP{n!WNSZ+)|ekcM69SmX-*{Uy9!T8dfUfY+M1vUO}bt~C0B6~Eu$+Rqgj)A$?q zSY`BXC3*FS?HpL~9q;D;M%&)2$q;fm{zG3%>UHR)I=nyoI9ZZ}P7+C7*@bRrD)9Qt zjfis3;gayt$F|BHdL?Ilsc7*qr*g2mKO~>zQP;5 zno_>;=Zxujn>&fA*b}z$R^^g}2Zs_-@)LIE+-BF}tGxfk%ZRyP&`B8edEQo#d1N~& zo)&7>seu7FFtIb|stjh~rdVQ^)@EYMNo>nBp>l@@5A&Z&dfY^XOAFtnv|f)vUz5I* zj-uj7r1dZ9kWHHM$;ZNYSxO@9}cIN_7y7+38390NqIuW zi43?Gtw4<$m1#M8G%x!maraUxYVICBs9BcqpdiAEe8>))g2Am6y=Uy;;EHeQpS^~* zum4IG3Tg32S-N==1KTyEalesFUAUX%lxzSVENV{oYmFK7N>xH#llbMmSCGb@;N-@w zEa_vVSF1V1AP^YQoR3zW;rfEU_^+MDpd~v=_7o{oz79>B)S={?-!rP}2KH=|=|1Hn z(nmKZGCYj3%UyW8d<7zctt8&MPi*x2eBQ4V6`OaVTg!%&vM5MA;P=Iec$Vu$uUDH; zw^4JdM0h~vaW+}H@&1rjv~1Rxj&Jv(i3XZ%Cnxqet4}Urbhjon?e#W;W^LkDOfmpz z`__{kW~4@yvglttF3Fcz&1p9-q`%U~L`8M_8fY4hS~iLWS+*nS?8vgo2}&#|iUkz` zP5m?T(p8k^s0L>X5J?N5hcXn>8hd+|I7 zvEt$q!}NwD$r<`3{o6$2uE~FU{E((;pnI{o0~OhhY`0*ynVtVyQ56{x8>(GI7Og0@ zTtwB1D5yMZT++}qH^PhgIVuqwJqQwf@Nsu8P@^keN*1yvqu5Je0E32H>?P(MXpUJE&=~`WAd91EUX-ddmM@QfKtw_oHWyCO&Fz&BV$Rg47J9?1I3y|{H`AKTW&((uP2 zRIy5Uc>-!AJ-=8)#|g=-dv7*5Jvz~_t41_#H9nx14V3h6kRyMd8QyFBuPV&jRc1V;_d2~A5*pkYqkxuXLG*Zu$@n2 z6;blQ!@h^PtJkt=PcUQcS)^r(ob49P{52m_UCiLf&WCtdYg4<52wdmn+HfMq)TB<0 z5_r}aME{@O;d*Q*N>s2S%K~7-d?$qmZY2nIkto;YOSaY9Vw_yq@M#vN64Is#9AlH;j zwo604ShJZAZ3+mUgymqUHvK{_p`CPc@q}y4f{va zVrO+`em$HfQSQJ=POhm=!>JXi;2{$3okphvKXWQ`08!q7L{$g^La4iOH=B;0=9a~P zzmFS60l=LQpE4BllW?yxnBPu!A;YR*d$^eq-7C;8QpSEsLh>()FAj~Mr*{B8nuhgvmSDlXzF|q_D zY#Uf}&`3mdG*QJv@y39nsScB#<^Wia`V8njJt_IhbbcG%golZ-7a2y; z+@)+g1CYe!JxADkz9+3h6s%UKqh+46o~D7Ip$Y=NMT=1^Jc1xMA3`Fdh>naTz||pz zI=2AAinzSs&vD+s(co8_TmECpAQnOev?m)t_ubCgw zo;GFm4!IMJxJUWop16^1XZ$HvGMeb3L3kN-=skjoh%QF#;vYB@RfGoh>rh19!l9!{ zWZHm);~c#jNzri8QM6M9Olc%sj^R>+)-;p=&k!O@m!@>-5(N9XBgX$irzv-7{mT3F zsTYQ(D9CCR#$LL`ty@<(cXB2#d)8;vuQO@w<3d1{G88w?XYO7bNRo3;(BtY7%fS;T zxN#p~J8QSsrBbyJyuAzrm53xdI-1CcVEp~MvLGpi2Qeqv^7BZ#7wOC=^FF4!2;A7j z@=N!T8#bY`ux6b{wj`n<7SI-mS`K%%kDr;4o%G}&FodLB!Vz26nr)L^FzZk-xem`*yA6!Hup20E9>GA<{Zyw=?w`&pc z?ov`rGQvLq?7nDH6g#rj?D*KsD6$Pf(?D~~E1HTZiDYJ($j&hrkgP~V?`lAo_q`xt za4|koWr~s>gAvR??NL*BqftD4d;|ocCpSC4!H4~-a&OUxEKd1}kK0zKh_@I1t-t5G zO+i&0j-864plI%tX*Z0oCzN4MbqNnwJ^E(7d9(MsYdkJOksZ5qGDm7~*; zTo$|*N$3Z^p%~lp{q7;ez7dU=mj}k;)p_aH7{Yu#Fc|gDO+-LvFrfGJBkaL0-fR|) ztL(jmaC{U~MfITwKc1|2G)6Z74;_#HQ0@Fyv)?5z!fp z7<7{3Z%si_0_d}LGHpFv90|0ve33tjMp)gp44yTZ(yD^;2;exJloi#54nKautF_DE zrsU;d5I~D#|CaOAd8r-6QBj@QgC4}6<<=cD%{w+h=eTqtH5|#L8kx*%ARzQk<+Bm} zX%y`VB(rD3ajJA_MJc_6hK8aV39s@NQx~;hLt|Gw+}&_%*oYQAd(zp>h@=zfbfgxa zP5GSKt|j?k=Ulwky-5XMPrORMOUTR#w3K3)+R7gvUvJ#~Ycq6171k|z2{%a69>lLQ9 z@WqYSP38l^lD`>NJ0u^qrVL*93Mh`c10sT4a-h=PnElH7f)0x{sWKL57 zA^dA>;>zbKWy)+@7UibypWNVw9Y#dY)MKe&WVjqSL3*`Oc0wsEV!S(PSbT?W_ z1FC#Hj}HQ`FtCIkQIP2N{Sh9>HJP+x5WC0JAS@(^;ntSC?yAFXhoBnoFlBxderxE0 zhnpU;d>6htkxJ6Vli0n(Xjr`*!e4_+5NtM^Jw85O7akst)oLv?ul&W~!eq_I#kUNy zEf+<$lam%t!p*Z74E_WLd7?8KkSz}}h7KVo=>Ts2wK4kCL{qI#A*DIi>=V*PeaDb4W$@G# zP;yDl%p(2nMkaRMPv@H}skU!2<3`@$l~W7p>J!VaLq20ed@Vj%-;*P4`f{@B2Ymi@ z1Pe;NNA{R$&bI8&ua^85nsVIS+{nntKv9$zP%B5^{-u!!q7m6@MNw?nE!m_c#UW~X z0{mT&^v(*>sK|H`Ty6xOfmI#hzj+~>q9bX7R?y#hnKJYK&KIJnX{zIvD+q}B`>$yZ zO~Z4N7YL8CN;>?J9_4xw1RSr{9%nbr(}+CrJLkK3vTqI^IzaN{?5LW<{8-?)^7lh~ zG?qL-`-m5s_M&~59sNapW`0G%q4L(A{$9-IOZA6s6vR92(Kz!ig#|ySKE=!Y{4Cgn zD?U}2OUnn&o|Uzy-kB#if{4K5HStK!{+NMJ$|(X47Cq-(Pqq74-u^h6PH+fB0e#D# zRW_eIJ=M1Al&eR4`V;SaF7NY)3v1fr_3$+R|IEB>;KXB zTHcy`{EkPm@bvS-AFNB~+I?m&Uo1VYmGf8KFbgT4ABd)*$u<<51-s3HVz(mOtZ0fI zO|_udB?K(UmTX)!yF-4|g0%sfV#jhngOrA!@J3ZDRyBh9-FkEOJ2ST2EVAs0?ApGD zT~+3w%grLK-e^7&A{~A!n&xO%&EfuvQPlck3pzV^_&24esyTB$2nbr9qF%^zmv$U% z8V>VAUd|0wL*vCCCVvK)yl9y=dXy(S~oJ)Zb4Z$_3@;_#+@vz_U+oFxr#t6mV!fe*=HAZ~1xs>|s{WxC+?lp6c6Q zl}pe8w4U{&DwwYh8UJ%_JZG%W8+!rY|0!Vb2mRuY_*r1z)JIP6{{{n}nQvA5bL0DW z#+YaNeztE6CG{F}Q8#!ryH0!^B@8-Qu2>?Yyla8^)s-P+=Dk9poIduQTn=M&MRK2^C zaWDUX$>y-}Yoghy!c(wVOk`^g`>Ez!&v}vS3veR82$8Q7~07ae3WZZr|L_uA6pB zscr;>hEXJPHNP!AO3{cTY&?5`8zq_`p<%~@Rkb1GjgOCs<7aoXy|{r^rTvk_zgL?6 z3e}@(OG8jCc=<)(9Z&{I(4nCq+jFt!-f=o1gQ)XB)O#ZcxLw z^{4f~-h5cT67`#X!sxhM)Kopy-u;R(ITIQ8{ZO_`b~39DVoh{2%GRz!W`G-#-HKYf zA5$v#=8G{WFjVYJ@3;N%x7!JdZb65Rr+IT+7Y@~~L(S-p3@#mtra@@AYLqMPiIy8l z`{7mCHRW5zWcgC}vo`p;ihrxtL{-%noM25r&fJ8irGn~-%^ZtjlhFh>jILfNvJF+0 z9bFK8aSLdJ!85W@V^T}ht^J{Q$FuA$8g{GXp6qs1B+@Fl5ITAc+D%h;q zWF*}|6!iG}84-1$r~;m%37b9=U6DcP-HM^9_5$0KT)heKGNQ>ccDof>Ctyv@z>EP8 zZ*RQv(p%eeNK3b(_wz)|$s*S(qoKpi*B?&fw!#yB=g285OJD zj49oM!QThH-Arz_3Be-}Ur#-fHIw8_%inIwQB@TmA0M)^vR;t$D_E0fVDv4AAeF{$ zx)7qd$d-p#&FR?j#>1-&l5ZHAXh2kDOrin3djz7+7e$sSxHPDSnw!pp zXVOxN2*~7Sq>`KQ^ud~zUmnOwO(f@O0ELV>D;0Crv)D>bOMmnZa#Bgk`R8yr&r$e= zf=fX{(`;zUC5&Fp5Ot+UjvGb%Wj!TIl|%0l0GfhoH=!Er|98dxQSBOqe->C zi1fr|r=YRrlLu8nK}0I3Uys^)whc#t$bZ5AN3!r#AD^x#r9H3s% zt%>N>0ymEa*m7gAW?x4$rJ@Tgj(1=sTs%Y3&?Dr9b82=})e5S;kad4jWAc}2zcdBa zb_|WusEUSa&Bc_SfR~F0ieg4ltmyu0Jh<}e()@=&gdicMpJd^Tvy^=M4eAE#{xRbe zrQ2-!YAMIeRy09GFnCccyev)L>`3tk=UDl}LXN5d)M(y`m)ljw6&YF5p)=iJ_39J2 zR&7r6ilMkkaA(8!EIgSEo~;@3abrB6V4fp&{=G9NxP044#qMlP+mcP&*Sb*7-I@7R$mQm-wai%ifJVLg(<$H@zb;wE!Q|?^{!TaQ zm-9hYlmftsfT*ctUE9HeLkgW=Z%d?J`8O)g3P@5Ghra!Rt!WmFzE$ZvqB}*O8Iy!0 z<#21?VPY+zRBc^}0P@}=B1!^6>QQF=8c(e*U8o*tKok|s=~p?tCY};+w5OE*an2e+ z5)tk3Y+HMf`1xdKI>q0qC0ST4ti@z~<$S14}`iREKCz-cx z(f`NZdB;gntZn=1?nyhF^Rm0ZE@{a*XHXDC5CcgBb3ieps3`to?P@+R;A79qk9qS0jp6k* z0t=t#={HxCIpj$?cCSy2s4UqHVex6^Wv%n4Vm|f9_VsuWU>9 zkUrG5pZ%E$eKYSo{sOCF>d?AQ5~$_qQb8X3p2x<&M#_lusYL{2`T3_9hS(HEAt51w zlHy{5!QdbFL$I*;H;9vb&BBdbUIf4=N zq1qyl(mY2v8&1}0IVpZbxNPjHA!HGre$~#%kulE}>Nq_FT`hDkgg_{vK@H0J{<+tP z>D-$Rbz@OXGgQg;w2-e9e zK2Hk3aC`mUREct~khF@bDk!pQio(P+8!~e0n~Veqma_f50qn@Xfu@I-@%T?ZZdx~s z>zzAz>ao{Z{`oSDjsvg-SMuuqa^n5IGXwp?}(}hc&MZ{|gC=!3!K7M$2JC`m$ z$o)xq%=>%_55Kbz-+-$)qjzg6co*^XL5;>n7B$0`!m86rWZUjs_TG;;Y=Bfj3371H zesc9reDlrSv|KQeD>lQ$uP@;4%=Z}3?`MAK(2dp?)ji={bfP7tpyJTyyqwpVVX6(y zR@KFnQyvCF*G>RhsO?Ym2`}>>`;JyKxAI)8XbSgCq2-Wy6yDU7^fPpVic7{3XOG6N zRKI5wR7FK?Th(5iI7$^aacTk)u2b(ZMF`CLjp$m-Al|egPCv0T+OvAU2MDlZ^FGSm z=ke9t+vvb*mQHBFbytmM!UG*b*I5b*BQE9Xmq%dJ6imy(SgMj}r12Ya|b zNSum^r(Pqv*3yX=;p2i(eW^B`85~hSlB%3EuM>Xq4$R^0f@TcYVop@bKBN5sG=W-v zJ`7`hjYAfAFnxMG_Uo!mN9w*n1K z+rzAT7LajGJ-&JPO}0m+G4`34Xt3liM!dO)^cLN@cKk&8XV?HQtG|4eDKF0Bu+->z z`(*AO(v7(FZ*$8FU$ZCQMpA~8VDnq}@YXJ&O3&3JA*!Fft7b6iuJ_n!Yt5D8?&AEY z`Fyc0k&CV#O-tu89(v<@N`6_&lA=B6w~XYM5tEpEdpGd>zyrgcW33rW{Z?am`I+A2 zty;kPZ+CM%?HKP(|Ai()@8aGYE~ilpBddu$I@$^HqwUx8^+r=E+mdhq{7jx#WqxH3qa{tKlsO1)zrh=vw zv*hLPh`DYs&D^e#{r`!n0YSlz4Xj<2N7JkNlX;4GQPDIXYo~vUuTuwF<cnTUWZHHHbzeroZ)Kc!S8r@U-aEhI$gV}5R@rDluyK%| zzKdYs(t|q&PKffail1C{ZcY@6-T$ zAV2_UG;#t@u!eh`^FxW&5}d9m+B9v$E6*+Ey1RXBnz@;NSKd!VHEnsK4S+*aek7qs zb86P!jcOX0B8ILvJxzPh0>+N{F*GnKK?--zX6m?UEIgu6`shTO^;OIQGvWef&XXN`NpK(qhMIcl+X_0w+|H@-b z_~<)QZh4VMMs%dbs0p-S^~v@+v4x7uW>U8H3$7nGg`zH(aO?f|a(=tP+}5rOpMG}- zivzzOCQ%dxf9XOV9`+pTWfIN0UdtWVmh$$aAF-fVD2|y|G7W6 zK0Tgct!j}J<2X?AmelslH4Xn*gXg}nK~M84YW#@_u( z9vOEXJ(6t5xCK0L?{cQS+K2JeCeSA>2F0l4i0@S{xo|x#>ki=IS8t@Arr|rXnh&49 zjhU<6INMyr*n4j0lG?VjKkWRO!bD1m%jF6Q6l+zE#eWc{Y5u8VTL=ST1~K&@rs>63 zaR4DCiV=#K=zay=UxY2T3mE$`gGHz9A&;e>KE&)z*Kp^6UUXXZHbX~T%T@h*aP7bZ zmVZ5$@sD=pf_Hjz^qa{{efBpZ`rN{pgn7(-`ZZotvbm#k3%d6*Xd9WwdpCSY=D-*f zyNwgNL;^~H0 zXn!8(HLrm**Ym*@(@`!S%U#ih9NGR8Q}?&#lH>Cj|HL=cdh`j#U$l?OZ%yOnj843H z={D|NR6thS3%Md%Qln-x4rM2cW`085tH#hZ?l;~UK9()@?qg*0!)*EWCmy@571L+* zrDDei+%$PN?IzsMz31=Yo+sWSJ*z$s^r;no>UFbk?kZ|sH7FEaIT3+T0Tth|GIsy4 zf%;eV4<(k0a4vK)Zr@jQ~2+`}(y^@7tKv zq#E?N_&)AEKLUcka{m@T-8;0UeZnv75};BO0UhiEu{{BP#KEz+e6quV48f zM>3s zsgoDgm>Ld%2%;Q8L|M3!vRdtXOo?yzhunO;D+?Prc&M6UQKK_ycj2vM4fOHtn~RwL zN)}z8y@<;B_i+CgxzuhokmfN4*(s^Cdgwvw*JwxgUa^$zYs%Lj*Ta5#Ql<!3@&cuG%o!srt=jgtld4JdWbnKGD+NFXv?V1rAU588V zo=ifo{{IF}7`USQ;yn#_Nr zKXL9fTJ;-4jea_dXZ*mo&woj$SBH?Ma%K+8pD9eL#EBIx`Kur4O-#>fO#LX*G(g%= zl#ow}q5Hy>eodsJ;)tw=E3P$)%?(x_(EloG@~2K0nMTO5R}Wz5eso`csJNUGKo~ZR zpn(}E!e+}rahPYhb{Y|8ExHdH&DgOm(GR(p*K{h0Z+*gb4a;d+Q*hrC-?4>u?Eh&m z#aRQHGHC?$7(q&I7e3swh};XWX2f+J@XznZnlbM%v0p2cy&p1a=nHHxoYbgy6Vv95 zpnS*oytCj#BK-yYRep*IURVaJXY+^_q~9ao^Vp?zh_;!CpvjgW-X(IxH#7#y z4*tlJ1>e*6wS`P#9bbO8lc&De%oy7*B-d|9`?ftJVOiWfToLNX*`?yuGV}6`%irGr1<6d-h}h6Eld8vxTz9WVLY#P!x&3Vi!NW zHI>#=zG1BUAnSi#$Gww&<%@~US^4UN-1ova95vf>%X^bK@4zB*`dmtrtOjfi*l;A; zLIonvu%fr&PHe+@mtVk!Eyo$sXDH>%moj5h8QyB&EmapW{`EXL@?Pfb$|b+uE%lt!`yyXFKPf# z$>Qh6k$m?XJeLfCO+PW=>Q9+9{Su4?PjmgP@3K#+L(h>9@%p3=D1MC^je0Wb#_Q>m zc0KX?Tk`q7ZRB~g$#S0=VUYq{u6pzzeKVuGM$)6+6rP{<9zW$?#ue$Ohek9s?@}JS z@=?CoeT<-TG0*?{5S{avF@3=-@=FWZpcQbS&`Wm4NNyR{pWlv@F?2`=Y9bMF{kgI= za9tKhnmok%)qA<5aU1IOzJjakR$`RwWBR?HQgh}|qW5fIiGC?BO}&by93?Gp8;2GI zF#h20jiP|=J;E>3R&eo?Ul3jN0g-kak>NSL$ka#*a@X?IdyB|jUqG`qBgrF@CcQ4D zNiX2)Xf~z4!f(5-r%Q(%`VP+ld>rlIW%#g}tbDyc7bQdx^z7z|XTPCvcRm>x_o4tu z`wL?hmJQ|KijL`9jV-Ds$l7>I=HadIqB?4jl+g&o2!v}Fn0SiTpgK}<#WujwkN>2I zjDZpKhhDl5L)Q_)KoJ2V8^r#e?+Onye5)v)$ zs8}+C$MKmy0-i*oBI*zy-m-Di2;9d^d;!4oA)P;N$g_{PrbdLsNb1B5k4>UPs6@o( zkV*x)1remzzkyqyzl_Ag6*@U9A|Aio z9-1#lBFl6PwH2A+^N3GOBBy~)X%U#hO`RGU)Q$&;q^8qGNrjJcS}<_zeYEr+Vcvw< z#ElzG`{+or>qrnbV(a%~+>~tgZdu3jACJ;%{4kok)2ZVENTI{fTS&d&2#cTo0`K`f z>D06qbsHt&R720ALTu*ycVii`usPr(f6p$~ep`=gw)UkXU9eS7;@gcM@>wvKZ=ZXT zPp4-P+;fo9>yP7X@EkGOL2L?0si5ZNaYV~xU=0I(qYYb5M{)p2B0aq&jrZlUan~Nc zoH&DbK70mq?|zDY+(|I~GbRjfNbD&ikswg9oh9$3aq;ns=tq!xsjsnr>SrvI-Duf& z6cf^W;S=e!?IBq>VEE*O$0mGf7I8E$!16&)k~a4~-0#25 zj89CidGlqAsngh*Xdv|?9InWsep)K=q31CaZ9CsTZ=>;s!HlR8N#)T5Rt$WdUrUE` zX^V>(_gq6fN))Ntjd9||8;GGv^Bn4=g^oNn(j@2+82Y&)nKq(hvgzC{wabR-gudc=caNnHW-R>C?=-R(Clq#Wf%C% z1k#k42sF(`L|Pk~>KpM^!hw0ycIz_-n)YT1lmA>4KtU=3#U6#C z+K8z+0j+2ixw}3ATM8*PvqQ!6fQsYW5Jm-7&47QHFfj~_pbsP9!_Y$l#S|ursUr;y zLota|0?a+^Lksx1Eb(k*9|Qq^cy)zopi2|o42u>sw3Jb5DWqf`py224*(L|kP1(Wp z_hWEe)__LwC4AKVH%2^rA04yfLN|6yUAhmfTkSi_ao1G9vy+OnUW{se^8N2_+(_Fi z?;&pCR@VGf|wQG&og8ylLI{Yv#YgVvh^?DZm+LLFdKyg5#n?`tW zG%=(^Dkg>&MUx)q(}V&JJh6iGe*L*9E-E~gqY;tXgkBdlCfjYJXwxRnJFg#&2{|Ym zW-N8vbfuo+r*ztCDmrvyK+hIL6Dn^nrOLs%Q+O|J7(X=$x4UwLBjxKj;DwIvN=lCV zC@gHqs5izj^rEo@lJ+zG@)yYMbtC3P>M*JkH%qD1*_ zGP6AW7%I2$%c2>~enWQ7@GC!OS2Q5zJy6j zmvO6JN#TKoOucC(JtvHzwPz>qZ`s1$oI9A=vJoFe7~~!ZpxZlfe#;w~vSK-d1~#Ty z6o8L%xt#5L3}g+7=_};;;S>_$z!BSm3odI>?Es5#I1jL5RWujmLEY31d@;W^8TV(B z5_@WUX_`u?da$38vX#tV3jMm3uw(sUwjb}tRXHIMZO4t3kP)H8(5aTS)3(Zgxg;P3k$A+dPo$j7Iy=obo9m8YW~(;Lj((3LdnKCo*Z!_rZfbwuBttcUVj|646b@r^ zq@oAQDLJ-_%EEmJ!;cxPz%&CPhf=HI{!s`+#|U^&yi6kyO2`xjLIgn=*frQ)WN@%V z53R;HRoW0#yaa^|dG4X($A=-p10+HGvVt<8=iLu8xaN8;(V~d7^<-(Q;fx*Ije?Iy zF>%wYOuVQy^-_~a?e`+vgF2>Zo_GmjXx{%;#$ToKP==e7glHl!xRx8QAIdw&57Y3H z=b3taJ`*NQX7^c|7Q3j^wsK6Wl5>LQ+-K8WwT#*vzmNKF0CTsdbq$uSU+fpAi! z#8i9)9Fe3R`-vMaXiQW>GQGyR7%-p_@lJ_fdI_2;(dn1*Z>xaZ$Go=}ka77S8X^(WO-`q4xMNHrcSXh#7nR2St36yW z?iN}`B-6NC2U<01Pp#-kG8*TQ>4y4uzR2|(Zlqc5R9d~)hA-Z_2o(pln+)UD;Q@w4 zMbq$-d-y?ZM@Q3-Ej5k?ojcH~Q3tYPqeySqh(;+Ii^g@QQAQ`8Dq74vo$HZx={pps zT+E{{cjuK_i6kbZartwL={98&t*V6UiI<&(I*n-CtpjbEwk5;mBC};Pvf>JuKCCWT zbuM9Q>3l|KH=xsP^9kZYC5T`8379~~YZ=>C@>Nd-rOQurxn>Mkc25hJ&Zzbxj_kH= z>DZ|&9oy9>!5K-N7V!{Wk51<|!SPXN98CxD{GwdaY8#XSgJ!-#zpYalkQhg7w2P}h zNaev9Skit(zp$|uL0uib}_j~YEm_#Hc5TP0P%8Ds0svsyG z#HOYYALYa>%cIZ}z|du=XrLpGw3L|e(#n&^s;Uy*S4RHvGIT{EosmRp63y-+GA51) zvy|KtgXs8poO&Sz#a{G?Br+2s(WIBWqlNf{1kFxFd=iOTfQm|qJ24KYrsFLxC#Xgc z6DcVyD8dskP>3cuGl2-3PQ~#Gw1jvf?JAg+$hr6B+3`VJxL;YG~!tS?AzY6y@Ay;uTc`DNf5hGN>#nM2}1%(WQo#?W$n- z%gH}hLI7|^$CH>4j}sGtf}$CC^2;zIqKR}nuxa2gI!1nlj^a)tGsTTGB`To%N;sNd zh8p3Rf&Po*FtDGrwgrniiu!a^#D zB`r0cNQa8}of}Y?J}Qd*xRMibX%Z3eQdXEpsffVsa1a^k!s(8}shM~R3Mj7hVMvKP zF_V;NlfvA5JcdNkY{aEz5~H2z%c7_z{&Eiie*m8uz~?iFN=_#++KIpDD8-fLY3&t_ zV)&>m^kO=6%F6;cB4bEQO~U3aqM)#hpyEKoKqrF4*eD)l*1OxqjmOgd;Z89{?1I8T3(E8pM^HK!ggWzk-s& z0?MVENQa%smPZ|WB`QGn; z|5=Zr>hsmMm1t<%Mjmhc0QOhj;r8AcIHmdjbyNJ=!lYpLt5g(i3a$PT3c?IhUYrL+ zk&qMxHapTZP*od|2`x#;8j3TrMzunI3aX|cO>xqrpxWPxqJ#%p8U8!u#Sw}?hx|CI zzeiPQ`W%DFsh_Rt2Qsw(u#brl5>yRUslKm}AULsQ*e67-`aFaTS@mArm@zmVN%YKZ%N}p~%xju%e!g`|EroaFDqH0QbIeWEZJ8@rxY|l^cUnlL_!{;mi=ijkYuIq{I z!)Jt}H$&I& zFZMSxEJ5;jPw0eIv=9aueoQlnFb$*#A`LG_pcFIcLsK18vcfci?hH;LyO-{rLO=bfJLVMU=~qrV0Wc9n}v0KoE(7!xf3krXW#}B7mpT zkBN%i>B8-{VfX?FAu*(ht{Z4hH<2z4sGz*O410MQWxf=WUH`;cM@e$MTZqjpq@r*g zCC8TIDc*%GrURMvE+i?l8LBPvgqfOx3W{>twUePAxO4m+S}k|#fO5JnJ==Td7HYrq zSt(C?Rfy9K%;Z@G@hRRB)dub}OIw`nJk7J-5At{Z{`2m`vk2ecZP$>PJAEJK|F+Ff zJ4Y$RIZR09|1wf~T0c7Hv7J^cM*iQv=l8Zh^W6UUcb%&r{C<0#83FnKJHK=Ed*$5c zd+y^pcYly)ee-{~x8)yce}Od5-sk@{eeGY5m1FWZ4{Smh2%#g4AV#2spzmO)fK!!o zsIL^=SA=GF;Va#Y?$76JRx_$*Qg-As#@4)m$EH0&&x8ar+V^MD50$8zit69Q^xFr~ zFeRDfguXoV)gDmx^GestxcSPy)Xy2myps8htKFB!XTHFN8R;}=*^$Zf_AqCBXA%<< zsM-D!o?RA1QB_Koy~uUF63DEPNJ8)NEZh-9Rk!m*%Zqq?;#itAYfPQYG%k2)YshOs z6tVT=akNWLCq1{+`~fmwp!C z-jtOSC$I{^qDfEl-H|T5pKB0U)Qg?#R`FZ8AGf-m9a$6Ebnp!>PmTh8EAK9-&3sQ0 z%N}mT6Ib?U)sU@7xrMa3L0{*gz_^(^>)6BW3L);2TcNN+am zJWBqzce3N@sr-n}@y#Fd=v}+Gb4Mw~Yo295z2BI!JdgC)Bh1`oXW-;t2aiHzGI;r2MY@e3yX7NP38RE&)bF(T4t*IF!cbY9z>ct(hOkgHWbB= z9;hHf1Wne(^LWZw=S(Pk;XE_{hq9j2pJc&X^|Fi}oF zfnW{b`I6Oa7XTXnCipBMct~0@d(x)Eh(u zO_F|hSQ7;GLJl1VY6^}Y-NV*RakQ;zQe2wAdAGmG^DmF2=84a5W^OQuu7{Jq6hIpI zy(S=$rjB14=my}Fm_lIKqe(Wl@bG=#;^^`ofkhqp^6KHNF+J$Sp7 z*56tbHM6easXedK`Na1ZGVcQ)x^9FGh75v236=WB#E=S+ZW}g@KU}r+ua206f{r@U z+=@GX2zKXTiVr`?fh{(&a++Xs#ex(F-GgxW|9d;Ss)a1_rTLfHTK}J~ZuLZAd9K2M zzlU~q|A*7uT|@7Mk~z0~PJGD%e#? z*5_;|O+zKrKBf#8)~i-2GE~@6JGHQ*3>$uFXEsjg`~GmpI`#aj>LZ;|BvNpq4&8|a z(Quo~KXTo|g)6CExH8;kXPjHLYk6A9fRHP6wPKp#oDg}UKxegMI_-K&(?nF=N2m9N zGYWKua$HVL^gY-4o@|#>j!THY?IFq%CV%e(H$vAj0-lfuMlgVB_>oc|g^n~8BnGiI zljn8?X)1M^G&pCkLRAI+%58l2@f_;aJO@li=YR2^OrA71pZr-q3iuk>N~Ttqey{8sQQ3l^>8!$q5kZmpsr z@l%O%;#bAMCq4KTCrM44&?@p??zyQ25BHCvP)VmlzbtHyAYK^=>kdg!@!%6WCTXOm z6!Oc0S$yWagyC&7(EhPG8VblDBKR|s984h)zH%yy4ib}=gE0IEGr+%3l1cc-{$C{` z6cyF8mnGjHAhlO_>c{-^XOI<5LssOm>DTXAU6@SMRvqckEFn~B`45R2Nzk*GTw~h(hW9!{WCkffzaS(cas>CM#JvyNcA0I z#rz-HDWa&|uqB<_*1;(%IJ{*O8@C<7V+0Af>(Z@zD{3dWkY{uT1y!0<9NNsX{VHuc zHz(N+-n?C`Te_Ux9tYX2I?%3ZT_SCQD#>?kwT~R@EYbVJxWH? z&U9~(hkZ2xZ<+6<&E%6dm9mLdb zL!S<{ap33J?lt_ld=I8Ooks0C)2^16H9xIl`_Xa~RU@ZcUs`4)pmDZ7te|01a(FfK zmgbTfKCVC7-z{PCAEiqqhT%sE211UZx*uWaC{l)mi44``)^X5KZYG%mOzh`y29^k1 z#5fz17MRDq6W36u*I*u)(g{0IZ`3nP(x2j~7oXx$&7iE!ZM5ll9&P&%psZFbc0kG+ zbR5{9jF`~i6cLj{w*fk}?ErR?v)j?Vs{==LJ;o02LH?sJaQmx+7&3G)tve*6;Gku{ z3sGvg(U2%=CY=ZMrH%t4k}u)G*+IsQc%FyXNPIOqb7ReM3~tktZt)pmoAoFfb?-}J zgLo8@x$KFa{PNrkUUN0%@>c2CZ2y0GCW@k9v)OPs9DjJZu%amFy8b_YpR88h7R82? zK}Da8x zKVO(A8mg>d&7v2%b=>=S{24^|9LA*S&CQ&dTyaw}gw^E^LByNNPNIkM#l z376f$y_eTu!IQ7CF)@Jz-#(VE4>IhnuX*vtPPoOX!9hg<%62gO&KtOKEi_3^rNxjm zdbUbOtrkdB6d-RCU(I}#`CC0iA6r3Q=NWu4qZKRPdy|ikm0_q7d3*=kgBSA2j(17< z`cB5&v=v7k4Oycn*GzqlTN)hTlgDr6@$U+#+bD%V{2-E=G$bn_;zY2gdV~gFE=!)e zg3A^*;`7b38Eh|M x!Yf~M=-^I@(ns;o+i!7wvspYh{#kxHt`azMfTV}!@cH;i zetB~$pO^bX(b6M3+3&oBPq)t?L;atlq>83N+0Q&M{%$swxTxG8$I8VY^FkvxhnIcC zvr|?RWfW2tjG@aTKk@d6xX^&NYd({Qk74J)xB2p=kBTHHF z=$%~qZ2?(P4&pnHqkH#yMC7mH^V>&q(}uR({csk&nx(>_A9?P|t60`$3SUjTk%pKY zdi!z4zPTJ-0awH8Xwtbc@wuOI&7eu>t(%gdMpL{0gY@Z88-3dkymI?^UO8l^Zh9N8 ze5fVu;&<}xN3ZeO`U+z6R&cECRA#(!Bi(AK$kSAxqA3{1SMk|xS1@K{JMNyCMUQ5w z{DI5x=iGvpkICQnlr2mjxm(7E>Z_On1r0q=NpapmRBXg2I78DQLK0*1AtD-)(0Bq7 z(Y4N4F05)M#rr?y-ga~7e{3#8?A1b;Ca0~pKN0N^c{)0EXhm{oZl8k$xW235kL z?JAFn>fzc@n9wvsYw8uH`t~RH7Yg~F5`{!cP}S4Jy`kd?d0{Bw2<`v>?Q!hbF$xL_ z@cDda^(#4Dm}r_tLP9)IQPIT3L~-1sozus}pZ7A(ga$}VAQCf}!HyO8qd97mnwEq+ zAq_L=rLuS*&X_L5*SZuGty(d^vxSXMEleS+mH?gz_nsOiR}}4x^EzvLoe}Om@mm~f ze?>u46cn~FE@Lz?v%Y40=S=LTi9Bs8K?;FXwA1=Pct1ipHMC8*!Y|eO))}Gp(6oc9 zs%PEjNdXvcFY|0m9m9Q8IoGsHXlh20p{WUZuBj3rux9~}PaMyN5u5nt!XKGiFDvd23HY;2D`~1iL7ATjr=6$>JMbMBWWGkvd2e!e%S@aA!cYF^m(h9U zc-D+FdH(tvh@82H2U2$N(o-)n`^aE^om!Kp`o4YWi8tacss683y}1%q}z z#`5cq@x&UFB8q%y^=sU7=_ialyo$j9ET#Q7T|J$j{e;JmK$=?|-QB*szH7>tDj1H@Bi_ z`)}<1?Fhwj1$_POChDC(jNt>iQ_Bs-OFv-xck9?+7Nqs?M;P8oXVsg_h`xLlk@{E0P^1rcltdayHIc zjk{kLvR!tRY9V-46O%kJ$ZWM9ypo8(ZhW-87TgP#WaCZ;|7 z0ox20={Xm2QTqerZI0!NR{$-C)(Oe%+4LLRX-6ZQLh03*PjOt6Ph6yL8CJxMf zf%jJ)!z(n}4ZVWBudJinm>YR%++EnRnlpUNHPk|C_U<@ zqMa@j6fnFc?0f%5Vn<&}^2C*)`#7mKSxH$a0#K8wo7NDgeG3~lx20#>Ce#L~bsOVS zJF<3LIfLuR5upkE75n-0)lFRTMi)3slE0>Dly9HMCv)br<){N^w^2+Ok;=~teO!K9 zCXo(M+6|)r)=&7U>{do5MuoTZA_D}?kEf-%iaF1I$)=(Tw5Q%B;kxVSzJD#p4_1KjriTM^uLaS2M^MrLkDWrs&z5~5q|3Qc)SQ1a#=J@6Q9qAp&RVjxt;v{ ze3~?F2)|R5T$m=p3?hsmrs>1)IU0&Y839DlgW*>&0wt*KrkH{K82*CO_OPGNCtt(T zA4k(O)=Sy8>0G|0ge&X%kR^Nh<*o1d?r0NMJ>7>qLv#pLuJ%7yr{Q zb5*)QWm!48y_D&Xd_&^%y?9Wwg$sa%`+{Onx_dESJo*{CGaFH-bQjB3EWzLE5DT8z ziim5Dvh*Xq&ev(`_7ju_dSw}9ULDii#dmkT#!6cj*=`R7>*n%dSp&N4n89shz9M$a zO|;Gbm6z^6Kz>A1p1)`>kA1v|5|4sgGpG!Js_x*!haaa-rvWsJ+RB`V|>@(ZQ7&VOMN4{g?9i_+_Q@E>3O86<(#+n!BP^(u5>bhOw zB7T6TqM%Z~`w+|DUqQkJ?Mc>DR1uEWs0!d>+xrU$+#E}tnyH~^q^W?qj|F$W%rcQl z?P#6y4IeR8tA|VWq;3*G1d-8TFRdT|1h-D($*HqAq^A<)GN|+m6bJ13@(w0`e1O;* z$=KZjpApKhf#dAjzMVD7Q0}cm$el}5ft7r*If>+cooEog)ersfFb}`K9$P{x4u_4( zz&5sTYlgFME&0a}aQMgX_$j|Tizd}QH98ZnAiI11RAzqj8|x|}Xz|?L^r)YNO_-rR zeqcTy92?4;?QCFcPtP$Oc;mt>8nn$KEp;Ft4vPhuN}tgqDPO#u0}Eeb?5aGTeD8iP z&W<{D3fVL$I`9qmZEefjS4HxKE>5_gN>ie08o{L>u_mC=bI|q3Uq>;2e`|Wsm~8J_ z7RUnx3qqB7RaM8g?|VKg9KrPVp{J!&qO0MjCtV0MTO`RDh0K2Z6 z&?-X5yYG8GFC5PFRsh}TF>)DKkE+Sc1{u_Eel1^i=)$UZo@LRoO!m@==5iB@jQt!d zT~EQ*rr0}dBe%2yed9E)+}DZ4Z-T$vgWvQ}Ru;hSJ;dy_+u0)8a&_Ys%-wCnP9FOY zrc>rBK-di&Yo>9{bvewNJBrq6J-Fk(Le}j+%#ttfW33XygPlt_uq}&((#^<2EBW@3 z1MCU3;gu0_99Z}U)8{T_b(xFClkedCW;IZOppdvCTnPUrX58`$o#*r?SQ$F5@{$UC zfAeAkOPKu4h>$eL9aopgxVooAGD36Ne@tOWso;uj$t4f83`I7C)wWgm{eCn}BNz;# z>pG?xngTIRlk)OP4AVdeK`;=ctfB&!(@9VdVhd`V)y?jd>t`VJ07fu?VfYAmjv)~=r&8xE(QTLX*WCk`c=c__uyL`Y0_kPM9?+)gj(qTOJ#I1B{ew4`{ z6c9c6MQ&+V199kero1-?am95c>Brfzdkd>RzJvj_qj1KyL#_W0@o7e5Z)1`#Z?wP`(Lr2)PXBVz(k1;L6P5<#Txw?6P{5795Y0_-= zR1|aUU)Z#PhcnI4X=#(64x_dGUc-RL<2$3 zT$U;-vE9e<{C#e=&3}R$@4uY|(%g^zPtwdpqWdTzb89f?ialCX9c8`kW@c5oZ3k9H<#8W?&tyZ2BfOcd3ID<+;AH6pPG z;qWipIFhx20>6XCqlb}j-48@3+i(FGn|Xi28+^a>2tLuByWhWsE(vZ#z+lf0GpM}c z16l)~yiM%ivzPuiKTKTtQFato@b=Q<+&bZWJ{k}z%s(XkpX960p~O0xzt z>9JwdcMPGt{xCjS*_Wmlbm00&I{;n|Ef~)wx4q1&W_?jzNi-k&C}Z!wi_h*K&0AkQ z&-xLMQ!^@($e1`9rluknZ)SVT+O$iHrBUC$1b_LAlF|zFUCY_%c%18=xSf5ME#~rP z?&N&rAIhb&gvo#OtWG!&cz@Wtalp&@pra!!$5-BQ$D=P<@C{ zEtLPE#jBQkhhL_yBZMBB%F$H}HHZ*6dfUzGbZ3nvo@EGXp2(?GrkVJ?X754 z2f#sGTq;fcM<_Qc@s(u~AKi-d@RnV>N3rOTPI)E3_gwH)IoD0w8w)jeBsVRi&sr(|-UT}9r&yGd*20E+M{eke9E1St6x z`0btP-aeItq69iNy^!`7#!;}sMNZ8ey3_-Rp=|m z-(gH|8>$i-I7GgmpmqU`!jHr?GHTMXy^p-3P}_{7O@sQhOb1A$soT!_5+7b8n#_hx zXpt0)cT)*bO`Fju(oK3)XgIRRq|>-*dg}W<1%6PE-YCK^Z=^6CK*8lT|%RfeVX^p zA-n47TGP-9wzAFBk4cT3C_-R{*WYWJujxZbZ67C}r}7R}nUAyZ~jE5(HY)ard5 z_n!x_kRi1m;)~vGY0|eIQR+SxyyIc`yX{a2P`LLuzI{EwWxF5X0!mr+&P%wh4`L)g32Vb2G9$!TCmwMopteils+aK$HW z!w+H_5eYSE(xwe*N(yyqCJ{?1zfF3LIonF8(Y+%r8x@flnL;qN5JL~GWYS7YIj$tr zF;!xVtk1>cU*Tek`StyWc=)BY6kkG~l}p1cm9-9)ZY?uHd3=do7}>()XbBjy6pt=3fSr4m@y%23!|t`PdIft6Hj*&J zhTn*wbJH5cI{?~qMOzn(eG*|vgep)p2hnv0&@=Ejhx2t3l45C>2@p%$#*Nre>Y<G_$va5YP8b`OHS%WP&6^SlN@#rRAKj8X%pKL8* zV)5Ul0cBNvkkej5{%#f3b4E-I13l;qRTtL%7(qWm3RIyZO%*dJaLNEb9QUF4gIths z=AvN*15ZUbAHodalR81YO0?(%QBiCO#HH<{VBJsbVE}D8#-|^5^aZxxo|uWW>sxh$(kiPx~}67PZb44=tnb%okjyk(P&^_YTwtHM;2~k zco$n}1(c$q)r=u3_y#M=?x$(2pWWMbu;`Z-jDH^Vpdb*`35J6A1f)b_5U{1w_lDc) zOBrv?yN{Z8-%G#vsPI&dotOrFxMgA=4lG{4tnxJs9RCmvkw{@+h*a8NdMzC=`C{$; zct?!n(q1izA{<%FOd(M_fV=PgObCZSg8P5txz&q!doi5XWjkvMkKu3Lngp_GnZ1Q~ zx36Yvpe3!H;iTEjE_6wGlJ{5MNB0X;u~p4O_;XqJ%NP8dG>Qjm0z#l_DwKS~2OBGK zp5Ke6QQ`48t_$5VAL7&1H`Aw467iab!_kI%IXCgt7sU)3Wn=I9MZCAWH6PT1q*_C{ zx82Z_Q#sZBQOqKaM%SlzbOa6sihiELTl!^u+{OiX(dBV+effC9!+=eVB0A{AQI(IR z0qY*+jbjz`ubWI{L^cC&y@!ES{XTGjvG2Xhu0RRL_c|%xaDb*=+fmObX5j~)GT(6} z?>s()#wYq;G;Ic7Lz}^n`$88kXgY-JQe$yQg`+>e!h6bazHF_8gq{*XTC0n>yVb=f zyKnv%y!`V~YF+*)Pu=3?nJ<5$sGuH$1}faTbU#BoW#d{li-j%DV`_BuJ1jt@A*paR zq5p*!(d^|cj>i zCwDO`;~G9|lF2&}FZ22m=+I+7^Ox*nrMQ4GiPe8)iZ~Kkmo^CrxHmt~gF70r=Cg66 zDnD?;yPN-UP6n1R`P(1owUd3~ES*ECmL?#D0BI$U{F5+E9ReqXiK+WR2qZefR8dty zgiWyOIJko*19MJ)645DFig1~NP!!rvDJ9`KUWtK+QnQF+?DW6sW>(+wIG3e1#_bG{ z-s66rzM&u9c|*8i@fUb^{J;X60*!Cui}$Xfj$J*`i&QO+mVHNY?ZP`56IF+2>f5Mj zHjvA+4zhDqB*R|$n6WjkrS~I`@%-nH(yh-S#$MKuw@1Fonu+~+?2-9g+NdsH)_38J zs>=lvCv!(skWyJePym|1uar`1x09H+l6&tQ&zD=vaUIH}->lliI1f-Ji}08#(KQG0 z(7g+}zD`qKNfEeW+jG^kZ_}O<=9^`d3QyQ@PvE75auE!BS_q_Kr{9aW<8(VtUAbYJ z2vw5Qq9vD3Xh1TAR~0BBBP~-w(@Z))bRA|!4IHv6QCmRF1x$YG8wR(j%eQqS@JD9S z>9%K>G^!gzuZ*N-R7;u;8N>5;HUVJx+YhnzlE=8R=5rV^K6*d&9Z!vF#rUsp<*M%8 zX`Sl85uLy_Z!Y2bn6-TU!BUcLpGrC)WGGs)^Rrp3D6(-?kJh*WQ<$h)J?{Maes1hB zj2=&`C=oV>zPN(XuT5at6%A@AJxl4) ze7cMuPs?rFSg`O14%t1Z4Tdr4h0(N#bs^0IeEH0$aQR|dD514&NO@|aysDw4bYoE0 zkC{BVHM76%L(+ylv^E7z@19Jri?86qPZcU-yYb9>ml0RCk(aL-#v8jG*eX?GvM%E8 zFYcgOqK#%_a)1JC3s+#qccfFxBwS}qeJdajhK_5s=<%&c|HfD{ZR8l?tkWHx+cY7zWyrT4;e|9&!eEkNyjOl(~}^_@KP#E z@c6-z*_J`Kv;~TZS-BREw-v2wMU(UN^IUPw7;fqGI(mU5bL=||s_SRgO`UjlrH7!Y z;EV6Vi=W&^r|cl&uHM{pWjqZwLogC`Uo5SrJk8}@lfg5H zA?YKzpz|jTWF;{#zg4P0Y$=n871R(?Cia3JOw${7s|~ z2%#et4M$`HTnX(_ZPA>yRHVgO(KL;ZKKh6rJ$jIolteJ7hn#hVKsQXv%F04hIfj9* z8~FWxTuvv4jvOE=Dw4kEpUX{2u7H@qXqj+a4xQU&5p~L{92HHIR2J@G{mPw` z0Wv8SEJ8-ChAo*@wSC{i1> zpm{_Y2M(E}w5UV8>L-8K0m`&wveOMVt=q!U5)X=&P5T~=NOD(lVC7*PO&XCNsbL0> zvhK(AI}X?1DSwjPlLC_Z?If=U-P8r395^^&`JKi-%cWYmnuDFw31{Oueoyc9+I zo#n#eCG%%27uHb7XX8)nITkdLHWvvw?dg;jWar9X*z8NCX|q-|%y3~C5}Qq-cbUaQx8or8I_;?wE5a*_B&CP9bEw=w zMx6#Ex~c|76-_favSK;gN-8lFg<7rq&@@SMWbGo><*US|)S+Gb`nXRye+5m0()}CR zyz?++LP3a3+V^NeTC^P@yd2rIp31Z~G)i_LP*61mfBAmaF4;mcDsh?hXw|AA_M=-_ zw`C7SL69*G=-fJoq-f=w`38z22~_5BXh$VU?Q)1LJ;d%U+sO|o1cL^qVUX0YA#vs9 z96NptkCenW?nT?|XzZ9s>E-aIjrcO!(UB%X$10jv1Q{nj@WCF9jg&vE1UGh z7(CmTvHD;sW>QP~w#mQ<7PIfS73{81KsrgR(Ugv@Q$ykv6;1P#zw-cPS_0{HQgLIR z#cB5R;|jHLW$|9tE!{>58i`qrXw$qdzU`~ouc^P4>og=TaEyaHJS4Wx2_M(r_OoqR!sKriCVm1%@8F2e zM#@_FO1{BUUWsB$A*EJxOfwh?kVun?{Cz|uUWh9;=L`=Mi@#5pf4{}h+$i66-`kPrirSmClY_nkO|GnRX$YrpgDPLT9wT=3W{?2 zDu>g~^OXHnJHN0Gi4dX0QB74&T8ICsk7%c#UubGi3%^;Fqf{mGLVi8f^MuakV`7Gv z1*>5%AX#ld5Bar(JX$zSKq_b5$BDK&hh_U2J|Cy#x~SETGu#(Wv5v1gziKx8{Lgmu zC&Zu{^1YDCsoS4p0`!#QIP=)fAx=&|KPfN;)!L@2-z%rQcc$;lX_oY7KdZC1*(vu= zmA%24?HFpZ(~cwD_fNFfDc4as#gbk?=zgj?Ur{As)U)2_rmrp<2NL=^gi-PD z<7)ojp)5(NH->0WE)|9AC_BD_^3ucLXhde?{-o4whH8sMN)e8ZI75G*;-~UQy<-%V z6ZK3^?MLzt`@NiPdrtkKuR4m;_bJbwSY7?t#0jx=wjcY`wm)Nk;q#MK0pKLE;>V>f#UYrCZiUFing}y^B6^}=S(N;vA~KFR-1b-^V(OAq zdk|6>pxDuDE>z7soF$Ve}eHNr3=&0Q8XP>_hJMp5QYz7 z`2WxjO+$ptiLA)VS)MB7Da(eX5D2r{5@H#C{cnUr*z8VG9cZc}Wc!W`Pjy&kG8PsV z7XMpRs|o%tLIvrn2CvY7sUw9S)6@|nh^c!q17)F?89>T&S9(-6lk%gVaZBcKzVvD* z=BX7$Mbk7iO$*I8N>Ef4C0sj4s}eD%eD35is#<8CQ`NLH%AqT2wQWvp6xt@VZ#8U8 zrJZ^V5Z-4fFQMxFlV7Wba|`}OEgde@CxkqaUn0WR^QLKpUcwBQH4oPh3jg!JR++M@ zu8S2Fv9PePup%b^j!*I7c|;*}FnpLs0AU(P5kTr548I*S=tEQOlpp&Zhr1?@$n-N3 zV5N{09nPmruORPmDJ8Yt#7AiaDvQX^DGlm}{6S(;YY`_4 zIaKIDC>l|THAsw5Fmx{!1p%}umD0Roggb`Bq-3Hr0jj`LoJUcq7Xye&N+%)8g{Jr^ zKVFHj>y%g8Ny>;t6da<^qkzppWMT>_Ztz!n@Kt#6E0SP9Co(RM=*SrCsz5b894pp| zj*B9~uKu6L_=JQ6N=r+z+wEc3*N`Dor~qClK~~iigiXWYv?I(=PKev>KCAt|g@uKM zg(Xb>Q)LN47zm*wbRAQc5cHLYp4^QfM$n7m2QyHC=7_;tvKu{6fHNxnl(AY-6#V60 zp1p7abISvKJ*Y1~PW*%~uYv_n-pgGtFQzz{#f1;Q$XgSeGv|iUEKRIU#lbBsTeOtg zkNm*H@gH! z5Af20{TNCK4X*i+w;mfwtJL*OYI_@pxTbvxeM^Z+G~c4X|ADnVBqjjw!{Ws}>m z;j_s+eczWHY14whmhXwb@&P8^`5@<~tFY=(x=yh1%p2pmG$#&B@&Bz&gb-w9WwCqr zZq}?_b4CHg>RJ9(`8#&Ioy3Ghl9H1CR$FEZ3kwTNm{|Pf2t&sV1~Bvhrcr^v;sC-V zR1{A4p!kCrzGFCRjz{zV1R{8*ypfWKxG0|8^Z{C%kGWv?YzC|4teP=_*FV#kxG|T@ z4!_22^Oy43p4!xoFW{3o@w~t4XFf~)oHh;ma?hAmtlm8X_l8HP+4psRm^_X4nn_;i z0geQQvDSQoUtb!_|cVEsA!3Su?HpaIc#;afC@baxuxaD3-J1l3{ z$Bl5QV7#)67I*ID;OftKZNi%@oII0SGLJlWW3GQ^HaDk#$MCVg@Z0JGoPTi^KhFJy zVb{Gtx2*VZ5w`zB`wBsPd^{aGbRZ%k0`0WA^i|V5r!Tiv6a}Bphi7{N*+g%=g`cZ^>prtshw2EGa))#8M6)g*K*>tQr?`#UpJ2 zXxzRfo%a94;azzgFK9_tvrg0r{U2_;9-bBzc(7xNHeA>>4MmZd<@;Fj_+4B)dn?HS zNT_oWQ9wXXA*Xg7TGs~X$Th|Se%`u=f{XX?-SMj#a7ANMo%~CduSproEeQsLe^{8P zsv4T=vAU>*g@wgmik1BOH)EPQM$m^5^kM|Pm_dKYT*}lDx*sFpK{I^ps|ZpQG|`lE zPijaEOw~?A6o5uhMA5j%9n9IVgFOcik^9x7T#yt)na_{UV-Ns9CxDJWXoS)?%^-ek zXeua*j@O^d?xO$(2lwq|$F>Ag>qg*k=2GH2N=5j)*RONnjBw&a0tUgLi6RY3SG>mP z8C}WUx0hAlzCZ{O zuS0^+^^hnD_`=gU0i-aIrj8T}(lm*-nLN46pgB6t8_09)O2uwZBgVd*886MkbxBXU zp5Kg&_g~|-t0TF(qefn2ONNiCf#UGs5qc>4q8NB7!x6640zoP%Cm3MRj8Ye3-fq-Cv2nvJ_QSaYrbqszgQa8 z?%t7l$q}eh$Dbcb!~SiFFWtt{na4>#U$WqfHNrHa9N8KYy|Nhw~^heBXtv;I5V5jBzG<|m*f(t)rT7|Z%lUc=EPO{utn9OS=UA+ zV1g1u*5SAL)X|$EgD<0T+`rEC)9dvjrNm~lg{;=AUxjMRmrsA+G))|K8y;Q7X;X07 zRcjHjg@uL1pNp_+<@}ApM3_EuH{XvQ^dbZ(*f0Vfit`VkN*i$rPE-v{0Wo$TxSNsC z=>F4ct(+!L!Z{RDN`#c*`U};rxCr}nDB(I0va0S!l^tHC?W^0tgi~(L<0tiq;=8kW!D%j&j0PAQKc5A9|4ML6KW1;;P^c7($n)U z?P^fT9!GJClu$In&!thZxl9Se{8Cq)xh6-EpC8o)C#S4P2b$%z+1NImyiAI!EHpab z*C~qY;liub#EDc!cX6=@_uQ;{GCzGsgD-FD5&zuIQ`5NUP83?dDG4WkrKQ9F_i#U2 zAReY2M20ximETfXPWS3Ijb~w@ z<^K0bUYih=PO!Rn>@?Re@1m~Qi3Vt&S+&3)AWH-!-OT((eMdK~{gQxo`mfjL>qq4x z$A9AlIy+`%_*hQqE7~K=_N?=2xYTsp_%QH^Ktmz>@x_h?f4cqqN;iaoI=(m%jS2>) z7z<7v5ka+0_41Yjm1`%`E;uQLm-<0;pOz~C`!_@=b8|8MFk40SIUD3O7|Q5`atpnNhU;Yc9C zrz22FL1o6@sge4jaMCC<7Zqex=b#po<0(qhVVF$BLi6*>Pym&G?TgO73DMO_t@P47 z97WhJP%$$DRSuL%`_V?v-o6D}YK5HtZybhq_R*k9P-v>eArZ5`f;9sy!Q+Z!Sb{JE zoC>je;XD;Zut>v>;?jOm?y-n7133vW@bZP)BO+vp`|)!famH6v5;CEaG%+N=EVR3;;Te7~GO#U9 zMjtD*2MutO$FX;VR>f@%S_zZn>xJmXbB`^353+P;@&yu=(S(XfW#jc{f}B<`EyU*4 zfT`d+y!lI!x)WffMFWCDJmvn$=cD!F4%X6nPGd{YHTVNivwt?iZ)7Yv>Y0^um3#gO zWVfN+?NwK9-JOq*!sJRg7vr6I4h^(=MEU2bz+&iK8&W1tC|ERtK$!g|*?we}8p#X^ z0A&C!#rSTT78*$MXcpJka0MjMnIRC8{L{a+L0I_?R3Ap;r`?v0ST+Hq{x01tLf-1E zY5j`HIeC1tIqLrUhQY2sRA7%MJb^WecU@_I)!E`vsYhACuPb`A5>|(fR%?Fj`0Z$N zbu6mIlz?Ni~!?{j>%}jLrlL_XeOm zkwaq`q7EeB?)<3kBVl^u2q?sTAQQA+3HvOkk4wsgIpd?XVM-v}F^F2V$O9wRPrza39_7wT}Er!6Cd7fS}c`cqy3PxBC$Oam^_v znL+TE{yxVDX_MpA@`?ut=|60iB?|G zpm7QmRBh+CnTEDPD{UWU`>2m_)oJlD{pHvp)axB$86Q%+Z7DI^ewoP=F z*H;|{aSy9yxSlQKgUlGwyg%_{dp>c_do%*)8Z0eZqQwA)*XS}YtYP%ob^-~gB2pOD z-6y1EE*&Al7{w^HqKT{fFm_kzb`hxmmhE>Bxb5Cx1Ztg=>}OGFd1Q+V3CJ~3+|!MU z+&6twWKRY1e#-&FR0;|Tf8FPJRPyk$xi{QwGAb(_DmLDXZVZ<^O*Pz@BpRw%QOB`b zyM?Ga!>RPcfPtk$dsgDU}2Gkc3imTST5l}h>LiHfu*h#1Ln{1 zOX3-8lC?6V<0YgNrhggZg_#kEqL`2JLdQenDJDU6ntGMeY)P7q$?;?pUJWArG;bNk z$^vCdTDNi=+>0C&``jue2j6S#nTca4_E_TbH@Cur5Jk>Zwa+vr_+L=>g8(`gbM|~l z1TS$2hns$WLI;wvN0R?BMQAN5vTjD{iVTY^r|hIeVXa#4zqeOIqknKu9+{k|MP=%U zj4BUg4jNwQ8caxoTK9heoW}6Z4GN7iF6I0GlH7~1Mup@5@2gKn4dg_ASW$@bl>AS` zoMghP+Q|QZhQd|MC;H%KKB0uu!>8c;|$rb%x3zwq6IM?G>N zPi(S=9>CzX6J;l_Qw8b3xq-XV4FmMjQtUj;$k3}9@z(|f5$HeRluM-lm!=^i@t9jt z7?41t4E*N{))|8EgRlBnc>K~gJMtyqdQu~q=(+wsNgY}Sm>d~?1(z9vQ!|1drU6se zJ9E?`i%L`AB7k6T7?!+FOI279`@e|u+mAslW-LcU!Y0_NHmx5V6jKa|C=iOoADISB zc?3!=*lIbAEKilkTufd?RaDWWwKzJooRUJx00ufTv>1iS2KLMCe>IDDvzZC(NEMI6zarYJZ zFog{L@d-*m3Idiu314UT>w=pcex06P|`-vY{&k#7GN9nD2#f_sy=B7vEhEMOcj&6BhkYmfyj z?UO0^hD0Xds63#>okS|j&>XO?#G;C>%SV@R+AVL%=JA(70fg#8jjyJr<2%}gpg5_5*@*q@_(aQvbY%RGyBBuFf zDsCjc_(bGjt`z>~!haDp=9+r?)^5|mY%Oak~ zF+LRIE}IQ)!6OLyhRWUb(ceGn%%-qo2>4?Fr;R`&aG;?xz9L4YVfq%Hi6eR< zdm;fCkctCXSfg?SS->dLBeic8JgSp9Q6ww}UqAH~JGEa80&?)xqY7{0vv4UjC)K6v zG1-d0-x+{-2uANzj;yNT4pz>k=fOh^;q0Ayd=iQw%7ErdFT4A$>PEDHBKUDcc=c$> zDgbWUFB_dH3DJo+vOHcQw!Zybun?`0vv)8cV0p^1)o;UYL4%uRY+p zpl8*S%q97mHJMP7ZhPOu-ycnp@bP7zoLHPK*T^T5$(}6N5HwjW*5{M`b6#NZoe_cx zK!(fR8G?F2@kUAYcslR=~3+sMN7EN^bvSs@y%WcaLP%P_mwecr26W7VfDLgv5 zsIwDSwjqT<^S^X)z)xjF%;>@o!x!a`sEkM`%WNY~5SdvzpR1GF*|@rs`1e?Am>5}L zfXJ3})|l)tbwftS3hkHJ(EW=)!I z3?l8p2RT_?z5@ugTeIM|jgCqH1={2^%S`?|mM!PYW^y2QkKqiS&-bvt}D{er`~~@)iUQt zAw`e>UNF86Z#}H-T61pbIZ(Z`HZ^p)dDv@GSZg9X%A=IOObY^1t;YPCEt>1YTG2_P z=$UrcCmGM|F_ae#4V{>o?zq~zBmPM3wdCg?_bxp&(LNy9k;+O9g`93?wNgt2><~*y z37t9SKE#G0a#*o-cR??a?K4%cTf+Lc+wW~NF_DIt?dY7Z7!|y-1uvt^Xaw(Y!W0xM ziYk!V2|-E8?%}bHdk*UYQfT0HSC|VA@r4U*4^fBxi(*nLqJn~iG7&1OETX$;Gf1)p zf5C&3@|MehvPl=b`FWP(mdUXYg4-<{di&^H7q8jY2|~y?l;~(hNr%eh_ebW)Q6Gnn zYwFvn`FW}>UF=hSGOGlXq!17gD>iJn2#{7y!*NRame@cDS%46UjwCk|i7Y_Ce-w(` zLl0+8E`+1yDK;~`{$HVm*k21imP7OmE<)-m)D_w>?o&qxXoIT1O~fZm9i|Ein!u76chh2dgcMLF^V^1~tU zV+?~M=f;IRS7t#(y@aY)qa;=M@)qVsdAHhr^38FRTY*|Almr|my;!-?j~z0$bm3|~ zO+;qWFX%*2b#U;|$*^U8rc=(4AQ5mc1>Dr@=lvLm1bb1L{|erEAb*$4r%ga$WPVoW zQ5;Gz+Pg8ca0Sh&scPfF!JlB7Q(@4vZBzeh6tejE_!S$!&J60vz?tKQ;0R!F9s){> z*eunL_Gpw+&(#M;o*`BPyxZ6Uj0*E z+5Br{iuSW^Q;2iq&KtHOi{^9MTv8M&&ue^~#t?{*-0BCFQ{d855i_zaIlX>#xhkpN z{f-Qei0nUg&;T9UlP70lV{6pWfHG_f1rFX15ROx>OB#Im@WxFMTr4EKCH@b{@q<nRGajaIb#Yo^iQ!rA#|!Lp-HF*(PCQqe zbQmGT9OD0-^nmn0Ak&iqM1TO2V~Q*6BO+vTc@eeH2mwP}WaPjhPu-*% zOaT6kak(pQdME>!%DEYE8@|MnQq*g$HWAots6o{>+N%qUO8A29J$UR#f%F3xQ zLnVU&(jQR=4aXG}RIVkk8N?tF41wT*OR)ofRSb$q;1f>`hN~b_A6)H6WJRvR>C4gr zb3nrT-P|Ny>gS#48riN&6{8K{#Qg2T`SlAau+vXTpJ(-AxUB#ys*|D7Z37afoCLJRA zMkE5a0a+JRv4xKNYa)tWn?IEtQ7&oB&&SbmDQ=0;W>IkFx-F>?8p1E7T@%jl3t%It z>5|E8xslcDqitVFMHX#jZQbJhEjOcp3up&Lv{KiVKuMnl?tP2&2d-JgQx|)p76e8J zOc^W{6%GuW3|ByL`mWc)c}Ib2wdn!!Nu^YRHesQ1xUrld2>B($i4Yy$JQxpfJW_j< z^J!(6pNsPIt3@4)=Yf|vou#+T1SsJi=3XX>ZB>S-{0oUF_U2>#+M)1raf6pFpr5n? zdcjVhDoNsElwUEEV#Oxm4o}+sstplonYX{HO&ROgewaJ(eoiQdfT4)I*fy|hS$`wS z#2GS&hc$5$THe7n3@Vd6Mz+rk(ZOJZoQJ`aRJ~FgD6(rr6@9i{WE87J`MQT?=V^h! zomhSJ``Mm|b3EWZ_T&#XvfbFNroF>@L&K^z_MoacxV=nQNVVczZW?apF9I-p-r@a; z6sG2snCevp>1KxW07D)i9iLEh?TSklfNkrR4C7h94@2vqjpT^zK zsz81xzb_n3%^IwxBorBQ>>&KlKVBJ?rbo`oiu7s2%Ib%?YVLJPwX`%qfjn6ibX9;u z$K~LVYJxb#U^bVlUI*{%gr6On7dr;&Nf3I7E+0E)hTV<63V-rU@ zBJM=uepq6a+Krn9s^LMy>07~IqrGIPvPSic->*UNpZzlVqD#t?D^3Kg@o9qeTSoN7 z<^HF6GL}A)}%quVviq(%zC}(GhRBn)D7H zxe|ftfr6m262pY)2IOMYEXUeWa1ahIOb~B;dO_iDRMVvvnFu(Mpk}7f*|{QhZQ(I7-$aSw39^~+7V!e4q4#dV z<0AvlqJ-Cti;2rvMVCXsoh5npG}S++*=;WJU9|PiP(-9cS~!paIs|uAII`e z*CcLrwr}e^uBx1<-R_B}S=qJeDxy zOLWzVtg}Uy&6?BIo3AT)_S_!)d!6kkqu%aGf6J?pEnV_=76O)(`|~x$Z>k~nojOl; z+(Hv`mjODpg0ts&jkqq97QD9*WbZCG=j<27`YjYr=I?>4)v&VlBpfe8_mf+C5l4~5 z_qEn#Ws-#|j$%RPU-F&o*5p_iy3<3Pb(l{|&2(uK<#-M&pU41g69?lN3)iU)DF(jS zWNj2I7ioeskEOe(hI>v5<53$2`~mTnpVRu&pO5-?Lz&436_2MrlKky0vH^F5D6{!C z2fklF8kX@2<`pa)Z>t_Ac_!rnPjR!HDMifPC7rIuo`~3D$7q6mpRC>;H`Gf6jt18A z(Yroea|~lATcuXxRBxCAVb()Cdj?}#i@EuJK-A*r(DT#PuO;cd|HFnOU-7H+%EdA% ziq}G`$Mj3xkhl(2y#$toj^1#+#o3+pS$Zkr+1*Nnta+Z0%vGn_=ts{ZjW)NgnE0C` z%*P?x#rpW)t|811goc-~GVd;R5~A^+Zq6V%4>i&`K@A=|>4=W{-02rn_Zkg<*?%;1 z$F6Ph;_5!*)l5$frG3H~pV#c>Js%swMEg@lT-t%gDD;XvD(kq!b)BC(jh(v+WTQZ- z+!!k)ipj<{JXmo0en92$vmx)FuF9bCGhKBNNJPXARtzQZDir)MaO+_B&BpxpdfVC5 z!Qb-CHp>EUiKx{0OgJ(D!_n@C!;O#<&=4+9t~Zmu#4Fk2R;=y7zAfjQWe=M#(L}KO z@(H8kgYBq!WyI%o>-QQz3rM>7S|4hTn%)r1f5MvW~;xC1yz)%_?(iWNT zPJ$ie81dGPRM2OwQmu2?zW)QgfS9<{pMuy(f#i+uycdpn@&GGc&xIZC4WOi=Xgfj3nlplXIWA^}txI z^Ud5G>}^314NPwL4^6KB*Zu6TphxRv1wavOF}k=!kUNV6S4Pe3tNVFC;i zRF@+)TpB4pFKh@XErzHW#u&~%BP?3wwE4t%xD&!?&`-2}DOhejlQ1RRoB7llwUx;a zcs+*WD<6|tY$1rA(Z%w;0_zX>^p!IXdL3Dno2?newljDA!*-Q_R%5&TvWIGF-uxq> z%@wc~#~TT8;~mIw z`$!6|%Y?-DN-UmtDyK3wpx>)IWt%+lT*rxpS7es4+$zT5lJ~-4_Z-L#zQ4RdlU6@;8?1sAf zIFM+7^Xp9fb;eq3mhOziB<#d{jklBO4dyR9-BCcvmS{zJaq+l(y(uGo&tFb$KEI$6 zjB1jNCU)^fmRg4~AvN#SNdCe=Z2u4ayVLJk|AuHPW_jszo^uNNqC9l^uFd}rD= zKVPhhDP;M2*qrjc#{+BhKAG+iDaO-?d7AAjj&ESh@K%1G4)Z1DXR8%-2^-%K4z+s2 zL607Z_v_3lx-=3x$R4_)34pCzkTCt71;`BZ9`#(_G;JtH+V1Y((QE-;QeJTDAp$z1FpL5f5r@Em*0(lw59g~c@FO|%w^6J~%^Nm( zd2WoyEDTMt;4~=z)rfuajcEXE%grEGLKXG4QF4@GIazpxFB(z&ON6pm{Fg?x`>pFV z1y@Q&wqMLCYPrV8sr97$CG)~s_QOTe?u>rdL?>c8g{n8&WBOoF&DO+B?6r(Q3(TvN zA0lOZf&`727N8s1%hn5Bf`?oBuK*c*S?Hai#SvC5n^{1M0DG^yTPVz%H0ZkGaLaD`!iVuJW#wREm% z^I=kQ!!9@2M7s3J-_%*xI|SQZ=H$?M^S$j&=!4@@5pQb=Nj#ADy+84}TevH-Gbalt z>~=nEMS}y`w4Rjpa(ZHi4SVwS35BWliGjMnba6rrzv|1-#tLEQMLl(~Hh4wol7}s1 z^2$C+DP`v^L{1n?h*Ou#SgzEdhdUIG)&~%NA??fI4AfTh(MSho4P3Bgi<2SRcMMCv z3>?#Cmnfidr~jtIk19ETq2`+F5F=mTt34ko@wn*ou*plC7vW4sHw>Jr&|Kt6niIBy z^3r6Yr7e_2tYMT?I~BLpOh3wu9n6J(-)qEo!ScXgjy{h~XI*PHuwhD>V)SW`zX?DK z;8M~Icr7$A#; zru07+%#TV~qP+lKQCTPAdw?mP>5RSK$BX#wZ6{0N3#ZP@_uE|GH$8)_tkdneipC1A zw{OsdQUGlU0|M(D@yz2R2Vp5vu8NtVUnmU%hXVP zIj8wNl$1@hOMYnLBA47nnZXfD()ctSTOx}!%0wj7&PpOCcRn1F%Na5`KEo^%UA2Ou zx0EmA1tRhf&;ZGHR!KRn!gLvlquLBzlS1-KlDCyZSJM^BeavP3B2sO^8oA5xGP+PZ zj63PiEiY&Xo>( zeHGItf4zDR9tUgXNp>NF-yJDHdavH zo&Y81E4qWF(al8`1MAd>C(q!pbIsXfkEGxrnaAlD?~6v|A7;FY>H5tN>E@}9gfgB~ zw-kYsqpe@~zrgx}PH+l_B?HLqBo;C4Knw5>+%7@6X>-s1O)c}D2Nx-i6!+uS9h0bI zuN~zO$#TY^!%*j+{PEJu#0k%_qwfZS!*iVvAeDtOtF(M;_|sOuKDObM(Di=l9F#FX z^DZsy0k?h?HzwHMG|$*LjZR34XT2Yd?>#bddwINhQ(LnOHPmHw;ttWtM7rVxiN1iM z8E@(yDh2%JQe(=idFT&R?;x6>6jhJ{N?+;?Dn0G4`0_{gJqcvhS9()%1fGL~j%J+B ztG>;)1m&11(}J4%zOrf@N)8ezGoU{)HRhm5mxyLl%msH~0SmQ^l{xK>u;g|$;>Wz* z_aH$y&h8LvUmutTesBMf7KGy`?IQ-m!EbyQ=tBs}fUgAYHd4d*hk09Ubd*FiN%?`> zZ#pbmk`*9(8RpEVPa`WU-bZwzNm2*%-u%deX6iH8)#Mzvl|PONS`=^ca$h ze%)IfYb7l$FuwBF7}?Zt7{mejAXJd3@%Ik6^~In2!IcI$y^?Y^5Q1zf)1CboL+;F{ z5AOheljGV~`%BPWL_XoV)gk1feB%PJk^8%ONM&5f=k#7-V?J+8E%s?Pjj#pPFSLmI zE<`!B9f^{cZ-9p1g>@4g#hVNv4R6B|9Uze{oxQ>9X1BkzhI*_SjH|gPF}=0$?|kSZ zPYUSCXXW3-o6S(Au!QOSGPNhyTi?_2RDQY6by4ujzjC^5F$L!6u*B2br;W93{)mVA z3H|t|pOzm_5?wz&iMBOnos8KuA%XTFv-7D-Jf={_s5KW{Dx!&QzbIqmc0pZw^e36q z=HY%>ahkKABMP&h7d%OJv=UzQZGS?Yp-M`Pie4@l0B?6i=ue@(^aI>7l^dFT|r%COv9O{0*b{> zLEFTNWvhgKnn=$+mS()^hgLKKIb5MIh4e=|EsKTd0^Eh52gBHsDbC#5<4$P;*_M8D zdP-#k_Q}La!(S!u+IQg>D6J0nuOdhfm-U}pJ`dn$%asQ+erpm1#|CGDo(TLQd0o^B zzwl;q%J`$rX&~;C=wB-hu`$LB^Zs9r7*Al)(DkxlL(fsKM?5YmKpeb(ulFZ!Vm--l{ z*J!sP!6K@Y@?z+;BjlX`)5w-$XbWhYSc+eeSrFhK&fJ9byXUdv`m5>L=?;JSyo73} zF1;DfxbU5IK3eB*(p z*v8?7BTuJ5=Ghk5DS?$?kmA_w2NiP4Z*n5c-?_Fr)ARI84dm*5w4 zpo+P|7-&UTYQ970TXV{Y7qyntlV@p(zr_iEWPTk5v}vFC4frv%C2CS&(CrX>7gbzo z@#8-%Dhj#k_k$?UudOMINN|5=Xjg=oQwKe)tE11iI)ggA)7kCKW;Fb zP`d&D@O(DdSg8vhFtnK%PQ;&cz&xzQ1qs+g+?%m8>f1nPfexrZ1GHT$h#^$|B!qXZ z(jBW$)|T)feIQ^B6l6UFU!D0&nvrL&Z$(X9%2KyGkTnA0gr6HEOgp&h#{EGAhtwt#nyPgm1@40Ch~eRG?*uLx*+5l^2S|xKp?Pl ziFm}HUJV+zsL~&Sgzd>!^~XDx*@XVET(14y#UyyCxF{Yj|KnzP2ll&Ww-LmqwRKr# z`QAV*-(G6~SXpVgQ}D5eE7_k12oh27V4K7O_E9W^upgPyWk^tvio7_0Mx+3W_*}#x z#?dr3rI!d11gThQ9e}{IijW`#cZsnygdan={B129s(Lv%i6Gj@paVMbE@3&6e^51E zc_X>P2h3XNbK6@0xdkqF)-wH7h_$o|rJ%npHfBn+2w{;_DFsw?+55CuB7(H3j9 zIKWIAw2v^)pnFoYm95>-$m5kUS;{}(;akxqc66rP-(H|gABl!mX^xWO+48LSu{dei z>4Ea0!R#ioA?#?eHQTmCYlr)%n;*xN<*lRS{f!6?qG((-(bgyp4i0i1)scekHV9Yf zjiutD(H(I?kT-)D{b+5^#t;FG105nD#Qa8WzT-{pL+j@=r|_*wHesvD#VG~0Uz`K` zZ!w*&CtC~#VVl(t^^M1GQ68b{HF$w3lV~WzFce6M1W=5YHZ~?l%Jg#u<``u93?S>x z(BSVTEYalp=~M5|DLbz_?+tRtsmJnzjkLHU9~D^_i1!ul9LcZd?v|zi5!(I6rw>NJ`-H@7PAQ}Li9`a*R&8gHrpD)4^EVt*|vYo@r|Tepy6#JNPiuHRs^vh@nR)P11ARXlsEMFU`H0fCHK z!=zzpH>~wX`_faGbv*Y=7t*%QvHk^$cxKHM@v_i_Mi@62NQ`M*Q`B`m%TijXyR4NoWeah)~vSHl&HR zgN@wZX4A)OYwDmyk!NPg=&!ex@zUV|q?kmMH zw)m&8x|2FrUOuT0G%iylxRCOg2Rf-b2t3R|NAE++dz=SOVK1G+z9Ve)D`7A0%WPx# zc2H?{+Kz$&N$<2uDA6O9c9wl?a9oQExu;ysw#u5SqD+Z`y0)T6WLfDiGUY$&Sr@d_hJI5;mp`KZ8G=L+Nx1X;rQ8k!D{54nSO`EmSCErv9qo6W;P=Jks+~JpI`l zlc1ZLLKxk#hmUO)lS#!Ak_mw`1!@*lz&jLP_2%{ z_eMTYZwtJAqN++W(SLkTga$ED5B2gfI5Cb(RI~s*vluA}fIz%U3rfApYxZFbm-+jh l9=;HXJa+KG5@mj2ee1f-OfJL-*Zc-FNl`hGY9WKb{|D}q4jBLd From fc801db06a8c9c465f7ab92e0d276bfe0b972bb4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 May 2019 15:43:41 +0000 Subject: [PATCH 1164/1961] RFP stuff --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 18c3c38..f06eded 100644 --- a/user.js +++ b/user.js @@ -1471,11 +1471,12 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) + ** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) - ** 1540726 - enforce "light" with prefers-color-scheme (FF67+) + ** 1540726 - return "light" with prefers-color-scheme (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); From a173d30d4ec7b42062fd3352be5cfdae229c9053 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 10 May 2019 22:34:24 +0000 Subject: [PATCH 1165/1961] RFP 68+ isolate site permissions --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f06eded..ddcd2a0 100644 --- a/user.js +++ b/user.js @@ -1400,6 +1400,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1473247 - isolate IP addresses (FF63+) ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) ** 1542309 - isolate top-level domain URLs (FF68+) + ** 1330467 - isolate site permissions (FF68+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From a4c2bb80aafc750203979be994a4567567cdb89b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 May 2019 02:48:06 +0000 Subject: [PATCH 1166/1961] 2429 remove default tag --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index ddcd2a0..1fcb4cc 100644 --- a/user.js +++ b/user.js @@ -1099,7 +1099,7 @@ user_pref("dom.IntersectionObserver.enabled", false); user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] +user_pref("dom.targetBlankNoOpener.enabled", true); /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From b3c6561ba81f94a30bda29ff5fdf7e9da2a930a1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 May 2019 13:44:12 +0000 Subject: [PATCH 1167/1961] 2203: change [test] It's the same test (thanks gk) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1fcb4cc..e7efee2 100644 --- a/user.js +++ b/user.js @@ -983,7 +983,7 @@ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window. - * [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html + * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); From 76c476ee3cf6d2b8b5a84557d90de5e7d006d1d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 May 2019 13:52:53 +0000 Subject: [PATCH 1168/1961] 2204: replace [test] old test: https://developer.mozilla.org/samples/domref/fullscreen.html - for me the video comes up as "no video with supported format and mime type", so may not be practical for all users --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e7efee2..fd3b959 100644 --- a/user.js +++ b/user.js @@ -990,7 +990,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube - * [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html ***/ + * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen ***/ // user_pref("full-screen-api.enabled", false); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ From 5d5a9acaa41087bff8aad6123c12c8cb0e80ce48 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 May 2019 06:48:49 +0000 Subject: [PATCH 1169/1961] FPI: 69+ isolate pdfjs range-based requests --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index fd3b959..5c50857 100644 --- a/user.js +++ b/user.js @@ -1401,6 +1401,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) ** 1542309 - isolate top-level domain URLs (FF68+) ** 1330467 - isolate site permissions (FF68+) + ** 1506693 - isolate pdfjs range-based requests (FF68+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From 7a103b0c23984f8d338c69fd998c7e3e2303557f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 21 May 2019 22:23:23 +0000 Subject: [PATCH 1170/1961] FPI: 1330467 backed out now that stable has landed.. I'll leave the text in place --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5c50857..da966be 100644 --- a/user.js +++ b/user.js @@ -1400,8 +1400,8 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1473247 - isolate IP addresses (FF63+) ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) ** 1542309 - isolate top-level domain URLs (FF68+) - ** 1330467 - isolate site permissions (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) + ** 1330467 - isolate site permissions (coming) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From dae1087082a729441cfe30665cd64e13416e1501 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 May 2019 21:11:45 +0000 Subject: [PATCH 1171/1961] 2660 enabledScopes, closes #729 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index da966be..d9b736f 100644 --- a/user.js +++ b/user.js @@ -1241,12 +1241,12 @@ user_pref("browser.download.hide_plugins_without_extensions", false); /** EXTENSIONS ***/ /* 2660: lock down allowed extension directories - * [SETUP-CHROME] This will break extensions, language packs, themes and any other XPI files which are - * installed outside of profile directories (see GitHub issue #674 for an issue with language packs in Linux) + * [SETUP-CHROME] This will break extensions, language packs, themes and any other + * XPI files which are installed outside of profile and application directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] archived: https://archive.is/DYjAM ***/ -user_pref("extensions.enabledScopes", 1); // [HIDDEN PREF] -user_pref("extensions.autoDisableScopes", 15); +user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] +user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) [FF60+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); From ed23a88c081840571e814f9c034c02cd3d185f49 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 24 May 2019 22:50:24 +0000 Subject: [PATCH 1172/1961] save 87bytes --- user.js | 58 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/user.js b/user.js index d9b736f..e322c99 100644 --- a/user.js +++ b/user.js @@ -44,35 +44,35 @@ * INDEX: - 0100: STARTUP - 0200: GEOLOCATION - 0300: QUIET FOX - 0400: BLOCKLISTS / SAFE BROWSING - 0500: SYSTEM ADD-ONS / EXPERIMENTS - 0600: BLOCK IMPLICIT OUTBOUND - 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc - 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS - 0900: PASSWORDS - 1000: CACHE / SESSION (RE)STORE / FAVICONS - 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) - 1400: FONTS - 1600: HEADERS / REFERERS - 1700: CONTAINERS - 1800: PLUGINS - 2000: MEDIA / CAMERA / MIC - 2200: WINDOW MEDDLING & LEAKS / POPUPS - 2300: WEB WORKERS - 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT - 2500: HARDWARE FINGERPRINTING - 2600: MISCELLANEOUS - 2700: PERSISTENT STORAGE - 2800: SHUTDOWN - 4000: FPI (FIRST PARTY ISOLATION) - 4500: RFP (RESIST FINGERPRINTING) - 4600: RFP ALTERNATIVES - 4700: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) - 5000: PERSONAL - 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + 0100: STARTUP + 0200: GEOLOCATION + 0300: QUIET FOX + 0400: BLOCKLISTS / SAFE BROWSING + 0500: SYSTEM ADD-ONS / EXPERIMENTS + 0600: BLOCK IMPLICIT OUTBOUND + 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc + 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS + 0900: PASSWORDS + 1000: CACHE / SESSION (RE)STORE / FAVICONS + 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) + 1400: FONTS + 1600: HEADERS / REFERERS + 1700: CONTAINERS + 1800: PLUGINS + 2000: MEDIA / CAMERA / MIC + 2200: WINDOW MEDDLING & LEAKS / POPUPS + 2300: WEB WORKERS + 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT + 2500: HARDWARE FINGERPRINTING + 2600: MISCELLANEOUS + 2700: PERSISTENT STORAGE + 2800: SHUTDOWN + 4000: FPI (FIRST PARTY ISOLATION) + 4500: RFP (RESIST FINGERPRINTING) + 4600: RFP ALTERNATIVES + 4700: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) + 5000: PERSONAL + 9999: DEPRECATED / REMOVED / LEGACY / RENAMED ******/ From 57339d09b1f59f0c707d2434002b65f852f78049 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 May 2019 05:16:17 +0000 Subject: [PATCH 1173/1961] 2618 -> RFP ALTs --- user.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index e322c99..31b5f9b 100644 --- a/user.js +++ b/user.js @@ -1191,11 +1191,6 @@ user_pref("network.http.redirection-limit", 10); user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2618: disable exposure of system colors to CSS or canvas [FF44+] - * [NOTE] See second listed bug: may cause black on black for elements with undefined colors - * [SETUP-CHROME] Might affect CSS in themes and extensions - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/ -user_pref("ui.use_standins_for_native_colors", true); /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets @@ -1476,7 +1471,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) - ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+) + ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) ** 1540726 - return "light" with prefers-color-scheme (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme @@ -1593,6 +1588,13 @@ user_pref("webgl.enable-debug-renderer-info", false); // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent user_pref("dom.w3c_pointer_events.enabled", false); // * * * / +// FF67+ +// 4615: [2618] disable exposure of system colors to CSS or canvas [FF44+] + // [NOTE] See second listed bug: may cause black on black for elements with undefined colors + // [SETUP-CHROME] Might affect CSS in themes and extensions + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 +user_pref("ui.use_standins_for_native_colors", true); +// * * * / // ***/ /*** [SECTION 4700]: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) From dfab1516ef22575c015d8dc6e41c0a6b58ea8074 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 May 2019 05:33:57 +0000 Subject: [PATCH 1174/1961] FF67+ deprecated --- user.js | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 31b5f9b..87d05d1 100644 --- a/user.js +++ b/user.js @@ -1094,9 +1094,6 @@ user_pref("javascript.options.wasm", false); * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/1243846 ***/ user_pref("dom.IntersectionObserver.enabled", false); -/* 2428: enforce DOMHighResTimeStamp API - * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/ -user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); @@ -1656,9 +1653,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR [FF64+] - // [SETTING] General>Browsing>Recommend extensions as you browse - // [1] https://support.mozilla.org/en-US/kb/extension-recommendations // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend extensions as you browse // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] @@ -1767,6 +1761,17 @@ user_pref("browser.chrome.errorReporter.submitUrl", ""); // [-] https://bugzilla.mozilla.org/1415625 user_pref("network.allow-experiments", false); // * * * / +// FF67 +// 2428: enforce DOMHighResTimeStamp API + // [WARNING] Required for normalization of timestamps and any timer resolution mitigations + // [-] https://bugzilla.mozilla.org/1485264 +user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] +// 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features + // [SETTING] General>Browsing>Recommend extensions as you browse + // [1] https://support.mozilla.org/en-US/kb/extension-recommendations + // [-] https://bugzilla.mozilla.org/1528953 + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 6f76a9bfd20e9e4a0df03dd3b4bbb91572c81b38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 May 2019 05:51:13 +0000 Subject: [PATCH 1175/1961] 2030 new default --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 87d05d1..2d07edf 100644 --- a/user.js +++ b/user.js @@ -958,7 +958,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * 0=Allowed, 1=Blocked (2=Prompt - removed in FF66) * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ -user_pref("media.autoplay.default", 1); +user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF67+] /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable audio autoplay in non-active tabs [FF51+] From c079c3c6329f6b8277491376feb0985e535ea6c9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 May 2019 06:07:41 +0000 Subject: [PATCH 1176/1961] 0110: clean up --- user.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 2d07edf..b3eeb66 100644 --- a/user.js +++ b/user.js @@ -125,12 +125,11 @@ user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false) // user_pref("browser.library.activity-stream.enabled", false); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed - * [WARNING] The P in PB mode is misleading: it means no "persistent" local storage of history, - * caches, searches or cookies (which you can achieve in normal mode). In fact, it limits or - * removes the ability to control these, and you need to quit Firefox to clear them. PB is best - * used as a one off window (File>New Private Window) to provide a temporary self-contained - * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does - * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix + * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, + * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). + * In fact, PB mode limits or removes the ability to control some of these, and you need to quit + * Firefox to clear them. PB is best used as a one off window (File>New Private Window) to provide + * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing * [2] https://spreadprivacy.com/is-private-browsing-really-private/ ***/ From fdc9db9a084d6ef4f058d01ff8e204054f485591 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 26 May 2019 08:43:12 +0000 Subject: [PATCH 1177/1961] 1600s revamp - no need to enforce defaults (except the second cross-origin) = less items in prefs and about:support - simplify header info - add in that you need an extension for real control: i.e for most people, e.g I use uMatrix and have never can to whitelist anything. Kolanich has been on settings of 2 for years and only found one broken site: these are anecdotal and don;t reflect the real world: which is why the settings are pretty relaxed - move the broken info out of header and onto the pref in a setup tag - reference: https://github.com/ghacksuserjs/ghacks-user.js/issues/716#issuecomment-488527274 - thanks Kolanich and :cat2: --- user.js | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index b3eeb66..2da4f38 100644 --- a/user.js +++ b/user.js @@ -826,45 +826,47 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] /*** [SECTION 1600]: HEADERS / REFERERS - Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce - the default values for 1601, 1602, 1605 and 1606 to minimize breakage, and only tweak 1603 and 1604. - - Our default settings provide the best balance between protection and amount of breakage. - To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). - To fix broken sites (including your modem/router), temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, - use the site and then change the values back. If you visit those sites regularly (e.g. vimeo), use an extension. - + Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone + --- + harden it a bit: set XOriginPolicy (1603) to 1 (as per the settings below) + harden it a bit more: set XOriginPolicy (1603) to 2 (and optionally 1604 to 1 or 2), expect breakage + --- + If you want any REAL control over referers and breakage, then use an extension. Either: + uMatrix: limited by scope, all requests are spoofed or not-spoofed + Smart Referrer: granular with source<->destination, whitelists + --- full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 - + --- #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ -user_pref("network.http.sendRefererHeader", 2); + // user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2] /* 1602: ALL: control the amount of information to send * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ -user_pref("network.http.referer.trimmingPolicy", 0); -/* 1603: CROSS ORIGIN: control when to send a referer [SETUP-WEB] - * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ + // user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0] +/* 1603: CROSS ORIGIN: control when to send a referer + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ -user_pref("network.http.referer.XOriginTrimmingPolicy", 0); +user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0] /* 1605: ALL: disable spoofing a referer * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * (Cross-Site Request Forgery) protections that some sites may rely on ***/ -user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] + // user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] /* 1606: ALL: set the default Referrer Policy [FF59+] * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/ -user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] -user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] + // user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] + // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * the Tor Browser which is specifically designed for hidden services From 8811a28c56d332c170596169511808c6debb55eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 May 2019 14:04:09 +0000 Subject: [PATCH 1178/1961] 2705: document.cookie max lifetime https://bugzilla.mozilla.org/show_bug.cgi?id=1529836 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 2da4f38..19755af 100644 --- a/user.js +++ b/user.js @@ -1291,6 +1291,9 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ // user_pref("network.cookie.lifetimePolicy", 2); +/* 2705: set client-side cookies maximum lifetime in days [FF67+] + * i.e cookies set through the document.cookie API */ + // user_pref("privacy.documentCookies.maxage", 7); /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ From caaf76e3fb280b0ae1f2e170fbd95605322af960 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 May 2019 14:42:44 +0000 Subject: [PATCH 1179/1961] remove 2705 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 19755af..2da4f38 100644 --- a/user.js +++ b/user.js @@ -1291,9 +1291,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ // user_pref("network.cookie.lifetimePolicy", 2); -/* 2705: set client-side cookies maximum lifetime in days [FF67+] - * i.e cookies set through the document.cookie API */ - // user_pref("privacy.documentCookies.maxage", 7); /* 2710: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ From a633622d11539233cbaa4a1b3e3f81a8abdbb93f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 28 May 2019 14:45:07 +0000 Subject: [PATCH 1180/1961] 67-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2da4f38..552790e 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 15 April 2019 -* version 67-alpha: Barbie Pants +* date: 28 May 2019 +* version 67-beta: Barbie Pants * "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From f53b996cfa73d26920cf61c58d5a9af9a8004f8f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jun 2019 17:49:42 +0000 Subject: [PATCH 1181/1961] toolkit.telemetry.cachedClientID, closes #739 Read the linked issue --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 552790e..6c85155 100644 --- a/user.js +++ b/user.js @@ -230,7 +230,6 @@ user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.archive.enabled", false); -user_pref("toolkit.telemetry.cachedClientID", ""); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] From c2dbdcd4ec1f32431859fe75af09a0f1b73ec162 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jun 2019 17:51:49 +0000 Subject: [PATCH 1182/1961] toolkit.telemetry.cachedClientID, #739 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index ae61fd9..2c667ff 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 05-May-2019 + Last updated: 07-June-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -193,6 +193,8 @@ 'services.blocklist.plugins.collection', 'services.blocklist.update_enabled', 'urlclassifier.trackingTable', + /* 68-beta */ + 'toolkit.telemetry.cachedClientID', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 01aae1b346d7ba69522f4a13f1debddfdf07aa1a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Jun 2019 23:29:58 +0000 Subject: [PATCH 1183/1961] 2426: IntersectionObserver=> inactive, closes #737 --- user.js | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 6c85155..762ba38 100644 --- a/user.js +++ b/user.js @@ -1086,14 +1086,11 @@ user_pref("javascript.options.asmjs", false); /* 2422: disable WebAssembly [FF52+] [SETUP-PERF] * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); -/* 2426: disable Intersection Observer API [FF53+] - * Almost a year to complete, three versions late to stable (as default false), - * number #1 cause of crashes in nightly numerous times, and is (primarily) an - * ad network API for "ad viewability checks" down to a pixel level +/* 2426: disable Intersection Observer API [FF55+] * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API * [2] https://w3c.github.io/IntersectionObserver/ * [3] https://bugzilla.mozilla.org/1243846 ***/ -user_pref("dom.IntersectionObserver.enabled", false); + // user_pref("dom.IntersectionObserver.enabled", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); From 2265b7352157eb1856dce07afae56c766b026fc5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 Jun 2019 23:56:40 +0000 Subject: [PATCH 1184/1961] 1406: css.font-loading-api=> inactive, closes #731 --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 762ba38..b56b05f 100644 --- a/user.js +++ b/user.js @@ -806,9 +806,8 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/ // user_pref("gfx.downloadable_fonts.woff2.enabled", false); -/* 1406: disable CSS Font Loading API - * [NOTE] Disabling fonts can uglify the web a fair bit. ***/ -user_pref("layout.css.font-loading-api.enabled", false); +/* 1406: disable CSS Font Loading API ***/ + // user_pref("layout.css.font-loading-api.enabled", false); /* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] * Any of these fonts on your system can be enumerated for fingerprinting. * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ From 9b7771fe763f0750ae516de28951c320c00f786b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jun 2019 00:06:15 +0000 Subject: [PATCH 1185/1961] 1401: document fonts => active, see #731 - https://github.com/ghacksuserjs/ghacks-user.js/issues/731#issuecomment-500255686 - reverting my change from last release --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index b56b05f..3661f81 100644 --- a/user.js +++ b/user.js @@ -783,10 +783,10 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) - * [WARNING] Blocking fonts can *sometimes* reduce JS font enumeration, but not entropy. - * There are also other methods to fingerprint fonts. Wait for RFP (4500) to cover this. + * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector + * [SETUP-WEB] Disabling fonts can uglify the web a fair bit. * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ - // user_pref("browser.display.use_document_fonts", 0); +user_pref("browser.display.use_document_fonts", 0); /* 1402: set more legible default fonts * [NOTE] Example below for Windows/Western only * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/ From a92c4086bbf8c4324c4369d1dc8a39338334af45 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jun 2019 00:38:20 +0000 Subject: [PATCH 1186/1961] 2622: middlemouse.paste, closes #735 --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 3661f81..f60b6f8 100644 --- a/user.js +++ b/user.js @@ -1207,6 +1207,9 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); +/* 2622: disable middlemouse paste leaking on Linux + * [1] https://bugzilla.mozilla.org/1528289 */ +user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows] /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From 0da3835a498e74fe24f76bf43a86c4c3d24db5d1 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 11 Jun 2019 12:43:27 +0000 Subject: [PATCH 1187/1961] updater.bat -ESR option (#742) --- updater.bat | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 3458c63..3e43db4 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.6 +REM ## version: 4.8 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts -SET v=4.7 +SET v=4.8 VERIFY ON CD /D "%~dp0" @@ -22,6 +22,7 @@ IF /I "%~1"=="-multioverrides" (SET _multi=1) IF /I "%~1"=="-merge" (SET _merge=1) IF /I "%~1"=="-updatebatch" (SET _updateb=1) IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) +IF /I "%~1"=="-esr" (SET _esr=1) SHIFT GOTO parse :endparse @@ -131,6 +132,10 @@ CALL :message "Retrieving latest user.js file from github repository..." PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" ) >nul 2>&1 IF EXIST user.js.new ( + IF DEFINED _esr ( + CALL :message "Activating ESR section..." + CALL :esr user.js.new + ) IF DEFINED _multi ( FORFILES /P user.js-overrides /M *.js >nul 2>&1 IF NOT ERRORLEVEL 1 ( @@ -205,7 +210,26 @@ IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF -REM ############ Merge function ############ +REM ############ ESR Function ############ +:esr +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO ( + SET "_temp=%%H" + SETLOCAL EnableDelayedExpansion + IF NOT "!_temp:~-37!"==".x still uses all the following prefs" ( + ENDLOCAL & ECHO:%%H + ) ELSE ( + ECHO://!_temp:~2! + ENDLOCAL + ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF + +REM ############ Merge Function ############ :merge SETLOCAL DisableDelayedExpansion FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") @@ -246,9 +270,11 @@ GOTO :EOF REM ############### Help ################## :showhelp -MODE 80,46 +MODE 80,50 CLS CALL :message "Available arguments (case-insensitive):" +CALL :message " -esr" +ECHO: Activate ESR related preferences CALL :message " -log" ECHO: Write the console output to a logfile (user.js-update-log.txt) CALL :message " -logP" From 690a93b71d8aebb4d7a2eba2ad5fe7a4ee75f543 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Jun 2019 15:09:24 +0000 Subject: [PATCH 1188/1961] remove: 1407, see #744 --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index f60b6f8..be4d42e 100644 --- a/user.js +++ b/user.js @@ -808,10 +808,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); // user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API ***/ // user_pref("layout.css.font-loading-api.enabled", false); -/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] - * Any of these fonts on your system can be enumerated for fingerprinting. - * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ -user_pref("font.blacklist.underline_offset", ""); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ From 8a204b5db0e5fdf1198b00abfda8ccfde1fc9db9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Jun 2019 15:10:44 +0000 Subject: [PATCH 1189/1961] font.blacklist.underline_offset, #744 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 2c667ff..b88c2a8 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 07-June-2019 + Last updated: 11-June-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -194,6 +194,7 @@ 'services.blocklist.update_enabled', 'urlclassifier.trackingTable', /* 68-beta */ + 'font.blacklist.underline_offset', 'toolkit.telemetry.cachedClientID', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 9e7f9de56f070784815496fc5b871b90c0841d0b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Jun 2019 15:47:34 +0000 Subject: [PATCH 1190/1961] remove 1402, see #744 --- user.js | 9 --------- 1 file changed, 9 deletions(-) diff --git a/user.js b/user.js index be4d42e..afaef23 100644 --- a/user.js +++ b/user.js @@ -787,15 +787,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [SETUP-WEB] Disabling fonts can uglify the web a fair bit. * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ user_pref("browser.display.use_document_fonts", 0); -/* 1402: set more legible default fonts - * [NOTE] Example below for Windows/Western only - * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/ - // user_pref("font.name.serif.x-unicode", "Georgia"); - // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman - // user_pref("font.name.sans-serif.x-unicode", "Arial"); - // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial - // user_pref("font.name.monospace.x-unicode", "Lucida Console"); - // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New /* 1403: disable icon fonts (glyphs) and local fallback rendering * [1] https://bugzilla.mozilla.org/789788 * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/ From ca5d6b331795b07e2980da707b30a2ea6281e621 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Jun 2019 15:50:08 +0000 Subject: [PATCH 1191/1961] 1402: inactive prefs for default fonts, #744 --- scratchpad-scripts/ghacks-clear-[removed].js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index b88c2a8..12f4fd4 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -195,6 +195,12 @@ 'urlclassifier.trackingTable', /* 68-beta */ 'font.blacklist.underline_offset', + 'font.name.monospace.x-unicode', + 'font.name.monospace.x-western', + 'font.name.sans-serif.x-unicode', + 'font.name.sans-serif.x-western', + 'font.name.serif.x-unicode', + 'font.name.serif.x-western', 'toolkit.telemetry.cachedClientID', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 7d7f580bfc0fbb48fdb0584dd7b750029b0d0bb2 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 12 Jun 2019 10:51:25 +0000 Subject: [PATCH 1192/1961] add -RFPalts option (#745) --- updater.bat | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/updater.bat b/updater.bat index 3e43db4..16a30e8 100644 --- a/updater.bat +++ b/updater.bat @@ -23,6 +23,7 @@ IF /I "%~1"=="-merge" (SET _merge=1) IF /I "%~1"=="-updatebatch" (SET _updateb=1) IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) IF /I "%~1"=="-esr" (SET _esr=1) +IF /I "%~1"=="-rfpalts" (SET _rfpalts=1) SHIFT GOTO parse :endparse @@ -136,6 +137,10 @@ IF EXIST user.js.new ( CALL :message "Activating ESR section..." CALL :esr user.js.new ) + IF DEFINED _rfpalts ( + CALL :message "Activating RFP Alternatives section..." + CALL :rfpalts user.js.new + ) IF DEFINED _multi ( FORFILES /P user.js-overrides /M *.js >nul 2>&1 IF NOT ERRORLEVEL 1 ( @@ -212,18 +217,37 @@ GOTO :EOF REM ############ ESR Function ############ :esr -SETLOCAL DisableDelayedExpansion +SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO ( SET "_temp=%%H" SETLOCAL EnableDelayedExpansion IF NOT "!_temp:~-37!"==".x still uses all the following prefs" ( ENDLOCAL & ECHO:%%H - ) ELSE ( - ECHO://!_temp:~2! + ) ELSE ( + ECHO://!_temp:~2! ENDLOCAL ) - ) + ) +)>updatertempfile +MOVE /Y updatertempfile "%~1" >nul +ENDLOCAL +GOTO :EOF + +REM ############ RFP Alts Function ############ +:rfpalts +SETLOCAL DisableDelayedExpansion +( + FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO ( + SET "_temp=%%H" + SETLOCAL EnableDelayedExpansion + IF "!_temp:[SETUP-non-RFP]=!"=="!_temp!" ( + ENDLOCAL & ECHO:%%H + ) ELSE ( + ECHO://!_temp:~2! + ENDLOCAL + ) + ) )>updatertempfile MOVE /Y updatertempfile "%~1" >nul ENDLOCAL @@ -270,7 +294,7 @@ GOTO :EOF REM ############### Help ################## :showhelp -MODE 80,50 +MODE 80,53 CLS CALL :message "Available arguments (case-insensitive):" CALL :message " -esr" @@ -298,7 +322,9 @@ ECHO: Run without user input. CALL :message " -singleBackup" ECHO: Use a single backup file and overwrite it on new updates, instead of ECHO: cumulative backups. This was the default behaviour before v4.3. -CALL :message " -updatebatch" +CALL :message " -rfpAlts" +ECHO: Activate RFP Alternatives section +CALL :message " -updateBatch" ECHO: Update the script itself on execution, before the normal routine. CALL :message "" PAUSE From 3c5f58b812f0e99f683d23758f01c8fb0d87d36c Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 12 Jun 2019 10:52:46 +0000 Subject: [PATCH 1193/1961] Update updater.bat --- updater.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 16a30e8..b3a4ea3 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.8 +REM ## version: 4.9 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts -SET v=4.8 +SET v=4.9 VERIFY ON CD /D "%~dp0" From fc545b4d2705bd770efcba7e8d677a986965949d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Jun 2019 13:33:58 +0000 Subject: [PATCH 1194/1961] remove 1406 css font loading api #744, #731 --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index afaef23..2963ccb 100644 --- a/user.js +++ b/user.js @@ -797,8 +797,6 @@ user_pref("browser.display.use_document_fonts", 0); user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/ // user_pref("gfx.downloadable_fonts.woff2.enabled", false); -/* 1406: disable CSS Font Loading API ***/ - // user_pref("layout.css.font-loading-api.enabled", false); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ From 06cf53d63eb869c73b2d19ad524338c8f3ddbd82 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Jun 2019 13:35:05 +0000 Subject: [PATCH 1195/1961] layout.css.font-loading-api.enabled #744, #731 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 12f4fd4..7ac59b8 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 11-June-2019 + Last updated: 12-June-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -201,6 +201,7 @@ 'font.name.sans-serif.x-western', 'font.name.serif.x-unicode', 'font.name.serif.x-western', + 'layout.css.font-loading-api.enabled', 'toolkit.telemetry.cachedClientID', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From dafd0894e6efb14675cbe46854918372dca6695c Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 12 Jun 2019 18:30:08 -0300 Subject: [PATCH 1196/1961] refactoring, mostly De-duplicates many lines because the -ESR and -RFPalts options require too much boilerplate garbage. The script was unreadable enough without repeating code. I don't think these changes deserve opening yet another PR, but please let me know if you disagree. --- updater.bat | 51 +++++++++++++++++---------------------------------- 1 file changed, 17 insertions(+), 34 deletions(-) diff --git a/updater.bat b/updater.bat index b3a4ea3..b433678 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.9 +REM ## version: 4.10 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts -SET v=4.9 +SET v=4.10 VERIFY ON CD /D "%~dp0" @@ -84,7 +84,7 @@ ECHO: ECHO: ######################################## ECHO: #### user.js Updater for Windows #### ECHO: #### by claustromaniac #### -ECHO: #### v!v! #### +ECHO: #### v!v! #### ECHO: ######################################## ECHO: SET /A "_line=0" @@ -133,13 +133,13 @@ CALL :message "Retrieving latest user.js file from github repository..." PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" ) >nul 2>&1 IF EXIST user.js.new ( - IF DEFINED _esr ( - CALL :message "Activating ESR section..." - CALL :esr user.js.new - ) IF DEFINED _rfpalts ( CALL :message "Activating RFP Alternatives section..." - CALL :rfpalts user.js.new + CALL :activate user.js.new "[SETUP-non-RFP]" + ) + IF DEFINED _esr ( + CALL :message "Activating ESR section..." + CALL :activate user.js.new ".x still uses all the following prefs" ) IF DEFINED _multi ( FORFILES /P user.js-overrides /M *.js >nul 2>&1 @@ -206,7 +206,7 @@ IF NOT DEFINED _log ( ) EXIT /B -REM ########### Message Function ########### +::::::::::::::: Message ::::::::::::::: :message SETLOCAL DisableDelayedExpansion IF NOT "2"=="%_log%" (ECHO:) @@ -215,14 +215,16 @@ IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF -REM ############ ESR Function ############ -:esr +::::::::::::::: Activate Section ::::::::::::::: +:activate +:: arg1 = file +:: arg2 = line substring SETLOCAL DisableDelayedExpansion ( FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO ( SET "_temp=%%H" SETLOCAL EnableDelayedExpansion - IF NOT "!_temp:~-37!"==".x still uses all the following prefs" ( + IF "!_temp:%~2=!"=="!_temp!" ( ENDLOCAL & ECHO:%%H ) ELSE ( ECHO://!_temp:~2! @@ -234,26 +236,7 @@ MOVE /Y updatertempfile "%~1" >nul ENDLOCAL GOTO :EOF -REM ############ RFP Alts Function ############ -:rfpalts -SETLOCAL DisableDelayedExpansion -( - FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO ( - SET "_temp=%%H" - SETLOCAL EnableDelayedExpansion - IF "!_temp:[SETUP-non-RFP]=!"=="!_temp!" ( - ENDLOCAL & ECHO:%%H - ) ELSE ( - ECHO://!_temp:~2! - ENDLOCAL - ) - ) -)>updatertempfile -MOVE /Y updatertempfile "%~1" >nul -ENDLOCAL -GOTO :EOF - -REM ############ Merge Function ############ +::::::::::::::: Merge ::::::::::::::: :merge SETLOCAL DisableDelayedExpansion FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ ]*\([ ]*[\"'].*[\"'][ ]*,.*\)[ ]*;" "%~1"') DO (SET "[%%G]=%%H") @@ -292,9 +275,9 @@ MOVE /Y updatertempfile "%~1" >nul ENDLOCAL GOTO :EOF -REM ############### Help ################## +::::::::::::::: Help ::::::::::::::: :showhelp -MODE 80,53 +MODE 80,54 CLS CALL :message "Available arguments (case-insensitive):" CALL :message " -esr" From fa61a7c25bb8755a39dbdbe6a83a1a3024b8cf0c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Jun 2019 16:34:29 +0000 Subject: [PATCH 1197/1961] 1202: cleanup I don't think we need a 4 yr old article to explain the concept of `.min` (or `.max`), it's pretty self explanatory (and SSL 3 is obsolete). Three lines of text culled, and one of the remaining http links eliminated as a bonus. Enjoy the saved bytes and mouse-scrolling. --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index 2963ccb..f785835 100644 --- a/user.js +++ b/user.js @@ -657,10 +657,7 @@ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. - * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 - * [1] http://kb.mozillazine.org/Security.tls.version.* - * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ - * [2] archived: https://archive.is/hY2Mm ***/ + * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 ***/ // user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.max", 4); /* 1203: disable SSL session tracking [FF36+] From e3381869534b7c3361cf4f2ab34499634c11ad91 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Jun 2019 16:47:25 +0000 Subject: [PATCH 1198/1961] 4500 fix alignment --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f785835..9528fa6 100644 --- a/user.js +++ b/user.js @@ -1452,7 +1452,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) ** 1540726 - return "light" with prefers-color-scheme (FF67+) - [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme + [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 7df6c676bed3f09eec73eca964467230be0552a7 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Tue, 25 Jun 2019 19:33:57 +0000 Subject: [PATCH 1199/1961] Update issue templates --- .github/ISSUE_TEMPLATE/tools.md | 17 +++++++++ .../ISSUE_TEMPLATE/troubleshooting-help.md | 35 +++++++++++++++++++ .github/ISSUE_TEMPLATE/user-js.md | 13 +++++++ 3 files changed, 65 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/tools.md create mode 100644 .github/ISSUE_TEMPLATE/troubleshooting-help.md create mode 100644 .github/ISSUE_TEMPLATE/user-js.md diff --git a/.github/ISSUE_TEMPLATE/tools.md b/.github/ISSUE_TEMPLATE/tools.md new file mode 100644 index 0000000..dbd0be8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/tools.md @@ -0,0 +1,17 @@ +--- +name: Tools +about: Report issues with the updaters, troubleshooter, or any other tools. +title: '' +labels: '' +assignees: '' + +--- + + diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md new file mode 100644 index 0000000..b27540a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -0,0 +1,35 @@ +--- +name: Troubleshooting help +about: Ask for help troubleshooting issues with user.js +title: '' +labels: '' +assignees: '' + +--- + + diff --git a/.github/ISSUE_TEMPLATE/user-js.md b/.github/ISSUE_TEMPLATE/user-js.md new file mode 100644 index 0000000..046a671 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/user-js.md @@ -0,0 +1,13 @@ +--- +name: User.js +about: Suggest changes to user.js +title: '' +labels: '' +assignees: '' + +--- + + From 83b4ada670850df774395caf78c459e72f6f56d8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jun 2019 09:05:08 +0000 Subject: [PATCH 1200/1961] 67 archive --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9528fa6..50c0977 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 28 May 2019 -* version 67-beta: Barbie Pants +* date: 26 June 2019 +* version 67: Barbie Pants * "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 51089fbad90285fca643a9ca2d91ae64c136c1c1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jun 2019 10:12:48 +0000 Subject: [PATCH 1201/1961] start 68-alpha --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 50c0977..d18cbf7 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 26 June 2019 -* version 67: Barbie Pants -* "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic" +* version 68-alpha: Knock on Pants +* "It's like thunder, lightning... the way you wear me is frightening" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 23c884a5f838a5dcf0feb7d8c196056413f1a16f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jun 2019 10:14:24 +0000 Subject: [PATCH 1202/1961] prefs no longer hidden --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index d18cbf7..604f21f 100644 --- a/user.js +++ b/user.js @@ -1043,7 +1043,7 @@ user_pref("dom.event.clipboardevents.enabled", false); /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ -user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] +user_pref("dom.allow_cut_copy", false); /* 2404: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload @@ -1465,8 +1465,8 @@ user_pref("privacy.resistFingerprinting", true); * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1600); // [HIDDEN PREF] - // user_pref("privacy.window.maxInnerHeight", 900); // [HIDDEN PREF] + // user_pref("privacy.window.maxInnerWidth", 1000); + // user_pref("privacy.window.maxInnerHeight", 1000); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect From 408a99289315cd00639e7fe931d871a253fab140 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 26 Jun 2019 13:32:12 +0000 Subject: [PATCH 1203/1961] Update .gitattributes --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index 2c7ddd5..f80aa4c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -13,3 +13,4 @@ .gitattributes export-ignore *.yml export-ignore /wikipiki export-ignore +/.github export-ignore From f85eb9d0c212a4a87becdbd425e36e8a86a4a953 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Wed, 26 Jun 2019 23:09:01 -0300 Subject: [PATCH 1204/1961] update issue templates --- .github/ISSUE_TEMPLATE/tools.md | 9 +++++---- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 6 ++++-- .github/ISSUE_TEMPLATE/user-js.md | 5 ++++- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/tools.md b/.github/ISSUE_TEMPLATE/tools.md index dbd0be8..f98aa59 100644 --- a/.github/ISSUE_TEMPLATE/tools.md +++ b/.github/ISSUE_TEMPLATE/tools.md @@ -1,6 +1,6 @@ --- name: Tools -about: Report issues with the updaters, troubleshooter, or any other tools. +about: Report issues with the updaters, the troubleshooter, or any other tools. title: '' labels: '' assignees: '' @@ -8,10 +8,11 @@ assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index b27540a..82086d9 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -1,6 +1,6 @@ --- name: Troubleshooting help -about: Ask for help troubleshooting issues with user.js +about: Ask for help to solve problems with user.js title: '' labels: '' assignees: '' @@ -8,7 +8,7 @@ assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/user-js.md b/.github/ISSUE_TEMPLATE/user-js.md index 046a671..734d6bc 100644 --- a/.github/ISSUE_TEMPLATE/user-js.md +++ b/.github/ISSUE_TEMPLATE/user-js.md @@ -1,5 +1,5 @@ --- -name: User.js +name: user.js about: Suggest changes to user.js title: '' labels: '' @@ -9,5 +9,8 @@ assignees: '' From 8f1c3018ca2039dcaed01f18bc846b9ad2e90f35 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 02:29:58 +1200 Subject: [PATCH 1205/1961] Update user-js.md (#750) --- .github/ISSUE_TEMPLATE/user-js.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/user-js.md b/.github/ISSUE_TEMPLATE/user-js.md index 734d6bc..1357819 100644 --- a/.github/ISSUE_TEMPLATE/user-js.md +++ b/.github/ISSUE_TEMPLATE/user-js.md @@ -7,10 +7,9 @@ assignees: '' --- - From 9642452c483e922f14727d0f4adea2bb94e69866 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 02:30:10 +1200 Subject: [PATCH 1206/1961] Update troubleshooting-help.md (#749) --- .../ISSUE_TEMPLATE/troubleshooting-help.md | 22 ++++++------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 82086d9..02cc07a 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -7,25 +7,18 @@ assignees: '' --- - +Clear all of this when you're ready to type. From 8f40c97fd1c2cd8400357da6575e304626015415 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 04:11:46 +0000 Subject: [PATCH 1207/1961] the return of the jedi https://bugzilla.mozilla.org/show_bug.cgi?id=1444133 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 604f21f..c5c084c 100644 --- a/user.js +++ b/user.js @@ -1632,6 +1632,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] + // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] From 42281a9e52211b4eab6b1fae8d7b0af3b9bb2910 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 04:15:54 +0000 Subject: [PATCH 1208/1961] 2212: popup events --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c5c084c..155a597 100644 --- a/user.js +++ b/user.js @@ -977,7 +977,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2212: limit events that can cause a popup [SETUP-WEB] - * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu" + * default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ user_pref("dom.popup_allowed_events", "click dblclick"); From 27bd07d496f00247c49c140a13717b15f2324635 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 04:22:50 +0000 Subject: [PATCH 1209/1961] 5000s: userChrome / userContent --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 155a597..62536d6 100644 --- a/user.js +++ b/user.js @@ -1621,6 +1621,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] + // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] From 8f939c91feca31785b1ad86e9e47b2be3be4661d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 04:47:55 +0000 Subject: [PATCH 1210/1961] 0320: UI change : get add-ons->recommendations --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 62536d6..2009dab 100644 --- a/user.js +++ b/user.js @@ -214,7 +214,7 @@ user_pref("browser.search.update", false); user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); /* 0310: disable sending the URL of the website where a plugin crashed ***/ user_pref("dom.ipc.plugins.reportCrashURL", false); -/* 0320: disable about:addons' Get Add-ons panel (uses Google Analytics) ***/ +/* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] user_pref("extensions.webservice.discoverURL", ""); /* 0330: disable telemetry From 31567c7938f1d86497c1e34ce967a0d8980587ee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 05:00:19 +0000 Subject: [PATCH 1211/1961] 0321: recommendations discovery in about:addons --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index 2009dab..954b12d 100644 --- a/user.js +++ b/user.js @@ -217,6 +217,9 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); /* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] user_pref("extensions.webservice.discoverURL", ""); +/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ +user_pref("extensions.getAddons.discovery.api_url", ""); +user_pref("extensions.htmlaboutaddons.discover.enabled", false); /* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) * IF unified=false then .enabled controls the telemetry module From 55b720faeced2e9670b7c112f98c5dc83bc26dfc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Jun 2019 05:30:43 +0000 Subject: [PATCH 1212/1961] letterboxing, add setup tag see #728 --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 954b12d..d4d5b21 100644 --- a/user.js +++ b/user.js @@ -1460,7 +1460,8 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] * This pref is the master switch for all other privacy.resist* prefs unless stated - * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage + * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects, + * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing). * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] @@ -1479,7 +1480,8 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE * Dynamically resizes the inner window (FF67; 200w x100h: FF68+; stepped ranges) by applying letterboxing, * using dimensions which waste the least content area, If you use the dimension pref, then it will only apply * those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") - * [NOTE] This does NOT require RFP (see 4501) **for now** + * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but you're + * not taking anti-fingerprinting seriously and a little visual change upsets you, then feel free to flip this pref * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it * [1] https://bugzilla.mozilla.org/1407366 ***/ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] From ed735f875cf941737738576b790ac29ed90de260 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jun 2019 02:44:37 +0000 Subject: [PATCH 1213/1961] 2001: WebRTC setup tag #605 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index d4d5b21..90d9204 100644 --- a/user.js +++ b/user.js @@ -910,6 +910,8 @@ user_pref("media.eme.enabled", false); /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) + * [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not + * in your threat model, and you want Real-Time Communication, this is the pref for you * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); /* 2002: limit WebRTC IP leaks if using WebRTC From b80c515e885efec96474473e38d238ef1606e349 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jun 2019 02:52:41 +0000 Subject: [PATCH 1214/1961] 2010: WebGL setup tag #605 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 90d9204..40b5f7b 100644 --- a/user.js +++ b/user.js @@ -921,6 +921,8 @@ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] /* 2010: disable WebGL (Web Graphics Library) + * [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy, + * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501) * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); From d40d7dbabd884ebbae973f34bb56e67547f3c902 Mon Sep 17 00:00:00 2001 From: claustromaniac <20734810+claustromaniac@users.noreply.github.com> Date: Sun, 30 Jun 2019 10:31:21 -0300 Subject: [PATCH 1215/1961] 0805 test info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 40b5f7b..2cce115 100644 --- a/user.js +++ b/user.js @@ -483,7 +483,7 @@ user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable CSS querying page history - CSS history leak * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * only in 'certain circumstances', also see latest comments in [2] - * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) + * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX A on how to use) * [1] https://dbaron.org/mozilla/visited-privacy * [2] https://bugzilla.mozilla.org/147777 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ From 11dcc54b61b84d4d3cc0d82d44857ce3e4be2921 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 9 Jul 2019 03:16:40 +0000 Subject: [PATCH 1216/1961] 0321 tweak `url` and `discover` prefs stop the recommendations, the `enabled` pref hides the leftover recommended section and "Find more add-ons" button --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 2cce115..b03d801 100644 --- a/user.js +++ b/user.js @@ -220,6 +220,7 @@ user_pref("extensions.webservice.discoverURL", ""); /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ user_pref("extensions.getAddons.discovery.api_url", ""); user_pref("extensions.htmlaboutaddons.discover.enabled", false); +user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); /* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) * IF unified=false then .enabled controls the telemetry module From 469bbc1ab30788e8923abf381dd2c8df5f11235f Mon Sep 17 00:00:00 2001 From: Aeriem <45237401+Aeriem@users.noreply.github.com> Date: Mon, 15 Jul 2019 17:49:14 +0200 Subject: [PATCH 1217/1961] remove 0864 (#760) https://bugzilla.mozilla.org/show_bug.cgi?id=1492587 --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index b03d801..314b97e 100644 --- a/user.js +++ b/user.js @@ -531,10 +531,6 @@ user_pref("browser.formfill.enable", false); * [NOTE] We also clear history and downloads on exiting Firefox (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); -/* 0864: disable date/time picker - * This can leak your locale if not en-US - * [1] https://trac.torproject.org/projects/tor/ticket/21787 ***/ -user_pref("dom.forms.datetime", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); From 217553b367bb9cc27d035c8e365d8a66b2a7ccbc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Jul 2019 15:54:23 +0000 Subject: [PATCH 1218/1961] dom.forms.datetime https://bugzilla.mozilla.org/show_bug.cgi?id=1492587 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 7ac59b8..c41665f 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 12-June-2019 + Last updated: 16-July-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -194,6 +194,7 @@ 'services.blocklist.update_enabled', 'urlclassifier.trackingTable', /* 68-beta */ + 'dom.forms.datetime', 'font.blacklist.underline_offset', 'font.name.monospace.x-unicode', 'font.name.monospace.x-western', From 931462b30b3fe8c3f093e193e3ebcb4ec8f540a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Jul 2019 16:16:39 +0000 Subject: [PATCH 1219/1961] RFP stuff https://hg.mozilla.org/mozilla-central/rev/c96e81ba64f3#l1.14 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 314b97e..87e0a4a 100644 --- a/user.js +++ b/user.js @@ -1457,6 +1457,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) ** 1540726 - return "light" with prefers-color-scheme (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme + ** 1564422 - spoof audioContext outputLatency (FF70+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 9c782fbf57bcc2cfb12a0d3d01646ed2c8118e14 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 15 Jul 2019 17:07:35 +0000 Subject: [PATCH 1220/1961] 2032: add default --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 87e0a4a..820c66a 100644 --- a/user.js +++ b/user.js @@ -948,7 +948,7 @@ user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF67+] user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable audio autoplay in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ -user_pref("media.block-autoplay-until-in-foreground", true); +user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); From 9aa8e27ef4d77f1de07e7d765b75fa075eb320d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Jul 2019 10:09:39 +0000 Subject: [PATCH 1221/1961] 68 deprecated --- user.js | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 820c66a..e52ea63 100644 --- a/user.js +++ b/user.js @@ -112,9 +112,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ -user_pref("browser.aboutHomeSnippets.updateUrl", ""); user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); -user_pref("browser.newtabpage.activity-stream.disableSnippets", true); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); @@ -202,11 +200,6 @@ user_pref("app.update.auto", false); * used when installing/updating an extension, and in daily background update checks: if false, it * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ // user_pref("extensions.getAddons.cache.enabled", false); -/* 0307: disable auto updating of lightweight themes (LWT) - * Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API - * Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] - * [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ ***/ -user_pref("lightweightThemes.update.enabled", false); /* 0308: disable search update * [SETTING] General>Firefox Updates>Automatically update search engines ***/ user_pref("browser.search.update", false); @@ -1232,9 +1225,6 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2680: enable CSP (Content Security Policy) * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // [DEFAULT: true] -/* 2682: enable CSP 1.1 experimental hash-source directive [FF29+] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/ -user_pref("security.csp.experimentalEnabled", true); /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ @@ -1762,6 +1752,22 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] // [-] https://bugzilla.mozilla.org/1528953 // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // * * * / +// FF68 +// 0105b: disable Activity Stream Snippets + // [-] https://bugzilla.mozilla.org/1540939 +user_pref("browser.aboutHomeSnippets.updateUrl", ""); +user_pref("browser.newtabpage.activity-stream.disableSnippets", true); +// 0307: disable auto updating of lightweight themes (LWT) + // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API + // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] + // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ + // [-] (part3b) https://bugzilla.mozilla.org/1525762 +user_pref("lightweightThemes.update.enabled", false); +// 2682: enable CSP 1.1 experimental hash-source directive [FF29+] + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 + // [-] https://bugzilla.mozilla.org/1386214 +user_pref("security.csp.experimentalEnabled", true); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 6618bf5f7693a15c77f863b6c5d9dabd5f72972a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Jul 2019 14:02:26 +0000 Subject: [PATCH 1222/1961] media.autoplay.allow-muted, closes #756 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index e52ea63..ffe82b3 100644 --- a/user.js +++ b/user.js @@ -942,6 +942,8 @@ user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable audio autoplay in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] +/* 2033: disable autoplay for muted videos [FF63+] ***/ + // user_pref("media.autoplay.allow-muted", false); /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); From aff595b6eac61cb1f258cea927a2e2aa0e7970af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Aug 2019 19:17:38 +0000 Subject: [PATCH 1223/1961] 1704: remove the obvious --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index ffe82b3..750511d 100644 --- a/user.js +++ b/user.js @@ -869,7 +869,6 @@ user_pref("privacy.userContext.enabled", true); user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+] /* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] * 0=no menu (default), 1=show when clicked, 2=show on long press - * [NOTE] The menu does not contain a non-container tab option (use Ctrl+T to open non-container tab) * [1] https://bugzilla.mozilla.org/1328756 ***/ user_pref("privacy.userContext.longPressBehavior", 2); From f2200fd4423eb4aaa61f6817bc3798d2eadd2f43 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Aug 2019 04:52:53 +0000 Subject: [PATCH 1224/1961] 68-alpha (for earthlng diffs) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 750511d..63fa5f8 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: ghacks user.js -* date: 26 June 2019 +* date: 18 August 2019 * version 68-alpha: Knock on Pants * "It's like thunder, lightning... the way you wear me is frightening" * authors: v52+ github | v51- www.ghacks.net From 90ef9e63ebbb6aa4c56cea04e7c43b4c3b48907d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 19 Aug 2019 04:54:30 +0000 Subject: [PATCH 1225/1961] oophs I meant 68-beta --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 63fa5f8..60fb8fa 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 18 August 2019 -* version 68-alpha: Knock on Pants +* version 68-beta: Knock on Pants * "It's like thunder, lightning... the way you wear me is frightening" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 86bfdd14704f156ea8ff038edbd9ebcb074933ba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Aug 2019 04:08:40 +0000 Subject: [PATCH 1226/1961] tweak: middlemouse.paste for Linux --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 60fb8fa..f4b718b 100644 --- a/user.js +++ b/user.js @@ -1038,11 +1038,15 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * the website for it to look at the clipboard * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] +/* 2403: disable middlemouse paste leaking clipboard content on Linux after autoscroll + * Defense in depth if clipboard events are enabled (see 2402) + * [1] https://bugzilla.mozilla.org/1528289 */ +user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows] +/* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); -/* 2404: disable "Confirm you want to leave" dialog on page close +/* 2405: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event. * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload * [2] https://support.mozilla.org/questions/1043508 ***/ @@ -1187,9 +1191,6 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); -/* 2622: disable middlemouse paste leaking on Linux - * [1] https://bugzilla.mozilla.org/1528289 */ -user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows] /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From 5166811bd55316757a02fe07cb87938b210d91fb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Aug 2019 13:01:12 +0000 Subject: [PATCH 1227/1961] 1003: closes #772 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f4b718b..8df81ae 100644 --- a/user.js +++ b/user.js @@ -586,6 +586,7 @@ user_pref("browser.cache.disk.enable", false); * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ user_pref("browser.cache.disk_cache_ssl", false); /* 1003: disable memory cache +/* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes * [NOTE] Not recommended due to performance issues ***/ // user_pref("browser.cache.memory.enable", false); // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF] From a0f3da208fc529244581822cfcd80a15e29a272d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 28 Aug 2019 16:33:06 +0000 Subject: [PATCH 1228/1961] 0390: better reference - EFF has pretty pictures and stuff and explains the issues (replaces wikipedia which people can still search for) - tor issue doesn't hold anything important (out it goes) - moz wiki page I'll leave in for the bugzilla links if someone wants to research how it's all meant to work --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 8df81ae..b052c8b 100644 --- a/user.js +++ b/user.js @@ -267,9 +267,8 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+ * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ user_pref("extensions.pocket.enabled", false); /* 0390: disable Captive Portal detection - * [1] https://en.wikipedia.org/wiki/Captive_portal - * [2] https://wiki.mozilla.org/Necko/CaptivePortal - * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/ + * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy + * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // [FF52+] /* 0391: disable Network Connectivity checks [FF65+] From d26ea4f39e3aacdc2a7a7bb0e92e3acc33962c9a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 31 Aug 2019 14:51:08 +0000 Subject: [PATCH 1229/1961] 68 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b052c8b..646a69a 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 18 August 2019 -* version 68-beta: Knock on Pants +* date: 31 August 2019 +* version 68: Knock on Pants * "It's like thunder, lightning... the way you wear me is frightening" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 755ebf88fb99d2e42b4cb2f488d99dd7eec6d796 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 06:27:24 +0000 Subject: [PATCH 1230/1961] start 69 commits --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 646a69a..34737f5 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js -* date: 31 August 2019 -* version 68: Knock on Pants -* "It's like thunder, lightning... the way you wear me is frightening" +* date: 1 September 2019 +* version 69-beta: Pants One More Time +* "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time." * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 19484e1a56a73b6c05d4aa7ecd9acdaf26f0baa5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 14:47:17 +0000 Subject: [PATCH 1231/1961] 2805: see #774 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 34737f5..25f2cff 100644 --- a/user.js +++ b/user.js @@ -1340,9 +1340,9 @@ user_pref("privacy.cpd.offlineApps", true); // Offline Website Data user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences -/* 2805: privacy.*.openWindows (clear session restore data) [FF34+] - * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts. - * You do not need these anyway if session restore is cleared with history (see 2803) ***/ +/* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] + * [NOTE] Not needed if Session Restore is not used (see 0102) or is already cleared with history (see 2803) + * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) From 8d1c95c6501067b20fd5c5eb2e0803769ecd6465 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 19:16:36 +0000 Subject: [PATCH 1232/1961] 2030: autoplay changes When ESR60 hits end of life, we should remove that value 2 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 25f2cff..11ce94d 100644 --- a/user.js +++ b/user.js @@ -932,10 +932,10 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allowed, 1=Blocked (2=Prompt - removed in FF66) + * 0=Allow Audio and Video, 1=Block Audio, 2=Prompt (removed in FF66), 5=Block Audio and Video (added in FF69+) * [NOTE] You can set exceptions under site permissions - * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/ -user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF67+] + * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default... ***/ + // user_pref("media.autoplay.default", 5); // [DEFAULT: 1 in FF67+] /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable audio autoplay in non-active tabs [FF51+] From 0691b8babe5d68d8e73512e7edd894db593cef1f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 19:22:28 +0000 Subject: [PATCH 1233/1961] 2032: fix description from earthlng > it blocks **all media** autoplay "until in foreground", not just audio. > Source: https://dxr.mozilla.org/mozilla-central/source/toolkit/content/widgets/browser-custom-element.js#1141 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 11ce94d..bdcda3c 100644 --- a/user.js +++ b/user.js @@ -938,7 +938,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("media.autoplay.default", 5); // [DEFAULT: 1 in FF67+] /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ user_pref("media.autoplay.enabled.user-gestures-needed", false); -/* 2032: disable audio autoplay in non-active tabs [FF51+] +/* 2032: disable autoplay of HTML5 media in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] /* 2033: disable autoplay for muted videos [FF63+] ***/ From b47982bb9a62d918b679bca1a902e6523f7f832a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 20:32:53 +0000 Subject: [PATCH 1234/1961] 2030: again --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bdcda3c..2bc1147 100644 --- a/user.js +++ b/user.js @@ -932,7 +932,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allow Audio and Video, 1=Block Audio, 2=Prompt (removed in FF66), 5=Block Audio and Video (added in FF69+) + * 0=Allow all, 1=Block non-muted media, 2=Prompt (removed in FF66), 5=Block all (added in FF69+) * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default... ***/ // user_pref("media.autoplay.default", 5); // [DEFAULT: 1 in FF67+] From 810045eb391705420baf45b4e4ba3f177be07f6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 21:03:53 +0000 Subject: [PATCH 1235/1961] 1802: remove intervalInMinues with `plugins.click_to_play` deprecated in FF69, no-one here is sure if `intervalInMinutes` still applies to Flash or even works, and no-one here cares about Flash. Happy to let Mozilla just keep restricting it more and more until it's deprecated in early 2020. Note: we already disable flash anyway in pref 1803. --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 2bc1147..12ac437 100644 --- a/user.js +++ b/user.js @@ -874,9 +874,8 @@ user_pref("privacy.userContext.longPressBehavior", 2); /*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1802: enable click to play and set to 0 minutes ***/ +/* 1802: enable click to play ***/ user_pref("plugins.click_to_play", true); -user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0); /* 1803: disable Flash plugin * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash From cccb5b10b4b4141787972071e8854fd5f440ca91 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Sep 2019 21:06:10 +0000 Subject: [PATCH 1236/1961] plugin.sessionPermissionNow.intervalInMinutes --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index c41665f..bbf5963 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 16-July-2019 + Last updated: 01-September-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -204,6 +204,8 @@ 'font.name.serif.x-western', 'layout.css.font-loading-api.enabled', 'toolkit.telemetry.cachedClientID', + /* 69-beta */ + 'plugin.sessionPermissionNow.intervalInMinutes', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 4d72ad90b0443a966cda53824e6fba165f581745 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Sep 2019 18:33:00 +1200 Subject: [PATCH 1237/1961] 2701: cookies default FF69+ --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 12ac437..d1b717f 100644 --- a/user.js +++ b/user.js @@ -1247,12 +1247,12 @@ user_pref("security.dialog_enable_delay", 700); ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] - * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies, + * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) * [NOTE] Value 4 is tied to the Tracking Protection lists * [NOTE] You can set exceptions under site permissions or use an extension * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ -user_pref("network.cookie.cookieBehavior", 1); +user_pref("network.cookie.cookieBehavior", 1); // [DEFAULT: 4 in FF69+] /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and From 953b96431eec4440d64ea8a2d30aa32bc69d8af1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Sep 2019 06:45:30 +0000 Subject: [PATCH 1238/1961] 4000: RFP info re 1330467 it rode the train in 69... after a bumpy ride in 68 where it was backed out. Note: it still has some issues. Suggest users wipe the site permissions once upgraded to 69 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d1b717f..91b8604 100644 --- a/user.js +++ b/user.js @@ -1369,7 +1369,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) ** 1542309 - isolate top-level domain URLs (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) - ** 1330467 - isolate site permissions (coming) + ** 1330467 - isolate site permissions (FF69+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From 66cdb72927cb9a0caff3621267f67ad53e46732b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Sep 2019 07:07:50 +0000 Subject: [PATCH 1239/1961] FF69: deprecated --- user.js | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 91b8604..6b20962 100644 --- a/user.js +++ b/user.js @@ -785,8 +785,6 @@ user_pref("browser.display.use_document_fonts", 0); /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/ - // user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1408: disable graphite which FF49 turned back on by default * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ @@ -874,8 +872,6 @@ user_pref("privacy.userContext.longPressBehavior", 2); /*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1802: enable click to play ***/ -user_pref("plugins.click_to_play", true); /* 1803: disable Flash plugin * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash @@ -940,8 +936,6 @@ user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable autoplay of HTML5 media in non-active tabs [FF51+] * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] -/* 2033: disable autoplay for muted videos [FF63+] ***/ - // user_pref("media.autoplay.allow-muted", false); /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); @@ -1771,5 +1765,20 @@ user_pref("security.csp.experimentalEnabled", true); // * * * / // ***/ +/* ESR68.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF69 +// 1405: disable WOFF2 (Web Open Font Format) [FF35+] + // user_pref("gfx.downloadable_fonts.woff2.enabled", false); + // [-] https://bugzilla.mozilla.org/1556991 +// 1802: enable click to play + // [-] https://bugzilla.mozilla.org/1519434 +user_pref("plugins.click_to_play", true); +// 2033: disable autoplay for muted videos [FF63+] - replaced by `media.autoplay.default` options (2030) + // [-] https://bugzilla.mozilla.org/1562331 + // user_pref("media.autoplay.allow-muted", false); +// * * * / +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From be9d9ac9ca706ec17875f48a5d16810252ec8bfc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 3 Sep 2019 03:34:16 +0000 Subject: [PATCH 1240/1961] 2701: tidyup --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 6b20962..0a274e8 100644 --- a/user.js +++ b/user.js @@ -1242,11 +1242,10 @@ user_pref("security.dialog_enable_delay", 700); user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, - * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) - * [NOTE] Value 4 is tied to the Tracking Protection lists + * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) (default FF69+) * [NOTE] You can set exceptions under site permissions or use an extension * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ -user_pref("network.cookie.cookieBehavior", 1); // [DEFAULT: 4 in FF69+] +user_pref("network.cookie.cookieBehavior", 1); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and From 44d9ceaf0533e7d995db0e065c3a44dcc977da1e Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 3 Sep 2019 13:40:33 +0000 Subject: [PATCH 1241/1961] various tidyups --- user.js | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 0a274e8..6a6ed42 100644 --- a/user.js +++ b/user.js @@ -112,8 +112,8 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ -user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); +user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); @@ -417,7 +417,8 @@ user_pref("network.http.altsvc.oe", false); user_pref("network.proxy.socks_remote_dns", true); /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver - * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats but always use native result + * 0=off, 1=race (removed in FF69), 2=TRR first, 3=TRR only, + * 4=race for stats but always use native result (removed in FF69) * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ @@ -927,10 +928,10 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allow all, 1=Block non-muted media, 2=Prompt (removed in FF66), 5=Block all (added in FF69+) + * 0=Allow all, 1=Block non-muted media (default in FF67+), 2=Prompt (removed in FF66), 5=Block all (FF69+) * [NOTE] You can set exceptions under site permissions - * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default... ***/ - // user_pref("media.autoplay.default", 5); // [DEFAULT: 1 in FF67+] + * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/ + // user_pref("media.autoplay.default", 5); /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ user_pref("media.autoplay.enabled.user-gestures-needed", false); /* 2032: disable autoplay of HTML5 media in non-active tabs [FF51+] @@ -1013,7 +1014,7 @@ user_pref("dom.serviceWorkers.enabled", false); // user_pref("dom.push.connection.enabled", false); // user_pref("dom.push.serverURL", ""); // user_pref("dom.push.userAgentID", ""); -/* 2306: set a default permission for Notifications (both 2305 and 2306) [FF58+] +/* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications @@ -1187,7 +1188,7 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop - * 0=desktop 1=downloads 2=last used + * 0=desktop, 1=downloads (default), 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); /* 2651: enforce user interaction for security by always asking where to download [SETUP-CHROME] @@ -1360,7 +1361,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1300671 - isolate data:, about: URLs (FF55+) ** 1473247 - isolate IP addresses (FF63+) ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) - ** 1542309 - isolate top-level domain URLs (FF68+) + ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) ** 1330467 - isolate site permissions (FF69+) ***/ @@ -1747,10 +1748,10 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // * * * / // FF68 -// 0105b: disable Activity Stream Snippets - // [-] https://bugzilla.mozilla.org/1540939 -user_pref("browser.aboutHomeSnippets.updateUrl", ""); +// 0105b: disable Activity Stream Legacy Snippets + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939 user_pref("browser.newtabpage.activity-stream.disableSnippets", true); +user_pref("browser.aboutHomeSnippets.updateUrl", ""); // 0307: disable auto updating of lightweight themes (LWT) // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] @@ -1768,11 +1769,11 @@ user_pref("security.csp.experimentalEnabled", true); // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 // 1405: disable WOFF2 (Web Open Font Format) [FF35+] - // user_pref("gfx.downloadable_fonts.woff2.enabled", false); // [-] https://bugzilla.mozilla.org/1556991 -// 1802: enable click to play + // user_pref("gfx.downloadable_fonts.woff2.enabled", false); +// 1802: enforce click-to-play for plugins // [-] https://bugzilla.mozilla.org/1519434 -user_pref("plugins.click_to_play", true); +user_pref("plugins.click_to_play", true); // [DEFAULT: true in FF25+] // 2033: disable autoplay for muted videos [FF63+] - replaced by `media.autoplay.default` options (2030) // [-] https://bugzilla.mozilla.org/1562331 // user_pref("media.autoplay.allow-muted", false); From a12dd83b1f5c9e254a934b2875fee20a6a4e3b5c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Sep 2019 21:36:50 +0000 Subject: [PATCH 1242/1961] 69-alpha, fixes #766 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6a6ed42..c89458e 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 1 September 2019 -* version 69-beta: Pants One More Time +* date: 4 September 2019 +* version 69-alpha: Pants One More Time * "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time." * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 2c734612f63df907bb809560cc14f053b0978c18 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Sep 2019 21:40:04 +0000 Subject: [PATCH 1243/1961] ummm .. beta OK, did that all back to front... alpha is when we're working on the diffs .. beta is when we finished it --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c89458e..615351e 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 4 September 2019 -* version 69-alpha: Pants One More Time +* version 69-beta: Pants One More Time * "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time." * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 3210ab0ca85356281e7e345f7f26838af5a64276 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 7 Sep 2019 07:22:32 +0000 Subject: [PATCH 1244/1961] 370: pocket -> 5000s, closes #787 --- user.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/user.js b/user.js index 615351e..4430df4 100644 --- a/user.js +++ b/user.js @@ -261,11 +261,6 @@ user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] /* 0351: disable backlogged Crash Reports * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] -/* 0370: disable Pocket [FF46+] - * Pocket is a third party (now owned by Mozilla) "save for later" cloud service - * [1] https://en.wikipedia.org/wiki/Pocket_(application) - * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/ -user_pref("extensions.pocket.enabled", false); /* 0390: disable Captive Portal detection * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ @@ -1632,6 +1627,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // [SETTING] General>Browsing>Recommend extensions as you browse // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend features as you browse + // user_pref("extensions.pocket.enabled", false); // disable and hide Pocket [FF46+] // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("reader.parse-on-load.enabled", false); // "Reader View" From 3a9440aeea071f0856c965dd0874cd819697e445 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Sun, 8 Sep 2019 11:38:37 +0000 Subject: [PATCH 1245/1961] 0707: Add mode 5 (#789) --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4430df4..0c3f94e 100644 --- a/user.js +++ b/user.js @@ -412,8 +412,8 @@ user_pref("network.http.altsvc.oe", false); user_pref("network.proxy.socks_remote_dns", true); /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver - * 0=off, 1=race (removed in FF69), 2=TRR first, 3=TRR only, - * 4=race for stats but always use native result (removed in FF69) + * 0=off by default, 1=race (removed in FF69), 2=TRR first, 3=TRR only, + * 4=race for stats but always use native result (removed in FF69), 5=explicitly off * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ From 7311cfdf84d3f839c95bb4cba535b9c1a3d44e38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Sep 2019 21:43:50 +0000 Subject: [PATCH 1246/1961] remove 1002, closes #792 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 0c3f94e..0b61504 100644 --- a/user.js +++ b/user.js @@ -577,9 +577,6 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * or you use a hardened Temporary Containers, then feel free to override this * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/ user_pref("browser.cache.disk.enable", false); -/* 1002: disable disk cache for SSL pages - * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/ -user_pref("browser.cache.disk_cache_ssl", false); /* 1003: disable memory cache /* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes * [NOTE] Not recommended due to performance issues ***/ From 335299a0cfc083e86e1b88e849999b5daffd5a58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Sep 2019 21:45:33 +0000 Subject: [PATCH 1247/1961] browser.cache.disk_cache_ssl --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index bbf5963..df68905 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 01-September-2019 + Last updated: 09-September-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -206,6 +206,8 @@ 'toolkit.telemetry.cachedClientID', /* 69-beta */ 'plugin.sessionPermissionNow.intervalInMinutes', + /* 70-beta */ + 'browser.cache.disk_cache_ssl', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From d503d96db034ae5ee5740867f638eb5c17d52d3c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Sep 2019 15:50:54 +0000 Subject: [PATCH 1248/1961] 0320+0321: redundant prefs, closes #793 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 0b61504..5027fc5 100644 --- a/user.js +++ b/user.js @@ -209,10 +209,7 @@ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); user_pref("dom.ipc.plugins.reportCrashURL", false); /* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] -user_pref("extensions.webservice.discoverURL", ""); /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ -user_pref("extensions.getAddons.discovery.api_url", ""); -user_pref("extensions.htmlaboutaddons.discover.enabled", false); user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); /* 0330: disable telemetry * the pref (.unified) affects the behaviour of the pref (.enabled) From e16425310f679658601235020c6b710664418981 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Sep 2019 15:52:46 +0000 Subject: [PATCH 1249/1961] 0320+0321: redundant prefs, #793 --- scratchpad-scripts/ghacks-clear-[removed].js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index df68905..f54d94c 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 09-September-2019 + Last updated: 12-September-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -208,6 +208,9 @@ 'plugin.sessionPermissionNow.intervalInMinutes', /* 70-beta */ 'browser.cache.disk_cache_ssl', + 'extensions.getAddons.discovery.api_url', + 'extensions.htmlaboutaddons.discover.enabled', + 'extensions.webservice.discoverURL', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From a35cba391488944f6717b1d92917b5eee54ce93e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Sep 2019 16:22:09 +0000 Subject: [PATCH 1250/1961] 2651: android UI breakage, closes #795 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 5027fc5..c7f708c 100644 --- a/user.js +++ b/user.js @@ -1180,7 +1180,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * 0=desktop, 1=downloads (default), 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); -/* 2651: enforce user interaction for security by always asking where to download [SETUP-CHROME] +/* 2651: enforce user interaction for security by always asking where to download + * [SETUP-CHROME] On Android this blocks longtapping and saving images * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ From 7c0a327b06ae2070dac2e067bceeb90c52c214be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Sep 2019 15:25:30 +0000 Subject: [PATCH 1251/1961] cache, closes #778 --- user.js | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index c7f708c..e856582 100644 --- a/user.js +++ b/user.js @@ -556,16 +556,20 @@ user_pref("signon.formlessCapture.enabled", false); user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS - ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by - disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized - by modifying response headers [4]. Another solution is to use a hardened configuration - with Temporary Containers [5]. Alternatively, you can *LIMIT* exposure by clearing - cache on close (2803). or on a regular basis manually or with an extension. + Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) + *and* memory (1003) caches is one solution; but that's extreme and fingerprintable. A hardened + Temporary Containers configuration can effectively do the same thing, by isolating every tab [4]. + + We consider avoiding disk cache (1001) so cache is session/memory only (like Private Browsing + mode), and isolating cache to first party (4001) is sufficient and a good balance between + risk and performance. ETAGs can also be neutralized by modifying response headers [5], and + you can clear the cache manually or on a regular basis with an extension. + [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache - [4] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor - [5] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [5] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ @@ -575,8 +579,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache -/* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes - * [NOTE] Not recommended due to performance issues ***/ +/* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes ***/ // user_pref("browser.cache.memory.enable", false); // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF] /* 1006: disable permissions manager from writing to disk [RESTART] From be0ccf646069869ead81564842e1687ac55593bb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Sep 2019 12:43:50 +1200 Subject: [PATCH 1252/1961] 2300: service workers, closes #786 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 ++- user.js | 30 +++++++++++--------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index f54d94c..3a91abb 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 12-September-2019 + Last updated: 16-September-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -211,6 +211,8 @@ 'extensions.getAddons.discovery.api_url', 'extensions.htmlaboutaddons.discover.enabled', 'extensions.webservice.discoverURL', + 'dom.push.connection.enabled', + 'dom.push.serverURL', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] diff --git a/user.js b/user.js index e856582..8d9c5e1 100644 --- a/user.js +++ b/user.js @@ -983,28 +983,30 @@ user_pref("dom.popup_allowed_events", "click dblclick"); ***/ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2302: disable service workers [FF32, FF44-compat] - * Service workers essentially act as proxy servers that sit between web apps, and the browser - * and network, are event driven, and can control the web page/site it is associated with, - * intercepting and modifying navigation and resource requests, and caching resources. + * Service workers essentially act as proxy servers that sit between web apps, and the + * browser and network, are event driven, and can control the web page/site it is associated + * with, intercepting and modifying navigation and resource requests, and caching resources. * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. - * [SETUP-WEB] Disabling service workers will break some sites. This pref is a master switch, and controls - * notifications (2304, 2305) and service worker cache (2740) - all three are inactive. Notifications are - * behind a prompt (2306). If you enable service workers, then you may want to look at those as well ***/ + * [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for + * service worker notifications (2304), push notifications (disabled, 2305) and service worker + * cache (2740). If you enable this pref, then check those settings as well ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications - * [NOTE] Web Notifications require service workers (2302) and are behind a prompt (2306) + * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (2306) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ // user_pref("dom.webnotifications.enabled", false); // [FF22+] // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: disable Push Notifications [FF44+] - * web apps can receive messages pushed to them from a server, whether or - * not the web app is in the foreground, or even currently loaded - * [NOTE] Push Notifications require service workers (2302) and are behind a prompt (2306) - * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/ - // user_pref("dom.push.enabled", false); - // user_pref("dom.push.connection.enabled", false); - // user_pref("dom.push.serverURL", ""); + * Push is an API that allows websites to send you (subscribed) messages even when the site + * isn’t loaded, by pushing messages to your userAgentID through Mozilla's Push Server. + * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind + * a prompt (2306). Disabling service workers alone doesn't stop Firefox polling the + * Mozilla Push Server. To remove all subscriptions, reset your userAgentID (in about:config + * or on start), and you will get a new one within a few seconds. + * [1] https://support.mozilla.org/en-US/kb/push-notifications-firefox + * [2] https://developer.mozilla.org/en-US/docs/Web/API/Push_API ***/ +user_pref("dom.push.enabled", false); // user_pref("dom.push.userAgentID", ""); /* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] * 0=always ask (default), 1=allow, 2=block From e1b0eae740ad26234d094b6e1b28f6c19e821c7e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Sep 2019 04:20:10 +1200 Subject: [PATCH 1253/1961] goodbye http and other stuff (#801) * goodbye http and other stuff * dead link * put back asmjs [1] ref * 0805 test * typo * 1222 refs * 1222 FF version FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=629558 * 2684: security delay ref * ESR stuff * ping ref * 2684 ref * 0606: give the standard it's correct name https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing * 0805 test instructions * tweakin' --- user.js | 63 ++++++++++++++++++++++++++------------------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/user.js b/user.js index 8d9c5e1..f10d207 100644 --- a/user.js +++ b/user.js @@ -25,8 +25,8 @@ * Some user data is erased on close (section 2800). Change this to suit your needs * EACH RELEASE check: - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) - or enable them as an alternative to RFP or for ESR users - - 9999s: reset deprecated prefs in about:config or enable relevant section(s) for ESR + or enable them as an alternative to RFP (or some of them for ESR users) + - 9999s: reset deprecated prefs in about:config or enable the relevant section for ESR * Site breakage WILL happen - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting and these need to be balanced against Functionality & Convenience & Breakage @@ -360,9 +360,8 @@ user_pref("network.predictor.enable-prefetch", false); // [FF48+] * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ user_pref("network.http.speculative-parallel-limit", 0); -/* 0606: disable pings (but enforce same host in case) - * [1] http://kb.mozillazine.org/Browser.send_pings - * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/ +/* 0606: disable "Hyperlink Auditing" (click tracking) and enforce same host in case + * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ user_pref("browser.send_pings", false); // [DEFAULT: false] user_pref("browser.send_pings.require_same_host", true); @@ -374,8 +373,8 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * Firefox telemetry (April 2019) shows only 5% of all connections are IPv6. * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, - * then this won't make much difference. If you are maksing your IP, then it can only help. - * [TEST] http://ipv6leak.com/ + * then this won't make much difference. If you are masking your IP, then it can only help. + * [TEST] https://ipleak.org/ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); @@ -404,8 +403,7 @@ user_pref("network.http.altsvc.oe", false); /* 0704: enforce the proxy server to do any DNS lookups when using SOCKS * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request - * [1] http://kb.mozillazine.org/Network.proxy.socks_remote_dns - * [2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ + * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver @@ -466,10 +464,10 @@ user_pref("browser.urlbar.trimURLs", false); * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages * use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical ***/ user_pref("browser.sessionhistory.max_entries", 10); -/* 0805: disable CSS querying page history - CSS history leak +/* 0805: disable coloring of visited links - CSS history leak * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * only in 'certain circumstances', also see latest comments in [2] - * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX A on how to use) + * [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * [1] https://dbaron.org/mozilla/visited-privacy * [2] https://bugzilla.mozilla.org/147777 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ @@ -501,7 +499,7 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill - * [1] http://kb.mozillazine.org/Inline_autocomplete ***/ + * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ @@ -541,9 +539,8 @@ user_pref("security.ask_for_password", 2); * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields - * can leak in cross-site forms AND be spoofed - * [NOTE] Password will still be auto-filled after a user name is manually entered - * [1] http://kb.mozillazine.org/Signon.autofillForms ***/ + * can leak in cross-site forms *and* be spoofed + * [NOTE] Username & password is still available when you enter the field ***/ user_pref("signon.autofillForms", false); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); @@ -703,12 +700,10 @@ user_pref("security.pki.sha1_enforcement_level", 1); * 2=detect Family Safety mode and import the root * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] +/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [FF41+] [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [TEST] https://fiprinca.0x90.eu/poc/ - * [1] https://bugzilla.mozilla.org/1334485 - related bug - * [2] https://bugzilla.mozilla.org/1216882 - related bug (see comment 9) ***/ + * [1] https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/ // user_pref("security.nocertdb", true); // [HIDDEN PREF] /* 1223: enforce strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict @@ -730,7 +725,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); /** CIPHERS [see the section 1200 intro] ***/ /* 1261: disable 3DES (effective key size < 128) * [1] https://en.wikipedia.org/wiki/3des#Security - * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack + * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ // user_pref("security.ssl3.rsa_des_ede3_sha", false); /* 1262: disable 128 bits ***/ @@ -932,8 +927,7 @@ user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: prevent websites from disabling new window features - * [1] http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features ***/ +/* 2201: prevent websites from disabling new window features ***/ user_pref("dom.disable_window_open_feature.close", true); user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.menubar", true); @@ -961,8 +955,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2212: limit events that can cause a popup [SETUP-WEB] - * default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" - * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/ + * default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" ***/ user_pref("dom.popup_allowed_events", "click dblclick"); /*** [SECTION 2300]: WEB WORKERS @@ -1140,8 +1133,7 @@ user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard - * [1] https://trac.torproject.org/projects/tor/ticket/10089 - * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ + * [1] https://trac.torproject.org/projects/tor/ticket/10089 ***/ user_pref("middlemouse.contentLoadURL", false); /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) @@ -1217,8 +1209,7 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save - * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox - * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ + * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); /*** [SECTION 2700]: PERSISTENT STORAGE @@ -1246,8 +1237,7 @@ user_pref("network.cookie.cookieBehavior", 1); and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones - * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ - * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/ + * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] /* 2703: delete cookies and site data on close @@ -1474,10 +1464,15 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] user_pref("browser.startup.blankWindow", false); /*** [SECTION 4600]: RFP ALTERNATIVES - * IF you DO use RFP (see 4500) then you DO NOT need these redundant prefs. In fact, - some even cause RFP to not behave as you would expect and alter your fingerprint. - Make sure they are RESET in about:config as per your Firefox version - * IF you DO NOT use RFP or are on ESR... then turn on each ESR section below + * non-RFP users: + Enable the whole section (see the SETUP tag below) + * RFP users: + Make sure these are reset in about:config. They are redundant. In fact, some + even cause RFP to not behave as you would expect and alter your fingerprint + * ESR RFP users: + Reset those *up to and including* your version. Add those *after* your version + as active prefs in your overrides. This is assuming that the patch wasn't also + backported to Firefox ESR. Backporting RFP patches to ESR is rare. ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these From dc4d9e4daef4f1e41db39adc3acfc9cee3ea0fca Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Oct 2019 04:04:41 +1300 Subject: [PATCH 1254/1961] revamp 0200s (#807), closes #0806 - split geo related vs language/locale related - rip out intl.locale.requested - rip out intl.regional_prefs.use_os_locales - add intl.charset.fallback.override --- user.js | 53 ++++++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index f10d207..996985b 100644 --- a/user.js +++ b/user.js @@ -45,7 +45,7 @@ * INDEX: 0100: STARTUP - 0200: GEOLOCATION + 0200: GEOLOCATION / LANGUAGE / LOCALE 0300: QUIET FOX 0400: BLOCKLISTS / SAFE BROWSING 0500: SYSTEM ADD-ONS / EXPERIMENTS @@ -133,49 +133,52 @@ user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false) * [2] https://spreadprivacy.com/is-private-browsing-really-private/ ***/ // user_pref("browser.privatebrowsing.autostart", true); -/*** [SECTION 0200]: GEOLOCATION ***/ +/*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); +/** GEOLOCATION ***/ /* 0201: disable Location-Aware Browsing + * [NOTE] Best left at default "true", fingerprintable, is already behind a prompt (see 0202) * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); -/* 0201b: set a default permission for Location [FF58+] +/* 0202: set a default permission for Location (see 0201) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); -/* 0202: disable GeoIP-based search results +/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled + * Optionally enable logging to the console (defaults to false) ***/ +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +/* 0204: disable using the OS's geolocation service ***/ +user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] +user_pref("geo.provider.use_corelocation", false); // [MAC] +user_pref("geo.provider.use_gpsd", false); // [LINUX] +/* 0205: disable GeoIP-based search results * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ user_pref("browser.search.region", "US"); // [HIDDEN PREF] user_pref("browser.search.geoip.url", ""); -/* 0205: set Firefox language [FF59+] [RESTART] - * Go to the end of about:support to view Internationalization & Localization settings - * If set to empty, the OS locales are used. If not set at all, default locale is used - * This is the language used in menus, about pages, messages, and notifications from Firefox ***/ - // user_pref("intl.locale.requested", "en-US"); // [HIDDEN PREF] /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); -/* 0207: set preferred language for diplaying web pages + +/** LANGUAGE / LOCALE ***/ +/* 0210: set preferred language for displaying web pages * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); -/* 0208: enforce US English locale regardless of the system locale +/* 0211: enforce US English locale regardless of the system locale * [1] https://bugzilla.mozilla.org/867501 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -/* 0209: use APP locale over OS locale in regional preferences [FF56+] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789 ***/ -user_pref("intl.regional_prefs.use_os_locales", false); -/* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled - * Optionally enable logging to the console (defaults to false) ***/ -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] -/* 0211: disable using the OS's geolocation service ***/ -user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] -user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] +/* 0212: enforce fallback text encoding to match en-US + * When the content or server doesn't declare a charset the browser will + * fallback to the "Current locale" based on your application language + * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content + * [TEST] https://hsivonen.com/test/moz/check-charset.htm + * [1] https://trac.torproject.org/projects/tor/ticket/20025 ***/ +user_pref("intl.charset.fallback.override", "windows-1252"); /*** [SECTION 0300]: QUIET FOX Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts @@ -1399,7 +1402,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1337161 - hide gamepads from content (see 4606) (FF56+) ** 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) (FF56+) ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0201b) (FF56-62) + ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0202) (FF56-62) ** 1369309 - spoof media statistics (see 4610) (FF57+) ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) @@ -1413,7 +1416,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if media.navigator.enabled is true (see 2505 which we chose to keep disabled) Block: suppresses the ondevicechange event (see 4612) - ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+) + ** 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) (FF59+) ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. @@ -1659,7 +1662,7 @@ user_pref("network.jar.open-unsafe-types", false); user_pref("plugin.state.java", 0); // * * * / // FF63 -// 0202: disable GeoIP-based search results +// 0205: disable GeoIP-based search results // [NOTE] May not be hidden if Firefox has changed your settings due to your locale // [-] https://bugzilla.mozilla.org/1462015 user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] From 53f8578749cdbc35ac58155d3d417188171ae413 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Oct 2019 15:09:19 +0000 Subject: [PATCH 1255/1961] see #807 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 3a91abb..1501e47 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 16-September-2019 + Last updated: 5-October-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -211,6 +211,8 @@ 'extensions.getAddons.discovery.api_url', 'extensions.htmlaboutaddons.discover.enabled', 'extensions.webservice.discoverURL', + 'intl.locale.requested', + 'intl.regional_prefs.use_os_locales', 'dom.push.connection.enabled', 'dom.push.serverURL', /* reset parrot: check your open about:config after running the script */ From 201210111e438da3a72d64fb2849212563b299a2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Oct 2019 15:12:21 +0000 Subject: [PATCH 1256/1961] char fix --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 996985b..deb1fd8 100644 --- a/user.js +++ b/user.js @@ -995,7 +995,7 @@ user_pref("dom.serviceWorkers.enabled", false); // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: disable Push Notifications [FF44+] * Push is an API that allows websites to send you (subscribed) messages even when the site - * isn’t loaded, by pushing messages to your userAgentID through Mozilla's Push Server. + * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server. * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind * a prompt (2306). Disabling service workers alone doesn't stop Firefox polling the * Mozilla Push Server. To remove all subscriptions, reset your userAgentID (in about:config From a9e93921724e15fbe60011d26a53a74c131ba0b3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Oct 2019 17:47:25 +0000 Subject: [PATCH 1257/1961] add some SB back, see #803 --- user.js | 50 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/user.js b/user.js index deb1fd8..d46aa26 100644 --- a/user.js +++ b/user.js @@ -20,7 +20,7 @@ 2. READ this * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Real time binary checks with Google services are disabled (0402) + * Real time binary checks with Google services are disabled (0412) * You will still get prompts to update Firefox, but auto-installing them is disabled (0302a) * Some user data is erased on close (section 2800). Change this to suit your needs * EACH RELEASE check: @@ -270,28 +270,48 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); -/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) - Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never - sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real - PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. - Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) - doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing -***/ +/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); +/** BLOCKLISTS ***/ /* 0401: enforce Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: disable binaries NOT in Safe Browsing local lists being checked - * This is a real-time check with Google services - * [SETUP-SECURITY] If you do not understand this, or if you want this protection, then override it ***/ + +/** SAFE BROWSING (SB) + Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never + sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real + PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. + Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) + doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) + + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing + [2] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work +***/ +/* 0410: disable SB (Safe Browsing) + * [WARNING] Do this at your own risk! These are the master switches. + * [SETTING] Privacy & Security>Security>... "Block dangerous and deceptive content" ***/ + // user_pref("browser.safebrowsing.malware.enabled", false); + // user_pref("browser.safebrowsing.phishing.enabled", false); +/* 0411: disable SB checks for downloads (both local lookups + remote) + * This is the master switch for the safebrowsing.downloads* prefs (0412, 0413) + * [SETTING] Privacy & Security>Security>... "Block dangerous downloads" ***/ + // user_pref("browser.safebrowsing.downloads.enabled", false); +/* 0412: disable SB checks for downloads (remote) + * To verify the safety of certain executable files, Firefox may submit some information about the + * file, including the name, origin, size and a cryptographic hash of the contents, to the Google + * Safe Browsing service which helps Firefox determine whether or not the file should be blocked + * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); -/* 0403: disable 'ignore this warning' on Safe Browsing warnings +user_pref("browser.safebrowsing.downloads.remote.url", ""); +/* 0413: disable SB checks for unwanted software + * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ + // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); + // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +/* 0419: disable 'ignore this warning' on SB warnings * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ From 624e50faac73f9689912fa6e3bc8d344b4e03967 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Oct 2019 17:51:34 +0000 Subject: [PATCH 1258/1961] replace ` with ' --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d46aa26..f91f762 100644 --- a/user.js +++ b/user.js @@ -219,7 +219,7 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); * IF unified=false then .enabled controls the telemetry module * IF unified=true then .enabled ONLY controls whether to record extended data * so make sure to have both set as false - * [NOTE] FF58+ `toolkit.telemetry.enabled` is now LOCKED to reflect prerelease + * [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease * or release builds (true and false respectively), see [2] * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ @@ -1788,7 +1788,7 @@ user_pref("security.csp.experimentalEnabled", true); // 1802: enforce click-to-play for plugins // [-] https://bugzilla.mozilla.org/1519434 user_pref("plugins.click_to_play", true); // [DEFAULT: true in FF25+] -// 2033: disable autoplay for muted videos [FF63+] - replaced by `media.autoplay.default` options (2030) +// 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) // [-] https://bugzilla.mozilla.org/1562331 // user_pref("media.autoplay.allow-muted", false); // * * * / From ad0187122d33e30ee5e9191d8cd22b727b40a27e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Oct 2019 16:20:03 +0000 Subject: [PATCH 1259/1961] some SB were reinstated, closes #806 --- scratchpad-scripts/ghacks-clear-[removed].js | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 1501e47..5ff79ed 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 5-October-2019 + Last updated: 7-October-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -168,14 +168,9 @@ 'signon.storeWhenAutocompleteOff', 'xpinstall.whitelist.required', /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ - 'browser.safebrowsing.downloads.enabled', 'browser.safebrowsing.downloads.remote.block_dangerous', 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.downloads.remote.block_potentially_unwanted', - 'browser.safebrowsing.downloads.remote.block_uncommon', 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.malware.enabled', - 'browser.safebrowsing.phishing.enabled', 'browser.safebrowsing.provider.google.gethashURL', 'browser.safebrowsing.provider.google.updateURL', 'browser.safebrowsing.provider.google4.gethashURL', From 1b6239eab8fd584f4ef0a76c0c57180db75860b7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Oct 2019 01:13:27 +0000 Subject: [PATCH 1260/1961] remove 0804, closes #808 if anyone can show me how this stops history leaks, then I'll put it back with a note saying it's been broken since FF61 --- user.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/user.js b/user.js index f91f762..56171e1 100644 --- a/user.js +++ b/user.js @@ -482,11 +482,6 @@ user_pref("keyword.enabled", false); user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - * This is a PER TAB session history. You still have a full history stored under all history - * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - * use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical ***/ -user_pref("browser.sessionhistory.max_entries", 10); /* 0805: disable coloring of visited links - CSS history leak * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * only in 'certain circumstances', also see latest comments in [2] From d7b1877a1f38bec7ecc02957e860403a885d397f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Oct 2019 01:14:50 +0000 Subject: [PATCH 1261/1961] browser.sessionhistory.max_entries see #808 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 5ff79ed..8223d45 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 7-October-2019 + Last updated: 13-October-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -203,6 +203,7 @@ 'plugin.sessionPermissionNow.intervalInMinutes', /* 70-beta */ 'browser.cache.disk_cache_ssl', + 'browser.sessionhistory.max_entries', 'extensions.getAddons.discovery.api_url', 'extensions.htmlaboutaddons.discover.enabled', 'extensions.webservice.discoverURL', From 5b82afd5bd103e12fa29e460f5dd2812d7dca858 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Oct 2019 09:27:44 +0000 Subject: [PATCH 1262/1961] webgl.dxgl.enabled, closes #814 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 56171e1..c95d0b2 100644 --- a/user.js +++ b/user.js @@ -916,7 +916,6 @@ user_pref("media.peerconnection.ice.no_host", true); // [FF51+] * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); -user_pref("webgl.dxgl.enabled", false); // [WINDOWS] user_pref("webgl.enable-webgl2", false); /* 2012: limit WebGL ***/ user_pref("webgl.min_capability_mode", true); From 7f2c92f654220db546d2290f38d61ab010e36bd7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Oct 2019 09:28:52 +0000 Subject: [PATCH 1263/1961] webgl.dxgl.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 8223d45..8f6e38b 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 13-October-2019 + Last updated: 15-October-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -211,6 +211,7 @@ 'intl.regional_prefs.use_os_locales', 'dom.push.connection.enabled', 'dom.push.serverURL', + 'webgl.dxgl.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 226af6f679114f8da3df0f98a3a575cca80ea749 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Oct 2019 22:20:50 +0000 Subject: [PATCH 1264/1961] 69 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c95d0b2..941b6df 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 4 September 2019 -* version 69-beta: Pants One More Time +* date: 20 September 2019 +* version 69: Pants One More Time * "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time." * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 5d1857ddd8b1d07c0ffd12aa09f842825915de4e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Oct 2019 22:32:37 +0000 Subject: [PATCH 1265/1961] start 70 commits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 941b6df..69439b6 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 20 September 2019 -* version 69: Pants One More Time -* "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time." +* version 70-alpha: Pinpants Wizard +* "Ever since I was a young pants, I've played the silver ball" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 1cc9a08a18e5e8439d3d687205a16c7cb856653a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Oct 2019 22:40:53 +0000 Subject: [PATCH 1266/1961] remove ESR60.x deprecated These are archived in #123 --- user.js | 122 -------------------------------------------------------- 1 file changed, 122 deletions(-) diff --git a/user.js b/user.js index 69439b6..e670ea1 100644 --- a/user.js +++ b/user.js @@ -1651,128 +1651,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); -/* ESR60.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF61 -// 0501: disable experiments - // [1] https://wiki.mozilla.org/Telemetry/Experiments - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("experiments.supported", false); -user_pref("experiments.activeExperiment", false); -// 2612: disable remote JAR files being opened, regardless of content type [FF42+] - // [1] https://bugzilla.mozilla.org/1173171 - // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ - // [-] https://bugzilla.mozilla.org/1427726 -user_pref("network.jar.block-remote-files", true); -// 2613: disable JAR from opening Unsafe File Types - // [-] https://bugzilla.mozilla.org/1427726 -user_pref("network.jar.open-unsafe-types", false); -// * * * / -// FF62 -// 1803: disable Java plugin - // [-] (part5) https://bugzilla.mozilla.org/1461243 -user_pref("plugin.state.java", 0); -// * * * / -// FF63 -// 0205: disable GeoIP-based search results - // [NOTE] May not be hidden if Firefox has changed your settings due to your locale - // [-] https://bugzilla.mozilla.org/1462015 -user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] -// 0301a: disable auto-update checks for Firefox - // [SETTING] General>Firefox Updates>Never check for updates - // [-] https://bugzilla.mozilla.org/1420514 - // user_pref("app.update.enabled", false); -// 0503: disable "Savant" Shield study [FF61+] - // [-] https://bugzilla.mozilla.org/1457226 -user_pref("shield.savant.enabled", false); -// 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons - // [-] https://bugzilla.mozilla.org/1453751 - // user_pref("browser.chrome.favicons", false); -// 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default - // This may break video playback on various sites - // [-] https://bugzilla.mozilla.org/1470082 -user_pref("media.autoplay.enabled", false); -// 2704: set cookie lifetime in days (see 2703) - // [-] https://bugzilla.mozilla.org/1457170 - // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90] -// 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder - // [-] https://bugzilla.mozilla.org/1473595 - // user_pref("browser.ctrlTab.previews", true); -// * * * / -// FF64 -// 0516: disable Onboarding [FF55+] - // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time - // about:home or about:newtab is opened, the onboarding overlay is injected into that page - // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] - // [1] https://wiki.mozilla.org/Firefox/Onboarding - // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf - // [3] https://bugzilla.mozilla.org/863246#c154 - // [-] https://bugzilla.mozilla.org/1462415 -user_pref("browser.onboarding.enabled", false); -// 2608: disable WebIDE ADB extension downloads - both renamed - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1491315 -user_pref("devtools.webide.autoinstallADBHelper", false); -user_pref("devtools.webide.adbAddonURL", ""); -// 2681: disable CSP violation events [FF59+] - // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent - // [-] https://bugzilla.mozilla.org/1488165 -user_pref("security.csp.enable_violation_events", false); -// * * * / -// FF65 -// 0850a: disable location bar autocomplete and suggestion types - // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete' - // - If *ALL* of the suggestion types are false, 'autocomplete' must also be false - // - If *ANY* of the suggestion types are true, 'autocomplete' must also be true - // [-] https://bugzilla.mozilla.org/1502392 -user_pref("browser.urlbar.autocomplete.enabled", false); -// 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) - // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) - // [-] https://bugzilla.mozilla.org/1510580 -user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] -// * * * / -// FF66 -// 0380: disable Browser Error Reporter [FF60+] - // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection - // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html - // [-] https://bugzilla.mozilla.org/1509888 -user_pref("browser.chrome.errorReporter.enabled", false); -user_pref("browser.chrome.errorReporter.submitUrl", ""); -// 0502: disable Mozilla permission to silently opt you into tests - // [-] https://bugzilla.mozilla.org/1415625 -user_pref("network.allow-experiments", false); -// * * * / -// FF67 -// 2428: enforce DOMHighResTimeStamp API - // [WARNING] Required for normalization of timestamps and any timer resolution mitigations - // [-] https://bugzilla.mozilla.org/1485264 -user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] -// 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features - // [SETTING] General>Browsing>Recommend extensions as you browse - // [1] https://support.mozilla.org/en-US/kb/extension-recommendations - // [-] https://bugzilla.mozilla.org/1528953 - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); -// * * * / -// FF68 -// 0105b: disable Activity Stream Legacy Snippets - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939 -user_pref("browser.newtabpage.activity-stream.disableSnippets", true); -user_pref("browser.aboutHomeSnippets.updateUrl", ""); -// 0307: disable auto updating of lightweight themes (LWT) - // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API - // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] - // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ - // [-] (part3b) https://bugzilla.mozilla.org/1525762 -user_pref("lightweightThemes.update.enabled", false); -// 2682: enable CSP 1.1 experimental hash-source directive [FF29+] - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 - // [-] https://bugzilla.mozilla.org/1386214 -user_pref("security.csp.experimentalEnabled", true); -// * * * / -// ***/ - /* ESR68.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 From 301fcd059dc7f937f60e35a32a2848866a7e61be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Oct 2019 23:36:48 +0000 Subject: [PATCH 1267/1961] 1003: capacity no longer hidden --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e670ea1..5c789db 100644 --- a/user.js +++ b/user.js @@ -596,7 +596,7 @@ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache /* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes ***/ // user_pref("browser.cache.memory.enable", false); - // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF] + // user_pref("browser.cache.memory.capacity", 0); /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ From d91226ed55b5fbdc1fd10860137ad6579f3d48c6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Oct 2019 23:59:16 +0000 Subject: [PATCH 1268/1961] tweakin' --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5c789db..b388c6a 100644 --- a/user.js +++ b/user.js @@ -1646,7 +1646,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which + Documentation denoted as [-]. Items deprecated prior to FF69 have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ From 539750d2f2d82ced8e1dc1761bdf7d17dbf18c58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Oct 2019 04:41:27 +0000 Subject: [PATCH 1269/1961] FF70 hidden/default changes --- user.js | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index b388c6a..f34ce19 100644 --- a/user.js +++ b/user.js @@ -375,7 +375,7 @@ user_pref("network.prefetch-next", false); * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true FF70+] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] @@ -596,7 +596,7 @@ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache /* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes ***/ // user_pref("browser.cache.memory.enable", false); - // user_pref("browser.cache.memory.capacity", 0); + // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR] /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ @@ -771,10 +771,8 @@ user_pref("browser.ssl_override_behavior", 1); * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); /* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/ -user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] +user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true FF70+] user_pref("security.insecure_connection_text.enabled", true); // [FF60+] - // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [FF59+] private windows only - // user_pref("security.insecure_connection_text.pbmode.enabled", true); // [FF60+] private windows only /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); @@ -870,7 +868,7 @@ user_pref("privacy.userContext.ui.enabled", true); * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads [FF51+] ***/ -user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+] +user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true FF61+] /* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] * 0=no menu (default), 1=show when clicked, 2=show on long press * [1] https://bugzilla.mozilla.org/1328756 ***/ @@ -1139,7 +1137,7 @@ user_pref("devtools.chrome.enabled", false); /* 2608: disable WebIDE to prevent remote debugging and ADB extension download * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); -user_pref("devtools.webide.enabled", false); +user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc @@ -1381,7 +1379,7 @@ user_pref("privacy.firstparty.isolate", true); * [2] https://bugzilla.mozilla.org/1492607 * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] - // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF] + // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR] /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) This master switch will be used for a wide range of items, many of which will @@ -1659,7 +1657,7 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); // user_pref("gfx.downloadable_fonts.woff2.enabled", false); // 1802: enforce click-to-play for plugins // [-] https://bugzilla.mozilla.org/1519434 -user_pref("plugins.click_to_play", true); // [DEFAULT: true in FF25+] +user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] // 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) // [-] https://bugzilla.mozilla.org/1562331 // user_pref("media.autoplay.allow-muted", false); From 67eec9c85c1ac98b30546f07f0f256e0b7545d76 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Oct 2019 04:50:59 +0000 Subject: [PATCH 1270/1961] pbmode insecure text/icon see `1273` - we already make **all** windows do this (which overrides the pb mode setting), and these were inactive - in FF70+ the icon pref (for PB mode and all windows) is now default true --- scratchpad-scripts/ghacks-clear-[removed].js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 8f6e38b..e6f72d8 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 15-October-2019 + Last updated: 27-October-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -204,13 +204,15 @@ /* 70-beta */ 'browser.cache.disk_cache_ssl', 'browser.sessionhistory.max_entries', + 'dom.push.connection.enabled', + 'dom.push.serverURL', 'extensions.getAddons.discovery.api_url', 'extensions.htmlaboutaddons.discover.enabled', 'extensions.webservice.discoverURL', 'intl.locale.requested', 'intl.regional_prefs.use_os_locales', - 'dom.push.connection.enabled', - 'dom.push.serverURL', + 'security.insecure_connection_icon.pbmode.enabled', + 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From e4f80225d8f2c5c70681e53a9ca607293a5695ed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Oct 2019 12:12:52 +0000 Subject: [PATCH 1271/1961] FF72: FPI & IPv6 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f34ce19..15dd30e 100644 --- a/user.js +++ b/user.js @@ -1364,6 +1364,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) ** 1330467 - isolate site permissions (FF69+) + ** 1534339 - isolate IPv6 (FF72+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From 16756646bbd803e772d9796a20d400d2e2ee18c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 31 Oct 2019 09:49:12 +0000 Subject: [PATCH 1272/1961] remove DoH, closes #790 --- user.js | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/user.js b/user.js index 15dd30e..5ceba38 100644 --- a/user.js +++ b/user.js @@ -428,16 +428,6 @@ user_pref("network.http.altsvc.oe", false); * as a remote Tor node will handle the DNS request * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] - * TRR = Trusted Recursive Resolver - * 0=off by default, 1=race (removed in FF69), 2=TRR first, 3=TRR only, - * 4=race for stats but always use native result (removed in FF69), 5=explicitly off - * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) - * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ - * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ - // user_pref("network.trr.mode", 0); - // user_pref("network.trr.bootstrapAddress", ""); - // user_pref("network.trr.uri", ""); /* 0708: disable FTP [FF60+] * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ // user_pref("network.ftp.enabled", false); From fdaf22780fd985e19bd20e0301203d880fcfa304 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 2 Nov 2019 16:00:12 +0000 Subject: [PATCH 1273/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc5d76a..34c8bc6 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Literally thousands of sources, references and suggestions. That said... * Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 * The ghacks community and commentators * [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master) + * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) 1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. From 65dfad5c76148379c1c3f6d4667b28721c613770 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 6 Nov 2019 11:37:24 +0000 Subject: [PATCH 1274/1961] 2701: UI changes --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5ceba38..6a759eb 100644 --- a/user.js +++ b/user.js @@ -1234,7 +1234,7 @@ user_pref("security.dialog_enable_delay", 700); user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, - * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) (default FF69+) + * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+) * [NOTE] You can set exceptions under site permissions or use an extension * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); From 895f8d01d59d2640505f8f8f4d015023de88f069 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 8 Nov 2019 13:01:33 +0000 Subject: [PATCH 1275/1961] FF70+: shield studies no longer tied to FHR (#836) https://bugzilla.mozilla.org/1569330 --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 6a759eb..5b7b74d 100644 --- a/user.js +++ b/user.js @@ -246,8 +246,7 @@ user_pref("datareporting.healthreport.uploadEnabled", false); * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); /* 0342: disable Studies (see 0503) - * [NOTE] This pref has no effect when Health Reports (0340) are disabled - * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/ + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); /* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+] * [NOTE] This pref has no effect when Health Reports (0340) are disabled From 0c79b8b45bf4fa59849d49e9e3c4885789130fd0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Nov 2019 13:46:20 +0000 Subject: [PATCH 1276/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 34c8bc6..b374351 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Everyone, experts included, should at least read the [implementation](https://gi Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. -Also be aware that this `user.js` is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. +Also be aware that this `user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) From 6173104a9ef02ae85aa27c9ad63d00b03d5b0f49 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 8 Nov 2019 16:30:03 +0000 Subject: [PATCH 1277/1961] re-add relevant deprecated items for ESR users (#837) makes the prefsCleaner scripts useful again for users updating from ESR60 to ESR68 --- user.js | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 120 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 5b7b74d..46bcdd3 100644 --- a/user.js +++ b/user.js @@ -1634,11 +1634,130 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF69 have been archived at [1], which + Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); +/* FF61 +// 0501: disable experiments + // [1] https://wiki.mozilla.org/Telemetry/Experiments + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 +user_pref("experiments.enabled", false); +user_pref("experiments.manifest.uri", ""); +user_pref("experiments.supported", false); +user_pref("experiments.activeExperiment", false); +// 2612: disable remote JAR files being opened, regardless of content type [FF42+] + // [1] https://bugzilla.mozilla.org/1173171 + // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ + // [-] https://bugzilla.mozilla.org/1427726 +user_pref("network.jar.block-remote-files", true); +// 2613: disable JAR from opening Unsafe File Types + // [-] https://bugzilla.mozilla.org/1427726 +user_pref("network.jar.open-unsafe-types", false); +// ***/ +/* FF62 +// 1803: disable Java plugin + // [-] (part5) https://bugzilla.mozilla.org/1461243 +user_pref("plugin.state.java", 0); +// ***/ +/* FF63 +// 0205: disable GeoIP-based search results + // [NOTE] May not be hidden if Firefox has changed your settings due to your locale + // [-] https://bugzilla.mozilla.org/1462015 +user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] +// 0301a: disable auto-update checks for Firefox + // [SETTING] General>Firefox Updates>Never check for updates + // [-] https://bugzilla.mozilla.org/1420514 + // user_pref("app.update.enabled", false); +// 0503: disable "Savant" Shield study [FF61+] + // [-] https://bugzilla.mozilla.org/1457226 +user_pref("shield.savant.enabled", false); +// 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons + // [-] https://bugzilla.mozilla.org/1453751 + // user_pref("browser.chrome.favicons", false); +// 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default + // This may break video playback on various sites + // [-] https://bugzilla.mozilla.org/1470082 +user_pref("media.autoplay.enabled", false); +// 2704: set cookie lifetime in days (see 2703) + // [-] https://bugzilla.mozilla.org/1457170 + // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90] +// 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder + // [-] https://bugzilla.mozilla.org/1473595 + // user_pref("browser.ctrlTab.previews", true); +// ***/ +/* FF64 +// 0516: disable Onboarding [FF55+] + // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time + // about:home or about:newtab is opened, the onboarding overlay is injected into that page + // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] + // [1] https://wiki.mozilla.org/Firefox/Onboarding + // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf + // [3] https://bugzilla.mozilla.org/863246#c154 + // [-] https://bugzilla.mozilla.org/1462415 +user_pref("browser.onboarding.enabled", false); +// 2608: disable WebIDE ADB extension downloads - both renamed + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/1491315 +user_pref("devtools.webide.autoinstallADBHelper", false); +user_pref("devtools.webide.adbAddonURL", ""); +// 2681: disable CSP violation events [FF59+] + // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent + // [-] https://bugzilla.mozilla.org/1488165 +user_pref("security.csp.enable_violation_events", false); +// ***/ +/* FF65 +// 0850a: disable location bar autocomplete and suggestion types + // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete' + // - If *ALL* of the suggestion types are false, 'autocomplete' must also be false + // - If *ANY* of the suggestion types are true, 'autocomplete' must also be true + // [-] https://bugzilla.mozilla.org/1502392 +user_pref("browser.urlbar.autocomplete.enabled", false); +// 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) + // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) + // [-] https://bugzilla.mozilla.org/1510580 +user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] +// ***/ +/* FF66 +// 0380: disable Browser Error Reporter [FF60+] + // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection + // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html + // [-] https://bugzilla.mozilla.org/1509888 +user_pref("browser.chrome.errorReporter.enabled", false); +user_pref("browser.chrome.errorReporter.submitUrl", ""); +// 0502: disable Mozilla permission to silently opt you into tests + // [-] https://bugzilla.mozilla.org/1415625 +user_pref("network.allow-experiments", false); +// ***/ +/* FF67 +// 2428: enforce DOMHighResTimeStamp API + // [WARNING] Required for normalization of timestamps and any timer resolution mitigations + // [-] https://bugzilla.mozilla.org/1485264 +user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] +// 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features + // [SETTING] General>Browsing>Recommend extensions as you browse + // [1] https://support.mozilla.org/en-US/kb/extension-recommendations + // [-] https://bugzilla.mozilla.org/1528953 + // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); +// ***/ +/* FF68 +// 0105b: disable Activity Stream Legacy Snippets + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939 +user_pref("browser.newtabpage.activity-stream.disableSnippets", true); +user_pref("browser.aboutHomeSnippets.updateUrl", ""); +// 0307: disable auto updating of lightweight themes (LWT) + // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API + // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] + // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ + // [-] (part3b) https://bugzilla.mozilla.org/1525762 +user_pref("lightweightThemes.update.enabled", false); +// 2682: enable CSP 1.1 experimental hash-source directive [FF29+] + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 + // [-] https://bugzilla.mozilla.org/1386214 +user_pref("security.csp.experimentalEnabled", true); +// ***/ + /* ESR68.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 From c13dbdf40dd6c54a7cee8f8689a2a555252da089 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 8 Nov 2019 16:42:21 +0000 Subject: [PATCH 1278/1961] 1201 update (#838) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://wiki.mozilla.org/Security:Renegotiation describes > **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08 where the last step is > - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message and then after talking about breakage ... > The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation. mentions workarounds to reduce said breakage: > In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available: specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms". But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message". But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe. 1201 controls the negotiation part: > This pref controls the behaviour during the initial negotiation between client and server. > If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack. > Setting this preference to “true” is the only way to guarantee full protection against the attack. I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols. Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions. Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant. ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202. --- user.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 46bcdd3..56c8f50 100644 --- a/user.js +++ b/user.js @@ -639,15 +639,14 @@ user_pref("alerts.showFavicons", false); // [DEFAULT: false] ***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ -/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack) - * [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2] - * [1] https://wiki.mozilla.org/Security:Renegotiation - * [2] https://www.ssllabs.com/ssl-pulse/ ***/ +/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack) + * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. - * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 ***/ + * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 + * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.max", 4); /* 1203: disable SSL session tracking [FF36+] From d5f297ed426249e98c9bfc117d3d42ae5882944b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 8 Nov 2019 18:06:35 +0000 Subject: [PATCH 1279/1961] 5000s: disable what's new --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 56c8f50..7e3761c 100644 --- a/user.js +++ b/user.js @@ -1620,16 +1620,18 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] +/* UX: FEATURES: disable and hide the icons and menus ***/ + // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF70+] + // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] + // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] + // user_pref("reader.parse-on-load.enabled", false); // Reader View /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend extensions as you browse // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend features as you browse - // user_pref("extensions.pocket.enabled", false); // disable and hide Pocket [FF46+] - // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART] // user_pref("network.manage-offline-status", false); // see bugzilla 620472 - // user_pref("reader.parse-on-load.enabled", false); // "Reader View" // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED From 0cfb2fb06d68639b3e491a98b80a380ad48ec0d4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Nov 2019 23:23:34 +0000 Subject: [PATCH 1280/1961] 1703: remove default true since FF61, and ESR60 is now EOL --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 7e3761c..9a4bbb4 100644 --- a/user.js +++ b/user.js @@ -855,8 +855,6 @@ user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); -/* 1703: enable a private container for thumbnail loads [FF51+] ***/ -user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true FF61+] /* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] * 0=no menu (default), 1=show when clicked, 2=show on long press * [1] https://bugzilla.mozilla.org/1328756 ***/ From 0d57cfc44af3f0c8426e166db8dd91faf8a52c5c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Nov 2019 23:25:52 +0000 Subject: [PATCH 1281/1961] about_newtab_segregation.enabled --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index e6f72d8..94a2cdb 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 27-October-2019 + Last updated: 09-November-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -211,6 +211,7 @@ 'extensions.webservice.discoverURL', 'intl.locale.requested', 'intl.regional_prefs.use_os_locales', + 'privacy.usercontext.about_newtab_segregation.enabled' 'security.insecure_connection_icon.pbmode.enabled', 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', From 1d31da40eca9a254f592fd48256e332efd2e510b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 11 Nov 2019 13:00:01 +0000 Subject: [PATCH 1282/1961] missing comma thanks @sebp - https://github.com/ghacksuserjs/ghacks-user.js/commit/0d57cfc44af3f0c8426e166db8dd91faf8a52c5c#commitcomment-35890867 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 94a2cdb..3a889fd 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 09-November-2019 + Last updated: 11-November-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -211,7 +211,7 @@ 'extensions.webservice.discoverURL', 'intl.locale.requested', 'intl.regional_prefs.use_os_locales', - 'privacy.usercontext.about_newtab_segregation.enabled' + 'privacy.usercontext.about_newtab_segregation.enabled', 'security.insecure_connection_icon.pbmode.enabled', 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', From bff1e84afa8294107462c9a6dce49ff6e7452474 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 11 Nov 2019 15:10:14 +0000 Subject: [PATCH 1283/1961] v1.6.0 --- scratchpad-scripts/troubleshooter.js | 190 +++++++++++++-------------- 1 file changed, 94 insertions(+), 96 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 98d9948..1cce763 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,65 +1,11 @@ -/*** ghacks-user.js troubleshooter.js v1.5.2 ***/ +/*** ghacks-user.js troubleshooter.js v1.6.0 ***/ (function() { - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } + if ("undefined" === typeof(Services)) return alert('about:config needs to be the active tab!'); - function getMyList(arr) { - let aRet = []; - let dummy = 0; - for (let i = 0, len = arr.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(arr[i])) { - dummy = Services.prefs.getPrefType(arr[i]); - switch (dummy) { - case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31) - dummy = Services.prefs.getCharPref(arr[i]); - aRet.push({'name':arr[i],'value': dummy,'type':32}); - break; - case 64: // int - dummy = Services.prefs.getIntPref(arr[i]); - aRet.push({'name':arr[i],'value': dummy,'type':64}); - break; - case 128: // boolean - dummy = Services.prefs.getBoolPref(arr[i]); - aRet.push({'name':arr[i],'value': dummy,'type':128}); - break; - default: - console.log("error detecting pref-type for '"+arr[i]+"' !"); - } - } - } - return aRet; - } - - function reapply(arr) { - for (let i = 0, len = arr.length; i < len; i++) { - switch (arr[i].type) { - case 32: // string - Services.prefs.setCharPref(arr[i].name, arr[i].value); - break; - case 64: // int - Services.prefs.setIntPref(arr[i].name, arr[i].value); - break; - case 128: // boolean - Services.prefs.setBoolPref(arr[i].name, arr[i].value); - break; - default: - console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen - } - } - } - - function myreset(arr) { - for (let i = 0, len = arr.length; i < len; i++) { - Services.prefs.clearUserPref(arr[i].name); - } - } - - let ops = [ + const aPREFS = [ /* known culprits */ 'network.cookie.cookieBehavior', @@ -160,56 +106,108 @@ 'last.one.without.comma' ] + // any runtime-set pref that everyone will have and that can be safely reset + const oFILLER = { type: 64, name: 'extensions.blocklist.pingCountTotal', value: -1 }; - // reset prefs that set the same value as FFs default value - let aTEMP = getMyList(ops); - myreset(aTEMP); - reapply(aTEMP); + function getMyList(arr) { + const aRet = []; + for (const sPname of arr) { + if (Services.prefs.prefHasUserValue(sPname)) { + const ptype = Services.prefs.getPrefType(sPname); + switch (ptype) { + case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31) + aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getCharPref(sPname)}); + break; + case 64: // int + aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getIntPref(sPname)}); + break; + case 128: // boolean + aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getBoolPref(sPname)}); + break; + default: + console.log("error detecting pref-type for '"+sPname+"' !"); + } + } + } + return aRet; + } - const aBACKUP = getMyList(ops); - //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored."); + function reapply(arr) { + for (const oPref of arr) { + switch (oPref.type) { + case 32: // string + Services.prefs.setCharPref(oPref.name, oPref.value); + break; + case 64: // int + Services.prefs.setIntPref(oPref.name, oPref.value); + break; + case 128: // boolean + Services.prefs.setBoolPref(oPref.name, oPref.value); + break; + default: + console.log("error re-appyling value for '"+oPref.name+"' !"); // should never happen + } + } + } - let myArr = aBACKUP; - let found = false; - let aDbg = []; - focus(); - myreset(aBACKUP); // reset all detected prefs - if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { - aDbg = myArr; - reapply(aBACKUP); - myreset(myArr.slice(0, parseInt(myArr.length/2))); - while (myArr.length >= 2) { + function myreset(arr) { + for (const oPref of arr) Services.prefs.clearUserPref(oPref.name); + } + + function resetAllMatchingDefault(arr) { + const aTmp = getMyList(arr); + myreset(aTmp); + reapply(aTmp); + } + + function _main(aALL) { + const _h = (arr) => Math.ceil(arr.length/2); + + let aTmp = aALL, aDbg = aALL; + reapply(aALL); + myreset(aTmp.slice(0, _h(aTmp))); + while (aTmp.length) { alert("NOW TEST AGAIN !"); if (confirm("if the problem still exists click OK, otherwise click cancel.")) { - myArr = myArr.slice(parseInt(myArr.length/2)); - if (myArr.length == 1) { - alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); - break; - } + aTmp = aTmp.slice(_h(aTmp)); } else { - myArr = myArr.slice(0, parseInt(myArr.length/2)); - aDbg = myArr; - if (myArr.length == 1) { found = true; break; } + aTmp = aTmp.slice(0, _h(aTmp)); + aDbg = aTmp; // update narrowed down list + if (aDbg.length == 1) break; } - reapply(aBACKUP); - myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs + reapply(aALL); + myreset(aTmp.slice(0, _h(aTmp))); // reset half of the remaining prefs } - reapply(aBACKUP); + reapply(aALL); + + if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n"); + if (aDbg.length == aALL.length) { + let msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n"; + msg += "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n"; + msg += "In case it's the latter, the script can add a dummy pref and you can try again - Try again?"; + if (confirm(msg)) return _main([...aALL, oFILLER]); + } else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) { + return _main(aDbg.reverse()); + } + + alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); + console.log("The problem is caused by 2 or more of these prefs:"); + for (const oPref of aDbg) console.log(oPref.name); } - else { - reapply(aBACKUP); + + + resetAllMatchingDefault(aPREFS); // reset user-set prefs matching FFs default value + + const aBAK = getMyList(aPREFS); + //console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); + + focus(); + myreset(aBAK); + if (!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { + reapply(aBAK); return; } - if (found) { - alert("narrowed it down to:\n\n"+myArr[0].name+"\n"); - myreset(myArr); // reset the culprit - } - else { - console.log("the problem is caused by a combination of the following prefs:"); - for (let i = 0, len = aDbg.length; i < len; i++) { - console.log(aDbg[i].name); - } - } + _main(aBAK); })(); From a3611b7cf89b64b7b9814259cb5fdbde3ebbcd3e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 14 Nov 2019 02:39:48 +0000 Subject: [PATCH 1284/1961] changes to prefs affecting extensions also first word on pdfjs.disabled, to be consistent --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9a4bbb4..381a8fc 100644 --- a/user.js +++ b/user.js @@ -1049,6 +1049,7 @@ user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly [FF52+] [SETUP-PERF] + * [NOTE] In FF70+ this no longer affects extensions (1576254) * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2426: disable Intersection Observer API [FF55+] @@ -1130,6 +1131,7 @@ user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] + * [NOTE] In FF70+ and ESR68.1.0+ this no longer affects extensions (1564208) * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); @@ -1158,7 +1160,7 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enable Firefox's built-in PDF reader [SETUP-CHROME] +/* 2620: enforce Firefox's built-in PDF reader [SETUP-CHROME] * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) From b0221ec838acdf469b99466e37d8bf9068ce57fe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Nov 2019 10:33:02 +0000 Subject: [PATCH 1285/1961] 1576254 version fixup --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 381a8fc..604d42e 100644 --- a/user.js +++ b/user.js @@ -1049,7 +1049,7 @@ user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); /* 2422: disable WebAssembly [FF52+] [SETUP-PERF] - * [NOTE] In FF70+ this no longer affects extensions (1576254) + * [NOTE] In FF71+ this no longer affects extensions (1576254) * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2426: disable Intersection Observer API [FF55+] From 19526b573c880e3c843e69b76098939cc0a60e3f Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Tue, 19 Nov 2019 03:31:48 +0000 Subject: [PATCH 1286/1961] 2805 note, FPI change (#842) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 604d42e..d5fea8e 100644 --- a/user.js +++ b/user.js @@ -1323,6 +1323,7 @@ user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (see 0102) or is already cleared with history (see 2803) + * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (see 1022) * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); @@ -1352,7 +1353,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) ** 1330467 - isolate site permissions (FF69+) - ** 1534339 - isolate IPv6 (FF72+) + ** 1534339 - isolate IPv6 (coming soon) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From f67e72919773ff51e712c515988c61e4d0a3d0e4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Nov 2019 06:39:08 +0000 Subject: [PATCH 1287/1961] whatsNewPanel correct version --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d5fea8e..6e61b1e 100644 --- a/user.js +++ b/user.js @@ -1622,7 +1622,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] /* UX: FEATURES: disable and hide the icons and menus ***/ - // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF70+] + // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+] // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] // user_pref("reader.parse-on-load.enabled", false); // Reader View From a0e0a2a6c96167735b1f684da385ddb2ae6c6fbb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 19 Nov 2019 16:26:14 +0000 Subject: [PATCH 1288/1961] 2680 tweak #840 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 6e61b1e..3a4458f 100644 --- a/user.js +++ b/user.js @@ -1208,7 +1208,8 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] // user_pref("extensions.webextensions.restrictedDomains", ""); /** SECURITY ***/ -/* 2680: enable CSP (Content Security Policy) +/* 2680: enforce CSP (Content Security Policy) + * [WARNING] CSP is a very important and widespread security feature. Don't disable it! * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save From 6acfdaccbdb961ab748bfb067e2d77db11d159cd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 20 Nov 2019 04:48:15 +0000 Subject: [PATCH 1289/1961] RFP stuff --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 3a4458f..82c7e6a 100644 --- a/user.js +++ b/user.js @@ -1434,6 +1434,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL ** 1540726 - return "light" with prefers-color-scheme (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ** 1564422 - spoof audioContext outputLatency (FF70+) + ** 1595823 - spoof audioContext sampleRate (FF72+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 450c9a9e0f2ef14ae392d71f06132da578471a33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 03:23:08 +1300 Subject: [PATCH 1290/1961] simplify ciphers, closes #839 (#844) * simplify ciphers - let's not encourage (remove options 1, 2) changing your cipher suite FP - remove "it's quite technical ..." (everything is technical to someone), trim to one line - add test link so users can just see that it's FP'able - reinforce not to fuck with the cipher suite in the cipher's sub-section --- user.js | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 82c7e6a..6d429fd 100644 --- a/user.js +++ b/user.js @@ -626,15 +626,8 @@ user_pref("browser.shell.shortcutFavicons", false); user_pref("alerts.showFavicons", false); // [DEFAULT: false] /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) - Note that your cipher and other settings can be used server side as a fingerprint attack - vector, see [1] (It's quite technical but the first part is easy to understand - and you can stop reading when you reach the second section titled "Enter Bro") - - Option 1: Use defaults for ciphers (1260's). There is nothing *weak* about these, but - due to breakage, browsers can't deprecate them until the web stops using them - Option 2: Disable the ciphers in 1261, 1262 and 1263. These shouldn't break anything. - Optionally, disable the ciphers in 1264. - + Your cipher and other settings can be used in server side fingerprinting + [TEST] https://www.ssllabs.com/ssltest/viewMyClient.html [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ ***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); @@ -728,7 +721,7 @@ user_pref("security.mixed_content.block_display_content", true); * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); -/** CIPHERS [see the section 1200 intro] ***/ +/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/ /* 1261: disable 3DES (effective key size < 128) * [1] https://en.wikipedia.org/wiki/3des#Security * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack From f0980b5cb84a9f576ff4afa60c1ae39cbba3b86f Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 22 Nov 2019 15:19:37 +0000 Subject: [PATCH 1291/1961] 2002: add proxy_only_if_behind_proxy --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 6d429fd..503ff6d 100644 --- a/user.js +++ b/user.js @@ -882,11 +882,14 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); /* 2002: limit WebRTC IP leaks if using WebRTC + * In FF70+ these settings match Mode 4 (Mode 3 in older versions) (see [3]) * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 - * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ + * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy + * [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/ user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] +user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+] /* 2010: disable WebGL (Web Graphics Library) * [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy, * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501) From 8f76d9439f1b7998d100bc0cda316a8f2dcba741 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 22 Nov 2019 15:26:38 +0000 Subject: [PATCH 1292/1961] 2002: add FF70 bugzilla link --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 503ff6d..1ad591b 100644 --- a/user.js +++ b/user.js @@ -884,7 +884,7 @@ user_pref("media.peerconnection.enabled", false); /* 2002: limit WebRTC IP leaks if using WebRTC * In FF70+ these settings match Mode 4 (Mode 3 in older versions) (see [3]) * [TEST] https://browserleaks.com/webrtc - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416 + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy * [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/ user_pref("media.peerconnection.ice.default_address_only", true); From a13027905e7b2db381ecdef5cb69f524eb1acd4e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 02:56:30 +0000 Subject: [PATCH 1293/1961] Delete ghacks-clear-FF60inclusive-[deprecated].js --- ...ghacks-clear-FF60inclusive-[deprecated].js | 189 ------------------ 1 file changed, 189 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js deleted file mode 100644 index f62c589..0000000 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[deprecated].js +++ /dev/null @@ -1,189 +0,0 @@ -/*** - This will reset the preferences that have been deprecated by Mozilla - and used in the ghacks user.js up to and including release 60-beta - - It is in reverse order, so feel free to remove sections that do not apply - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* deprecated */ - - /* ESR52.x users can remove sections 53-60 but it is not - crucial as your user.js will reinstate them */ - /* 60 */ - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'extensions.shield-recipe-client.enabled', - 'extensions.shield-recipe-client.api_url', - 'browser.newtabpage.activity-stream.enabled', - 'dom.workers.enabled', - 'view_source.tab', - /* 59 */ - 'intl.locale.matchOS', - 'general.useragent.locale', - 'datareporting.healthreport.about.reportUrl', - 'dom.flyweb.enabled', - 'security.mixed_content.use_hsts', - 'security.mixed_content.send_hsts_priming', - 'network.http.referer.userControlPolicy', - 'security.xpconnect.plugin.unrestricted', - 'media.getusermedia.screensharing.allowed_domains', - 'camera.control.face_detection.enabled', - 'dom.disable_window_status_change', - 'dom.idle-observers-api.enabled', - /* 58 */ - 'browser.crashReports.unsubmittedCheck.autoSubmit', - /* 57 */ - 'social.whitelist', - 'social.toast-notifications.enabled', - 'social.shareDirectory', - 'social.remote-install.enabled', - 'social.directories', - 'social.share.activationPanelEnabled', - 'social.enabled', - 'media.eme.chromium-api.enabled', - 'devtools.webide.autoinstallFxdtAdapters', - 'browser.casting.enabled', - 'browser.bookmarks.showRecentlyBookmarked', - /* 56 */ - 'extensions.screenshots.system-disabled', - 'extensions.formautofill.experimental', - /* 55 */ - 'geo.security.allowinsecure', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.newtabpage.directory.ping', - 'browser.formfill.saveHttpsForms', - 'browser.formautofill.enabled', - 'dom.enable_user_timing', - 'dom.keyboardevent.code.enabled', - 'browser.tabs.animate', - 'browser.fullscreen.animate', - /* 54 */ - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'media.eme.apiVisible', - 'dom.archivereader.enabled', - /* 53 */ - 'security.tls.unrestricted_rc4_fallback', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'dom.beforeAfterKeyboardEvent.enabled', - /* End of ESR52.x section */ - - /* 52 */ - 'network.http.sendSecureXSiteReferrer', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'media.gmp-eme-adobe.autoupdate', - 'dom.telephony.enabled', - 'dom.battery.enabled', - /* 51 */ - 'media.block-play-until-visible', - 'dom.vr.oculus050.enabled', - 'network.http.spdy.enabled.v3-1', - /* 50 */ - 'browser.usedOnWindows10.introURL', - 'plugins.update.notifyUser', - 'browser.safebrowsing.enabled', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'plugins.update.url', - /* 49 */ - 'loop.enabled', - 'loop.server', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.logDomains', - 'dom.disable_window_open_feature.scrollbars', - 'dom.push.udp.wakeupEnabled', - /* 48 */ - 'browser.urlbar.unifiedcomplete', - /* 47 */ - 'toolkit.telemetry.unifiedIsOptIn', - 'datareporting.healthreport.about.reportUrlUnified', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - /* 46 */ - 'datareporting.healthreport.service.enabled', - 'datareporting.healthreport.documentServerURI', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'browser.safebrowsing.appRepURL', - 'browser.polaris.enabled', - 'browser.pocket.enabled', - 'browser.pocket.api', - 'browser.pocket.site', - 'browser.pocket.oAuthConsumerKey', - /* 45 */ - 'browser.sessionstore.privacy_level_deferred', - /* 44 */ - 'browser.safebrowsing.provider.google.appRepURL', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'dom.workers.sharedWorkers.enabled', - 'dom.disable_image_src_set', - /* 43 */ - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.updateURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'pfs.datasource.url', - 'browser.search.showOneOffButtons', - /* 42 and earlier */ - 'privacy.clearOnShutdown.passwords', // 42 - 'full-screen-api.approval-required', // 42 - 'browser.safebrowsing.reportErrorURL', // 41 - 'browser.safebrowsing.reportGenericURL', // 41 - 'browser.safebrowsing.reportMalwareErrorURL', // 41 - 'browser.safebrowsing.reportMalwareURL', // 41 - 'browser.safebrowsing.reportURL', // 41 - 'plugins.enumerable_names', // 41 - 'network.http.spdy.enabled.http2draft', // 41 - 'camera.control.autofocus_moving_callback.enabled', // 37 - 'privacy.donottrackheader.value', // 36 - 'network.websocket.enabled', // 35 - 'dom.network.enabled', // 31 - 'pageThumbs.enabled', // 25 - - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 163e18ce6d41c090a9856d01b6a09fafe85b90e0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 02:57:26 +0000 Subject: [PATCH 1294/1961] Create ghacks-clear-FF68inclusive-[deprecated].js --- ...ghacks-clear-FF68inclusive-[deprecated].js | 221 ++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js b/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js new file mode 100644 index 0000000..a3005e0 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js @@ -0,0 +1,221 @@ +/*** + This will reset the preferences that have been deprecated by Mozilla + and used in the ghacks user.js up to and including Firefox/ESR 68 + + It is in reverse order, so feel free to remove sections that do not apply + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* deprecated */ + + /* 68 */ + 'browser.newtabpage.activity-stream.disableSnippets', + 'browser.aboutHomeSnippets.updateUrl', + 'lightweightThemes.update.enabled', + 'security.csp.experimentalEnabled', + /* F67 */ + 'dom.event.highrestimestamp.enabled', + 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', + /* 66 */ + 'browser.chrome.errorReporter.enabled', + 'browser.chrome.errorReporter.submitUrl', + 'network.allow-experiments', + /* 65 */ + 'browser.urlbar.autocomplete.enabled', + 'browser.fixup.hide_user_pass', + /* 64 */ + 'browser.onboarding.enabled', + 'devtools.webide.autoinstallADBHelper', + 'devtools.webide.adbAddonURL', + 'security.csp.enable_violation_events', + /* 63 */ + 'browser.search.countryCode', + 'app.update.enabled', + 'shield.savant.enabled', + 'browser.chrome.favicons', + 'media.autoplay.enabled', + 'network.cookie.lifetime.days', + 'browser.ctrlTab.previews', + /* 62 */ + 'plugin.state.java', + /* 61 */ + 'experiments.enabled', + 'experiments.manifest.uri', + 'experiments.supported', + 'experiments.activeExperiment', + 'network.jar.block-remote-files', + 'network.jar.open-unsafe-types', + /* 60 */ + 'browser.newtabpage.directory.source', + 'browser.newtabpage.enhanced', + 'browser.newtabpage.introShown', + 'extensions.shield-recipe-client.enabled', + 'extensions.shield-recipe-client.api_url', + 'browser.newtabpage.activity-stream.enabled', + 'dom.workers.enabled', + /* 59 */ + 'intl.locale.matchOS', + 'general.useragent.locale', + 'datareporting.healthreport.about.reportUrl', + 'dom.flyweb.enabled', + 'security.mixed_content.use_hsts', + 'security.mixed_content.send_hsts_priming', + 'network.http.referer.userControlPolicy', + 'security.xpconnect.plugin.unrestricted', + 'media.getusermedia.screensharing.allowed_domains', + 'camera.control.face_detection.enabled', + 'dom.disable_window_status_change', + 'dom.idle-observers-api.enabled', + /* 58 */ + 'browser.crashReports.unsubmittedCheck.autoSubmit', + /* 57 */ + 'social.whitelist', + 'social.toast-notifications.enabled', + 'social.shareDirectory', + 'social.remote-install.enabled', + 'social.directories', + 'social.share.activationPanelEnabled', + 'social.enabled', + 'media.eme.chromium-api.enabled', + 'devtools.webide.autoinstallFxdtAdapters', + 'browser.casting.enabled', + 'browser.bookmarks.showRecentlyBookmarked', + /* 56 */ + 'extensions.screenshots.system-disabled', + 'extensions.formautofill.experimental', + /* 55 */ + 'geo.security.allowinsecure', + 'browser.selfsupport.enabled', + 'browser.selfsupport.url', + 'browser.newtabpage.directory.ping', + 'browser.formfill.saveHttpsForms', + 'browser.formautofill.enabled', + 'dom.enable_user_timing', + 'dom.keyboardevent.code.enabled', + 'browser.tabs.animate', + 'browser.fullscreen.animate', + /* 54 */ + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'media.eme.apiVisible', + 'dom.archivereader.enabled', + /* 53 */ + 'security.tls.unrestricted_rc4_fallback', + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'dom.beforeAfterKeyboardEvent.enabled', + /* 52 */ + 'network.http.sendSecureXSiteReferrer', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'media.gmp-eme-adobe.autoupdate', + 'dom.telephony.enabled', + 'dom.battery.enabled', + /* 51 */ + 'media.block-play-until-visible', + 'dom.vr.oculus050.enabled', + 'network.http.spdy.enabled.v3-1', + /* 50 */ + 'browser.usedOnWindows10.introURL', + 'plugins.update.notifyUser', + 'browser.safebrowsing.enabled', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'plugins.update.url', + /* 49 */ + 'loop.enabled', + 'loop.server', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', + 'loop.facebook.appId', + 'loop.facebook.enabled', + 'loop.facebook.fallbackUrl', + 'loop.facebook.shareUrl', + 'loop.logDomains', + 'dom.disable_window_open_feature.scrollbars', + 'dom.push.udp.wakeupEnabled', + /* 48 */ + 'browser.urlbar.unifiedcomplete', + /* 47 */ + 'toolkit.telemetry.unifiedIsOptIn', + 'datareporting.healthreport.about.reportUrlUnified', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + /* 46 */ + 'datareporting.healthreport.service.enabled', + 'datareporting.healthreport.documentServerURI', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'browser.safebrowsing.appRepURL', + 'browser.polaris.enabled', + 'browser.pocket.enabled', + 'browser.pocket.api', + 'browser.pocket.site', + 'browser.pocket.oAuthConsumerKey', + /* 45 */ + 'browser.sessionstore.privacy_level_deferred', + /* 44 */ + 'browser.safebrowsing.provider.google.appRepURL', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'dom.workers.sharedWorkers.enabled', + 'dom.disable_image_src_set', + /* 43 */ + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.updateURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'pfs.datasource.url', + 'browser.search.showOneOffButtons', + /* 42 and earlier */ + 'privacy.clearOnShutdown.passwords', // 42 + 'full-screen-api.approval-required', // 42 + 'browser.safebrowsing.reportErrorURL', // 41 + 'browser.safebrowsing.reportGenericURL', // 41 + 'browser.safebrowsing.reportMalwareErrorURL', // 41 + 'browser.safebrowsing.reportMalwareURL', // 41 + 'browser.safebrowsing.reportURL', // 41 + 'plugins.enumerable_names', // 41 + 'network.http.spdy.enabled.http2draft', // 41 + 'camera.control.autofocus_moving_callback.enabled', // 37 + 'privacy.donottrackheader.value', // 36 + 'network.websocket.enabled', // 35 + 'dom.network.enabled', // 31 + 'pageThumbs.enabled', // 25 + + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From a4ba22e912bb202e61c9968738a35c0298bf93c8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 03:02:59 +0000 Subject: [PATCH 1295/1961] Delete ghacks-clear-FF60inclusive-[RFP-alternatives].js --- ...-clear-FF60inclusive-[RFP-alternatives].js | 59 ------------------- 1 file changed, 59 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js deleted file mode 100644 index f23c568..0000000 --- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[RFP-alternatives].js +++ /dev/null @@ -1,59 +0,0 @@ -/*** - This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js - up to and including release 60-beta. These are the prefs that are no longer necessary, - or they conflict with, privacy.resistFingerprinting if you have that enabled. - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* section 4600 */ - 'dom.maxHardwareConcurrency', - 'dom.enable_resource_timing', - 'dom.enable_performance', - 'device.sensors.enabled', - 'browser.zoom.siteSpecific', - 'dom.gamepad.enabled', - 'dom.netinfo.enabled', - 'media.webspeech.synth.enabled', - 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled', - 'media.ondevicechange.enabled', - 'webgl.enable-debug-renderer-info', - /* section 4700 */ - 'general.useragent.override', - 'general.buildID.override', - 'general.appname.override', - 'general.appversion.override', - 'general.platform.override', - 'general.oscpu.override', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From b6fbf77dde1a7861d92ffedf8e8ae2e5617085b3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 03:04:14 +0000 Subject: [PATCH 1296/1961] Create ghacks-clear-FF68inclusive-[RFP-alternatives].js --- ...-clear-FF68inclusive-[RFP-alternatives].js | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js new file mode 100644 index 0000000..dd315d6 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js @@ -0,0 +1,61 @@ +/*** + This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js + up to and including Firefox/ESR 68. These are the prefs that are no longer necessary, + or they conflict with, privacy.resistFingerprinting if you have that enabled. + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* section 4600 */ + 'dom.maxHardwareConcurrency', + 'dom.enable_resource_timing', + 'dom.enable_performance', + 'device.sensors.enabled', + 'browser.zoom.siteSpecific', + 'dom.gamepad.enabled', + 'dom.netinfo.enabled', + 'media.webspeech.synth.enabled', + 'media.video_stats.enabled', + 'dom.w3c_touch_events.enabled', + 'media.ondevicechange.enabled', + 'webgl.enable-debug-renderer-info', + 'dom.w3c_pointer_events.enabled', + 'ui.use_standins_for_native_colors', + /* section 4700 */ + 'general.useragent.override', + 'general.buildID.override', + 'general.appname.override', + 'general.appversion.override', + 'general.platform.override', + 'general.oscpu.override', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 2db76c95c3cb85a881308070691995c1b91d1205 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 23 Nov 2019 16:19:09 +0000 Subject: [PATCH 1297/1961] 1603: breaks icloud, closes #850 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1ad591b..59a4e6f 100644 --- a/user.js +++ b/user.js @@ -806,7 +806,7 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); // user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0] /* 1603: CROSS ORIGIN: control when to send a referer * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo ***/ + * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ user_pref("network.http.referer.XOriginPolicy", 1); /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ From 19b392b83de90557334529db00abc4e0ea403770 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 Nov 2019 05:23:10 +0000 Subject: [PATCH 1298/1961] 70-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 59a4e6f..c7ba2de 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 20 September 2019 -* version 70-alpha: Pinpants Wizard +* date: 24 November 2019 +* version 70-beta: Pinpants Wizard * "Ever since I was a young pants, I've played the silver ball" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From fb263f5624dd4990a537ff351f70f3e4ed033bb9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Dec 2019 23:04:09 +1300 Subject: [PATCH 1299/1961] favicons: 1031 better info, 1032 inactive #840 (#851) --- user.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index c7ba2de..e4bb922 100644 --- a/user.js +++ b/user.js @@ -619,11 +619,14 @@ user_pref("toolkit.winRegisterApplicationRestart", false); * profile/shortcutCache directory. The .ico remains after the shortcut is deleted. * If set to false then the shortcuts use a generic Firefox icon ***/ user_pref("browser.shell.shortcutFavicons", false); -/* 1031: disable favicons in tabs and new bookmarks - * bookmark favicons are stored as data blobs in favicons.sqlite ***/ +/* 1031: disable favicons in history and bookmarks + * Stored as data blobs in favicons.sqlite, these don't reveal anything that your + * actual history (and bookmarks) already do. Your history is more detailed, so + * control that instead; e.g. disable history, clear history on close, use PB mode + * [NOTE] favicons.sqlite is sanitized on Firefox close, not in-session ***/ // user_pref("browser.chrome.site_icons", false); /* 1032: disable favicons in web notifications ***/ -user_pref("alerts.showFavicons", false); // [DEFAULT: false] + // user_pref("alerts.showFavicons", false); // [DEFAULT: false] /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) Your cipher and other settings can be used in server side fingerprinting From 560acfc94fc9e1dd57141be9f659f225b3c9c27c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 3 Dec 2019 07:31:47 +0000 Subject: [PATCH 1300/1961] 70 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e4bb922..65a3cf6 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 24 November 2019 -* version 70-beta: Pinpants Wizard +* date: 03 December 2019 +* version 70: Pinpants Wizard * "Ever since I was a young pants, I've played the silver ball" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 884e84a4cbcb38c1589f2d3f7e87d9e44fb5d9f0 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 3 Dec 2019 14:44:59 +0000 Subject: [PATCH 1301/1961] about:config warning back to the top + active (#855) --- user.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 65a3cf6..b5bdbe4 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ /****** * name: ghacks user.js * date: 03 December 2019 -* version 70: Pinpants Wizard -* "Ever since I was a young pants, I've played the silver ball" +* version 71-alpha: Dancing Pants +* "Ooh-ooh, see that girl, watch that scene, dig in the dancing pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -83,6 +83,11 @@ * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); +/* 0000: disable about:config warning + * The XUL version can still be accessed in FF71+ @ chrome://global/content/config.xul ***/ +user_pref("general.warnOnAboutConfig", false); // for the XUL version +user_pref("browser.aboutConfig.showWarning", false); // for the new HTML version [FF71+] + /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable default browser check @@ -1604,8 +1609,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.tabs.warnOnOpen", false); // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); - // user_pref("general.warnOnAboutConfig", false); - // user_pref("browser.aboutConfig.showWarning", false); // [FF67+] /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] From 3f6340b69c3ba9d924e55bc1ff40864ee6cbc53e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 3 Dec 2019 14:51:44 +0000 Subject: [PATCH 1302/1961] OMG!! --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index b5bdbe4..41771f9 100644 --- a/user.js +++ b/user.js @@ -1625,7 +1625,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] -/* UX: FEATURES: disable and hide the icons and menus ***/ +/* UX FEATURES: disable and hide the icons and menus ***/ // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+] // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] From 42ea48401728350fbd605ec92ff230f423e69928 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Dec 2019 14:13:49 +1300 Subject: [PATCH 1303/1961] 71 deprecated (#856) --- user.js | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index 41771f9..c01cd5b 100644 --- a/user.js +++ b/user.js @@ -1125,11 +1125,9 @@ user_pref("browser.uitour.url", ""); * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -/* 2608: disable WebIDE to prevent remote debugging and ADB extension download +/* 2608: disable remote debugging * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); -user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] -user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ @@ -1267,10 +1265,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); -/* 2731: enforce websites to ask to store data for offline use - * [1] https://support.mozilla.org/questions/1098540 - * [2] https://bugzilla.mozilla.org/959985 ***/ -user_pref("offline-apps.allow_by_default", false); /* 2740: disable service worker cache and cache storage * [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ @@ -1777,6 +1771,18 @@ user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] // [-] https://bugzilla.mozilla.org/1562331 // user_pref("media.autoplay.allow-muted", false); // * * * / +// FF71 +// 2608: disable WebIDE and ADB extension download + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/1539462 +user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] +user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] +// 2731: enforce websites to ask to store data for offline use + // [1] https://support.mozilla.org/questions/1098540 + // [2] https://bugzilla.mozilla.org/959985 + // [-] https://bugzilla.mozilla.org/1574480 +user_pref("offline-apps.allow_by_default", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 97043b0ce15fd8fbcc16343bdce235c8fc824fc3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 6 Dec 2019 12:19:21 +0000 Subject: [PATCH 1304/1961] 71-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index c01cd5b..9f74ed7 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 03 December 2019 -* version 71-alpha: Dancing Pants +* date: 06 December 2019 +* version 71-beta: Dancing Pants * "Ooh-ooh, see that girl, watch that scene, dig in the dancing pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From 4074a37e1d3a2492e0fd28bcc9289b8b88e94b58 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 7 Dec 2019 18:26:39 +0000 Subject: [PATCH 1305/1961] 1201 + 1270 update (#859) trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false --- user.js | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 9f74ed7..e3bed20 100644 --- a/user.js +++ b/user.js @@ -640,8 +640,15 @@ user_pref("browser.shell.shortcutFavicons", false); ***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ -/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack) - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ +/* 1201: require safe negotiation + * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially + * vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack + * if it disables renegotiations but the problem is that the browser can't know that. + * Setting this pref to true is the only way for the browser to ensure there will be + * no unsafe renegotiations on the channel between the browser and the server. + * [1] https://wiki.mozilla.org/Security:Renegotiation + * [2] https://tools.ietf.org/html/rfc5746 + * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 @@ -747,8 +754,10 @@ user_pref("security.mixed_content.block_object_subrequest", true); // user_pref("security.ssl3.rsa_aes_256_sha", false); /** UI (User Interface) ***/ -/* 1270: display warning (red padlock) for "broken security" (see 1201) - * [1] https://wiki.mozilla.org/Security:Renegotiation ***/ +/* 1270: display warning on the padlock for "broken security" (if 1201 is false) + * Bug: warning padlock not indicated for subresources on a secure page! [2] + * [1] https://wiki.mozilla.org/Security:Renegotiation + * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) From 30daf8640c3eea528a53eb0dff2ddfc684ce591f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Dec 2019 20:18:42 +0000 Subject: [PATCH 1306/1961] FPI stuff --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e3bed20..3498983 100644 --- a/user.js +++ b/user.js @@ -1361,7 +1361,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+) ** 1506693 - isolate pdfjs range-based requests (FF68+) ** 1330467 - isolate site permissions (FF69+) - ** 1534339 - isolate IPv6 (coming soon) + ** 1534339 - isolate IPv6 (FF73+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From df1732745d84b1f7b163d6345fc66db4bb31402b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 10 Dec 2019 22:07:23 +0000 Subject: [PATCH 1307/1961] 0308: seach engine updates: better info #840 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3498983..5ffeea4 100644 --- a/user.js +++ b/user.js @@ -208,7 +208,8 @@ user_pref("app.update.auto", false); * used when installing/updating an extension, and in daily background update checks: if false, it * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ // user_pref("extensions.getAddons.cache.enabled", false); -/* 0308: disable search update +/* 0308: disable search engine updates (e.g. OpenSearch) + * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines * [SETTING] General>Firefox Updates>Automatically update search engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ From 5672bc8cc8a978eed39e39b009cb909882ce4db0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Dec 2019 01:21:17 +0000 Subject: [PATCH 1308/1961] 2032 removed, 4002 inactive, closes #840 --- user.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/user.js b/user.js index 5ffeea4..ddbb1b5 100644 --- a/user.js +++ b/user.js @@ -936,9 +936,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("media.autoplay.default", 5); /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ user_pref("media.autoplay.enabled.user-gestures-needed", false); -/* 2032: disable autoplay of HTML5 media in non-active tabs [FF51+] - * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ -user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); @@ -1377,7 +1374,7 @@ user_pref("privacy.firstparty.isolate", true); * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ -user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] + // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR] /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) From 1ef62a1036ea4d37476aa09f164e82be0d82c9b5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Dec 2019 01:24:12 +0000 Subject: [PATCH 1309/1961] media.block-autoplay-until-in-foreground #840 --- scratchpad-scripts/ghacks-clear-[removed].js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 3a889fd..71f3c8a 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 11-November-2019 + Last updated: 11-December-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -215,6 +215,8 @@ 'security.insecure_connection_icon.pbmode.enabled', 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', + /* 71-beta */ + 'media.block-autoplay-until-in-foreground', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 9c02949e04498c6cb677ae5710737d1451fb16af Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 17 Dec 2019 15:00:34 +0000 Subject: [PATCH 1310/1961] 0000: config.xhtml in FF73+ (#865) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index ddbb1b5..b0c0c99 100644 --- a/user.js +++ b/user.js @@ -84,7 +84,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0000: disable about:config warning - * The XUL version can still be accessed in FF71+ @ chrome://global/content/config.xul ***/ + * The XUL version can still be accessed in FF71+ @ chrome://global/content/config.xul + * and in FF73+ @ chrome://global/content/config.xhtml ***/ user_pref("general.warnOnAboutConfig", false); // for the XUL version user_pref("browser.aboutConfig.showWarning", false); // for the new HTML version [FF71+] From cd07641a9daf05d523ee239c5cc8e07de2a1e572 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 18 Dec 2019 05:02:25 +0000 Subject: [PATCH 1311/1961] 2701: make sure cookieBehavior is always honored (#866) see #862 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index b0c0c99..2bb7809 100644 --- a/user.js +++ b/user.js @@ -1245,8 +1245,10 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+) * [NOTE] You can set exceptions under site permissions or use an extension - * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/ + * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored + * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Choose what to block>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); +user_pref("browser.contentblocking.category", "custom"); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and From a1cdbc8324afddaad2ab49e478f7b72a49f21a8d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Dec 2019 07:46:44 +0000 Subject: [PATCH 1312/1961] 1408 graphite, closes #1408 and 2619 puncyode --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 2bb7809..cd542f9 100644 --- a/user.js +++ b/user.js @@ -789,9 +789,10 @@ user_pref("browser.display.use_document_fonts", 0); /* 1404: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1408: disable graphite which FF49 turned back on by default - * In the past it had security issues. Update: This continues to be the case, see [1] - * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ +/* 1408: disable graphite + * Graphite has had many critical security issues in the past, see [1] + * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 + * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. @@ -1162,8 +1163,8 @@ user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing - * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also - * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets + * Firefox has *some* protections, but it is better to be safe than sorry + * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) * [1] https://wiki.mozilla.org/IDN_Display_Algorithm * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack From f9146fdf24bd168fa8dc7f1b9a1df1ee4c34f0b4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Dec 2019 09:46:21 +0000 Subject: [PATCH 1313/1961] update setting tags, minor tweaks --- user.js | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/user.js b/user.js index cd542f9..2613657 100644 --- a/user.js +++ b/user.js @@ -200,7 +200,7 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the // user_pref("extensions.update.enabled", false); /* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed - * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/ + * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ user_pref("app.update.auto", false); /* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ @@ -257,7 +257,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); user_pref("app.shield.optoutstudies.enabled", false); /* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+] * [NOTE] This pref has no effect when Health Reports (0340) are disabled - * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec. + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ user_pref("browser.discovery.enabled", false); /* 0350: disable Crash Reports ***/ @@ -361,7 +361,6 @@ user_pref("browser.ping-centre.telemetry", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] @@ -411,7 +410,7 @@ user_pref("network.dns.disableIPv6", true); * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * enhance privacy, and opens up a number of server-side fingerprinting opportunities. * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is - * at 35% (April 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites + * at 40% (December 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 @@ -518,11 +517,12 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850e: disable location bar one-off searches [FF51+] * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ // user_pref("browser.urlbar.oneOffSearches", false); -/* 0860: disable search and form history [SETUP-WEB] - * [WARNING] Autocomplete form data is still (in April 2019) easily read by third parties, see [1] - * [NOTE] We also clear formdata on exiting Firefox (see 2803) +/* 0860: disable search and form history + * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2] + * [NOTE] We also clear formdata on exit (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history - * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html ***/ + * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html + * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history * [NOTE] We also clear history and downloads on exiting Firefox (see 2803) @@ -540,11 +540,11 @@ user_pref("browser.taskbar.previews.enable", false); user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0901: disable saving passwords * [NOTE] This does not clear any passwords already saved - * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites ***/ + * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/ // user_pref("signon.rememberSignons", false); -/* 0902: use a master password (recommended if you save passwords) +/* 0902: use a master password * There are no preferences for this. It is all handled internally. - * [SETTING] Privacy & Security>Forms & Passwords>Use a master password + * [SETTING] Privacy & Security>Logins and Passwords>Use a master password * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/ @@ -554,7 +554,8 @@ user_pref("security.ask_for_password", 2); user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed - * [NOTE] Username & password is still available when you enter the field ***/ + * [NOTE] Username & password is still available when you enter the field + * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords ***/ user_pref("signon.autofillForms", false); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); @@ -723,7 +724,7 @@ user_pref("security.family_safety.mode", 0); // user_pref("security.nocertdb", true); // [HIDDEN PREF] /* 1223: enforce strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict - * [WARNING] If you rely on an AV (antivirus) to protect your web browsing + * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); @@ -849,8 +850,8 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0] * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header - * [NOTE] DNT is enforced with Tracking Protection regardless of this pref - * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/ + * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref + * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS @@ -1247,7 +1248,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+) * [NOTE] You can set exceptions under site permissions or use an extension * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored - * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Choose what to block>Cookies ***/ + * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); user_pref("browser.contentblocking.category", "custom"); /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only From 34cfcedc1b0dd0d24e2a2a5d8b80bc318795d0b5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Dec 2019 16:19:39 +0000 Subject: [PATCH 1314/1961] 2402+2403, finally closes #735 --- user.js | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 2613657..2b8a778 100644 --- a/user.js +++ b/user.js @@ -1030,14 +1030,12 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! // user_pref("dom.event.contextmenu.enabled", false); /* 2402: disable website access to clipboard events/content * [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress - * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with - * the website for it to look at the clipboard - * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ + * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website + * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one + * is default false) then enabling this pref can leak clipboard content, see [2] + * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ + * [2] https://bugzilla.mozilla.org/1528289 */ user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable middlemouse paste leaking clipboard content on Linux after autoscroll - * Defense in depth if clipboard events are enabled (see 2402) - * [1] https://bugzilla.mozilla.org/1528289 */ -user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows] /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ @@ -1628,7 +1626,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] - // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC] + // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] /* UX FEATURES: disable and hide the icons and menus ***/ From 5b1d56933ba921ea0fee85fd46e355c484d70b87 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Dec 2019 16:21:21 +0000 Subject: [PATCH 1315/1961] middlemouse.paste, see #735 --- scratchpad-scripts/ghacks-clear-[removed].js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index 71f3c8a..ab22f90 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 11-December-2019 + Last updated: 19-December-2019 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -217,6 +217,7 @@ 'webgl.dxgl.enabled', /* 71-beta */ 'media.block-autoplay-until-in-foreground', + 'middlemouse.paste', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 07c128a1907380f3706eba4daa0f6551491a429b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Dec 2019 16:31:51 +0000 Subject: [PATCH 1316/1961] 71 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2b8a778..dd066d8 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 06 December 2019 -* version 71-beta: Dancing Pants +* date: 19 December 2019 +* version 71: Dancing Pants * "Ooh-ooh, see that girl, watch that scene, dig in the dancing pants" * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js From ed60588473f887c6a1c33c57ca6a803d6b99f583 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Dec 2019 16:34:44 +0000 Subject: [PATCH 1317/1961] 72-alpha start --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index dd066d8..d1594f8 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,7 @@ /****** * name: ghacks user.js * date: 19 December 2019 -* version 71: Dancing Pants -* "Ooh-ooh, see that girl, watch that scene, dig in the dancing pants" +* version 72-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 79d316fd2299ef4c724bc5354d5a35b0a50eabf7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Dec 2019 16:37:19 +0000 Subject: [PATCH 1318/1961] remove old deprecations --- user.js | 121 +------------------------------------------------------- 1 file changed, 1 insertion(+), 120 deletions(-) diff --git a/user.js b/user.js index d1594f8..f23aec4 100644 --- a/user.js +++ b/user.js @@ -1643,130 +1643,11 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which + Documentation denoted as [-]. Items deprecated prior to FF68 have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); -/* FF61 -// 0501: disable experiments - // [1] https://wiki.mozilla.org/Telemetry/Experiments - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 -user_pref("experiments.enabled", false); -user_pref("experiments.manifest.uri", ""); -user_pref("experiments.supported", false); -user_pref("experiments.activeExperiment", false); -// 2612: disable remote JAR files being opened, regardless of content type [FF42+] - // [1] https://bugzilla.mozilla.org/1173171 - // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ - // [-] https://bugzilla.mozilla.org/1427726 -user_pref("network.jar.block-remote-files", true); -// 2613: disable JAR from opening Unsafe File Types - // [-] https://bugzilla.mozilla.org/1427726 -user_pref("network.jar.open-unsafe-types", false); -// ***/ -/* FF62 -// 1803: disable Java plugin - // [-] (part5) https://bugzilla.mozilla.org/1461243 -user_pref("plugin.state.java", 0); -// ***/ -/* FF63 -// 0205: disable GeoIP-based search results - // [NOTE] May not be hidden if Firefox has changed your settings due to your locale - // [-] https://bugzilla.mozilla.org/1462015 -user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] -// 0301a: disable auto-update checks for Firefox - // [SETTING] General>Firefox Updates>Never check for updates - // [-] https://bugzilla.mozilla.org/1420514 - // user_pref("app.update.enabled", false); -// 0503: disable "Savant" Shield study [FF61+] - // [-] https://bugzilla.mozilla.org/1457226 -user_pref("shield.savant.enabled", false); -// 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons - // [-] https://bugzilla.mozilla.org/1453751 - // user_pref("browser.chrome.favicons", false); -// 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default - // This may break video playback on various sites - // [-] https://bugzilla.mozilla.org/1470082 -user_pref("media.autoplay.enabled", false); -// 2704: set cookie lifetime in days (see 2703) - // [-] https://bugzilla.mozilla.org/1457170 - // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90] -// 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder - // [-] https://bugzilla.mozilla.org/1473595 - // user_pref("browser.ctrlTab.previews", true); -// ***/ -/* FF64 -// 0516: disable Onboarding [FF55+] - // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time - // about:home or about:newtab is opened, the onboarding overlay is injected into that page - // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] - // [1] https://wiki.mozilla.org/Firefox/Onboarding - // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf - // [3] https://bugzilla.mozilla.org/863246#c154 - // [-] https://bugzilla.mozilla.org/1462415 -user_pref("browser.onboarding.enabled", false); -// 2608: disable WebIDE ADB extension downloads - both renamed - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1491315 -user_pref("devtools.webide.autoinstallADBHelper", false); -user_pref("devtools.webide.adbAddonURL", ""); -// 2681: disable CSP violation events [FF59+] - // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent - // [-] https://bugzilla.mozilla.org/1488165 -user_pref("security.csp.enable_violation_events", false); -// ***/ -/* FF65 -// 0850a: disable location bar autocomplete and suggestion types - // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete' - // - If *ALL* of the suggestion types are false, 'autocomplete' must also be false - // - If *ANY* of the suggestion types are true, 'autocomplete' must also be true - // [-] https://bugzilla.mozilla.org/1502392 -user_pref("browser.urlbar.autocomplete.enabled", false); -// 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) - // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) - // [-] https://bugzilla.mozilla.org/1510580 -user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] -// ***/ -/* FF66 -// 0380: disable Browser Error Reporter [FF60+] - // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection - // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html - // [-] https://bugzilla.mozilla.org/1509888 -user_pref("browser.chrome.errorReporter.enabled", false); -user_pref("browser.chrome.errorReporter.submitUrl", ""); -// 0502: disable Mozilla permission to silently opt you into tests - // [-] https://bugzilla.mozilla.org/1415625 -user_pref("network.allow-experiments", false); -// ***/ -/* FF67 -// 2428: enforce DOMHighResTimeStamp API - // [WARNING] Required for normalization of timestamps and any timer resolution mitigations - // [-] https://bugzilla.mozilla.org/1485264 -user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] -// 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features - // [SETTING] General>Browsing>Recommend extensions as you browse - // [1] https://support.mozilla.org/en-US/kb/extension-recommendations - // [-] https://bugzilla.mozilla.org/1528953 - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); -// ***/ -/* FF68 -// 0105b: disable Activity Stream Legacy Snippets - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939 -user_pref("browser.newtabpage.activity-stream.disableSnippets", true); -user_pref("browser.aboutHomeSnippets.updateUrl", ""); -// 0307: disable auto updating of lightweight themes (LWT) - // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API - // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] - // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ - // [-] (part3b) https://bugzilla.mozilla.org/1525762 -user_pref("lightweightThemes.update.enabled", false); -// 2682: enable CSP 1.1 experimental hash-source directive [FF29+] - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 - // [-] https://bugzilla.mozilla.org/1386214 -user_pref("security.csp.experimentalEnabled", true); -// ***/ - /* ESR68.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 From ef293b57a7696fc044de395407a8c67f372d7617 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Dec 2019 06:14:25 +0000 Subject: [PATCH 1319/1961] 5000s: add ui.systemUsesDarkTheme --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f23aec4..27b22a3 100644 --- a/user.js +++ b/user.js @@ -1616,6 +1616,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent + // user_pref("ui.systemUsesDarkTheme", 1); // [[FF67+] override OS: 0=light, 1=dark /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] From 85273d0f19e6314f69f323d581b46e00392167be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Dec 2019 07:13:48 +0000 Subject: [PATCH 1320/1961] 0517: setting tag --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 27b22a3..58d5b31 100644 --- a/user.js +++ b/user.js @@ -360,6 +360,7 @@ user_pref("browser.ping-centre.telemetry", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes + * [SETTING] Options>Privacy&Security>Forms and Autofill>Autofill addresses (FF73+) * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] From 315de066ecee8501853f045926a622c3fe5f750e Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Tue, 24 Dec 2019 11:49:19 +0000 Subject: [PATCH 1321/1961] typo (#870) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 58d5b31..ca6dc62 100644 --- a/user.js +++ b/user.js @@ -1617,7 +1617,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent - // user_pref("ui.systemUsesDarkTheme", 1); // [[FF67+] override OS: 0=light, 1=dark + // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] override OS: 0=light, 1=dark /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] From 18ad40a5c603f176a4f835cb72b89a3cc33255a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Dec 2019 02:14:49 +0000 Subject: [PATCH 1322/1961] systemUsesDarkTheme -> RFP Alts --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ca6dc62..17413cf 100644 --- a/user.js +++ b/user.js @@ -1439,7 +1439,7 @@ user_pref("privacy.firstparty.isolate", true); FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) - ** 1540726 - return "light" with prefers-color-scheme (FF67+) + ** 1540726 - return "light" with prefers-color-scheme (see 4616) (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ** 1564422 - spoof audioContext outputLatency (FF70+) ** 1595823 - spoof audioContext sampleRate (FF72+) @@ -1569,6 +1569,9 @@ user_pref("dom.w3c_pointer_events.enabled", false); // [SETUP-CHROME] Might affect CSS in themes and extensions // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 user_pref("ui.use_standins_for_native_colors", true); +// 4616: enforce prefers-color-scheme as light [FF67+] + // 0=light, 1=dark : This overrides your OS value +user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // * * * / // ***/ @@ -1617,7 +1620,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent - // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] override OS: 0=light, 1=dark /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] From e431b324c8433117c90e3e5d72eed258bc54d613 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Jan 2020 02:53:25 +0000 Subject: [PATCH 1323/1961] FF72 deprecated --- user.js | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 17413cf..aaddac3 100644 --- a/user.js +++ b/user.js @@ -113,7 +113,6 @@ user_pref("browser.newtab.preload", false); /* 0105a: disable Activity Stream telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); -user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); /* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ @@ -238,7 +237,6 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] -user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] /* 0331: disable Telemetry Coverage * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] @@ -1265,14 +1263,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2720: enforce IndexedDB (IDB) as enabled - * IDB is required for extensions and Firefox internals (even before FF63 in [1]) - * To control *website* IDB data, control allowing cookies and service workers, or use - * Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize - * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically - * via an extension. Note that IDB currently cannot be sanitized by host. - * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/ -user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache ***/ user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage @@ -1677,6 +1667,23 @@ user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] // [-] https://bugzilla.mozilla.org/1574480 user_pref("offline-apps.allow_by_default", false); // * * * / +// FF72 +// 0105a: disable Activity Stream telemetry + // [-] https://bugzilla.mozilla.org/1597697 +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +// 0330: disable Hybdrid Content telemetry + // [-] https://bugzilla.mozilla.org/1520491 +user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] +// 2720: enforce IndexedDB (IDB) as enabled + // IDB is required for extensions and Firefox internals (even before FF63 in [1]) + // To control *website* IDB data, control allowing cookies and service workers, or use + // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize + // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically + // via an extension. Note that IDB currently cannot be sanitized by host. + // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ + // [-] https://bugzilla.mozilla.org/1488583 +user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From e1022c2e72010c6d7b3db458c7b1c7e6f1193879 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Jan 2020 17:38:22 +0000 Subject: [PATCH 1324/1961] 72-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index aaddac3..a0421ca 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 19 December 2019 -* version 72-alpha +* date: 20 January 2020 +* version 72-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 5d2c5de11cb333f0e6332005858565bb8dfecb88 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Jan 2020 02:53:07 +0000 Subject: [PATCH 1325/1961] fixup deprecated ESR-cycle version --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a0421ca..b88fc78 100644 --- a/user.js +++ b/user.js @@ -1637,8 +1637,8 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF68 have been archived at [1], which - also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets + Documentation denoted as [-]. Items deprecated in FF68 or earlier have been archived at [1], + which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); From 7619e312de497a53344f2532832482cc26cfb580 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 24 Jan 2020 16:48:16 +0000 Subject: [PATCH 1326/1961] 72 final --- user.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index b88fc78..e8bdaa7 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 20 January 2020 -* version 72-beta +* date: 24 January 2020 +* version 72 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -83,10 +83,10 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0000: disable about:config warning - * The XUL version can still be accessed in FF71+ @ chrome://global/content/config.xul - * and in FF73+ @ chrome://global/content/config.xhtml ***/ -user_pref("general.warnOnAboutConfig", false); // for the XUL version -user_pref("browser.aboutConfig.showWarning", false); // for the new HTML version [FF71+] + * FF71-72: chrome://global/content/config.xul + * FF73+: chrome://global/content/config.xhtml ***/ +user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version +user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); @@ -358,7 +358,7 @@ user_pref("browser.ping-centre.telemetry", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Options>Privacy&Security>Forms and Autofill>Autofill addresses (FF73+) + * [SETTING] Options>Privacy & Security>Forms and Autofill>Autofill addresses (FF74+) * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] From cd9fc110b0c23d0cc8be34ccbff1839fbd8ca0fa Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 10 Feb 2020 16:47:17 +0000 Subject: [PATCH 1327/1961] v1.2 look for `lock` file instead of `webappsstore.sqlite-shm` to detect if firefox is running or not (with this profile) see https://github.com/ghacksuserjs/ghacks-user.js/pull/405#issuecomment-581447586 and follow-up comments. Thanks @atomGit for reporting the issue and @rusty-snake for confirming it. --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 360c2ea..d8185cd 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.1 +## version: 1.2 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -27,7 +27,7 @@ fQuit() { fFF_check() { # there are many ways to see if firefox is running or not, some more reliable than others # this isn't elegant and might not be future-proof but should at least be compatible with any environment - while [ -e webappsstore.sqlite-shm ]; do + while [ -e lock ]; do echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" read -p "Press any key to continue." done @@ -58,7 +58,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.1 ║" +echo " ║ v1.2 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 03f558b09caa59a4fd45c4edba10443ec3052ab8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 10 Feb 2020 17:12:08 +0000 Subject: [PATCH 1328/1961] nit: 0517 SETTING we don't include `Options>` in [SETTING] lines --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index e8bdaa7..b3ee05f 100644 --- a/user.js +++ b/user.js @@ -358,7 +358,7 @@ user_pref("browser.ping-centre.telemetry", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Options>Privacy & Security>Forms and Autofill>Autofill addresses (FF74+) + * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses (FF74+) * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] From 1ce1f7449462ff7509e08b9dc38613f87366c143 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 12 Feb 2020 12:03:29 +0000 Subject: [PATCH 1329/1961] Update user.js --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index b3ee05f..1289e37 100644 --- a/user.js +++ b/user.js @@ -1429,7 +1429,7 @@ user_pref("privacy.firstparty.isolate", true); FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) - ** 1540726 - return "light" with prefers-color-scheme (see 4616) (FF67+) + ** 1494034 - return "light" with prefers-color-scheme (see 4616) (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ** 1564422 - spoof audioContext outputLatency (FF70+) ** 1595823 - spoof audioContext sampleRate (FF72+) @@ -1555,12 +1555,12 @@ user_pref("dom.w3c_pointer_events.enabled", false); // * * * / // FF67+ // 4615: [2618] disable exposure of system colors to CSS or canvas [FF44+] - // [NOTE] See second listed bug: may cause black on black for elements with undefined colors - // [SETUP-CHROME] Might affect CSS in themes and extensions - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 + // [NOTE] See second listed bug: may cause black on black for elements with undefined colors + // [SETUP-CHROME] Might affect CSS in themes and extensions + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 user_pref("ui.use_standins_for_native_colors", true); // 4616: enforce prefers-color-scheme as light [FF67+] - // 0=light, 1=dark : This overrides your OS value + // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // * * * / // ***/ From 5f3e3b2691d0348cbd9ab7f33172fe6d05657ca1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Feb 2020 01:00:02 +0000 Subject: [PATCH 1330/1961] VR default prompt, RFP info, start 73-alpha --- user.js | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 1289e37..57d89c9 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 24 January 2020 -* version 72 +* date: 14 February 2020 +* version 73-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1080,10 +1080,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. see [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); -/* 2504: disable virtual reality devices - * Optional protection depending on your connected devices - * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ - // user_pref("dom.vr.enabled", false); /* 2505: disable media device enumeration [FF29+] * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) * [1] https://wiki.mozilla.org/Media/getUserMedia @@ -1104,6 +1100,15 @@ user_pref("dom.webaudio.enabled", false); * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); +/* 2520: disable virtual reality devices + * Optional protection depending on your connected devices + * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ + // user_pref("dom.vr.enabled", false); +/* 2521: set a default permission for Virtual Reality (see 2520) [FF73+] + * 0=always ask (default), 1=allow, 2=block + * [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ + // user_pref("permissions.default.xr", 0); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1433,6 +1438,7 @@ user_pref("privacy.firstparty.isolate", true); [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ** 1564422 - spoof audioContext outputLatency (FF70+) ** 1595823 - spoof audioContext sampleRate (FF72+) + ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 64f34f147179b5ade799149a55bde8626af3058b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Feb 2020 12:55:59 +0000 Subject: [PATCH 1331/1961] 73-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 57d89c9..455e791 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 14 February 2020 -* version 73-alpha +* date: 15 February 2020 +* version 73-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 1afd52de6ee2055956266319035eb11516688bbc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 22 Feb 2020 13:56:30 +0000 Subject: [PATCH 1332/1961] 0306: minor tweak There is no "show more details about an addon" anymore since they moved to the new html/card layout --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 455e791..6b2cc2e 100644 --- a/user.js +++ b/user.js @@ -204,8 +204,8 @@ user_pref("app.update.auto", false); * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.autoUpdateDefault", false); /* 0306: disable extension metadata - * used when installing/updating an extension, and in daily background update checks: if false, it - * hides the expanded text description (if it exists) when you "show more details about an addon" ***/ + * used when installing/updating an extension, and in daily background update checks: + * when false, extension detail tabs will have no description ***/ // user_pref("extensions.getAddons.cache.enabled", false); /* 0308: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines From e67a0c868d0264b643a832c71b10743c7287e0e9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Feb 2020 00:20:19 +0000 Subject: [PATCH 1333/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 02cc07a..8aedf4c 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -8,11 +8,11 @@ assignees: '' --- Before you proceed... - - Keep reading this. Seriously. - - Note that we do not support forks (i.e. IceCat, Pale Moon, WaterFox, etc). - - Make sure you searched for the `[Setup` tags in the `user.js`. + - Issues will be closed as invalid if you do not [Troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including + - confirming the problem is caused by the `user.js` + - searching the `[Setup` tags in the `user.js` - Search the GitHub repository. The information you need is most likely here already. - - Check out our [troubleshooting](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting) wiki page, including steps to see if the problem is caused by the `user.js` or an extension. + - Note: We do not support forks See also: - Extension breakage due to prefs [issue 391](https://github.com/ghacksuserjs/ghacks-user.js/issues/391) From a542701ba5b6c2341ef3028c4a28d8ea08a3f9ed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Feb 2020 00:21:42 +0000 Subject: [PATCH 1334/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 8aedf4c..4cf0a19 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -8,7 +8,7 @@ assignees: '' --- Before you proceed... - - Issues will be closed as invalid if you do not [Troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including + - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including - confirming the problem is caused by the `user.js` - searching the `[Setup` tags in the `user.js` - Search the GitHub repository. The information you need is most likely here already. From 4139630635319861969568b816b7a9ff3e2028c1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Mar 2020 03:37:46 +0000 Subject: [PATCH 1335/1961] 73 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 6b2cc2e..5aa2c34 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 15 February 2020 -* version 73-beta +* date: 11 March 2020 +* version 73 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 615ebeda2f315e9f43e5825f80870e818d72ad8d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Mar 2020 03:43:31 +0000 Subject: [PATCH 1336/1961] start 74-alpha --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5aa2c34..d6010db 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 11 March 2020 -* version 73 +* version 74-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 24777c9ac2013a17751919f090f9696a1a413456 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 12 Mar 2020 03:44:52 +0000 Subject: [PATCH 1337/1961] FF74: 0203 updates (#904) --- user.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d6010db..f30e0b9 100644 --- a/user.js +++ b/user.js @@ -152,8 +152,8 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease // user_pref("permissions.default.geo", 2); /* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled * Optionally enable logging to the console (defaults to false) ***/ -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] /* 0204: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] @@ -1690,6 +1690,13 @@ user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] // [-] https://bugzilla.mozilla.org/1488583 user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] // * * * / +// FF74 +// 0203: use Mozilla geolocation service instead of Google when geolocation is enabled + // Optionally enable logging to the console (defaults to false) + // [-] https://bugzilla.mozilla.org/1613627 +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From 4ddf60cf32dc1b22cd5061dc4471dbf635a3ad1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Mar 2020 03:56:13 +0000 Subject: [PATCH 1338/1961] 0203: make sure users know these are 74+ prefs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f30e0b9..1d5f666 100644 --- a/user.js +++ b/user.js @@ -150,7 +150,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); -/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled +/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+] * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] From 6f7e09ad431966a78f8b78e57de7b024f3547e2c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Mar 2020 05:23:57 +0000 Subject: [PATCH 1339/1961] 1704 deprecated, add 1703 --- user.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 1d5f666..9b855eb 100644 --- a/user.js +++ b/user.js @@ -867,10 +867,10 @@ user_pref("privacy.userContext.ui.enabled", true); /* 1702: enable Container Tabs [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); -/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] - * 0=no menu (default), 1=show when clicked, 2=show on long press - * [1] https://bugzilla.mozilla.org/1328756 ***/ -user_pref("privacy.userContext.longPressBehavior", 2); +/* 1703: set behaviour on "+ Tab" button to display container menu on left click [FF74+] + * [NOTE] The menu is always shown on long press and right click + * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ + // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); /*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); @@ -1696,6 +1696,11 @@ user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] // [-] https://bugzilla.mozilla.org/1613627 user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +// 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] + // 0=no menu (default), 1=show when clicked, 2=show on long press + // [1] https://bugzilla.mozilla.org/1328756 + // [-] https://bugzilla.mozilla.org/1606265 +user_pref("privacy.userContext.longPressBehavior", 2); // * * * / // ***/ From b6e2a3f64f030fa3586984f294931d3d0334cfbd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 12 Mar 2020 14:44:14 +0000 Subject: [PATCH 1340/1961] one of the 2012 webgl prefs deprecated --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 9b855eb..e6c5df8 100644 --- a/user.js +++ b/user.js @@ -918,7 +918,6 @@ user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); /* 2012: limit WebGL ***/ user_pref("webgl.min_capability_mode", true); -user_pref("webgl.disable-extensions", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); @@ -1701,6 +1700,9 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke // [1] https://bugzilla.mozilla.org/1328756 // [-] https://bugzilla.mozilla.org/1606265 user_pref("privacy.userContext.longPressBehavior", 2); +// 2012: limit WebGL + // [-] https://bugzilla.mozilla.org/1477756 +user_pref("webgl.disable-extensions", true); // * * * / // ***/ From 187692af660838c3650c96d0f7f57a4e5cc84ec7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Mar 2020 11:36:03 +0000 Subject: [PATCH 1341/1961] enforce disabled system + prefixed colors --- user.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user.js b/user.js index e6c5df8..e6a1cb7 100644 --- a/user.js +++ b/user.js @@ -1186,6 +1186,9 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); +/* 2622: enforce no system colors; they can be fingerprinted + * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ +user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From fe1b03bd2aafd6f9193d5ef2068192c3fcc9e01b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Mar 2020 12:36:16 +0000 Subject: [PATCH 1342/1961] tls downgrades -> session only --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index e6a1cb7..e9c6f8a 100644 --- a/user.js +++ b/user.js @@ -658,7 +658,9 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.max", 4); -/* 1203: disable SSL session tracking [FF36+] +/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ +user_pref("security.tls.version.enable-deprecated", false); +/* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, @@ -667,12 +669,12 @@ user_pref("security.ssl.require_safe_negotiation", true); * [2] https://bugzilla.mozilla.org/967977 * [3] https://arxiv.org/abs/1810.07304 ***/ user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] -/* 1204: disable SSL Error Reporting +/* 1205: disable SSL Error Reporting * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); -/* 1205: disable TLS1.3 0-RTT (round-trip time) [FF51+] +/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ user_pref("security.tls.enable_0rtt_data", false); From ee35d7c70df0ee3423012dbd365e3430e7023b4a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Mar 2020 12:44:06 +0000 Subject: [PATCH 1343/1961] 2421: ion/jit and extensions note --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index e9c6f8a..426ad8d 100644 --- a/user.js +++ b/user.js @@ -1055,6 +1055,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits + * [NOTE] In FF75+ these no longer affect extensions (1599226) * [WARNING] If false, causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); From f0945743b7ac4ca1d04fffbe62b33270ea7b85f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Mar 2020 16:20:41 +0000 Subject: [PATCH 1344/1961] 2662: clarify 4503 needed, #912 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 426ad8d..d800bbd 100644 --- a/user.js +++ b/user.js @@ -1221,7 +1221,7 @@ user_pref("browser.download.hide_plugins_without_extensions", false); * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] -/* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) [FF60+] +/* 2662: disable webextension restrictions on certain mozilla domains (you also need 4503) [FF60+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); From 55ae994972c6b27fb40b121b07aeed6c2e781e4d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Mar 2020 13:18:34 +0000 Subject: [PATCH 1345/1961] 2421 fixup Ion/Jit note --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d800bbd..1131884 100644 --- a/user.js +++ b/user.js @@ -1055,7 +1055,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits - * [NOTE] In FF75+ these no longer affect extensions (1599226) + * [NOTE] Disabling JIT also disables Ion. In FF75+ disabling Ion no longer affects extensions (1599226) * [WARNING] If false, causes the odd site issue and there is also a performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); From e7d20867cb50c0f934bc3883ce60e16ec69a82ef Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 6 Apr 2020 00:39:52 +0000 Subject: [PATCH 1346/1961] 2623 delegation 2421 ion/jit tweak --- user.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 1131884..4bf0cb3 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 11 March 2020 -* version 74-alpha +* date: 05 April 2020 +* version 74-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1055,8 +1055,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to help harden JS against exploits - * [NOTE] Disabling JIT also disables Ion. In FF75+ disabling Ion no longer affects extensions (1599226) - * [WARNING] If false, causes the odd site issue and there is also a performance loss + * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); @@ -1192,6 +1191,12 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 2622: enforce no system colors; they can be fingerprinted * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] +/* 2623: disable permissions delegation [FF73+] + * Currently applies to cross-origin geolocation, camera, mic and screen-sharing + * permissions, and fullscreen requests. Disabling delegation means any prompts + * for these will show/use their correct 3rd party origin + * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ +user_pref("permissions.delegation.enabled", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From 94c83519f2230ffca2387b7a27e2f938f0902f95 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Apr 2020 07:08:36 +0000 Subject: [PATCH 1347/1961] 74 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4bf0cb3..024eda2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 05 April 2020 -* version 74-beta +* date: 07 April 2020 +* version 74 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 7e71b6663c9a4e24a6d42ccdeb72a9f33c5980db Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Apr 2020 07:12:14 +0000 Subject: [PATCH 1348/1961] 75-alpha, add 105e, closes #922 --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 024eda2..8f0c031 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 07 April 2020 -* version 74 +* version 75-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -125,6 +125,9 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] /* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); +/* 0105e: disable Activity Stream Top Sites + * The new "megabar" in FF75+ suggests top sites even if you don't use AS */ +user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, From d2da48c215a7ee06ce97f10aab0a894afb4c427a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Apr 2020 08:01:07 +0000 Subject: [PATCH 1349/1961] revert top sites, see #922 --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 8f0c031..23a015c 100644 --- a/user.js +++ b/user.js @@ -125,9 +125,6 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] /* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); -/* 0105e: disable Activity Stream Top Sites - * The new "megabar" in FF75+ suggests top sites even if you don't use AS */ -user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, From 8c7149c6a5762b75e14d38c6c36558be26a4ae69 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Apr 2020 06:07:13 +0000 Subject: [PATCH 1350/1961] 2421: Ion/JIT trusted principals, closes #914 --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 23a015c..38b232d 100644 --- a/user.js +++ b/user.js @@ -1054,11 +1054,14 @@ user_pref("dom.vibrator.enabled", false); * [5] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); -/* 2421: disable Ion and baseline JIT to help harden JS against exploits +/* 2421: disable Ion and baseline JIT to harden against JS exploits [SETUP-HARDEN] + * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new pref + * hidden pref is enabled, then Ion can still be used by extensions (1599226) * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); + // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] /* 2422: disable WebAssembly [FF52+] [SETUP-PERF] * [NOTE] In FF71+ this no longer affects extensions (1576254) * [1] https://developer.mozilla.org/docs/WebAssembly ***/ From d2dd0c2ab4d0671312c70b278d84265ea6b85bcc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Apr 2020 02:51:17 +0000 Subject: [PATCH 1351/1961] tls stats update - Go to https://telemetry.mozilla.org/ - click `measurement dashboard` - select `SSL_HANDSHAKE_VERSION` I looked at Nightly 75 (0.26 and 0.01) and Nightly 76 (0.2 and 0) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 38b232d..06edde9 100644 --- a/user.js +++ b/user.js @@ -654,7 +654,7 @@ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. - * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 + * Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1 * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.max", 4); From 97c5378e52fe29f98317f671f8fd95aee6fddd63 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Apr 2020 16:23:48 +0000 Subject: [PATCH 1352/1961] 1007: *forceMediaMemoryCache PB mode --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 06edde9..2ee8e11 100644 --- a/user.js +++ b/user.js @@ -396,7 +396,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice * with VPNs. That's even assuming your ISP and/or router and/or website can handle it. - * Firefox telemetry (April 2019) shows only 5% of all connections are IPv6. + * Firefox telemetry (April 2019) shows only 5% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -596,6 +596,9 @@ user_pref("browser.cache.disk.enable", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] +/* 1007: disable media cache from writing to disk in Private Browsing Mode [FF75+] + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB Mode */ + //user_pref("browser.privatebrowsing.forceMediaMemoryCache", false); /** SESSIONS & SESSION RESTORE ***/ /* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ From deae6e14f989710ebdfddafa21e2406efb79795b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Apr 2020 16:38:12 +0000 Subject: [PATCH 1353/1961] 75 deprecated --- user.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2ee8e11..605ec27 100644 --- a/user.js +++ b/user.js @@ -158,12 +158,11 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] -/* 0205: disable GeoIP-based search results +/* 0205: disable GeoIP-based search defaults * [NOTE] May not be hidden if Firefox has changed your settings due to your locale * [1] https://trac.torproject.org/projects/tor/ticket/16254 * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ user_pref("browser.search.region", "US"); // [HIDDEN PREF] -user_pref("browser.search.geoip.url", ""); /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); @@ -1721,6 +1720,11 @@ user_pref("privacy.userContext.longPressBehavior", 2); // [-] https://bugzilla.mozilla.org/1477756 user_pref("webgl.disable-extensions", true); // * * * / +// FF75 +// 0205: disable GeoIP-based search defaults URL + // [-] https://bugzilla.mozilla.org/1589618 +user_pref("browser.search.geoip.url", ""); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From b695468c7e0e39a614aebf47c5e4c0ad78749766 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Apr 2020 18:07:12 +0000 Subject: [PATCH 1354/1961] remove 0205 --- user.js | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/user.js b/user.js index 605ec27..af3dd1c 100644 --- a/user.js +++ b/user.js @@ -7,7 +7,7 @@ * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt * releases: These are end-of-stable-life-cycle legacy archives. - *Always* use the master branch user.js for a current up-to-date version. + *Always* use the master branch user.js for a current up-to-date version url: https://github.com/ghacksuserjs/ghacks-user.js/releases * README: @@ -158,11 +158,6 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] -/* 0205: disable GeoIP-based search defaults - * [NOTE] May not be hidden if Firefox has changed your settings due to your locale - * [1] https://trac.torproject.org/projects/tor/ticket/16254 - * [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/ -user_pref("browser.search.region", "US"); // [HIDDEN PREF] /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); @@ -1720,11 +1715,6 @@ user_pref("privacy.userContext.longPressBehavior", 2); // [-] https://bugzilla.mozilla.org/1477756 user_pref("webgl.disable-extensions", true); // * * * / -// FF75 -// 0205: disable GeoIP-based search defaults URL - // [-] https://bugzilla.mozilla.org/1589618 -user_pref("browser.search.geoip.url", ""); -// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From ba83c555cc78bb60f40c0d7b20cc643d02c26c62 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Apr 2020 18:10:34 +0000 Subject: [PATCH 1355/1961] geo default search engines browser.search.geoip.url is deprecated in 75, the prefs are only used on first run, and we don't mess with search engines as that is a user choice --- scratchpad-scripts/ghacks-clear-[removed].js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js index ab22f90..fbde545 100644 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ b/scratchpad-scripts/ghacks-clear-[removed].js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 19-December-2019 + Last updated: 12-April-2020 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -218,6 +218,9 @@ /* 71-beta */ 'media.block-autoplay-until-in-foreground', 'middlemouse.paste', + /* 75-beta */ + 'browser.search.geoip.url', + 'browser.search.region', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 394b6915995383968e12d923f0b4d63c0ff6b4e9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Apr 2020 04:55:10 +0000 Subject: [PATCH 1356/1961] 2421: grammar fix --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index af3dd1c..9725a5e 100644 --- a/user.js +++ b/user.js @@ -1052,7 +1052,7 @@ user_pref("dom.vibrator.enabled", false); * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to harden against JS exploits [SETUP-HARDEN] - * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new pref + * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new * hidden pref is enabled, then Ion can still be used by extensions (1599226) * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ From d7c276b3fe6fec1ea6f7b33333e1142b812687d7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Apr 2020 06:17:54 +0000 Subject: [PATCH 1357/1961] 2402: clipboardevents -> inactive, #887 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 9725a5e..ee57bcc 100644 --- a/user.js +++ b/user.js @@ -1024,14 +1024,14 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! /* 2401: disable website control over browser right-click context menu * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ // user_pref("dom.event.contextmenu.enabled", false); -/* 2402: disable website access to clipboard events/content - * [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress +/* 2402: disable website access to clipboard events/content [SETUP-HARDEN] + * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one * is default false) then enabling this pref can leak clipboard content, see [2] * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ * [2] https://bugzilla.mozilla.org/1528289 */ -user_pref("dom.event.clipboardevents.enabled", false); + // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ From dd162d9f489686d821d4a53377e15d7fab16dd15 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Apr 2020 00:16:03 +0000 Subject: [PATCH 1358/1961] 1007 fixups --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index ee57bcc..fa3ad93 100644 --- a/user.js +++ b/user.js @@ -590,9 +590,10 @@ user_pref("browser.cache.disk.enable", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] -/* 1007: disable media cache from writing to disk in Private Browsing Mode [FF75+] - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB Mode */ - //user_pref("browser.privatebrowsing.forceMediaMemoryCache", false); +/* 1007: disable media cache from writing to disk in Private Browsing [FF75+] + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ +user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); +user_pref("media.memory_cache_max_size", 16384); /** SESSIONS & SESSION RESTORE ***/ /* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ From b90e72370c5fca05e13f91bef873fcb4b3104d05 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Apr 2020 00:28:00 +0000 Subject: [PATCH 1359/1961] 1007 fixup what FF75+ applies to --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index fa3ad93..e9ed7f5 100644 --- a/user.js +++ b/user.js @@ -590,9 +590,9 @@ user_pref("browser.cache.disk.enable", false); * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] -/* 1007: disable media cache from writing to disk in Private Browsing [FF75+] +/* 1007: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ -user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); +user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 16384); /** SESSIONS & SESSION RESTORE ***/ From d455c500a6c74058b3eb71d8349586d2e1de0072 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Apr 2020 14:44:14 +0000 Subject: [PATCH 1360/1961] 75-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e9ed7f5..4bbad65 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 07 April 2020 -* version 75-alpha +* date: 15 April 2020 +* version 75-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From dff5bb478a830ac186a2318ac3d09dc7ae6919a7 Mon Sep 17 00:00:00 2001 From: W Date: Thu, 16 Apr 2020 04:04:13 +0000 Subject: [PATCH 1361/1961] 0211: add possible breakage for CJK input methods --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 4bbad65..a7c2ec8 100644 --- a/user.js +++ b/user.js @@ -168,7 +168,9 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0211: enforce US English locale regardless of the system locale - * [1] https://bugzilla.mozilla.org/867501 ***/ + * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [2] + * [1] https://bugzilla.mozilla.org/867501 + * [2] https://bugzilla.mozilla.org/1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /* 0212: enforce fallback text encoding to match en-US * When the content or server doesn't declare a charset the browser will From 3366e0aa162006aa7343f92c87b38c5c52c9bd11 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Apr 2020 08:52:48 +0000 Subject: [PATCH 1362/1961] 75 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a7c2ec8..a101af0 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 15 April 2020 -* version 75-beta +* date: 23 April 2020 +* version 75 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From bd384622db70eaf6893d32a0c1c4b99d5516fa5b Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 29 Apr 2020 12:00:10 +0000 Subject: [PATCH 1363/1961] Update troubleshooter.js (#935) extensions.blocklist.pingCountTotal is not used anymore in FF76+ --- scratchpad-scripts/troubleshooter.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 1cce763..61488f0 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.6.0 ***/ +/*** ghacks-user.js troubleshooter.js v1.6.1 ***/ (function() { @@ -107,7 +107,7 @@ ] // any runtime-set pref that everyone will have and that can be safely reset - const oFILLER = { type: 64, name: 'extensions.blocklist.pingCountTotal', value: -1 }; + const oFILLER = { type: 64, name: 'app.update.lastUpdateTime.browser-cleanup-thumbnails', value: 1580000000 }; function getMyList(arr) { const aRet = []; From 0ea1605642e67db9f930cb79680a3b1b78a74b62 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Apr 2020 18:52:27 +0000 Subject: [PATCH 1364/1961] start 76-alpha, 2605 default --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index a101af0..7419fe0 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 23 April 2020 -* version 75 +* date: 30 April 2020 +* version 76-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1132,7 +1132,7 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2605: block web content in file processes [FF55+] * [SETUP-WEB] You may want to disable this for corporate or developer environments * [1] https://bugzilla.mozilla.org/1343184 ***/ -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: false FF76+] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); From c0780df24d9798462daf3380d47d0c5c5e6bbf83 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Apr 2020 21:50:50 +0000 Subject: [PATCH 1365/1961] 1401: PDF breakage, closes #937 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7419fe0..3068a21 100644 --- a/user.js +++ b/user.js @@ -779,7 +779,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [SETUP-WEB] Disabling fonts can uglify the web a fair bit. + * [SETUP-WEB] Can break some PDFs (missing text). Limiting to default fonts can "uglify" the web * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering From 14aaec71fb192eaab78365d54b0b76a2d5845860 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 May 2020 07:34:23 +0000 Subject: [PATCH 1366/1961] 76 deprecated --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3068a21..a46e1da 100644 --- a/user.js +++ b/user.js @@ -272,12 +272,11 @@ user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /** BLOCKLISTS ***/ -/* 0401: enforce Firefox blocklist, but sanitize blocklist url +/* 0401: enforce Firefox blocklist * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] -user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); /** SAFE BROWSING (SB) Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never @@ -1718,6 +1717,10 @@ user_pref("privacy.userContext.longPressBehavior", 2); // [-] https://bugzilla.mozilla.org/1477756 user_pref("webgl.disable-extensions", true); // * * * / +// FF76 +// 0401: sanitize blocklist url +user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From e38e253c25ebee28d4ecaa96d2f5cd68e3d86e1d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 May 2020 10:49:07 +0000 Subject: [PATCH 1367/1961] oophs, forgot deprecation source --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index a46e1da..4785166 100644 --- a/user.js +++ b/user.js @@ -1719,6 +1719,7 @@ user_pref("webgl.disable-extensions", true); // * * * / // FF76 // 0401: sanitize blocklist url + // [-] https://bugzilla.mozilla.org/1618188 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); // * * * / // ***/ From 919d4bfe961c6fa798c78472835eb1a839149cee Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 4 May 2020 10:52:25 +0000 Subject: [PATCH 1368/1961] godamnit, also move related reference --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4785166..fcc75b3 100644 --- a/user.js +++ b/user.js @@ -274,8 +274,7 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /** BLOCKLISTS ***/ /* 0401: enforce Firefox blocklist * [NOTE] It includes updates for "revoked certificates" - * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ - * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ + * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ ***/ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] /** SAFE BROWSING (SB) @@ -1719,6 +1718,7 @@ user_pref("webgl.disable-extensions", true); // * * * / // FF76 // 0401: sanitize blocklist url + // [2] https://trac.torproject.org/projects/tor/ticket/16931 // [-] https://bugzilla.mozilla.org/1618188 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); // * * * / From 07117c65c19f5d02af77cc578927481c72e958f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 May 2020 05:13:19 +0000 Subject: [PATCH 1369/1961] RFP spoofs FF78+ --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index fcc75b3..d0f7767 100644 --- a/user.js +++ b/user.js @@ -1413,7 +1413,8 @@ user_pref("privacy.firstparty.isolate", true); FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763) FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829) - FF68: Reported OS versions updated to Windows 10, OS 10.14, and Adnroid 8.1 (1511434) + FF68: Reported OS versions updated to Windows 10, OS 10.14, and Android 8.1 (1511434) + FF78: Reported OS versions updated to OS 10.15 and Android 9.0 (1635011) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From 27d72eda9eed2c065cc6397e4e9b03c86ffa6424 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 May 2020 06:20:10 +0000 Subject: [PATCH 1370/1961] 1244: https-only-mode --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index d0f7767..eb4735f 100644 --- a/user.js +++ b/user.js @@ -736,6 +736,10 @@ user_pref("security.mixed_content.block_display_content", true); /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); +/* 1244: enable https-only-mode [FF76+] + * [NOTE] This is experimental + * [1] https://bugzilla.mozilla.org/1613063 */ + // user_pref("dom.security.https_only_mode", true); /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/ /* 1261: disable 3DES (effective key size < 128) From bb1e5bfd54c5281f372e596712b91c8444c1c785 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 May 2020 14:56:49 +0000 Subject: [PATCH 1371/1961] 76-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index eb4735f..c953fa6 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 30 April 2020 -* version 76-alpha +* date: 7 May 2020 +* version 76-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 4bc5b89cfe6f599747ba50160fc4aa3bded421d1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 15 May 2020 23:18:11 +0000 Subject: [PATCH 1372/1961] 4500: RFP changes 78+ re canvas --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index c953fa6..8050498 100644 --- a/user.js +++ b/user.js @@ -1432,7 +1432,7 @@ user_pref("privacy.firstparty.isolate", true); ** 1354633 - limit MediaError.message to a whitelist (FF57+) ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) - ** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+) + ** 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction (FF58+) FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if @@ -1455,6 +1455,7 @@ user_pref("privacy.firstparty.isolate", true); ** 1564422 - spoof audioContext outputLatency (FF70+) ** 1595823 - spoof audioContext sampleRate (FF72+) ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) + ** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From ff9bf76e5255b70265a1457252e4486f4e3c53f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 May 2020 18:09:46 +0000 Subject: [PATCH 1373/1961] 76 final, save some bytes in RFP section --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 8050498..367cd22 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 7 May 2020 -* version 76-beta +* date: 24 May 2020 +* version 76 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1412,13 +1412,13 @@ user_pref("privacy.firstparty.isolate", true); This spoof *shouldn't* affect core chrome/Firefox performance ** 1217238 - reduce precision of time exposed by javascript (FF55+) ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) - ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+) - FF56: The version number will be rounded down to the nearest multiple of 10 - FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763) - FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608) - FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829) - FF68: Reported OS versions updated to Windows 10, OS 10.14, and Android 8.1 (1511434) - FF78: Reported OS versions updated to OS 10.15 and Android 9.0 (1635011) + ** 1333651 & 1383495 & 1396468 - spoof User Agent & Navigator API (see section 4700) (FF56+) + FF56: Version: rounded down to the nearest multiple of 10 + FF57: Version: match current ESR (1393283, 1418672, 1418162, 1511763) + FF59: OS: Windows, OSX, Android, or Linux (to reduce breakage) (1404608) + FF66: OS: HTTP Headers reduced to Windows or Android (1509829) + FF68: OS: updated to Windows 10, OS 10.14, and Android 8.1 (1511434) + FF78: OS: updated to OS 10.15 and Android 9.0 (1635011) ** 1369319 - disable device sensor API (see 4604) (FF56+) ** 1369357 - disable site specific zoom (see 4605) (FF56+) ** 1337161 - hide gamepads from content (see 4606) (FF56+) From 868882ae3321c66bf979e455b0ab4731bdb22f71 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 24 May 2020 18:11:55 +0000 Subject: [PATCH 1374/1961] start 77-alpha --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 367cd22..d35ef0d 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 24 May 2020 -* version 76 +* version 77-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 3edc48da56ad77c156f108a4889834d033ddc38f Mon Sep 17 00:00:00 2001 From: Matt Loberg Date: Tue, 26 May 2020 06:54:55 -0500 Subject: [PATCH 1375/1961] fix updater.sh when dealing with multiple overrides (#947) thanks @mloberg ! --- updater.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/updater.sh b/updater.sh index 226a492..5c06a9c 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.5 +## version: 2.6 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -313,8 +313,10 @@ update_userjs () { # apply overrides if [ "$SKIPOVERRIDE" = false ]; then - while IFS=',' read -ra FILE; do - add_override "$FILE" + while IFS=',' read -ra FILES; do + for FILE in "${FILES[@]}"; do + add_override "$FILE" + done done <<< "$OVERRIDE" fi From f69d92e6ddc4c855686601caa391fda5a953ebaa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 29 May 2020 12:23:17 +0000 Subject: [PATCH 1376/1961] 1244: https upgrade local --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index d35ef0d..a5ce6cb 100644 --- a/user.js +++ b/user.js @@ -739,7 +739,8 @@ user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable https-only-mode [FF76+] * [NOTE] This is experimental * [1] https://bugzilla.mozilla.org/1613063 */ - // user_pref("dom.security.https_only_mode", true); + // user_pref("dom.security.https_only_mode", true); // [FF76+] + // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/ /* 1261: disable 3DES (effective key size < 128) From f6e6de844430fa64440ae230061720839e8282be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 29 May 2020 12:41:59 +0000 Subject: [PATCH 1377/1961] 77 deprecated --- user.js | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index a5ce6cb..d5b3f7c 100644 --- a/user.js +++ b/user.js @@ -506,9 +506,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850d: disable location bar autofill * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); -/* 0850e: disable location bar one-off searches [FF51+] - * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ - // user_pref("browser.urlbar.oneOffSearches", false); /* 0860: disable search and form history * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2] * [NOTE] We also clear formdata on exit (see 2803) @@ -1132,10 +1129,6 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2604: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] -/* 2605: block web content in file processes [FF55+] - * [SETUP-WEB] You may want to disable this for corporate or developer environments - * [1] https://bugzilla.mozilla.org/1343184 ***/ -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: false FF76+] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); @@ -1729,6 +1722,17 @@ user_pref("webgl.disable-extensions", true); // [-] https://bugzilla.mozilla.org/1618188 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); // * * * / +// FF77 +// 0850e: disable location bar one-off searches [FF51+] + // [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ + // [-] https://bugzilla.mozilla.org/1628926 + // user_pref("browser.urlbar.oneOffSearches", false); +// 2605: block web content in file processes [FF55+] + // [SETUP-WEB] You may want to disable this for corporate or developer environments + // [1] https://bugzilla.mozilla.org/1343184 + // [-] https://bugzilla.mozilla.org/1603007 +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From ecc62554e5493c6b6e51a237358ad61e092c679b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 1 Jun 2020 15:27:38 +0000 Subject: [PATCH 1378/1961] 2608: remote debugging: default value, closes #950 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d5b3f7c..ade9208 100644 --- a/user.js +++ b/user.js @@ -1138,7 +1138,7 @@ user_pref("browser.uitour.url", ""); user_pref("devtools.chrome.enabled", false); /* 2608: disable remote debugging * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ -user_pref("devtools.debugger.remote-enabled", false); +user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ From 05580f5e99ccbe02646c9062acd137e51b55a8d2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Jun 2020 20:48:41 +0000 Subject: [PATCH 1379/1961] 0709 hotfix, #923, #951 --- user.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/user.js b/user.js index ade9208..bf9672e 100644 --- a/user.js +++ b/user.js @@ -441,6 +441,11 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] +/*** [SECTION 0709]: HOTFIX for FF77, FIXED in FF78 ***/ +/* 0709: disabling UNC can cause extension storage to fail + * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/923 ***/ +user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF] + /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS Change items 0850 and above to suit for privacy vs convenience and functionality. Consider your environment (no unwanted eyeballs), your device (restricted access), your device's From 683ef63b37bbdc3e19787b9a53a0c8547980d857 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Jun 2020 03:08:16 +0000 Subject: [PATCH 1380/1961] RFP alts: prefers-reduced-motion --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index bf9672e..b71c1e4 100644 --- a/user.js +++ b/user.js @@ -1444,7 +1444,7 @@ user_pref("privacy.firstparty.isolate", true); FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - ** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) + ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4617) (FF63+) ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) FF65: pointerEvent.pointerid (1492766) ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) @@ -1584,6 +1584,10 @@ user_pref("ui.use_standins_for_native_colors", true); // 4616: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] +// 4617: enforce prefers-reduced-motion as no-preference [FF63+] + // 0=no-preference, 1=reduce +user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] + // * * * / // ***/ From b07cf1f03dd68dcb5e4c103dce163ecb740e417d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Jun 2020 03:10:09 +0000 Subject: [PATCH 1381/1961] remove extra line from last commit, save one byte --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index b71c1e4..d7475f0 100644 --- a/user.js +++ b/user.js @@ -1587,7 +1587,6 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // 4617: enforce prefers-reduced-motion as no-preference [FF63+] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] - // * * * / // ***/ From 9d78e050ee69aa5326bbac5205da840e1ed29678 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 12 Jun 2020 17:39:28 +0000 Subject: [PATCH 1382/1961] 77-beta --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index d7475f0..add068a 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 24 May 2020 -* version 77-alpha +* date: 12 Jun 2020 +* version 77-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -755,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ - // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); - // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); + // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF79+] + // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF79+] /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); @@ -1595,8 +1595,8 @@ user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] to use RFP (4500) or an extension, in which case they become POINTLESS. (a) Many of the components that make up your UA can be derived by other means. And when those values differ, you provide more bits and raise entropy. - Examples of leaks include navigator objects, date locale/formats, iframes, - headers, tcp/ip attributes, feature detection, and **many** more. + Examples of leaks include workers, navigator objects, date locale/formats, + iframes, headers, tcp/ip attributes, feature detection, and **many** more. ALL values below intentionally left blank - use RFP, or get a vetted, tested extension and mimic RFP values to *lower* entropy, or randomize to *raise* it ***/ From b9100488cb60f863b3b42e0728ebea7c43c6ddfb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 14 Jun 2020 10:26:10 +0000 Subject: [PATCH 1383/1961] 77 final --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index add068a..bf68880 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 12 Jun 2020 -* version 77-beta +* date: 14 Jun 2020 +* version 77 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1078,7 +1078,7 @@ user_pref("javascript.options.wasm", false); // user_pref("dom.IntersectionObserver.enabled", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF78+] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From 48f258ff5302ac6cb8421fa6d3788135a682abe6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 14 Jun 2020 10:28:32 +0000 Subject: [PATCH 1384/1961] start 78-alpha --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bf68880..d6ecb37 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 14 Jun 2020 -* version 77 +* version 78-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From f573200aa8ba37d9941d7ff8fd5e70896a0c0735 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Jun 2020 02:29:54 +0000 Subject: [PATCH 1385/1961] ciphers in ESR78 [1496639](https://bugzilla.mozilla.org/show_bug.cgi?id=1496639) --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d6ecb37..de76f44 100644 --- a/user.js +++ b/user.js @@ -755,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ - // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF79+] - // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF79+] + // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false ESR78 & FF79+] + // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false ESR78 & FF79+] /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); From 4be0a80720f4d7af22bc103b3dc075ef55d47d88 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Jun 2020 17:26:25 +0000 Subject: [PATCH 1386/1961] update trac tor tickets (#958) and some other minor tweaks --- user.js | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index de76f44..0c77f86 100644 --- a/user.js +++ b/user.js @@ -177,7 +177,7 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] * fallback to the "Current locale" based on your application language * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content * [TEST] https://hsivonen.com/test/moz/check-charset.htm - * [1] https://trac.torproject.org/projects/tor/ticket/20025 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 ***/ user_pref("intl.charset.fallback.override", "windows-1252"); /*** [SECTION 0300]: QUIET FOX @@ -390,7 +390,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice * with VPNs. That's even assuming your ISP and/or router and/or website can handle it. - * Firefox telemetry (April 2019) shows only 5% of all connections are IPv6 + * [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -430,13 +430,13 @@ user_pref("network.proxy.socks_remote_dns", true); // user_pref("network.ftp.enabled", false); /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares - * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0710: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) * [1] https://bugzilla.mozilla.org/1433507 - * [2] https://trac.torproject.org/23044 + * [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044 * [3] https://en.wikipedia.org/wiki/GVfs * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] @@ -653,10 +653,10 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 + * [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. - * Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1 * [1] https://www.ssllabs.com/ssl-pulse/ ***/ - // user_pref("security.tls.version.min", 3); + // user_pref("security.tls.version.min", 3); // [DEFAULT: 3 FF78+] // user_pref("security.tls.version.max", 4); /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ user_pref("security.tls.version.enable-deprecated", false); @@ -715,7 +715,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); * 0=disable detecting Family Safety mode and importing the root * 1=only attempt to detect Family Safety mode (don't import the root) * 2=detect Family Safety mode and import the root - * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ user_pref("security.family_safety.mode", 0); /* 1222: disable intermediate certificate caching (fingerprinting attack vector) [FF41+] [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. @@ -726,12 +726,12 @@ user_pref("security.family_safety.mode", 0); * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 - * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); /** MIXED CONTENT ***/ /* 1240: disable insecure active content on https pages - * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21323 ***/ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ user_pref("security.mixed_content.block_display_content", true); @@ -755,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ - // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false ESR78 & FF79+] - // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false ESR78 & FF79+] + // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF78+] + // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF78+] /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ // user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false); @@ -764,8 +764,10 @@ user_pref("security.mixed_content.block_object_subrequest", true); /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) * Bug: warning padlock not indicated for subresources on a secure page! [2] + * [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation [3] * [1] https://wiki.mozilla.org/Security:Renegotiation - * [2] https://bugzilla.mozilla.org/1353705 ***/ + * [2] https://bugzilla.mozilla.org/1353705 + * [3] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) @@ -789,7 +791,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering * [1] https://bugzilla.mozilla.org/789788 - * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/ + * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /* 1404: disable rendering of SVG OpenType fonts @@ -962,7 +964,7 @@ user_pref("dom.disable_window_move_resize", true); * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window. * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen - * [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks @@ -1142,7 +1144,7 @@ user_pref("browser.uitour.url", ""); * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); /* 2608: disable remote debugging - * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc @@ -1154,7 +1156,7 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard - * [1] https://trac.torproject.org/projects/tor/ticket/10089 ***/ + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ user_pref("middlemouse.contentLoadURL", false); /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) @@ -1507,8 +1509,8 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan // 4601: [2514] spoof (or limit?) number of CPU cores [FF48+] // [NOTE] *may* affect core chrome/Firefox performance, will affect content. // [1] https://bugzilla.mozilla.org/1008453 - // [2] https://trac.torproject.org/projects/tor/ticket/21675 - // [3] https://trac.torproject.org/projects/tor/ticket/22127 + // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675 + // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127 // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency // user_pref("dom.maxHardwareConcurrency", 2); // * * * / @@ -1520,7 +1522,7 @@ user_pref("dom.enable_resource_timing", false); user_pref("dom.enable_performance", false); // 4604: [2512] disable device sensor API // Optional protection depending on your device - // [1] https://trac.torproject.org/projects/tor/ticket/15758 + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 // user_pref("device.sensors.enabled", false); @@ -1531,7 +1533,7 @@ user_pref("dom.enable_performance", false); user_pref("browser.zoom.siteSpecific", false); // 4606: [2501] disable gamepad API - USB device ID enumeration // Optional protection depending on your connected devices - // [1] https://trac.torproject.org/projects/tor/ticket/13023 + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023 // user_pref("dom.gamepad.enabled", false); // 4607: [2503] disable giving away network info [FF31+] // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none @@ -1547,7 +1549,7 @@ user_pref("media.webspeech.synth.enabled", false); // * * * / // FF57+ // 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] - // [1] https://trac.torproject.org/projects/tor/ticket/15757 + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757 // [2] https://bugzilla.mozilla.org/654550 user_pref("media.video_stats.enabled", false); // 4611: [2509] disable touch events @@ -1555,7 +1557,7 @@ user_pref("media.video_stats.enabled", false); // 0=disabled, 1=enabled, 2=autodetect // Optional protection depending on your device // [1] https://developer.mozilla.org/docs/Web/API/Touch_events - // [2] https://trac.torproject.org/projects/tor/ticket/10286 + // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286 // user_pref("dom.w3c_touch_events.enabled", 0); // * * * / // FF59+ From 77ecef8be3a0a6b1a0f32c9d9ef501478065b00f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Jun 2020 12:16:57 +0000 Subject: [PATCH 1387/1961] 78 deprecated, add 2032 (#962) --- user.js | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 0c77f86..f3b08b6 100644 --- a/user.js +++ b/user.js @@ -943,8 +943,10 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/ // user_pref("media.autoplay.default", 5); -/* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/ -user_pref("media.autoplay.enabled.user-gestures-needed", false); +/* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+] + * 0=sticky (default), 1=transient, 2=user + * [1] https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation ***/ +user_pref("media.autoplay.blocking_policy", 2); /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); @@ -1635,7 +1637,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" @@ -1743,6 +1744,14 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi // [-] https://bugzilla.mozilla.org/1603007 user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // * * * / +// FF78 +// 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' + // [-] https://bugzilla.mozilla.org/1509933 +user_pref("media.autoplay.enabled.user-gestures-needed", false); +// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4617) + // [-] https://bugzilla.mozilla.org/1640501 + // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] +// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From aaf6cb33d7d74b6e8b4e0384254745719ab42d5c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Jun 2020 12:37:32 +0000 Subject: [PATCH 1388/1961] 4617 restart - at least for disabling chrome animations --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f3b08b6..73c3b03 100644 --- a/user.js +++ b/user.js @@ -1588,7 +1588,7 @@ user_pref("ui.use_standins_for_native_colors", true); // 4616: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -// 4617: enforce prefers-reduced-motion as no-preference [FF63+] +// 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // * * * / From 488a82562601d6cddb045347e5ae7d734e0a49dd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Jun 2020 15:48:13 +0000 Subject: [PATCH 1389/1961] update weak ciphers/tests etc, closes #931 (#963) - adds the new tests including the non-JS JA3 Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: earthlng --- user.js | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 73c3b03..4af746f 100644 --- a/user.js +++ b/user.js @@ -637,6 +637,8 @@ user_pref("browser.shell.shortcutFavicons", false); /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) Your cipher and other settings can be used in server side fingerprinting [TEST] https://www.ssllabs.com/ssltest/viewMyClient.html + [TEST] https://browserleaks.com/ssl + [TEST] https://ja3er.com/ [1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/ ***/ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); @@ -744,22 +746,29 @@ user_pref("security.mixed_content.block_object_subrequest", true); // user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] -/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/ -/* 1261: disable 3DES (effective key size < 128) +/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] + * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) + * Additionally some have other weaknesses like key sizes of 128 (or lower) [2] and/or no Perfect Forward Secrecy [3]. + * [1] https://browserleaks.com/ssl + * [2] https://en.wikipedia.org/wiki/Key_size + * [3] https://en.wikipedia.org/wiki/Forward_secrecy + ***/ +/* 1261: disable 3DES (effective key size < 128 and no PFS) * [1] https://en.wikipedia.org/wiki/3des#Security * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ // user_pref("security.ssl3.rsa_des_ede3_sha", false); -/* 1262: disable 128 bits ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); - // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); /* 1263: disable DHE (Diffie-Hellman Key Exchange) * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF78+] // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF78+] -/* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ - // user_pref("security.ssl3.rsa_aes_128_sha", false); - // user_pref("security.ssl3.rsa_aes_256_sha", false); +/* 1264: disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/ + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); + // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS + // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) From 618f7bed3f693f0931689740b2ce540e64b0e651 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 29 Jun 2020 15:49:11 +0000 Subject: [PATCH 1390/1961] 0850a: add top sites FF78+ --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 4af746f..5260324 100644 --- a/user.js +++ b/user.js @@ -495,11 +495,12 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar suggestion types - * If all three suggestion types are false, search engine keywords are disabled + * If the first three suggestion types are false, search engine keywords are disabled * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); // user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.openpage", false); + // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] /* 0850c: disable location bar dropdown * This value controls the total number of entries to appear in the location bar dropdown * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always From b5b04454e0710920ce3ad427c50eeeb904a22842 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 1 Jul 2020 03:46:52 +0000 Subject: [PATCH 1391/1961] 0850a search keywords fixup --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 5260324..abd98a3 100644 --- a/user.js +++ b/user.js @@ -495,7 +495,6 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0850a: disable location bar suggestion types - * If the first three suggestion types are false, search engine keywords are disabled * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); // user_pref("browser.urlbar.suggest.bookmark", false); From 3d18af19e3936beecca8506dc57319a428b98dc2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 5 Jul 2020 14:02:25 +0000 Subject: [PATCH 1392/1961] various, #959 (#967) Co-authored-by: rusty-snake --- user.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index abd98a3..e6916a0 100644 --- a/user.js +++ b/user.js @@ -125,6 +125,9 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] /* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ // user_pref("browser.library.activity-stream.enabled", false); +/* 0105e: clear default topsites + * [NOTE] This does not block you from adding your own ***/ +user_pref("browser.newtabpage.activity-stream.default.sites", ""); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, @@ -175,7 +178,7 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /* 0212: enforce fallback text encoding to match en-US * When the content or server doesn't declare a charset the browser will * fallback to the "Current locale" based on your application language - * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content + * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content (FF72-) * [TEST] https://hsivonen.com/test/moz/check-charset.htm * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 ***/ user_pref("intl.charset.fallback.override", "windows-1252"); @@ -205,7 +208,7 @@ user_pref("app.update.auto", false); // user_pref("extensions.getAddons.cache.enabled", false); /* 0308: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines - * [SETTING] General>Firefox Updates>Automatically update search engines ***/ + * [SETTING] General>Firefox Updates>Automatically update search engines (FF72-) ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -1502,6 +1505,9 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * When default true (FF62+) this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); +/* 4520: disable chrome animations [FF77+] [RESTART] + * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ +user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 4600]: RFP ALTERNATIVES * non-RFP users: @@ -1757,7 +1763,7 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' // [-] https://bugzilla.mozilla.org/1509933 user_pref("media.autoplay.enabled.user-gestures-needed", false); -// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4617) +// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4520) // [-] https://bugzilla.mozilla.org/1640501 // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // * * * / From d0060fed3cf52008178dc11271018b5296dfb2e0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Jul 2020 13:18:38 +0000 Subject: [PATCH 1393/1961] 2031: use exceptions if you need to, #969 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index e6916a0..3875297 100644 --- a/user.js +++ b/user.js @@ -957,6 +957,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("media.autoplay.default", 5); /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+] * 0=sticky (default), 1=transient, 2=user + * [NOTE] If you have trouble with some video sites, then add an exception (see 2030) * [1] https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation ***/ user_pref("media.autoplay.blocking_policy", 2); From 1a389c021417833ccd688a52d05cd4b0b08734fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 10 Jul 2020 10:09:13 +0000 Subject: [PATCH 1394/1961] dnsResolveSingleWordsAfterSearch (#968) --- user.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 3875297..ed5857e 100644 --- a/user.js +++ b/user.js @@ -461,9 +461,8 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search * Don't leak URL typos to a search engine, give an error message instead. * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" - * [NOTE] Search buttons in the dropdown work, but hitting 'enter' in the location bar will fail - * [TIP] You can add keywords to search engines in options (e.g. 'd' for DuckDuckGo) and - * the dropdown will now auto-select it and you can then hit 'enter' and it will work + * [NOTE] This does **not** affect explicit user action such as using search buttons in the + * dropdown, or using keyword search shortcuts you configure in options (e.g. 'd' for DuckDuckGo) * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search * engine that respects privacy, then you probably don't need this ***/ user_pref("keyword.enabled", false); @@ -497,6 +496,11 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0810: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); +/* 0811: disable location bar leaking single words to a DNS provider **after searching** [FF78+] + * 0=never resolve single words, 1=heuristic (default), 2=always resolve + * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions + * [1] https://bugzilla.mozilla.org/1642623 ***/ +user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); /* 0850a: disable location bar suggestion types * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); From 84997386c1d1d8a08c336a52b588d0d416188e37 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Jul 2020 05:24:18 +0000 Subject: [PATCH 1395/1961] 78-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ed5857e..bbcf796 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 14 Jun 2020 -* version 78-alpha +* date: 20 Jul 2020 +* version 78-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From fe0af3bb348fb996d4635ad87d1c4f22b2a3b557 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 21 Jul 2020 10:40:01 +0000 Subject: [PATCH 1396/1961] remove 0709 duplicate, 78 final --- user.js | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index bbcf796..e323e8d 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 20 Jul 2020 -* version 78-beta +* date: 21 Jul 2020 +* version 78 * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -444,11 +444,6 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] -/*** [SECTION 0709]: HOTFIX for FF77, FIXED in FF78 ***/ -/* 0709: disabling UNC can cause extension storage to fail - * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/923 ***/ -user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF] - /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS Change items 0850 and above to suit for privacy vs convenience and functionality. Consider your environment (no unwanted eyeballs), your device (restricted access), your device's From 46d03279d3e44ee94f1968992ad4eafcce68ce92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 22 Jul 2020 12:35:13 +0000 Subject: [PATCH 1397/1961] 79 start, fixup 2429 default info --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index e323e8d..9a5cdd9 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 21 Jul 2020 -* version 78 +* date: 22 Jul 2020 +* version 79-alpha * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -1094,7 +1094,7 @@ user_pref("javascript.options.wasm", false); // user_pref("dom.IntersectionObserver.enabled", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF78+] +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From df21798b81d5665e69f2dde2928ff6a5032ab555 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 10:53:25 +0000 Subject: [PATCH 1398/1961] Delete ghacks-clear-FF68inclusive-[RFP-alternatives].js --- ...-clear-FF68inclusive-[RFP-alternatives].js | 61 ------------------- 1 file changed, 61 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js diff --git a/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js b/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js deleted file mode 100644 index dd315d6..0000000 --- a/scratchpad-scripts/ghacks-clear-FF68inclusive-[RFP-alternatives].js +++ /dev/null @@ -1,61 +0,0 @@ -/*** - This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js - up to and including Firefox/ESR 68. These are the prefs that are no longer necessary, - or they conflict with, privacy.resistFingerprinting if you have that enabled. - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* section 4600 */ - 'dom.maxHardwareConcurrency', - 'dom.enable_resource_timing', - 'dom.enable_performance', - 'device.sensors.enabled', - 'browser.zoom.siteSpecific', - 'dom.gamepad.enabled', - 'dom.netinfo.enabled', - 'media.webspeech.synth.enabled', - 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled', - 'media.ondevicechange.enabled', - 'webgl.enable-debug-renderer-info', - 'dom.w3c_pointer_events.enabled', - 'ui.use_standins_for_native_colors', - /* section 4700 */ - 'general.useragent.override', - 'general.buildID.override', - 'general.appname.override', - 'general.appversion.override', - 'general.platform.override', - 'general.oscpu.override', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 892b3d9d69938516cb81549b3bb68ab71bcfb2dd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 10:53:38 +0000 Subject: [PATCH 1399/1961] Delete ghacks-clear-FF68inclusive-[deprecated].js --- ...ghacks-clear-FF68inclusive-[deprecated].js | 221 ------------------ 1 file changed, 221 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js diff --git a/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js b/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js deleted file mode 100644 index a3005e0..0000000 --- a/scratchpad-scripts/ghacks-clear-FF68inclusive-[deprecated].js +++ /dev/null @@ -1,221 +0,0 @@ -/*** - This will reset the preferences that have been deprecated by Mozilla - and used in the ghacks user.js up to and including Firefox/ESR 68 - - It is in reverse order, so feel free to remove sections that do not apply - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* deprecated */ - - /* 68 */ - 'browser.newtabpage.activity-stream.disableSnippets', - 'browser.aboutHomeSnippets.updateUrl', - 'lightweightThemes.update.enabled', - 'security.csp.experimentalEnabled', - /* F67 */ - 'dom.event.highrestimestamp.enabled', - 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', - /* 66 */ - 'browser.chrome.errorReporter.enabled', - 'browser.chrome.errorReporter.submitUrl', - 'network.allow-experiments', - /* 65 */ - 'browser.urlbar.autocomplete.enabled', - 'browser.fixup.hide_user_pass', - /* 64 */ - 'browser.onboarding.enabled', - 'devtools.webide.autoinstallADBHelper', - 'devtools.webide.adbAddonURL', - 'security.csp.enable_violation_events', - /* 63 */ - 'browser.search.countryCode', - 'app.update.enabled', - 'shield.savant.enabled', - 'browser.chrome.favicons', - 'media.autoplay.enabled', - 'network.cookie.lifetime.days', - 'browser.ctrlTab.previews', - /* 62 */ - 'plugin.state.java', - /* 61 */ - 'experiments.enabled', - 'experiments.manifest.uri', - 'experiments.supported', - 'experiments.activeExperiment', - 'network.jar.block-remote-files', - 'network.jar.open-unsafe-types', - /* 60 */ - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'extensions.shield-recipe-client.enabled', - 'extensions.shield-recipe-client.api_url', - 'browser.newtabpage.activity-stream.enabled', - 'dom.workers.enabled', - /* 59 */ - 'intl.locale.matchOS', - 'general.useragent.locale', - 'datareporting.healthreport.about.reportUrl', - 'dom.flyweb.enabled', - 'security.mixed_content.use_hsts', - 'security.mixed_content.send_hsts_priming', - 'network.http.referer.userControlPolicy', - 'security.xpconnect.plugin.unrestricted', - 'media.getusermedia.screensharing.allowed_domains', - 'camera.control.face_detection.enabled', - 'dom.disable_window_status_change', - 'dom.idle-observers-api.enabled', - /* 58 */ - 'browser.crashReports.unsubmittedCheck.autoSubmit', - /* 57 */ - 'social.whitelist', - 'social.toast-notifications.enabled', - 'social.shareDirectory', - 'social.remote-install.enabled', - 'social.directories', - 'social.share.activationPanelEnabled', - 'social.enabled', - 'media.eme.chromium-api.enabled', - 'devtools.webide.autoinstallFxdtAdapters', - 'browser.casting.enabled', - 'browser.bookmarks.showRecentlyBookmarked', - /* 56 */ - 'extensions.screenshots.system-disabled', - 'extensions.formautofill.experimental', - /* 55 */ - 'geo.security.allowinsecure', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.newtabpage.directory.ping', - 'browser.formfill.saveHttpsForms', - 'browser.formautofill.enabled', - 'dom.enable_user_timing', - 'dom.keyboardevent.code.enabled', - 'browser.tabs.animate', - 'browser.fullscreen.animate', - /* 54 */ - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'media.eme.apiVisible', - 'dom.archivereader.enabled', - /* 53 */ - 'security.tls.unrestricted_rc4_fallback', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'dom.beforeAfterKeyboardEvent.enabled', - /* 52 */ - 'network.http.sendSecureXSiteReferrer', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'media.gmp-eme-adobe.autoupdate', - 'dom.telephony.enabled', - 'dom.battery.enabled', - /* 51 */ - 'media.block-play-until-visible', - 'dom.vr.oculus050.enabled', - 'network.http.spdy.enabled.v3-1', - /* 50 */ - 'browser.usedOnWindows10.introURL', - 'plugins.update.notifyUser', - 'browser.safebrowsing.enabled', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'plugins.update.url', - /* 49 */ - 'loop.enabled', - 'loop.server', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.logDomains', - 'dom.disable_window_open_feature.scrollbars', - 'dom.push.udp.wakeupEnabled', - /* 48 */ - 'browser.urlbar.unifiedcomplete', - /* 47 */ - 'toolkit.telemetry.unifiedIsOptIn', - 'datareporting.healthreport.about.reportUrlUnified', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - /* 46 */ - 'datareporting.healthreport.service.enabled', - 'datareporting.healthreport.documentServerURI', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'browser.safebrowsing.appRepURL', - 'browser.polaris.enabled', - 'browser.pocket.enabled', - 'browser.pocket.api', - 'browser.pocket.site', - 'browser.pocket.oAuthConsumerKey', - /* 45 */ - 'browser.sessionstore.privacy_level_deferred', - /* 44 */ - 'browser.safebrowsing.provider.google.appRepURL', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'dom.workers.sharedWorkers.enabled', - 'dom.disable_image_src_set', - /* 43 */ - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.updateURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'pfs.datasource.url', - 'browser.search.showOneOffButtons', - /* 42 and earlier */ - 'privacy.clearOnShutdown.passwords', // 42 - 'full-screen-api.approval-required', // 42 - 'browser.safebrowsing.reportErrorURL', // 41 - 'browser.safebrowsing.reportGenericURL', // 41 - 'browser.safebrowsing.reportMalwareErrorURL', // 41 - 'browser.safebrowsing.reportMalwareURL', // 41 - 'browser.safebrowsing.reportURL', // 41 - 'plugins.enumerable_names', // 41 - 'network.http.spdy.enabled.http2draft', // 41 - 'camera.control.autofocus_moving_callback.enabled', // 37 - 'privacy.donottrackheader.value', // 36 - 'network.websocket.enabled', // 35 - 'dom.network.enabled', // 31 - 'pageThumbs.enabled', // 25 - - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 24c228df922649e74acfc4b6474926beba50c98f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 10:57:12 +0000 Subject: [PATCH 1400/1961] update to ESR78 --- scratchpad-scripts/ghacks-clear-deprecated.js | 248 ++++++++++++++++++ 1 file changed, 248 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-deprecated.js diff --git a/scratchpad-scripts/ghacks-clear-deprecated.js b/scratchpad-scripts/ghacks-clear-deprecated.js new file mode 100644 index 0000000..e3ab4e1 --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-deprecated.js @@ -0,0 +1,248 @@ +/*** + Version: up to and including FF/ESR78 + + This will reset the preferences that have been deprecated by Mozilla + and used in the ghacks user.js + + It is in reverse order, so feel free to remove sections that do not apply + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* deprecated */ + + /* 78 */ + 'media.autoplay.enabled.user-gestures-needed', + 'toolkit.cosmeticAnimations.enabled', + /* 77 */ + 'browser.urlbar.oneOffSearches', + 'browser.tabs.remote.allowLinkedWebInFileUriProcess', + /* 76 */ + 'extensions.blocklist.url', + /* 74 */ + 'geo.wifi.uri', + 'geo.wifi.logging.enabled', + 'privacy.userContext.longPressBehavior', + 'webgl.disable-extensions', + /* 72 */ + 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', + 'toolkit.telemetry.hybridContent.enabled', + 'dom.indexedDB.enabled', + /* 71 */ + 'devtools.webide.enabled', + 'devtools.webide.autoinstallADBExtension', + 'offline-apps.allow_by_default', + /* 69 */ + 'gfx.downloadable_fonts.woff2.enabled', + 'plugins.click_to_play', + 'media.autoplay.allow-muted', + /* 68 */ + 'browser.newtabpage.activity-stream.disableSnippets', + 'browser.aboutHomeSnippets.updateUrl', + 'lightweightThemes.update.enabled', + 'security.csp.experimentalEnabled', + /* F67 */ + 'dom.event.highrestimestamp.enabled', + 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', + /* 66 */ + 'browser.chrome.errorReporter.enabled', + 'browser.chrome.errorReporter.submitUrl', + 'network.allow-experiments', + /* 65 */ + 'browser.urlbar.autocomplete.enabled', + 'browser.fixup.hide_user_pass', + /* 64 */ + 'browser.onboarding.enabled', + 'devtools.webide.autoinstallADBHelper', + 'devtools.webide.adbAddonURL', + 'security.csp.enable_violation_events', + /* 63 */ + 'browser.search.countryCode', + 'app.update.enabled', + 'shield.savant.enabled', + 'browser.chrome.favicons', + 'media.autoplay.enabled', + 'network.cookie.lifetime.days', + 'browser.ctrlTab.previews', + /* 62 */ + 'plugin.state.java', + /* 61 */ + 'experiments.enabled', + 'experiments.manifest.uri', + 'experiments.supported', + 'experiments.activeExperiment', + 'network.jar.block-remote-files', + 'network.jar.open-unsafe-types', + /* 60 */ + 'browser.newtabpage.directory.source', + 'browser.newtabpage.enhanced', + 'browser.newtabpage.introShown', + 'extensions.shield-recipe-client.enabled', + 'extensions.shield-recipe-client.api_url', + 'browser.newtabpage.activity-stream.enabled', + 'dom.workers.enabled', + /* 59 */ + 'intl.locale.matchOS', + 'general.useragent.locale', + 'datareporting.healthreport.about.reportUrl', + 'dom.flyweb.enabled', + 'security.mixed_content.use_hsts', + 'security.mixed_content.send_hsts_priming', + 'network.http.referer.userControlPolicy', + 'security.xpconnect.plugin.unrestricted', + 'media.getusermedia.screensharing.allowed_domains', + 'camera.control.face_detection.enabled', + 'dom.disable_window_status_change', + 'dom.idle-observers-api.enabled', + /* 58 */ + 'browser.crashReports.unsubmittedCheck.autoSubmit', + /* 57 */ + 'social.whitelist', + 'social.toast-notifications.enabled', + 'social.shareDirectory', + 'social.remote-install.enabled', + 'social.directories', + 'social.share.activationPanelEnabled', + 'social.enabled', + 'media.eme.chromium-api.enabled', + 'devtools.webide.autoinstallFxdtAdapters', + 'browser.casting.enabled', + 'browser.bookmarks.showRecentlyBookmarked', + /* 56 */ + 'extensions.screenshots.system-disabled', + 'extensions.formautofill.experimental', + /* 55 */ + 'geo.security.allowinsecure', + 'browser.selfsupport.enabled', + 'browser.selfsupport.url', + 'browser.newtabpage.directory.ping', + 'browser.formfill.saveHttpsForms', + 'browser.formautofill.enabled', + 'dom.enable_user_timing', + 'dom.keyboardevent.code.enabled', + 'browser.tabs.animate', + 'browser.fullscreen.animate', + /* 54 */ + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'media.eme.apiVisible', + 'dom.archivereader.enabled', + /* 53 */ + 'security.tls.unrestricted_rc4_fallback', + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'dom.beforeAfterKeyboardEvent.enabled', + /* 52 */ + 'network.http.sendSecureXSiteReferrer', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'media.gmp-eme-adobe.autoupdate', + 'dom.telephony.enabled', + 'dom.battery.enabled', + /* 51 */ + 'media.block-play-until-visible', + 'dom.vr.oculus050.enabled', + 'network.http.spdy.enabled.v3-1', + /* 50 */ + 'browser.usedOnWindows10.introURL', + 'plugins.update.notifyUser', + 'browser.safebrowsing.enabled', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'plugins.update.url', + /* 49 */ + 'loop.enabled', + 'loop.server', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', + 'loop.facebook.appId', + 'loop.facebook.enabled', + 'loop.facebook.fallbackUrl', + 'loop.facebook.shareUrl', + 'loop.logDomains', + 'dom.disable_window_open_feature.scrollbars', + 'dom.push.udp.wakeupEnabled', + /* 48 */ + 'browser.urlbar.unifiedcomplete', + /* 47 */ + 'toolkit.telemetry.unifiedIsOptIn', + 'datareporting.healthreport.about.reportUrlUnified', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + /* 46 */ + 'datareporting.healthreport.service.enabled', + 'datareporting.healthreport.documentServerURI', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'browser.safebrowsing.appRepURL', + 'browser.polaris.enabled', + 'browser.pocket.enabled', + 'browser.pocket.api', + 'browser.pocket.site', + 'browser.pocket.oAuthConsumerKey', + /* 45 */ + 'browser.sessionstore.privacy_level_deferred', + /* 44 */ + 'browser.safebrowsing.provider.google.appRepURL', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'dom.workers.sharedWorkers.enabled', + 'dom.disable_image_src_set', + /* 43 */ + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.updateURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'pfs.datasource.url', + 'browser.search.showOneOffButtons', + /* 42 and earlier */ + 'privacy.clearOnShutdown.passwords', // 42 + 'full-screen-api.approval-required', // 42 + 'browser.safebrowsing.reportErrorURL', // 41 + 'browser.safebrowsing.reportGenericURL', // 41 + 'browser.safebrowsing.reportMalwareErrorURL', // 41 + 'browser.safebrowsing.reportMalwareURL', // 41 + 'browser.safebrowsing.reportURL', // 41 + 'plugins.enumerable_names', // 41 + 'network.http.spdy.enabled.http2draft', // 41 + 'camera.control.autofocus_moving_callback.enabled', // 37 + 'privacy.donottrackheader.value', // 36 + 'network.websocket.enabled', // 35 + 'dom.network.enabled', // 31 + 'pageThumbs.enabled', // 25 + + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From be64819ce7ed94a5c1604c49a79006d898d6bb06 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 10:58:22 +0000 Subject: [PATCH 1401/1961] update to ESR78 --- .../ghacks-clear-RFP-alternatives | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-RFP-alternatives diff --git a/scratchpad-scripts/ghacks-clear-RFP-alternatives b/scratchpad-scripts/ghacks-clear-RFP-alternatives new file mode 100644 index 0000000..a2824ad --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-RFP-alternatives @@ -0,0 +1,65 @@ +/*** + Version: up to and including FF/ESR78 + + This will reset the preferences that are under sections 4600 & 4700 in the + ghacks user.js. These are the prefs that are no longer necessary, or they + conflict with, privacy.resistFingerprinting if you have that enabled. + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* section 4600 */ + 'dom.maxHardwareConcurrency', + 'dom.enable_resource_timing', + 'dom.enable_performance', + 'device.sensors.enabled', + 'browser.zoom.siteSpecific', + 'dom.gamepad.enabled', + 'dom.netinfo.enabled', + 'media.webspeech.synth.enabled', + 'media.video_stats.enabled', + 'dom.w3c_touch_events.enabled', + 'media.ondevicechange.enabled', + 'webgl.enable-debug-renderer-info', + 'dom.w3c_pointer_events.enabled', + 'ui.use_standins_for_native_colors', + 'ui.systemUsesDarkTheme', + 'ui.prefersReducedMotion' + /* section 4700 */ + 'general.useragent.override', + 'general.buildID.override', + 'general.appname.override', + 'general.appversion.override', + 'general.platform.override', + 'general.oscpu.override', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From 52926cca7a14d49bb94a366ae5ea8843bcd1efd1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 10:59:19 +0000 Subject: [PATCH 1402/1961] Delete ghacks-clear-[removed].js --- scratchpad-scripts/ghacks-clear-[removed].js | 251 ------------------- 1 file changed, 251 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-[removed].js diff --git a/scratchpad-scripts/ghacks-clear-[removed].js b/scratchpad-scripts/ghacks-clear-[removed].js deleted file mode 100644 index fbde545..0000000 --- a/scratchpad-scripts/ghacks-clear-[removed].js +++ /dev/null @@ -1,251 +0,0 @@ -/*** - This will reset the preferences that have been removed completely from the ghacks user.js. - - Last updated: 12-April-2020 - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* removed in ghacks user.js v52-57 */ - /* 52-alpha */ - 'browser.search.reset.enabled', - 'browser.search.reset.whitelist', - /* 54-alpha */ - 'browser.migrate.automigrate.enabled', - 'services.sync.enabled', - 'webextensions.storage.sync.enabled', - 'webextensions.storage.sync.serverURL', - /* 55-alpha */ - 'dom.keyboardevent.dispatch_during_composition', // default is false anyway - 'dom.vr.oculus.enabled', // covered by dom.vr.enabled - 'dom.vr.openvr.enabled', // ditto - 'dom.vr.osvr.enabled', // ditto - 'extensions.pocket.api', // covered by extensions.pocket.enabled - 'extensions.pocket.oAuthConsumerKey', // ditto - 'extensions.pocket.site', // ditto - /* 56-alpha: none */ - /* 57-alpha */ - 'geo.wifi.xhr.timeout', // covered by geo.enabled - 'browser.search.geoip.timeout', // ditto - 'media.webspeech.recognition.enable', // default is false anyway - 'gfx.layerscope.enabled', // default is false anyway - /* 58-alpha */ - // excluding these e10 settings - // 'browser.tabs.remote.autostart', - // 'browser.tabs.remote.autostart.2', - // 'browser.tabs.remote.force-enable', - // 'browser.tabs.remote.separateFileUriProcess', - // 'extensions.e10sBlocksEnabling', - // 'extensions.webextensions.remote', - // 'dom.ipc.processCount', - // 'dom.ipc.shims.enabledWarnings', - // 'dom.ipc.processCount.extension', - // 'dom.ipc.processCount.file', - // 'security.sandbox.content.level', - // 'dom.ipc.plugins.sandbox-level.default', - // 'dom.ipc.plugins.sandbox-level.flash', - // 'security.sandbox.logging.enabled', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - /* 59-alpha */ - 'browser.stopReloadAnimation.enabled', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.doubleClickSelectsAll', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'ui.submenuDelay', - /* 60-beta - these were all at default anyway */ - 'device.storage.enabled', - 'general.useragent.compatMode.firefox', - 'network.dns.blockDotOnion', - 'network.stricttransportsecurity.preloadlist', - 'security.block_script_with_wrong_mime', - 'security.fileuri.strict_origin_policy', - 'security.sri.enable', - /* 61-beta */ - 'browser.laterrun.enabled', - 'browser.offline-apps.notify', - 'browser.rights.3.shown', - 'browser.slowStartup.maxSamples', - 'browser.slowStartup.notificationDisabled', - 'browser.slowStartup.samples', - 'browser.storageManager.enabled', - 'dom.allow_scripts_to_close_windows', - 'dom.disable_window_flip', - 'network.http.fast-fallback-to-IPv4', - 'offline-apps.quota.warn', - 'services.blocklist.signing.enforced', - /* 62-beta */ - 'browser.urlbar.autoFill.typed', - 'security.tls.version.fallback-limit', - /* 63-beta */ - 'extensions.webextensions.keepStorageOnUninstall', - 'extensions.webextensions.keepUuidOnUninstall', - 'privacy.trackingprotection.ui.enabled', - /* 64-beta */ - 'browser.eme.ui.enabled', - 'browser.sessionstore.max_windows_undo', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', - 'media.navigator.video.enabled', - /* 65-beta */ - 'browser.contentblocking.enabled', - 'browser.urlbar.maxHistoricalSearchSuggestions', - /* 67-beta */ - 'app.update.service.enabled', - 'app.update.silent', - 'app.update.staging.enabled', - 'browser.cache.disk.capacity', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.offline.insecure.enable', - 'browser.safebrowsing.downloads.remote.url', - 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google.reportURL', - 'browser.safebrowsing.provider.google4.dataSharing.enabled', - 'browser.safebrowsing.provider.google4.dataSharingURL', - 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google4.reportURL', - 'browser.safebrowsing.reportPhishURL', - 'browser.sessionhistory.max_total_viewers', - 'browser.urlbar.filter.javascript', - 'canvas.capturestream.enabled', - 'dom.imagecapture.enabled', - 'dom.popup_maximum', - 'gfx.offscreencanvas.enabled', - 'javascript.options.shared_memory', - 'media.gmp-gmpopenh264.autoupdate', - 'media.gmp-gmpopenh264.enabled', - 'media.gmp-manager.updateEnabled', - 'media.gmp-manager.url', - 'media.gmp-manager.url.override', - 'media.gmp.trial-create.enabled', - 'media.gmp-widevinecdm.autoupdate', - 'network.cookie.leave-secure-alone', - 'network.cookie.same-site.enabled', - 'network.dnsCacheEntries', - 'network.dnsCacheExpiration', - 'network.proxy.autoconfig_url.include_path', - 'pdfjs.enableWebGL', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', - 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.insecure_field_warning.contextual.enabled', - 'security.insecure_password.ui.enabled', - 'signon.autofillForms.http', - 'signon.storeWhenAutocompleteOff', - 'xpinstall.whitelist.required', - /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ - 'browser.safebrowsing.downloads.remote.block_dangerous', - 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.provider.google.gethashURL', - 'browser.safebrowsing.provider.google.updateURL', - 'browser.safebrowsing.provider.google4.gethashURL', - 'browser.safebrowsing.provider.google4.updateURL', - 'browser.safebrowsing.provider.mozilla.gethashURL', - 'browser.safebrowsing.provider.mozilla.updateURL', - 'browser.urlbar.userMadeSearchSuggestionsChoice', - 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.enabled', - 'privacy.trackingprotection.lower_network_priority', - 'privacy.trackingprotection.pbmode.enabled', - 'services.blocklist.addons.collection', - 'services.blocklist.gfx.collection', - 'services.blocklist.onecrl.collection', - 'services.blocklist.plugins.collection', - 'services.blocklist.update_enabled', - 'urlclassifier.trackingTable', - /* 68-beta */ - 'dom.forms.datetime', - 'font.blacklist.underline_offset', - 'font.name.monospace.x-unicode', - 'font.name.monospace.x-western', - 'font.name.sans-serif.x-unicode', - 'font.name.sans-serif.x-western', - 'font.name.serif.x-unicode', - 'font.name.serif.x-western', - 'layout.css.font-loading-api.enabled', - 'toolkit.telemetry.cachedClientID', - /* 69-beta */ - 'plugin.sessionPermissionNow.intervalInMinutes', - /* 70-beta */ - 'browser.cache.disk_cache_ssl', - 'browser.sessionhistory.max_entries', - 'dom.push.connection.enabled', - 'dom.push.serverURL', - 'extensions.getAddons.discovery.api_url', - 'extensions.htmlaboutaddons.discover.enabled', - 'extensions.webservice.discoverURL', - 'intl.locale.requested', - 'intl.regional_prefs.use_os_locales', - 'privacy.usercontext.about_newtab_segregation.enabled', - 'security.insecure_connection_icon.pbmode.enabled', - 'security.insecure_connection_text.pbmode.enabled', - 'webgl.dxgl.enabled', - /* 71-beta */ - 'media.block-autoplay-until-in-foreground', - 'middlemouse.paste', - /* 75-beta */ - 'browser.search.geoip.url', - 'browser.search.region', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 10cc1224d0f951b165185abce1468a2db1fcb67b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 11:00:23 +0000 Subject: [PATCH 1403/1961] Create ghacks-clear-removed.js --- scratchpad-scripts/ghacks-clear-removed.js | 251 +++++++++++++++++++++ 1 file changed, 251 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-removed.js diff --git a/scratchpad-scripts/ghacks-clear-removed.js b/scratchpad-scripts/ghacks-clear-removed.js new file mode 100644 index 0000000..00b6d6b --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-removed.js @@ -0,0 +1,251 @@ +/*** + This will reset the preferences that have been removed completely from the ghacks user.js. + + Last updated: 21-April-2020 + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* removed in ghacks user.js v52-57 */ + /* 52-alpha */ + 'browser.search.reset.enabled', + 'browser.search.reset.whitelist', + /* 54-alpha */ + 'browser.migrate.automigrate.enabled', + 'services.sync.enabled', + 'webextensions.storage.sync.enabled', + 'webextensions.storage.sync.serverURL', + /* 55-alpha */ + 'dom.keyboardevent.dispatch_during_composition', // default is false anyway + 'dom.vr.oculus.enabled', // covered by dom.vr.enabled + 'dom.vr.openvr.enabled', // ditto + 'dom.vr.osvr.enabled', // ditto + 'extensions.pocket.api', // covered by extensions.pocket.enabled + 'extensions.pocket.oAuthConsumerKey', // ditto + 'extensions.pocket.site', // ditto + /* 56-alpha: none */ + /* 57-alpha */ + 'geo.wifi.xhr.timeout', // covered by geo.enabled + 'browser.search.geoip.timeout', // ditto + 'media.webspeech.recognition.enable', // default is false anyway + 'gfx.layerscope.enabled', // default is false anyway + /* 58-alpha */ + // excluding these e10 settings + // 'browser.tabs.remote.autostart', + // 'browser.tabs.remote.autostart.2', + // 'browser.tabs.remote.force-enable', + // 'browser.tabs.remote.separateFileUriProcess', + // 'extensions.e10sBlocksEnabling', + // 'extensions.webextensions.remote', + // 'dom.ipc.processCount', + // 'dom.ipc.shims.enabledWarnings', + // 'dom.ipc.processCount.extension', + // 'dom.ipc.processCount.file', + // 'security.sandbox.content.level', + // 'dom.ipc.plugins.sandbox-level.default', + // 'dom.ipc.plugins.sandbox-level.flash', + // 'security.sandbox.logging.enabled', + 'dom.presentation.controller.enabled', + 'dom.presentation.discoverable', + 'dom.presentation.discovery.enabled', + 'dom.presentation.enabled', + 'dom.presentation.receiver.enabled', + 'dom.presentation.session_transport.data_channel.enable', + /* 59-alpha */ + 'browser.stopReloadAnimation.enabled', + 'browser.tabs.insertRelatedAfterCurrent', + 'browser.tabs.loadDivertedInBackground', + 'browser.tabs.loadInBackground', + 'browser.tabs.selectOwnerOnClose', + 'browser.urlbar.clickSelectsAll', + 'browser.urlbar.doubleClickSelectsAll', + 'media.flac.enabled', + 'media.mediasource.enabled', + 'media.mediasource.mp4.enabled', + 'media.mediasource.webm.audio.enabled', + 'media.mediasource.webm.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', + 'media.ogg.flac.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.wmf.amd.vp9.enabled', + 'media.wmf.enabled', + 'media.wmf.vp9.enabled', + 'ui.submenuDelay', + /* 60-beta - these were all at default anyway */ + 'device.storage.enabled', + 'general.useragent.compatMode.firefox', + 'network.dns.blockDotOnion', + 'network.stricttransportsecurity.preloadlist', + 'security.block_script_with_wrong_mime', + 'security.fileuri.strict_origin_policy', + 'security.sri.enable', + /* 61-beta */ + 'browser.laterrun.enabled', + 'browser.offline-apps.notify', + 'browser.rights.3.shown', + 'browser.slowStartup.maxSamples', + 'browser.slowStartup.notificationDisabled', + 'browser.slowStartup.samples', + 'browser.storageManager.enabled', + 'dom.allow_scripts_to_close_windows', + 'dom.disable_window_flip', + 'network.http.fast-fallback-to-IPv4', + 'offline-apps.quota.warn', + 'services.blocklist.signing.enforced', + /* 62-beta */ + 'browser.urlbar.autoFill.typed', + 'security.tls.version.fallback-limit', + /* 63-beta */ + 'extensions.webextensions.keepStorageOnUninstall', + 'extensions.webextensions.keepUuidOnUninstall', + 'privacy.trackingprotection.ui.enabled', + /* 64-beta */ + 'browser.eme.ui.enabled', + 'browser.sessionstore.max_windows_undo', + 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'media.peerconnection.ice.tcp', + 'media.peerconnection.identity.enabled', + 'media.peerconnection.identity.timeout', + 'media.peerconnection.turn.disable', + 'media.peerconnection.use_document_iceservers', + 'media.peerconnection.video.enabled', + 'media.navigator.video.enabled', + /* 65-beta */ + 'browser.contentblocking.enabled', + 'browser.urlbar.maxHistoricalSearchSuggestions', + /* 67-beta */ + 'app.update.service.enabled', + 'app.update.silent', + 'app.update.staging.enabled', + 'browser.cache.disk.capacity', + 'browser.cache.disk.smart_size.enabled', + 'browser.cache.disk.smart_size.first_run', + 'browser.cache.offline.insecure.enable', + 'browser.safebrowsing.downloads.remote.url', + 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google.reportURL', + 'browser.safebrowsing.provider.google4.dataSharing.enabled', + 'browser.safebrowsing.provider.google4.dataSharingURL', + 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google4.reportURL', + 'browser.safebrowsing.reportPhishURL', + 'browser.sessionhistory.max_total_viewers', + 'browser.urlbar.filter.javascript', + 'canvas.capturestream.enabled', + 'dom.imagecapture.enabled', + 'dom.popup_maximum', + 'gfx.offscreencanvas.enabled', + 'javascript.options.shared_memory', + 'media.gmp-gmpopenh264.autoupdate', + 'media.gmp-gmpopenh264.enabled', + 'media.gmp-manager.updateEnabled', + 'media.gmp-manager.url', + 'media.gmp-manager.url.override', + 'media.gmp.trial-create.enabled', + 'media.gmp-widevinecdm.autoupdate', + 'network.cookie.leave-secure-alone', + 'network.cookie.same-site.enabled', + 'network.dnsCacheEntries', + 'network.dnsCacheExpiration', + 'network.proxy.autoconfig_url.include_path', + 'pdfjs.enableWebGL', + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.scan.plid.all', + 'security.data_uri.block_toplevel_data_uri_navigations', + 'security.insecure_field_warning.contextual.enabled', + 'security.insecure_password.ui.enabled', + 'signon.autofillForms.http', + 'signon.storeWhenAutocompleteOff', + 'xpinstall.whitelist.required', + /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ + 'browser.safebrowsing.downloads.remote.block_dangerous', + 'browser.safebrowsing.downloads.remote.block_dangerous_host', + 'browser.safebrowsing.blockedURIs.enabled', + 'browser.safebrowsing.provider.google.gethashURL', + 'browser.safebrowsing.provider.google.updateURL', + 'browser.safebrowsing.provider.google4.gethashURL', + 'browser.safebrowsing.provider.google4.updateURL', + 'browser.safebrowsing.provider.mozilla.gethashURL', + 'browser.safebrowsing.provider.mozilla.updateURL', + 'browser.urlbar.userMadeSearchSuggestionsChoice', + 'privacy.trackingprotection.annotate_channels', + 'privacy.trackingprotection.enabled', + 'privacy.trackingprotection.lower_network_priority', + 'privacy.trackingprotection.pbmode.enabled', + 'services.blocklist.addons.collection', + 'services.blocklist.gfx.collection', + 'services.blocklist.onecrl.collection', + 'services.blocklist.plugins.collection', + 'services.blocklist.update_enabled', + 'urlclassifier.trackingTable', + /* 68-beta */ + 'dom.forms.datetime', + 'font.blacklist.underline_offset', + 'font.name.monospace.x-unicode', + 'font.name.monospace.x-western', + 'font.name.sans-serif.x-unicode', + 'font.name.sans-serif.x-western', + 'font.name.serif.x-unicode', + 'font.name.serif.x-western', + 'layout.css.font-loading-api.enabled', + 'toolkit.telemetry.cachedClientID', + /* 69-beta */ + 'plugin.sessionPermissionNow.intervalInMinutes', + /* 70-beta */ + 'browser.cache.disk_cache_ssl', + 'browser.sessionhistory.max_entries', + 'dom.push.connection.enabled', + 'dom.push.serverURL', + 'extensions.getAddons.discovery.api_url', + 'extensions.htmlaboutaddons.discover.enabled', + 'extensions.webservice.discoverURL', + 'intl.locale.requested', + 'intl.regional_prefs.use_os_locales', + 'privacy.usercontext.about_newtab_segregation.enabled', + 'security.insecure_connection_icon.pbmode.enabled', + 'security.insecure_connection_text.pbmode.enabled', + 'webgl.dxgl.enabled', + /* 71-beta */ + 'media.block-autoplay-until-in-foreground', + 'middlemouse.paste', + /* 75-beta */ + 'browser.search.geoip.url', + 'browser.search.region', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From f8fd03482de41d0cad9fcce7530a282185b836aa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 11:19:49 +0000 Subject: [PATCH 1404/1961] 79 deprecated --- user.js | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 9a5cdd9..94c8a05 100644 --- a/user.js +++ b/user.js @@ -175,13 +175,6 @@ user_pref("intl.accept_languages", "en-US, en"); * [1] https://bugzilla.mozilla.org/867501 * [2] https://bugzilla.mozilla.org/1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -/* 0212: enforce fallback text encoding to match en-US - * When the content or server doesn't declare a charset the browser will - * fallback to the "Current locale" based on your application language - * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content (FF72-) - * [TEST] https://hsivonen.com/test/moz/check-charset.htm - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 ***/ -user_pref("intl.charset.fallback.override", "windows-1252"); /*** [SECTION 0300]: QUIET FOX Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts @@ -485,9 +478,6 @@ user_pref("layout.css.visited_links_enabled", false); * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); -/* 0809: disable location bar suggesting "preloaded" top websites [FF54+] - * [1] https://bugzilla.mozilla.org/1211726 ***/ -user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); /* 0810: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); @@ -1685,6 +1675,24 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); +/* ESR78.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF79 +// 0212: enforce fallback text encoding to match en-US + // When the content or server doesn't declare a charset the browser will + // fallback to the "Current locale" based on your application language + // [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content (FF72-) + // [TEST] https://hsivonen.com/test/moz/check-charset.htm + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 + // [-] https://bugzilla.mozilla.org/1603712 +user_pref("intl.charset.fallback.override", "windows-1252"); +// 0809: disable location bar suggesting "preloaded" top websites [FF54+] + // [1] https://bugzilla.mozilla.org/1211726 + // [-] https://bugzilla.mozilla.org/1643639 +user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); +// * * * / +// ***/ + /* ESR68.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 From 771e57480a1ab6cedfe2fda9330482cce3a75bdf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 12:21:10 +0000 Subject: [PATCH 1405/1961] Delete ghacks-clear-RFP-alternatives --- .../ghacks-clear-RFP-alternatives | 65 ------------------- 1 file changed, 65 deletions(-) delete mode 100644 scratchpad-scripts/ghacks-clear-RFP-alternatives diff --git a/scratchpad-scripts/ghacks-clear-RFP-alternatives b/scratchpad-scripts/ghacks-clear-RFP-alternatives deleted file mode 100644 index a2824ad..0000000 --- a/scratchpad-scripts/ghacks-clear-RFP-alternatives +++ /dev/null @@ -1,65 +0,0 @@ -/*** - Version: up to and including FF/ESR78 - - This will reset the preferences that are under sections 4600 & 4700 in the - ghacks user.js. These are the prefs that are no longer necessary, or they - conflict with, privacy.resistFingerprinting if you have that enabled. - - For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(function() { - let ops = [ - /* section 4600 */ - 'dom.maxHardwareConcurrency', - 'dom.enable_resource_timing', - 'dom.enable_performance', - 'device.sensors.enabled', - 'browser.zoom.siteSpecific', - 'dom.gamepad.enabled', - 'dom.netinfo.enabled', - 'media.webspeech.synth.enabled', - 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled', - 'media.ondevicechange.enabled', - 'webgl.enable-debug-renderer-info', - 'dom.w3c_pointer_events.enabled', - 'ui.use_standins_for_native_colors', - 'ui.systemUsesDarkTheme', - 'ui.prefersReducedMotion' - /* section 4700 */ - 'general.useragent.override', - 'general.buildID.override', - 'general.appname.override', - 'general.appversion.override', - 'general.platform.override', - 'general.oscpu.override', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ] - - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); - c++; - } else { console.log("failed to reset", ops[i]); } - } - } - - focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - -})(); From 0d27689c64c6a83b74dc34cd354bf3e349fb43c6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 12:22:20 +0000 Subject: [PATCH 1406/1961] update to ESR78 and this time add the file extension --- .../ghacks-clear-RFP-alternatives.js | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 scratchpad-scripts/ghacks-clear-RFP-alternatives.js diff --git a/scratchpad-scripts/ghacks-clear-RFP-alternatives.js b/scratchpad-scripts/ghacks-clear-RFP-alternatives.js new file mode 100644 index 0000000..a2824ad --- /dev/null +++ b/scratchpad-scripts/ghacks-clear-RFP-alternatives.js @@ -0,0 +1,65 @@ +/*** + Version: up to and including FF/ESR78 + + This will reset the preferences that are under sections 4600 & 4700 in the + ghacks user.js. These are the prefs that are no longer necessary, or they + conflict with, privacy.resistFingerprinting if you have that enabled. + + For instructions see: + https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] +***/ + +(function() { + let ops = [ + /* section 4600 */ + 'dom.maxHardwareConcurrency', + 'dom.enable_resource_timing', + 'dom.enable_performance', + 'device.sensors.enabled', + 'browser.zoom.siteSpecific', + 'dom.gamepad.enabled', + 'dom.netinfo.enabled', + 'media.webspeech.synth.enabled', + 'media.video_stats.enabled', + 'dom.w3c_touch_events.enabled', + 'media.ondevicechange.enabled', + 'webgl.enable-debug-renderer-info', + 'dom.w3c_pointer_events.enabled', + 'ui.use_standins_for_native_colors', + 'ui.systemUsesDarkTheme', + 'ui.prefersReducedMotion' + /* section 4700 */ + 'general.useragent.override', + 'general.buildID.override', + 'general.appname.override', + 'general.appversion.override', + 'general.platform.override', + 'general.oscpu.override', + /* reset parrot: check your open about:config after running the script */ + '_user.js.parrot' + ] + + if("undefined" === typeof(Services)) { + alert("about:config needs to be the active tab!"); + return; + } + + let c = 0; + for (let i = 0, len = ops.length; i < len; i++) { + if (Services.prefs.prefHasUserValue(ops[i])) { + Services.prefs.clearUserPref(ops[i]); + if (!Services.prefs.prefHasUserValue(ops[i])) { + console.log("reset", ops[i]); + c++; + } else { console.log("failed to reset", ops[i]); } + } + } + + focus(); + + let d = (c==1) ? " pref" : " prefs"; + if (c > 0) { + alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); + } else { alert("nothing to reset"); } + +})(); From c4a06c4689c168c8008f72c4a2ecdcbe4da3c23e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Jul 2020 12:23:14 +0000 Subject: [PATCH 1407/1961] missing comma --- scratchpad-scripts/ghacks-clear-RFP-alternatives.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-RFP-alternatives.js b/scratchpad-scripts/ghacks-clear-RFP-alternatives.js index a2824ad..1dfc5f7 100644 --- a/scratchpad-scripts/ghacks-clear-RFP-alternatives.js +++ b/scratchpad-scripts/ghacks-clear-RFP-alternatives.js @@ -27,7 +27,7 @@ 'dom.w3c_pointer_events.enabled', 'ui.use_standins_for_native_colors', 'ui.systemUsesDarkTheme', - 'ui.prefersReducedMotion' + 'ui.prefersReducedMotion', /* section 4700 */ 'general.useragent.override', 'general.buildID.override', From 117ab133b16b9bf91088830f5ed807c393cfdc7d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Jul 2020 02:19:20 +0000 Subject: [PATCH 1408/1961] remove 0809 not deprecated, just hidden: default is false anyway --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index 94c8a05..b1bd380 100644 --- a/user.js +++ b/user.js @@ -1686,10 +1686,6 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // [-] https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); -// 0809: disable location bar suggesting "preloaded" top websites [FF54+] - // [1] https://bugzilla.mozilla.org/1211726 - // [-] https://bugzilla.mozilla.org/1643639 -user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); // * * * / // ***/ From 091a71aade5654db4208ae3c89750cdbb5666cab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 29 Jul 2020 02:22:09 +0000 Subject: [PATCH 1409/1961] browser.urlbar.usepreloadedtopurls.enabled --- scratchpad-scripts/ghacks-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/ghacks-clear-removed.js b/scratchpad-scripts/ghacks-clear-removed.js index 00b6d6b..dfb63c4 100644 --- a/scratchpad-scripts/ghacks-clear-removed.js +++ b/scratchpad-scripts/ghacks-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the ghacks user.js. - Last updated: 21-April-2020 + Last updated: 28-July-2020 For instructions see: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -221,6 +221,8 @@ /* 75-beta */ 'browser.search.geoip.url', 'browser.search.region', + /* 79-beta */ + 'browser.urlbar.usepreloadedtopurls.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 2809854802b3756c26aa089987761f1bbd3f34ce Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 1 Aug 2020 11:03:17 +0000 Subject: [PATCH 1410/1961] font visibility / RFP (#985) --- user.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index b1bd380..f486017 100644 --- a/user.js +++ b/user.js @@ -804,7 +804,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] - * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. + * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed + * [NOTE] RFP in FF80+ restricts the whitelist to bundled and "Base Fonts" (see 4618) * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. * Eventually privacy.resistFingerprinting (see 4500) will cover this * [1] https://bugzilla.mozilla.org/1121643 ***/ @@ -911,7 +912,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); /* 2002: limit WebRTC IP leaks if using WebRTC - * In FF70+ these settings match Mode 4 (Mode 3 in older versions) (see [3]) + * In FF70+ these settings match Mode 4 (Mode 3 in older versions), see [3] * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy @@ -1092,7 +1093,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * Initially a Linux issue (high precision readout) that was fixed. * However, it is still another metric for fingerprinting, used to raise entropy. * e.g. do you have a battery or not, current charging status, charge level, times remaining etc - * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. see [1] + * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code, see [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); /* 2505: disable media device enumeration [FF29+] @@ -1387,7 +1388,7 @@ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] * [NOTE] Setting this to false may reduce the breakage in 4001 * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But - * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3]) + * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2],[3] * The 2nd pref removes that limitation and will only allow communication if FPDs also match. * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 @@ -1461,6 +1462,7 @@ user_pref("privacy.firstparty.isolate", true); ** 1595823 - spoof audioContext sampleRate (FF72+) ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) ** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) + ** 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1596,6 +1598,12 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] +// 4618: limit font visbility (non-ANDROID) [FF79+] + // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] + // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts + // [NOTE] Bundled fonts are auto-allowed + // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc +user_pref("layout.css.font-visibility.level", 1); // * * * / // ***/ From 58fb1db8380d641f43fa90308c36cd15fea0bb31 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Aug 2020 01:27:30 +0000 Subject: [PATCH 1411/1961] HTTPS-Only Mode UI --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f486017..e543b20 100644 --- a/user.js +++ b/user.js @@ -734,6 +734,7 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable https-only-mode [FF76+] * [NOTE] This is experimental + * [SETTING] Privacy & Security>HTTPS-Only Mode (FF81+) * [1] https://bugzilla.mozilla.org/1613063 */ // user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] From c4b7e076911e8f674ccdeaa9e3747340baf39c87 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 2 Aug 2020 01:47:48 +0000 Subject: [PATCH 1412/1961] 4500: site partitioning --- user.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index e543b20..b61dc57 100644 --- a/user.js +++ b/user.js @@ -1362,6 +1362,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences user_pref("privacy.sanitize.timeSpan", 0); /*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) + 4001: FPI ** 1278037 - isolate indexedDB (FF51+) ** 1277803 - isolate favicons (FF52+) ** 1264562 - isolate OCSP cache (FF52+) @@ -1380,11 +1381,15 @@ user_pref("privacy.sanitize.timeSpan", 0); ** 1506693 - isolate pdfjs range-based requests (FF68+) ** 1330467 - isolate site permissions (FF69+) ** 1534339 - isolate IPv6 (FF73+) + 4003: NETWORK PARTITON + ** 1647732 - isolate font cache (FF80+) + ** 1649673 - isolate speculative connections (FF80+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] * [SETUP-WEB] May break cross-domain logins and site functionality until perfected - * [1] https://bugzilla.mozilla.org/1260931 ***/ + * [1] https://bugzilla.mozilla.org/1260931 + * [2] https://bugzilla.mozilla.org/1299996 [META] ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] * [NOTE] Setting this to false may reduce the breakage in 4001 @@ -1396,6 +1401,9 @@ user_pref("privacy.firstparty.isolate", true); * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR] +/* 4003: enable site partitioning (FF78+) + * [1] https://bugzilla.mozilla.org/1590107 [META] */ +user_pref("privacy.partition.network_state", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) This master switch will be used for a wide range of items, many of which will From bc832575d839794ca1c1518f4f1b708ceb91cf40 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 3 Aug 2020 14:52:21 +0000 Subject: [PATCH 1413/1961] 1003: kibibytes --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b61dc57..3543b52 100644 --- a/user.js +++ b/user.js @@ -577,7 +577,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache -/* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes ***/ + * capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/ // user_pref("browser.cache.memory.enable", false); // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR] /* 1006: disable permissions manager from writing to disk [RESTART] @@ -585,7 +585,7 @@ user_pref("browser.cache.disk.enable", false); * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] /* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 16384); From 8c2bcc0352fccb23334549db313ee7411d702f78 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 3 Aug 2020 22:50:58 +0000 Subject: [PATCH 1414/1961] 1007: bump to 64mb, see #941 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3543b52..b27f4b4 100644 --- a/user.js +++ b/user.js @@ -587,7 +587,7 @@ user_pref("browser.cache.disk.enable", false); /* 1007: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -user_pref("media.memory_cache_max_size", 16384); +user_pref("media.memory_cache_max_size", 65536); /** SESSIONS & SESSION RESTORE ***/ /* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ From 0f6957bbd448005fbe6078c5abc10d4349f83e4c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Aug 2020 10:18:29 +0000 Subject: [PATCH 1415/1961] 4600: add missing version section --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index b27f4b4..d284a64 100644 --- a/user.js +++ b/user.js @@ -1607,6 +1607,7 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] +// FF80+ // 4618: limit font visbility (non-ANDROID) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts From 8452edb94b88af306b79cc3844f02f79a4cb5637 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Aug 2020 10:25:29 +0000 Subject: [PATCH 1416/1961] 4600: see #987 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index d284a64..def62a3 100644 --- a/user.js +++ b/user.js @@ -1590,6 +1590,10 @@ user_pref("media.ondevicechange.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info user_pref("webgl.enable-debug-renderer-info", false); // * * * / +// FF63+ +// 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] + // 0=no-preference, 1=reduce +user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // FF65+ // 4614: [2516] disable PointerEvents // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent @@ -1604,9 +1608,6 @@ user_pref("ui.use_standins_for_native_colors", true); // 4616: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -// 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] - // 0=no-preference, 1=reduce -user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // FF80+ // 4618: limit font visbility (non-ANDROID) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] From 172118e61b62b099f33c2ecfab619846ce15dcb6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Aug 2020 01:35:10 +0000 Subject: [PATCH 1417/1961] RFP+Alts: fixup sequential numbering, see #987 --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index def62a3..0bbfeb5 100644 --- a/user.js +++ b/user.js @@ -1460,12 +1460,12 @@ user_pref("privacy.partition.network_state", true); FF60: Fix keydown/keyup events (1438795) ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4617) (FF63+) - ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+) + ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+) + ** 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+) FF65: pointerEvent.pointerid (1492766) - ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+) + ** 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+) ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) - ** 1494034 - return "light" with prefers-color-scheme (see 4616) (FF67+) + ** 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+) [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme ** 1564422 - spoof audioContext outputLatency (FF70+) ** 1595823 - spoof audioContext sampleRate (FF72+) @@ -1591,21 +1591,21 @@ user_pref("media.ondevicechange.enabled", false); user_pref("webgl.enable-debug-renderer-info", false); // * * * / // FF63+ -// 4617: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] +// 4614: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -// FF65+ -// 4614: [2516] disable PointerEvents +// FF64+ +// 4615: [2516] disable PointerEvents // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent user_pref("dom.w3c_pointer_events.enabled", false); // * * * / // FF67+ -// 4615: [2618] disable exposure of system colors to CSS or canvas [FF44+] +// 4616: [2618] disable exposure of system colors to CSS or canvas [FF44+] // [NOTE] See second listed bug: may cause black on black for elements with undefined colors // [SETUP-CHROME] Might affect CSS in themes and extensions // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 user_pref("ui.use_standins_for_native_colors", true); -// 4616: enforce prefers-color-scheme as light [FF67+] +// 4617: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // FF80+ From 6905187b3e14b1aea336ffcbfdf4e42126593527 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 04:39:38 +0000 Subject: [PATCH 1418/1961] 0207/0208: region/search (#989) --- user.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user.js b/user.js index 0bbfeb5..a0146e5 100644 --- a/user.js +++ b/user.js @@ -165,6 +165,13 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); +/* 0207: disable region updates + * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ +user_pref("browser.region.network.url", ""); // [FF78+] +user_pref("browser.region.update.enabled", false); // [[FF79+] +/* 0208: set search region + * [NOTE] May not be hidden if Firefox has changed your settings due to your region (see 0207) ***/ + // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /** LANGUAGE / LOCALE ***/ /* 0210: set preferred language for displaying web pages From e16ede1cdf4167e8889e6d5ca96a54ccdc8ba826 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 14:44:27 +0000 Subject: [PATCH 1419/1961] 79-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a0146e5..8520511 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 22 Jul 2020 -* version 79-alpha +* date: 13 Aug 2020 +* version 79-beta * authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 5ed3047b7a09b075ef4f516f9b4ae861021499f0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 15:22:38 +0000 Subject: [PATCH 1420/1961] references cleanup --- user.js | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/user.js b/user.js index 8520511..3cb73ca 100644 --- a/user.js +++ b/user.js @@ -2,7 +2,6 @@ * name: ghacks user.js * date: 13 Aug 2020 * version 79-beta -* authors: v52+ github | v51- www.ghacks.net * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -347,17 +346,14 @@ user_pref("extensions.systemAddon.update.url", ""); // [FF44+] * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0340) ***/ user_pref("browser.ping-centre.telemetry", false); /* 0515: disable Screenshots - * alternatively in FF60+, disable uploading to the Screenshots server - * [1] https://github.com/mozilla-services/screenshots - * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/ + * alternatively in FF60+, disable uploading to the Screenshots server ***/ // user_pref("extensions.screenshots.disabled", true); // [FF55+] // user_pref("extensions.screenshots.upload-disabled", true); // [FF60+] /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses (FF74+) - * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill - * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/ + * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] user_pref("extensions.formautofill.available", "off"); // [FF56+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] @@ -372,16 +368,14 @@ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); * [1] https://developer.mozilla.org/docs/Web/HTTP/Link_prefetching_FAQ ***/ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching - * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ - * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ + * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true FF70+] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] /* 0605: disable link-mouseover opening connection to linked server - * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests - * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/ + * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: disable "Hyperlink Auditing" (click tracking) and enforce same host in case * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ @@ -429,7 +423,7 @@ user_pref("network.http.altsvc.oe", false); * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 0708: disable FTP [FF60+] - * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/ + * [1] https://www.fxsitecompat.dev/en-CA/docs/2020/ftp-support-will-be-removed/ ***/ // user_pref("network.ftp.enabled", false); /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares @@ -538,7 +532,7 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); /* 0902: use a master password * There are no preferences for this. It is all handled internally. * [SETTING] Privacy & Security>Logins and Passwords>Use a master password - * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/ + * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ /* 0903: set how often Firefox should ask for the master password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/ user_pref("security.ask_for_password", 2); @@ -896,8 +890,7 @@ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies /* 1803: disable Flash plugin * 0=deactivated, 1=ask, 2=enabled * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash - * [NOTE] You can still override individual sites via site permissions - * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/ + * [NOTE] You can still override individual sites via site permissions ***/ user_pref("plugin.state.flash", 0); /* 1820: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ @@ -1051,9 +1044,8 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one - * is default false) then enabling this pref can leak clipboard content, see [2] - * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ - * [2] https://bugzilla.mozilla.org/1528289 */ + * is default false) then enabling this pref can leak clipboard content, see [1] + * [1] https://bugzilla.mozilla.org/1528289 */ // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard @@ -1204,8 +1196,7 @@ user_pref("network.IDN_show_punycode", true); * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) * [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] -/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] - * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/ +/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 2622: enforce no system colors; they can be fingerprinted * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ @@ -1780,7 +1771,6 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi // * * * / // FF77 // 0850e: disable location bar one-off searches [FF51+] - // [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ // [-] https://bugzilla.mozilla.org/1628926 // user_pref("browser.urlbar.oneOffSearches", false); // 2605: block web content in file processes [FF55+] From 815c3026b5c5287a22af197434faebf4922ccd17 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 15:30:36 +0000 Subject: [PATCH 1421/1961] 79 final --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3cb73ca..85adda6 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 13 Aug 2020 -* version 79-beta +* version 79 * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 0358fdac8bc86847ac5af21dacbe2db9f1132a81 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 15:32:45 +0000 Subject: [PATCH 1422/1961] 80-alpha --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 85adda6..056fbca 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 13 Aug 2020 -* version 79 +* version 80-alpha * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 99aa5af3566d67ef379f4b95f7cb983f5bccda4c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 15:34:26 +0000 Subject: [PATCH 1423/1961] password master->primary --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 056fbca..d138216 100644 --- a/user.js +++ b/user.js @@ -529,14 +529,14 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * [NOTE] This does not clear any passwords already saved * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/ // user_pref("signon.rememberSignons", false); -/* 0902: use a master password +/* 0902: use a primary password * There are no preferences for this. It is all handled internally. - * [SETTING] Privacy & Security>Logins and Passwords>Use a master password + * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ -/* 0903: set how often Firefox should ask for the master password +/* 0903: set how often Firefox should ask for the primary password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Firefox should ask for the master password (see 0903) +/* 0904: set how often in minutes Firefox should ask for the primary password (see 0903) * in minutes, default is 30 ***/ user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields From 93840ca1810608fe0703767516015fe368100cd9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 13 Aug 2020 15:37:25 +0000 Subject: [PATCH 1424/1961] 0602 not hidden in ESR78 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index d138216..90f2863 100644 --- a/user.js +++ b/user.js @@ -370,7 +370,7 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true FF70+] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR68 or lower] [DEFAULT: true FF70+] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] From f9f0fffd27062d8b93dd12be5bf88cfd1d720844 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Aug 2020 09:01:14 +0000 Subject: [PATCH 1425/1961] Update README.md --- README.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b374351..81b54a9 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ ### ![][b] user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. -### ![][b] ghacks user.js -The `ghacks user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +### ![][b] This user.js +This `user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings. +Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. @@ -13,14 +13,12 @@ Also be aware that this `user.js` is made specifically for desktop Firefox. Usin Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) ### ![][b] acknowledgments -Literally thousands of sources, references and suggestions. That said... +Literally thousands of sources, references and suggestions. Special mention to: -* Martin Brinkmann at [ghacks](https://www.ghacks.net/) 1 -* The ghacks community and commentators * [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) -1 The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name. +1 This user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015, published in August 2015, and moved to GitHub in March 2017 ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) From 726d5bde30604f7a857d674d50ddaf91aadd1c19 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Aug 2020 14:12:28 +0000 Subject: [PATCH 1426/1961] 0105b: stop console error, closes #992 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 90f2863..5b6f656 100644 --- a/user.js +++ b/user.js @@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false); * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); +user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{\"\":\"\"}"); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); From f1e0203ef4dec5bfaa5258a12db8cf7e6070685a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Aug 2020 01:56:01 +0000 Subject: [PATCH 1427/1961] 0105b, cleaner value, see #992 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5b6f656..26169cb 100644 --- a/user.js +++ b/user.js @@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false); * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{\"\":\"\"}"); +user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}"); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); From 9a37e1340c430cc9953f6a73226f286d12bd9746 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 20 Aug 2020 17:18:22 +0000 Subject: [PATCH 1428/1961] 0905: add reference, #982 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 26169cb..00e738d 100644 --- a/user.js +++ b/user.js @@ -542,7 +542,8 @@ user_pref("security.password_lifetime", 5); /* 0905: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed * [NOTE] Username & password is still available when you enter the field - * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords ***/ + * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords + * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/ user_pref("signon.autofillForms", false); /* 0909: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); From 8d6d17d46bbb11b5b3e0c281f72266a82ebb187b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Aug 2020 21:05:08 +0000 Subject: [PATCH 1429/1961] 1244: HTTPS-only mode: FF80+ site exceptions The option is not shown if https-only-mode is not being applied. I tested with `http://asmjs.org/` since it doesn't redirect/upgrade to secure. --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 00e738d..f67ab24 100644 --- a/user.js +++ b/user.js @@ -734,8 +734,9 @@ user_pref("security.mixed_content.block_display_content", true); /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); -/* 1244: enable https-only-mode [FF76+] +/* 1244: enable HTTPS-Only mode [FF76+] * [NOTE] This is experimental + * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) * [SETTING] Privacy & Security>HTTPS-Only Mode (FF81+) * [1] https://bugzilla.mozilla.org/1613063 */ // user_pref("dom.security.https_only_mode", true); // [FF76+] From b3eee6c9fd6a5497f361079389b2dd648f3fdb53 Mon Sep 17 00:00:00 2001 From: h88e22dgpeps56sg <52240714+h88e22dgpeps56sg@users.noreply.github.com> Date: Sat, 22 Aug 2020 12:07:13 +0000 Subject: [PATCH 1430/1961] improve readability, remove lots of unnecessary echo commands, remove legacy arguments (#997) Co-authored-by: TotallyLeGIT --- updater.sh | 118 +++++++++++++++++++++-------------------------------- 1 file changed, 47 insertions(+), 71 deletions(-) diff --git a/updater.sh b/updater.sh index 5c06a9c..d2756af 100755 --- a/updater.sh +++ b/updater.sh @@ -11,7 +11,7 @@ readonly CURRDIR=$(pwd) sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) -if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi +[ -z "$sfp" ] && sfp=${BASH_SOURCE[0]} readonly SCRIPT_DIR=$(dirname "${sfp}") @@ -52,15 +52,15 @@ fi show_banner () { - echo -e "${BBLUE}\n" - echo ' ############################################################################' - echo ' #### ####' - echo ' #### ghacks user.js ####' - echo ' #### Hardening the Privacy and Security Settings of Firefox ####' - echo ' #### Maintained by @Thorin-Oakenpants and @earthlng ####' - echo ' #### Updater for macOS and Linux by @overdodactyl ####' - echo ' #### ####' - echo ' ############################################################################' + echo -e "${BBLUE} + ############################################################################ + #### #### + #### ghacks user.js #### + #### Hardening the Privacy and Security Settings of Firefox #### + #### Maintained by @Thorin-Oakenpants and @earthlng #### + #### Updater for macOS and Linux by @overdodactyl #### + #### #### + ############################################################################" echo -e "${NC}\n" echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" } @@ -70,43 +70,35 @@ show_banner () { ######################### usage() { - echo -e "${BLUE}\nUsage: $0 [-h] [-p PROFILE] [-u] [-d] [-s] [-n] [-b] [-c] [-v] [-r] [-e] [-o OVERRIDE]\n${NC}" 1>&2 # Echo usage string to standard error - echo 'Optional Arguments:' - echo -e "\t-h,\t\t Show this help message and exit." - echo -e "\t-p PROFILE,\t Path to your Firefox profile (if different than the dir of this script)" - echo -e "\t\t\t IMPORTANT: if the path include spaces, wrap the entire argument in quotes." - echo -e "\t-l, \t\t Choose your Firefox profile from a list" - echo -e "\t-u,\t\t Update updater.sh and execute silently. Do not seek confirmation." - echo -e "\t-d,\t\t Do not look for updates to updater.sh." - echo -e "\t-s,\t\t Silently update user.js. Do not seek confirmation." - echo -e "\t-b,\t\t Only keep one backup of each file." - echo -e "\t-c,\t\t Create a diff file comparing old and new user.js within userjs_diffs. " - echo -e "\t-o OVERRIDE,\t Filename or path to overrides file (if different than user-overrides.js)." - echo -e "\t\t\t If used with -p, paths should be relative to PROFILE or absolute paths" - echo -e "\t\t\t If given a directory, all files inside will be appended recursively." - echo -e "\t\t\t You can pass multiple files or directories by passing a comma separated list." - echo -e "\t\t\t\t Note: If a directory is given, only files inside ending in the extension .js are appended" - echo -e "\t\t\t\t IMPORTANT: do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1" - echo -e "\t\t\t\t IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes." - echo -e "\t\t\t\t\t Ex: -o \"override folder\" " - echo -e "\t-n,\t\t Do not append any overrides, even if user-overrides.js exists." - echo -e "\t-v,\t\t Open the resulting user.js file." - echo -e "\t-r,\t\t Only download user.js to a temporary file and open it." - echo -e "\t-e,\t\t Activate ESR related preferences." - echo -e - echo 'Deprecated Arguments (they still work for now):' - echo -e "\t-donotupdate,\t Use instead -d" - echo -e "\t-update,\t Use instead -u" - echo -e + echo + echo -e "${BLUE}Usage: $0 [-bcdehlnrsuv] [-p PROFILE] [-o OVERRIDE]${NC}" 1>&2 # Echo usage string to standard error + echo -e " +Optional Arguments: + -h Show this help message and exit. + -p PROFILE Path to your Firefox profile (if different than the dir of this script) + IMPORTANT: if the path includes spaces, wrap the entire argument in quotes. + -l Choose your Firefox profile from a list + -u Update updater.sh and execute silently. Do not seek confirmation. + -d Do not look for updates to updater.sh. + -s Silently update user.js. Do not seek confirmation. + -b Only keep one backup of each file. + -c Create a diff file comparing old and new user.js within userjs_diffs. + -o OVERRIDE Filename or path to overrides file (if different than user-overrides.js). + If used with -p, paths should be relative to PROFILE or absolute paths + If given a directory, all files inside will be appended recursively. + You can pass multiple files or directories by passing a comma separated list. + Note: If a directory is given, only files inside ending in the extension .js are appended + IMPORTANT: do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1 + IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes. + Ex: -o \"override folder\" + -n Do not append any overrides, even if user-overrides.js exists. + -v Open the resulting user.js file. + -r Only download user.js to a temporary file and open it. + -e Activate ESR related preferences." + echo exit 1 } -legacy_argument () { - echo -e "${ORANGE}\nWarning: command line arguments have changed." - echo -e "$1 has been deprecated and may not work in the future.\n" - echo -e "Please view the new options using the -h argument.${NC}" -} - ######################### # File Handling # ######################### @@ -204,8 +196,8 @@ get_updater_version () { # Update updater.sh # Default: Check for update, if available, ask user if they want to execute it # Args: -# -donotupdate: New version will not be looked for and update will not occur -# -update: Check for update, if available, execute without asking +# -d: New version will not be looked for and update will not occur +# -u: Check for update, if available, execute without asking update_updater () { if [ $UPDATE = 'no' ]; then return 0 # User signified not to check for updates @@ -218,9 +210,7 @@ update_updater () { echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" - if [[ $REPLY =~ ^[Nn]$ ]]; then - return 0 # Update available, but user chooses not to update - fi + [[ $REPLY =~ ^[Nn]$ ]] && return 0 # Update available, but user chooses not to update fi else return 0 # No update available @@ -238,11 +228,7 @@ update_updater () { # Returns version number of a user.js file get_userjs_version () { - if [ -e $1 ]; then - echo "$(sed -n '4p' "$1")" - else - echo "Not detected." - fi + [ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected." } add_override () { @@ -273,10 +259,10 @@ remove_comments () { # expects 2 arguments: from-file and to-file update_userjs () { declare -r newfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') - echo 'Please observe the following information:' - echo -e "\tFirefox profile: ${ORANGE}$(pwd)${NC}" - echo -e "\tAvailable online: ${ORANGE}$(get_userjs_version $newfile)${NC}" - echo -e "\tCurrently using: ${ORANGE}$(get_userjs_version user.js)\n${NC}\n" + echo -e "Please observe the following information: + Firefox profile: ${ORANGE}$(pwd)${NC} + Available online: ${ORANGE}$(get_userjs_version $newfile)${NC} + Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n" if [ $CONFIRM = 'yes' ]; then echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" @@ -298,9 +284,7 @@ update_userjs () { # backup user.js mkdir -p userjs_backups local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" - if [ $BACKUP = 'single' ]; then - bakname='userjs_backups/user.js.backup' - fi + [ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup' cp user.js "$bakname" &>/dev/null mv "${newfile}" user.js @@ -336,14 +320,12 @@ update_userjs () { echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" else echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" - if [ $BACKUP = 'multiple' ]; then - rm $bakname &>/dev/null - fi + [ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null fi rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null fi - if [ "$VIEW" = true ]; then open_file "${PWD}/user.js"; fi + [ "$VIEW" = true ] && open_file "${PWD}/user.js" } ######################### @@ -355,12 +337,6 @@ if [ $# != 0 ]; then # Display usage if first argument is -help or --help if [ $1 = '--help' ] || [ $1 = '-help' ]; then usage - elif [ $legacy_lc = '-donotupdate' ]; then - UPDATE='no' - legacy_argument $1 - elif [ $legacy_lc = '-update' ]; then - UPDATE='yes' - legacy_argument $1 else while getopts ":hp:ludsno:bcvre" opt; do case $opt in From a5ab3e23d68253f41aeb86cfaa7628e1eed882d5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 22 Aug 2020 22:16:27 +0000 Subject: [PATCH 1431/1961] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 81b54a9..e13832d 100644 --- a/README.md +++ b/README.md @@ -18,8 +18,6 @@ Literally thousands of sources, references and suggestions. Special mention to: * [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) -1 This user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015, published in August 2015, and moved to GitHub in March 2017 - ### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [b]: /wikipiki/bullet01.png From cfce521919053be2434f8c3bf428787fde50ee9f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 23 Aug 2020 14:37:18 +0000 Subject: [PATCH 1432/1961] 1409: RFP changes in FF81+ (#998) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f67ab24..0eccd71 100644 --- a/user.js +++ b/user.js @@ -809,7 +809,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] RFP in FF80+ restricts the whitelist to bundled and "Base Fonts" (see 4618) + * [NOTE] in FF80 RFP restricts the whitelist to bundled and "Base Fonts" + * ...and in FF81+ the whitelist **overrides** RFP's font visibility (see 4618) * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. * Eventually privacy.resistFingerprinting (see 4500) will cover this * [1] https://bugzilla.mozilla.org/1121643 ***/ From 38d772e4c8721f59a361370572cdb25d777ea04a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 Aug 2020 14:59:41 +0000 Subject: [PATCH 1433/1961] https-only mode updates (#1001) --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 0eccd71..4996b3f 100644 --- a/user.js +++ b/user.js @@ -735,11 +735,12 @@ user_pref("security.mixed_content.block_display_content", true); * [1] https://bugzilla.mozilla.org/1190623 ***/ user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] - * [NOTE] This is experimental + * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) - * [SETTING] Privacy & Security>HTTPS-Only Mode (FF81+) - * [1] https://bugzilla.mozilla.org/1613063 */ + * [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) + * [1] https://bugzilla.mozilla.org/1613063 ***/ // user_pref("dom.security.https_only_mode", true); // [FF76+] + // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] From c6f53c876803a4af26e1000c17455cc09f04cd9b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Aug 2020 11:28:47 +0000 Subject: [PATCH 1434/1961] 2201 deprecated (dead prefs removed in 82), #979 (#1002) --- user.js | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 4996b3f..9d116d1 100644 --- a/user.js +++ b/user.js @@ -958,16 +958,6 @@ user_pref("media.autoplay.blocking_policy", 2); /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2201: prevent websites from disabling new window features ***/ -user_pref("dom.disable_window_open_feature.close", true); -user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.menubar", true); -user_pref("dom.disable_window_open_feature.minimizable", true); -user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.disable_window_open_feature.toolbar", true); /* 2202: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead @@ -1772,6 +1762,17 @@ user_pref("webgl.disable-extensions", true); // [2] https://trac.torproject.org/projects/tor/ticket/16931 // [-] https://bugzilla.mozilla.org/1618188 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); +// 2201: prevent websites from disabling new window features + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524 +user_pref("dom.disable_window_open_feature.close", true); +user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.menubar", true); +user_pref("dom.disable_window_open_feature.minimizable", true); +user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar +user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.titlebar", true); +user_pref("dom.disable_window_open_feature.toolbar", true); // * * * / // FF77 // 0850e: disable location bar one-off searches [FF51+] From 592b959c241ad3fb633a6cc4f9f766321771383c Mon Sep 17 00:00:00 2001 From: h88e22dgpeps56sg <52240714+h88e22dgpeps56sg@users.noreply.github.com> Date: Fri, 28 Aug 2020 10:51:15 +0000 Subject: [PATCH 1435/1961] Updater.sh rework 2 (#1000) * rework DOWNLOAD_METHOD, download_file, open_file * remove legacy command leftover line * return empty string if download fails and return/exit if this happens and show error message * fix IFS var typo * bump version * add quotes Co-authored-by: TotallyLeGIT --- updater.sh | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/updater.sh b/updater.sh index d2756af..ddd5266 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## ghacks-user.js updater for macOS and Linux -## version: 2.6 +## version: 2.7 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -42,9 +42,9 @@ ESR=false # Download method priority: curl -> wget DOWNLOAD_METHOD='' if [[ $(command -v 'curl') ]]; then - DOWNLOAD_METHOD='curl' + DOWNLOAD_METHOD='curl --max-redirs 3 -so' elif [[ $(command -v 'wget') ]]; then - DOWNLOAD_METHOD='wget' + DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' else echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}" exit 0 @@ -104,24 +104,16 @@ Optional Arguments: ######################### # Download files -download_file () { - declare -r url=$1 +download_file () { # expects URL as argument ($1) declare -r tf=$(mktemp) - local dlcmd='' - if [ $DOWNLOAD_METHOD = 'curl' ]; then - dlcmd="curl -o $tf" - else - dlcmd="wget -O $tf" - fi - - $dlcmd "${url}" &>/dev/null && echo "$tf" || echo '' # return the temp-filename (or empty string on error) + $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error } open_file () { #expects one argument: file_path if [ "$(uname)" == 'Darwin' ]; then open "$1" - elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then + elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then xdg-open "$1" else echo -e "${RED}Error: Sorry, opening files is not supported for your OS.${NC}" @@ -203,7 +195,8 @@ update_updater () { return 0 # User signified not to check for updates fi - declare -r tmpfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh') + declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh')" + [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then if [ $UPDATE = 'check' ]; then @@ -238,7 +231,7 @@ add_override () { cat "$input" >> user.js echo -e "Status: ${GREEN}Override file appended:${NC} ${input}" elif [ -d "$input" ]; then - FSAVEIFS=$IFS + SAVEIFS=$IFS IFS=$'\n\b' # Set IFS FILES="${input}"/*.js for f in $FILES @@ -257,7 +250,8 @@ remove_comments () { # expects 2 arguments: from-file and to-file # Applies latest version of user.js and any custom overrides update_userjs () { - declare -r newfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') + declare -r newfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')" + [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed echo -e "Please observe the following information: Firefox profile: ${ORANGE}$(pwd)${NC} @@ -333,7 +327,6 @@ update_userjs () { ######################### if [ $# != 0 ]; then - readonly legacy_lc=$(echo $1 | tr '[A-Z]' '[a-z]') # Display usage if first argument is -help or --help if [ $1 = '--help' ] || [ $1 = '-help' ]; then usage @@ -377,7 +370,8 @@ if [ $# != 0 ]; then ESR=true ;; r) - tfile=$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js') + tfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')" + [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed mv $tfile "${tfile}.js" echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" open_file "${tfile}.js" From 5fd7f6de7e5b193f63954380e948fb8b876ea445 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 28 Aug 2020 18:27:20 +0000 Subject: [PATCH 1436/1961] 80-alpha --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9d116d1..2788d3b 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 13 Aug 2020 -* version 80-alpha +* date: 28 Aug 2020 +* version 80-beta * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From fbe1d48fe2a934da37ce950d28edee2372d86bda Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 31 Aug 2020 19:49:00 +0000 Subject: [PATCH 1437/1961] 2203: open_newwindow values - FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=1661643 - https://hg.mozilla.org/integration/autoland/rev/12d62b074178 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2788d3b..fa49e66 100644 --- a/user.js +++ b/user.js @@ -965,7 +965,7 @@ user_pref("dom.disable_window_move_resize", true); * You can still right-click a link and open in a new window. * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); +user_pref("browser.link.open_newwindow", 3); // 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), From 8dacf6e91f055a91125a01decebfc86a145043c3 Mon Sep 17 00:00:00 2001 From: Diogo Agostinho Date: Mon, 31 Aug 2020 21:47:57 +0000 Subject: [PATCH 1438/1961] fix typo (#1005) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index fa49e66..0a9dceb 100644 --- a/user.js +++ b/user.js @@ -505,7 +505,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 0860: disable search and form history - * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2] + * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties, see [1] [2] * [NOTE] We also clear formdata on exit (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html From 22d2d702beb25ef627c22f38f24ad3c6bb1756d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 3 Sep 2020 13:02:09 +0000 Subject: [PATCH 1439/1961] 1409: obsolete RFP mention --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 0a9dceb..4893c80 100644 --- a/user.js +++ b/user.js @@ -813,7 +813,6 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * [NOTE] in FF80 RFP restricts the whitelist to bundled and "Base Fonts" * ...and in FF81+ the whitelist **overrides** RFP's font visibility (see 4618) * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. - * Eventually privacy.resistFingerprinting (see 4500) will cover this * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] From ed993d550288c30e636e5198e7aa349c5de3a5c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 3 Sep 2020 13:04:31 +0000 Subject: [PATCH 1440/1961] 80 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4893c80..226a724 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js -* date: 28 Aug 2020 -* version 80-beta +* date: 03 Sep 2020 +* version 80 * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt From 3c2bd930c3f6c25889a169d16ec4b6f60d022a72 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 3 Sep 2020 13:11:16 +0000 Subject: [PATCH 1441/1961] start 81-alpha, EOL for ESR68 --- user.js | 100 ++------------------------------------------------------ 1 file changed, 3 insertions(+), 97 deletions(-) diff --git a/user.js b/user.js index 226a724..5259baa 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: ghacks user.js * date: 03 Sep 2020 -* version 80 +* version 81-alpha * url: https://github.com/ghacksuserjs/ghacks-user.js * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt @@ -370,7 +370,7 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR68 or lower] [DEFAULT: true FF70+] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] @@ -1680,7 +1680,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated in FF68 or earlier have been archived at [1], + Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ @@ -1699,99 +1699,5 @@ user_pref("intl.charset.fallback.override", "windows-1252"); // * * * / // ***/ -/* ESR68.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF69 -// 1405: disable WOFF2 (Web Open Font Format) [FF35+] - // [-] https://bugzilla.mozilla.org/1556991 - // user_pref("gfx.downloadable_fonts.woff2.enabled", false); -// 1802: enforce click-to-play for plugins - // [-] https://bugzilla.mozilla.org/1519434 -user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] -// 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) - // [-] https://bugzilla.mozilla.org/1562331 - // user_pref("media.autoplay.allow-muted", false); -// * * * / -// FF71 -// 2608: disable WebIDE and ADB extension download - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1539462 -user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] -user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -// 2731: enforce websites to ask to store data for offline use - // [1] https://support.mozilla.org/questions/1098540 - // [2] https://bugzilla.mozilla.org/959985 - // [-] https://bugzilla.mozilla.org/1574480 -user_pref("offline-apps.allow_by_default", false); -// * * * / -// FF72 -// 0105a: disable Activity Stream telemetry - // [-] https://bugzilla.mozilla.org/1597697 -user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -// 0330: disable Hybdrid Content telemetry - // [-] https://bugzilla.mozilla.org/1520491 -user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] -// 2720: enforce IndexedDB (IDB) as enabled - // IDB is required for extensions and Firefox internals (even before FF63 in [1]) - // To control *website* IDB data, control allowing cookies and service workers, or use - // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize - // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically - // via an extension. Note that IDB currently cannot be sanitized by host. - // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ - // [-] https://bugzilla.mozilla.org/1488583 -user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] -// * * * / -// FF74 -// 0203: use Mozilla geolocation service instead of Google when geolocation is enabled - // Optionally enable logging to the console (defaults to false) - // [-] https://bugzilla.mozilla.org/1613627 -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] -// 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] - // 0=no menu (default), 1=show when clicked, 2=show on long press - // [1] https://bugzilla.mozilla.org/1328756 - // [-] https://bugzilla.mozilla.org/1606265 -user_pref("privacy.userContext.longPressBehavior", 2); -// 2012: limit WebGL - // [-] https://bugzilla.mozilla.org/1477756 -user_pref("webgl.disable-extensions", true); -// * * * / -// FF76 -// 0401: sanitize blocklist url - // [2] https://trac.torproject.org/projects/tor/ticket/16931 - // [-] https://bugzilla.mozilla.org/1618188 -user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -// 2201: prevent websites from disabling new window features - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524 -user_pref("dom.disable_window_open_feature.close", true); -user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.menubar", true); -user_pref("dom.disable_window_open_feature.minimizable", true); -user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.disable_window_open_feature.toolbar", true); -// * * * / -// FF77 -// 0850e: disable location bar one-off searches [FF51+] - // [-] https://bugzilla.mozilla.org/1628926 - // user_pref("browser.urlbar.oneOffSearches", false); -// 2605: block web content in file processes [FF55+] - // [SETUP-WEB] You may want to disable this for corporate or developer environments - // [1] https://bugzilla.mozilla.org/1343184 - // [-] https://bugzilla.mozilla.org/1603007 -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -// * * * / -// FF78 -// 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' - // [-] https://bugzilla.mozilla.org/1509933 -user_pref("media.autoplay.enabled.user-gestures-needed", false); -// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4520) - // [-] https://bugzilla.mozilla.org/1640501 - // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] -// * * * / -// ***/ - /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 76019e6fbe957a4338a7c91de20821089b459659 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 3 Sep 2020 13:27:25 +0000 Subject: [PATCH 1442/1961] ESR78 unhidden prefs also, the note about WebExt + SVG only applies to people using outdated versions .. so that can go too --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5259baa..0f95a51 100644 --- a/user.js +++ b/user.js @@ -581,7 +581,7 @@ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache * capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/ // user_pref("browser.cache.memory.enable", false); - // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR] + // user_pref("browser.cache.memory.capacity", 0); /* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/967812 ***/ @@ -1149,7 +1149,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] - * [NOTE] In FF70+ and ESR68.1.0+ this no longer affects extensions (1564208) * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); @@ -1391,7 +1390,7 @@ user_pref("privacy.firstparty.isolate", true); * [2] https://bugzilla.mozilla.org/1492607 * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] - // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR] + // user_pref("privacy.firstparty.isolate.block_post_message", true); /* 4003: enable site partitioning (FF78+) * [1] https://bugzilla.mozilla.org/1590107 [META] */ user_pref("privacy.partition.network_state", true); From 75a03df0f70523caa52560229f671028380ff76f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Sep 2020 15:20:46 +0000 Subject: [PATCH 1443/1961] miscellaneous (#1007) - less active prefs - now that ESR68 is EOL, at least a whopping two (0602, 1273) - also I don't know when the default changed - another whopping whole one (1240) - and where we do enforce/reset a pref to default, lets say that - this is not a definitive list, sing out if there is anything else - IPv6 info - especially for Iron Heart who likes to claim that this pref breaks 5% of sites - cleanup of settings tags now we only care abut ESR78+ --- user.js | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 0f95a51..85b59f4 100644 --- a/user.js +++ b/user.js @@ -206,8 +206,7 @@ user_pref("app.update.auto", false); * when false, extension detail tabs will have no description ***/ // user_pref("extensions.getAddons.cache.enabled", false); /* 0308: disable search engine updates (e.g. OpenSearch) - * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines - * [SETTING] General>Firefox Updates>Automatically update search engines (FF72-) ***/ + * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); /* 0309: disable sending Flash crash reports ***/ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); @@ -352,7 +351,7 @@ user_pref("browser.ping-centre.telemetry", false); /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses (FF74+) + * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] user_pref("extensions.formautofill.available", "off"); // [FF56+] @@ -377,16 +376,16 @@ user_pref("network.predictor.enable-prefetch", false); // [FF48+] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); -/* 0606: disable "Hyperlink Auditing" (click tracking) and enforce same host in case +/* 0606: enforce no "Hyperlink Auditing" (click tracking) * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ user_pref("browser.send_pings", false); // [DEFAULT: false] -user_pref("browser.send_pings.require_same_host", true); +user_pref("browser.send_pings.require_same_host", true); // defense-in-depth /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 - * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice - * with VPNs. That's even assuming your ISP and/or router and/or website can handle it. + * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's + * even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 * [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, @@ -726,7 +725,7 @@ user_pref("security.family_safety.mode", 0); user_pref("security.cert_pinning.enforcement_level", 2); /** MIXED CONTENT ***/ -/* 1240: disable insecure active content on https pages +/* 1240: enforce no insecure active content on https pages * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21323 ***/ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ @@ -785,7 +784,7 @@ user_pref("browser.ssl_override_behavior", 1); * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); /* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/ -user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true FF70+] + // user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true FF70+] user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ @@ -1141,7 +1140,7 @@ user_pref("browser.uitour.url", ""); * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -/* 2608: disable remote debugging +/* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] @@ -1690,7 +1689,6 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); // 0212: enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will // fallback to the "Current locale" based on your application language - // [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content (FF72-) // [TEST] https://hsivonen.com/test/moz/check-charset.htm // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // [-] https://bugzilla.mozilla.org/1603712 From 9c98972d14cefa6b09fd14d74dfed1332fba2027 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Sep 2020 15:42:34 +0000 Subject: [PATCH 1444/1961] misc2 (#1010) * forceMediaMemoryCache breakage * add back ESR68-EOL for prefsCleaner users --- user.js | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 99 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 85b59f4..603d0ef 100644 --- a/user.js +++ b/user.js @@ -586,7 +586,8 @@ user_pref("browser.cache.disk.enable", false); * [1] https://bugzilla.mozilla.org/967812 ***/ // user_pref("permissions.memory_only", true); // [HIDDEN PREF] /* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB + * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); @@ -735,9 +736,11 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored + * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2] * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) * [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) - * [1] https://bugzilla.mozilla.org/1613063 ***/ + * [1] https://bugzilla.mozilla.org/1613063 [META] + * [2] https://bugzilla.mozilla.org/1647829 ***/ // user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] @@ -1696,5 +1699,99 @@ user_pref("intl.charset.fallback.override", "windows-1252"); // * * * / // ***/ +/* ESR68.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF69 +// 1405: disable WOFF2 (Web Open Font Format) [FF35+] + // [-] https://bugzilla.mozilla.org/1556991 + // user_pref("gfx.downloadable_fonts.woff2.enabled", false); +// 1802: enforce click-to-play for plugins + // [-] https://bugzilla.mozilla.org/1519434 +user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] +// 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) + // [-] https://bugzilla.mozilla.org/1562331 + // user_pref("media.autoplay.allow-muted", false); +// * * * / +// FF71 +// 2608: disable WebIDE and ADB extension download + // [1] https://trac.torproject.org/projects/tor/ticket/16222 + // [-] https://bugzilla.mozilla.org/1539462 +user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] +user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] +// 2731: enforce websites to ask to store data for offline use + // [1] https://support.mozilla.org/questions/1098540 + // [2] https://bugzilla.mozilla.org/959985 + // [-] https://bugzilla.mozilla.org/1574480 +user_pref("offline-apps.allow_by_default", false); +// * * * / +// FF72 +// 0105a: disable Activity Stream telemetry + // [-] https://bugzilla.mozilla.org/1597697 +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +// 0330: disable Hybdrid Content telemetry + // [-] https://bugzilla.mozilla.org/1520491 +user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] +// 2720: enforce IndexedDB (IDB) as enabled + // IDB is required for extensions and Firefox internals (even before FF63 in [1]) + // To control *website* IDB data, control allowing cookies and service workers, or use + // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize + // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically + // via an extension. Note that IDB currently cannot be sanitized by host. + // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ + // [-] https://bugzilla.mozilla.org/1488583 +user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] +// * * * / +// FF74 +// 0203: use Mozilla geolocation service instead of Google when geolocation is enabled + // Optionally enable logging to the console (defaults to false) + // [-] https://bugzilla.mozilla.org/1613627 +user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] +// 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] + // 0=no menu (default), 1=show when clicked, 2=show on long press + // [1] https://bugzilla.mozilla.org/1328756 + // [-] https://bugzilla.mozilla.org/1606265 +user_pref("privacy.userContext.longPressBehavior", 2); +// 2012: limit WebGL + // [-] https://bugzilla.mozilla.org/1477756 +user_pref("webgl.disable-extensions", true); +// * * * / +// FF76 +// 0401: sanitize blocklist url + // [2] https://trac.torproject.org/projects/tor/ticket/16931 + // [-] https://bugzilla.mozilla.org/1618188 +user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); +// 2201: prevent websites from disabling new window features + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524 +user_pref("dom.disable_window_open_feature.close", true); +user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.menubar", true); +user_pref("dom.disable_window_open_feature.minimizable", true); +user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar +user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] +user_pref("dom.disable_window_open_feature.titlebar", true); +user_pref("dom.disable_window_open_feature.toolbar", true); +// * * * / +// FF77 +// 0850e: disable location bar one-off searches [FF51+] + // [-] https://bugzilla.mozilla.org/1628926 + // user_pref("browser.urlbar.oneOffSearches", false); +// 2605: block web content in file processes [FF55+] + // [SETUP-WEB] You may want to disable this for corporate or developer environments + // [1] https://bugzilla.mozilla.org/1343184 + // [-] https://bugzilla.mozilla.org/1603007 +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); +// * * * / +// FF78 +// 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' + // [-] https://bugzilla.mozilla.org/1509933 +user_pref("media.autoplay.enabled.user-gestures-needed", false); +// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4520) + // [-] https://bugzilla.mozilla.org/1640501 + // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] +// * * * / +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From f606c8b8666cf14fb8104acdc30e7629f89bb3b5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 8 Sep 2020 23:49:22 +0000 Subject: [PATCH 1445/1961] 2203 values see https://bugzilla.mozilla.org/show_bug.cgi?id=1663500 where they reverted https://bugzilla.mozilla.org/show_bug.cgi?id=1661643 where they said value 1 didn't do anything - all changes in FF82, so nothing to see here folks ... move along --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 603d0ef..5cfbe9f 100644 --- a/user.js +++ b/user.js @@ -966,7 +966,7 @@ user_pref("dom.disable_window_move_resize", true); * You can still right-click a link and open in a new window. * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 2=new window, 3=new tab +user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), From 78a7c194ebe728215f00c81edf71c6e632eb6037 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 10 Sep 2020 07:33:50 +0000 Subject: [PATCH 1446/1961] update ref links --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 5cfbe9f..2e7da6d 100644 --- a/user.js +++ b/user.js @@ -964,14 +964,14 @@ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window. - * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen + * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube - * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen ***/ + * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen ***/ // user_pref("full-screen-api.enabled", false); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ @@ -1147,7 +1147,7 @@ user_pref("devtools.chrome.enabled", false); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] - * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc + * [TEST] https://torzillafox.github.io/tzp/tzp.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] @@ -1408,7 +1408,7 @@ user_pref("privacy.partition.network_state", true); [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test your window size, do some math, resize to allow for all the non inner window elements - [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen + [TEST] https://torzillafox.github.io/tzp/tzp.html#screen ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) From c8eee094e0f10b2c15644327c6fa31fb72a24730 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Sep 2020 03:23:55 +0000 Subject: [PATCH 1447/1961] update links --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 2e7da6d..77f0b41 100644 --- a/user.js +++ b/user.js @@ -964,14 +964,14 @@ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window. - * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen + * [TEST] https://hardenff.github.io/tzp/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube - * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen ***/ + * [TEST] https://hardenff.github.io/tzp/tzp.html#screen ***/ // user_pref("full-screen-api.enabled", false); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ @@ -1147,7 +1147,7 @@ user_pref("devtools.chrome.enabled", false); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] - * [TEST] https://torzillafox.github.io/tzp/tzp.html#misc + * [TEST] https://hardenff.github.io/tzp/tzp.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] @@ -1408,7 +1408,7 @@ user_pref("privacy.partition.network_state", true); [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test your window size, do some math, resize to allow for all the non inner window elements - [TEST] https://torzillafox.github.io/tzp/tzp.html#screen + [TEST] https://hardenff.github.io/tzp/tzp.html#screen ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) From 18112f9ae86ac2b27ff93955a3d1d4aeb09e5d67 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 11 Sep 2020 21:55:12 +0000 Subject: [PATCH 1448/1961] last F time :) update TZP links --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 77f0b41..08962f3 100644 --- a/user.js +++ b/user.js @@ -964,14 +964,14 @@ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window. - * [TEST] https://hardenff.github.io/tzp/tzp.html#screen + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks * [NOTE] You can still manually toggle the browser's fullscreen state (F11), * but this pref will disable embedded video/game fullscreen controls, e.g. youtube - * [TEST] https://hardenff.github.io/tzp/tzp.html#screen ***/ + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/ // user_pref("full-screen-api.enabled", false); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ @@ -1147,7 +1147,7 @@ user_pref("devtools.chrome.enabled", false); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] - * [TEST] https://hardenff.github.io/tzp/tzp.html#misc + * [TEST] https://arkenfox.github.io/TZP/tzp.html#misc * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] @@ -1408,7 +1408,7 @@ user_pref("privacy.partition.network_state", true); [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test your window size, do some math, resize to allow for all the non inner window elements - [TEST] https://hardenff.github.io/tzp/tzp.html#screen + [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ** 1281949 - spoof screen orientation (FF50+) ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) From 3e4c56cf27d0b67457fa2a11e4fd26da0737833c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 13 Sep 2020 12:16:21 +0000 Subject: [PATCH 1449/1961] arkenfox support also fixes mixed line endings --- updater.bat | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/updater.bat b/updater.bat index b433678..0e883be 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE ghacks user.js updater REM ## ghacks-user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.10 +REM ## version: 4.11 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts -SET v=4.10 +SET v=4.11 VERIFY ON CD /D "%~dp0" @@ -100,7 +100,10 @@ IF NOT EXIST user.js ( ) :exitloop IF NOT "!_name!"=="" ( - IF /I NOT "!_name!"=="!_name:ghacks=!" ( + SET "_tempvar=" + IF /I NOT "!_name!"=="!_name:ghacks=!" SET _tempvar=1 + IF /I NOT "!_name!"=="!_name:arkenfox=!" SET _tempvar=1 + IF !_tempvar! EQU 1 ( CALL :message "!_name! !_version:~2!,!_date!" ) ELSE (CALL :message "Current user.js version not recognised.") ) ELSE (CALL :message "Current user.js version not recognised.") @@ -136,10 +139,10 @@ IF EXIST user.js.new ( IF DEFINED _rfpalts ( CALL :message "Activating RFP Alternatives section..." CALL :activate user.js.new "[SETUP-non-RFP]" - ) - IF DEFINED _esr ( - CALL :message "Activating ESR section..." - CALL :activate user.js.new ".x still uses all the following prefs" + ) + IF DEFINED _esr ( + CALL :message "Activating ESR section..." + CALL :activate user.js.new ".x still uses all the following prefs" ) IF DEFINED _multi ( FORFILES /P user.js-overrides /M *.js >nul 2>&1 @@ -216,8 +219,8 @@ ENDLOCAL GOTO :EOF ::::::::::::::: Activate Section ::::::::::::::: -:activate -:: arg1 = file +:activate +:: arg1 = file :: arg2 = line substring SETLOCAL DisableDelayedExpansion ( From ae0c980d25721b3ce32a56fb37a3e07a9282be98 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 04:15:03 +0000 Subject: [PATCH 1450/1961] migration --- user.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 08962f3..05dc94d 100644 --- a/user.js +++ b/user.js @@ -1,22 +1,22 @@ /****** -* name: ghacks user.js +* name: arkenfox user.js * date: 03 Sep 2020 * version 81-alpha -* url: https://github.com/ghacksuserjs/ghacks-user.js -* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt +* url: https://github.com/arkenfox/user.js +* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * releases: These are end-of-stable-life-cycle legacy archives. *Always* use the master branch user.js for a current up-to-date version - url: https://github.com/ghacksuserjs/ghacks-user.js/releases + url: https://github.com/arkenfox/user.js/releases * README: 0. Consider using Tor Browser if it meets your needs or fits your threat model better * https://www.torproject.org/about/torusers.html.en 1. READ the full README - * https://github.com/ghacksuserjs/ghacks-user.js/blob/master/README.md + * https://github.com/arkenfox/user.js/blob/master/README.md 2. READ this - * https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation + * https://github.com/arkenfox/user.js/wiki/1.3-Implementation 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum * Real time binary checks with Google services are disabled (0412) * You will still get prompts to update Firefox, but auto-installing them is disabled (0302a) @@ -38,7 +38,7 @@ [SETUP-HARDEN] maybe you should consider using the Tor Browser * [WARNING] tags are extra special and used sparingly, so heed them 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) - 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance + 5. KEEP UP TO DATE: https://github.com/arkenfox/user.js/wiki#small_orange_diamond-maintenance * INDEX: @@ -391,7 +391,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. * [TEST] https://ipleak.org/ - * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626 + * [1] https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 @@ -568,7 +568,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 - [5] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor + [5] https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ @@ -1683,7 +1683,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets - [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 + [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* ESR78.x still uses all the following prefs From af516315971b7c94075db1e317bee5b12dc3b781 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 04:19:03 +0000 Subject: [PATCH 1451/1961] Update LICENSE.txt --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index a18c4e2..0eed2c7 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2017 ghacksuserjs +Copyright (c) 2020 arkenfox Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 4c4270f1d7972c0f274dc65dc7ae83913194545d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 04:33:50 +0000 Subject: [PATCH 1452/1961] migration changes --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index e13832d..2c3a00c 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,23 @@ ### ![][b] user.js -A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page. +A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/arkenfox/user.js/wiki/1.1-Overview) wiki page. -### ![][b] This user.js -This `user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). +### ![][b] the arkenfox user.js -Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + +The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). + +Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. -Also be aware that this `user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. +Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. -Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs) +Sitemap: [Releases](https://github.com/arkenfox/user.js/releases), [changelogs](https://github.com/arkenfox/user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/arkenfox/user.js/wiki), [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) ### ![][b] acknowledgments Literally thousands of sources, references and suggestions. Special mention to: -* [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) - * The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) - -### ![][b] [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + * This [12bytes article](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) which uses the `arkenfox user.js` and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) [b]: /wikipiki/bullet01.png From ed5b15877709f7c6690f88e769bd1db1e817752f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:52:28 +0000 Subject: [PATCH 1453/1961] Rename ghacks-clear-RFP-alternatives.js to arkenfox-clear-RFP-alternatives.js --- ...ear-RFP-alternatives.js => arkenfox-clear-RFP-alternatives.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scratchpad-scripts/{ghacks-clear-RFP-alternatives.js => arkenfox-clear-RFP-alternatives.js} (100%) diff --git a/scratchpad-scripts/ghacks-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js similarity index 100% rename from scratchpad-scripts/ghacks-clear-RFP-alternatives.js rename to scratchpad-scripts/arkenfox-clear-RFP-alternatives.js From 6fdda5fb627ef9758ccefe243f2a7bf059c3b398 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:53:09 +0000 Subject: [PATCH 1454/1961] rename as arkenfox --- .../{ghacks-clear-deprecated.js => arkenfox-clear-deprecated.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scratchpad-scripts/{ghacks-clear-deprecated.js => arkenfox-clear-deprecated.js} (100%) diff --git a/scratchpad-scripts/ghacks-clear-deprecated.js b/scratchpad-scripts/arkenfox-clear-deprecated.js similarity index 100% rename from scratchpad-scripts/ghacks-clear-deprecated.js rename to scratchpad-scripts/arkenfox-clear-deprecated.js From 26bca612d7ea9d86ac6e2aa4b54288e92024ee92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:54:22 +0000 Subject: [PATCH 1455/1961] rename as arkenfox --- .../{ghacks-clear-removed.js => arkenfox-clear-removed.js} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename scratchpad-scripts/{ghacks-clear-removed.js => arkenfox-clear-removed.js} (98%) diff --git a/scratchpad-scripts/ghacks-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js similarity index 98% rename from scratchpad-scripts/ghacks-clear-removed.js rename to scratchpad-scripts/arkenfox-clear-removed.js index dfb63c4..8032bcc 100644 --- a/scratchpad-scripts/ghacks-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,10 +1,10 @@ /*** - This will reset the preferences that have been removed completely from the ghacks user.js. + This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 28-July-2020 + Last updated: 14-Sept-2020 For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ (function() { From 637e5964dbadf6783ae1f1833ad5c190b315a238 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:56:00 +0000 Subject: [PATCH 1456/1961] update links --- scratchpad-scripts/arkenfox-clear-RFP-alternatives.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js index 1dfc5f7..4be4b81 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js @@ -2,11 +2,11 @@ Version: up to and including FF/ESR78 This will reset the preferences that are under sections 4600 & 4700 in the - ghacks user.js. These are the prefs that are no longer necessary, or they + arkenfox user.js. These are the prefs that are no longer necessary, or they conflict with, privacy.resistFingerprinting if you have that enabled. For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ (function() { From 1f545312fd6d11060df67d7157186e66a81c5398 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:57:30 +0000 Subject: [PATCH 1457/1961] update names + links --- scratchpad-scripts/arkenfox-clear-deprecated.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-deprecated.js b/scratchpad-scripts/arkenfox-clear-deprecated.js index e3ab4e1..766dd33 100644 --- a/scratchpad-scripts/arkenfox-clear-deprecated.js +++ b/scratchpad-scripts/arkenfox-clear-deprecated.js @@ -2,12 +2,12 @@ Version: up to and including FF/ESR78 This will reset the preferences that have been deprecated by Mozilla - and used in the ghacks user.js + and used in the arkenfox user.js It is in reverse order, so feel free to remove sections that do not apply For instructions see: - https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ (function() { From 44e22835c128621cc13f864fcf7cf2dc1d07af13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:58:39 +0000 Subject: [PATCH 1458/1961] update name --- scratchpad-scripts/arkenfox-clear-removed.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 8032bcc..25da048 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -9,7 +9,7 @@ (function() { let ops = [ - /* removed in ghacks user.js v52-57 */ + /* removed in arkenfox user.js v52-57 */ /* 52-alpha */ 'browser.search.reset.enabled', 'browser.search.reset.whitelist', From 2532ddcc18b6323459797be0697ab6a54e6f1a4b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 05:59:51 +0000 Subject: [PATCH 1459/1961] update name --- scratchpad-scripts/troubleshooter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 61488f0..a33d803 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** ghacks-user.js troubleshooter.js v1.6.1 ***/ +/*** arkenfox user.js troubleshooter.js v1.6.1 ***/ (function() { From eff4b74130272ed4dfe815c0f411512df9f51c3c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:05:33 +0000 Subject: [PATCH 1460/1961] migration: cleanup code references --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 4cf0a19..9585395 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -8,16 +8,16 @@ assignees: '' --- Before you proceed... - - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including + - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/arkenfox/user.js/wiki/1.4-Troubleshooting), including - confirming the problem is caused by the `user.js` - searching the `[Setup` tags in the `user.js` - Search the GitHub repository. The information you need is most likely here already. - Note: We do not support forks See also: - - Extension breakage due to prefs [issue 391](https://github.com/ghacksuserjs/ghacks-user.js/issues/391) - - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/ghacksuserjs/ghacks-user.js/issues/350) - - The extension CSP header modification game [issue 664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) + - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391) + - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350) + - The extension CSP header modification game [issue 664](https://github.com/arkenfox/user.js/issues/664) If you still need help, help us help you by providing relevant information: - browser version From 6a107d4d2fbe885b2c8ee2254d7a024d56188540 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:06:32 +0000 Subject: [PATCH 1461/1961] migration: cleanup code references --- .github/ISSUE_TEMPLATE/user-js.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/user-js.md b/.github/ISSUE_TEMPLATE/user-js.md index 1357819..7955d27 100644 --- a/.github/ISSUE_TEMPLATE/user-js.md +++ b/.github/ISSUE_TEMPLATE/user-js.md @@ -9,7 +9,7 @@ assignees: '' We value feedback in general, but we value feedback from informed users more. There is no need for you to be an expert to participate (most of us aren't), but we hope that you at least understand our decisions before questioning them. We discuss all changes openly, and we do not make changes lightly. So, if you don't understand why we decided to add/remove/change a certain pref, search the repo. The answer is most certainly here. -If some change we made took you by surprise (in the wrong way), remember that keeping track of changes is your responsibility. Watch the repo, read the [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=✓&q=is%3Aissue+label%3Achangelog), compare [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases) as you update your copy of user.js, or use any other method you prefer. +If some change we made took you by surprise (in the wrong way), remember that keeping track of changes is your responsibility. Watch the repo, read the [changelogs](https://github.com/arkenfox/user.js/issues?utf8=✓&q=is%3Aissue+label%3Achangelog), compare [releases](https://github.com/arkenfox/user.js/releases) as you update your copy of user.js, or use any other method you prefer. Clear all of this when you're ready to type. From fc650522863ede373f458ac71552dc5e91a5afd8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:07:32 +0000 Subject: [PATCH 1462/1961] migration: cleanup code references --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index a8f761e..839cbe3 100644 --- a/_config.yml +++ b/_config.yml @@ -1,3 +1,3 @@ theme: jekyll-theme-midnight -title: ghacks-user.js +title: user.js description: An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting From 515d6ff8744a746021e0f9fe1091e1782d3391ba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:11:35 +0000 Subject: [PATCH 1463/1961] v2.3: update repo name --- prefsCleaner.bat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 4c8f7a4..f82658a 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.2 +REM ## version: 2.3 CD /D "%~dp0" @@ -13,7 +13,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.2 #### +ECHO #### v2.3 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -101,7 +101,7 @@ ECHO add-ons disabled. Then, restart it again normally, and see if the CALL :message " problems were solved." ECHO: CALL :message "If you are able to identify the cause of your issues, please bring it up" -ECHO on ghacks-user.js GitHub repository. +ECHO on arkenfox user.js GitHub repository. ECHO: ECHO: PAUSE From 16c36580406c16644aa59c84a74920adfad39b72 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:17:44 +0000 Subject: [PATCH 1464/1961] align look with TZP --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2c3a00c..32849d5 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -### ![][b] user.js +### 🟪 user.js A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/arkenfox/user.js/wiki/1.1-Overview) wiki page. -### ![][b] the arkenfox user.js +### 🟩 the arkenfox user.js [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) @@ -13,11 +13,16 @@ Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Bro Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. -Sitemap: [Releases](https://github.com/arkenfox/user.js/releases), [changelogs](https://github.com/arkenfox/user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/arkenfox/user.js/wiki), [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) +### 🟧 sitemap -### ![][b] acknowledgments + - [Releases](https://github.com/arkenfox/user.js/releases) + - [changelogs](https://github.com/arkenfox/user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog) + - [Wiki](https://github.com/arkenfox/user.js/wiki) + - [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22) + - [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) + +### 🟥 acknowledgments Literally thousands of sources, references and suggestions. Special mention to: * This [12bytes article](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) which uses the `arkenfox user.js` and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) -[b]: /wikipiki/bullet01.png From ed05c644824c69d9d930bd3972959497aa50107a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:18:33 +0000 Subject: [PATCH 1465/1961] we no longer have github pages --- wikipiki/bullet01.png | Bin 3374 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/bullet01.png diff --git a/wikipiki/bullet01.png b/wikipiki/bullet01.png deleted file mode 100644 index eaaacd52134f420398f84d34d82a9cf0b7101d16..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3374 zcmV+}4bk$6P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z00076Nkl@vnbTIPJVNwl}pr}KolPFXqsKEY%E*(M*+nk%* z)a8$~{Ixn17}!Ox*|nr&;W3zpHuo%~eB7QrHj{ju!nebg6mGghL5KJ8`#OF2A|m|F z_-Ejkn-KGY>iI3-e$+r25m)K)h_l2V4;&!wvl8!AQ2h#@+bkq%Aa#o3!I;NV`E|T9 zx)eIGsCpIqFEH*^h+Z43Rmg2xz2R3c|Xn5;mw`_&`CGq4~RPDgN4Z1C;9)(D2 z5n!wxn>KPdy!qj_NZ2V7cFNY=9a$bL&!Ran?pBDl>;cBwv1vmG=QrQhi_A5NyuY4p zu1PlEHOlhvp@{0nz700-0><3fw1Lw3%uJQY?0JzlXZ~#VoMc{~7HzO>L3MFbEePI# z1rL>4uXR2%RW349A@b@-{$?s9GhHrPpEatsEB0u!vJ+gqMb%O-pEf3}BGdasrmP}U zB?YpIOqa;UgjKYlMUAvt&h7vcjZ}XNu_lv7#t8-u%B)cHx!(sN4l2Js)a*ZNpAFGCkI>QG>a2IgZ0f~oMQ16Ch zC+IF5W)CTOjL0Lz>>+J9sW;qU`1b(yi=cZ!4`xBV6Ot}S-J^EhPkP0KlaZ70KgcXqaelzmH+?%07*qoM6N<$ Ef@qmi<^TWy From 7fe9784bf87d0baf1ef6053aaa7542ae5837da53 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Sep 2020 06:18:54 +0000 Subject: [PATCH 1466/1961] we no longer have github pages --- wikipiki/exclamation.png | Bin 3210 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/exclamation.png diff --git a/wikipiki/exclamation.png b/wikipiki/exclamation.png deleted file mode 100644 index e8e4ff5fd1ec1b49fe12fe38f8eadfc775ffbfac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3210 zcmV;540ZE~P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z0005CNklR0gKSMcQL z5IlMBSwXJ~p1f$O5H)FCm|h%mcr9pZ9s05!PBRbE$d4YazTb zEL0!>TY-qBv=5Tx@abSsUKqFp<}Pe6K(hiYpp5CJ&E`Yk;KD!+ldBNjf}6z&Q0rkF zhKFZa_T~wjHRI0oa4KJauM$|JRZ4yM=ND4B_v87@&io9UFsF zg$+Q$&S`&EsXx>4*sa1zU1g^{xm5@Xt#?bM+<*!wp*w>j0A-c3alha3`+YZHSZ|#I z20%kdIm#Codov(*0SbDA7ytkO07*qoM6N<$f+=wLcmMzZ From f61d4a0d383d9ccc9513c35f09f1290a4292a5d1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 15 Sep 2020 11:55:28 +0000 Subject: [PATCH 1467/1961] Update prefsCleaner.sh --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index d8185cd..c9d92d9 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.2 +## version: 1.3 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -58,7 +58,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.2 ║" +echo " ║ v1.3 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." @@ -90,7 +90,7 @@ select option in Start Help Exit; do echo "4. Rename or copy your latest backup to prefs.js." echo "5. Run Firefox and see if you notice anything wrong with it." echo "6. If you do notice something wrong, especially with your extensions, and/or with the UI, go to about:support, and restart Firefox with add-ons disabled. Then, restart it again normally, and see if the problems were solved." - echo -e "If you are able to identify the cause of your issues, please bring it up on ghacks-user.js GitHub repository.\n" + echo -e "If you are able to identify the cause of your issues, please bring it up on the arkenfox user.js GitHub repository.\n" ;; Exit) fQuit 0 From 42b7650d42a781b66d94516b4a849d253ef05cc8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 15 Sep 2020 11:58:52 +0000 Subject: [PATCH 1468/1961] v2.8: arkenfox --- updater.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/updater.sh b/updater.sh index ddd5266..7ab21d4 100755 --- a/updater.sh +++ b/updater.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash -## ghacks-user.js updater for macOS and Linux +## arkenfox user.js updater for macOS and Linux -## version: 2.7 +## version: 2.8 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -55,14 +55,14 @@ show_banner () { echo -e "${BBLUE} ############################################################################ #### #### - #### ghacks user.js #### + #### arkenfox user.js #### #### Hardening the Privacy and Security Settings of Firefox #### #### Maintained by @Thorin-Oakenpants and @earthlng #### #### Updater for macOS and Linux by @overdodactyl #### #### #### ############################################################################" echo -e "${NC}\n" - echo -e "Documentation for this script is available here: ${CYAN}https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts${NC}\n" + echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts${NC}\n" } ######################### @@ -195,7 +195,7 @@ update_updater () { return 0 # User signified not to check for updates fi - declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.sh')" + declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then @@ -250,7 +250,7 @@ remove_comments () { # expects 2 arguments: from-file and to-file # Applies latest version of user.js and any custom overrides update_userjs () { - declare -r newfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')" + declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed echo -e "Please observe the following information: @@ -370,7 +370,7 @@ if [ $# != 0 ]; then ESR=true ;; r) - tfile="$(download_file 'https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js')" + tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed mv $tfile "${tfile}.js" echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" From ee3e5f01863dd99e7cd485aa0be335b7d8c45fbe Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 15 Sep 2020 12:04:54 +0000 Subject: [PATCH 1469/1961] v4.12: arkenfox --- updater.bat | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/updater.bat b/updater.bat index 0e883be..7783860 100644 --- a/updater.bat +++ b/updater.bat @@ -1,12 +1,12 @@ @ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE ghacks user.js updater +TITLE arkenfox user.js updater -REM ## ghacks-user.js updater for Windows +REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.11 -REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts +REM ## version: 4.12 +REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts -SET v=4.11 +SET v=4.12 VERIFY ON CD /D "%~dp0" @@ -52,7 +52,7 @@ IF DEFINED _updateb ( REM Uncomment the next line and comment out the PowerShell call for testing. REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul ( - PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')" + PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat', '[updated]!_myname!.bat')" ) >nul 2>&1 IF EXIST "[updated]!_myname!.bat" ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! @@ -111,7 +111,7 @@ IF NOT EXIST user.js ( ECHO: IF NOT DEFINED _ua ( CALL :message "This batch should be run from your Firefox profile directory." - ECHO: It will download the latest version of ghacks user.js from github and then + ECHO: It will download the latest version of arkenfox user.js from github and then CALL :message "append any of your own changes from user-overrides.js to it." CALL :message "Visit the wiki for more detailed information." ECHO: @@ -133,7 +133,7 @@ IF DEFINED _log ( IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." ( - PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')" + PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/user.js', 'user.js.new')" ) >nul 2>&1 IF EXIST user.js.new ( IF DEFINED _rfpalts ( From e1d336a178b784766d05afbd84c8e006001979f4 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 15 Sep 2020 13:36:39 +0000 Subject: [PATCH 1470/1961] standardize some error codes * 0 : successful termination * 2 : command line syntax error * 1 : catchall for general errors Plus a few text improvements based on unmerged PR https://github.com/arkenfox/user.js/pull/910/commits/4fbb2be98d8d156efd0f172e24cbbf77591ef4fc --- updater.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/updater.sh b/updater.sh index 7ab21d4..a27e98a 100755 --- a/updater.sh +++ b/updater.sh @@ -47,7 +47,7 @@ elif [[ $(command -v 'wget') ]]; then DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' else echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}" - exit 0 + exit 1 fi @@ -76,7 +76,7 @@ usage() { Optional Arguments: -h Show this help message and exit. -p PROFILE Path to your Firefox profile (if different than the dir of this script) - IMPORTANT: if the path includes spaces, wrap the entire argument in quotes. + IMPORTANT: If the path contains spaces, wrap the entire argument in quotes. -l Choose your Firefox profile from a list -u Update updater.sh and execute silently. Do not seek confirmation. -d Do not look for updates to updater.sh. @@ -88,8 +88,8 @@ Optional Arguments: If given a directory, all files inside will be appended recursively. You can pass multiple files or directories by passing a comma separated list. Note: If a directory is given, only files inside ending in the extension .js are appended - IMPORTANT: do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1 - IMPORTANT: if any files/paths include spaces, wrap the entire argument in quotes. + IMPORTANT: Do not add spaces between files/paths. Ex: -o file1.js,file2.js,dir1 + IMPORTANT: If any file/path contains spaces, wrap the entire argument in quotes. Ex: -o \"override folder\" -n Do not append any overrides, even if user-overrides.js exists. -v Open the resulting user.js file. @@ -104,13 +104,13 @@ Optional Arguments: ######################### # Download files -download_file () { # expects URL as argument ($1) +download_file () { # expects URL as argument ($1) declare -r tf=$(mktemp) $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error } -open_file () { #expects one argument: file_path +open_file () { # expects one argument: file_path if [ "$(uname)" == 'Darwin' ]; then open "$1" elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then @@ -211,7 +211,7 @@ update_updater () { mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" chmod u+x "${SCRIPT_DIR}/updater.sh" "${SCRIPT_DIR}/updater.sh" "$@" -d - exit 1 + exit 0 } @@ -375,7 +375,7 @@ if [ $# != 0 ]; then mv $tfile "${tfile}.js" echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" open_file "${tfile}.js" - exit 1 + exit 0 ;; \?) echo -e "${RED}\n Error! Invalid option: -$OPTARG${NC}" >&2 @@ -383,7 +383,7 @@ if [ $# != 0 ]; then ;; :) echo -e "${RED}Error! Option -$OPTARG requires an argument.${NC}" >&2 - exit 1 + exit 2 ;; esac done From c367beabe38750dfc21cd8c5da27239ed0529845 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 Sep 2020 12:20:59 +0000 Subject: [PATCH 1471/1961] 81-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 05dc94d..bf8cdc3 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 03 Sep 2020 -* version 81-alpha +* date: 23 Sep 2020 +* version 81-beta * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 4779ea78500031d3e723c211997708743a71073a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Sep 2020 00:47:09 +0000 Subject: [PATCH 1472/1961] remove CSP issue, closes #1021 --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 9585395..4ed3b19 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -17,7 +17,6 @@ Before you proceed... See also: - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391) - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350) - - The extension CSP header modification game [issue 664](https://github.com/arkenfox/user.js/issues/664) If you still need help, help us help you by providing relevant information: - browser version From 2391874e044be303e14f405e9c06e07c13c6dc6c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Sep 2020 19:04:08 +0000 Subject: [PATCH 1473/1961] UI setting change in 81 https://bugzilla.mozilla.org/show_bug.cgi?id=1613468 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bf8cdc3..bdb7224 100644 --- a/user.js +++ b/user.js @@ -1124,7 +1124,7 @@ user_pref("dom.webaudio.enabled", false); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: prevent accessibility services from accessing your browser [RESTART] - * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser + * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser [FF80 or lower] * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); /* 2602: disable sending additional analytics to web servers From 421f1e361c772e70d1e59f528b7d0aa1f2290f68 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 29 Sep 2020 06:10:57 +0000 Subject: [PATCH 1474/1961] [ ] are for for prefs only --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bdb7224..6eed776 100644 --- a/user.js +++ b/user.js @@ -1124,7 +1124,7 @@ user_pref("dom.webaudio.enabled", false); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: prevent accessibility services from accessing your browser [RESTART] - * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser [FF80 or lower] + * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser (FF80 or lower) * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); /* 2602: disable sending additional analytics to web servers From a56ba859363f87d45b860b51560a9a3072f33b84 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Oct 2020 08:33:27 +0000 Subject: [PATCH 1475/1961] remove dom.IntersectionObserver.enabled #1026 - this was made inactive in v68 - since at least FF79, when active as false, it breaks the web and browser consoles - it breaks websites - it breaks extensions: e.g. uBO panel functionality - it does nothing to mitigate possible fingerprinting (which was why it was initially added as a concern) - i.e the API only provided a standardized method, it does not stop previous/earlier workarounds --- user.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/user.js b/user.js index 6eed776..7f02fdf 100644 --- a/user.js +++ b/user.js @@ -1073,11 +1073,6 @@ user_pref("javascript.options.asmjs", false); * [NOTE] In FF71+ this no longer affects extensions (1576254) * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); -/* 2426: disable Intersection Observer API [FF55+] - * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API - * [2] https://w3c.github.io/IntersectionObserver/ - * [3] https://bugzilla.mozilla.org/1243846 ***/ - // user_pref("dom.IntersectionObserver.enabled", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] From e89f9a5d8997210f6c9ee089e5000a2dcb244613 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Oct 2020 08:36:15 +0000 Subject: [PATCH 1476/1961] dom.IntersectionObserver.enabled commit: https://github.com/arkenfox/user.js/commit/a56ba859363f87d45b860b51560a9a3072f33b84 issue: #1026 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 25da048..8ade622 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 14-Sept-2020 + Last updated: 2-Oct-2020 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -223,6 +223,8 @@ 'browser.search.region', /* 79-beta */ 'browser.urlbar.usepreloadedtopurls.enabled', + /* 80 */ + 'dom.IntersectionObserver.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From d5ccf4693b7cac1f9d04255187a735d51691d7a6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Oct 2020 02:43:51 +1300 Subject: [PATCH 1477/1961] fixup font prefs vs RFP, fixes #1025 (#1028) - make 1401 inactive: it affects RFP's FPing - remove old warning/setup-web: we do not care about documenting breakage or FPing risks when we have a warning and they are inactive. If someone uses them, that's on them - new warnings --- user.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 7f02fdf..f559dae 100644 --- a/user.js +++ b/user.js @@ -794,9 +794,9 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [SETUP-WEB] Can break some PDFs (missing text). Limiting to default fonts can "uglify" the web + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ -user_pref("browser.display.use_document_fonts", 0); + // user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering * [1] https://bugzilla.mozilla.org/789788 * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ @@ -812,9 +812,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] in FF80 RFP restricts the whitelist to bundled and "Base Fonts" - * ...and in FF81+ the whitelist **overrides** RFP's font visibility (see 4618) - * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) + * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] From c90341ddedf7e0c1ae1256d647a9470d056602c1 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Oct 2020 12:10:24 +0000 Subject: [PATCH 1478/1961] 1244: HTTPS-Only mode update (#1031) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f559dae..54efc6f 100644 --- a/user.js +++ b/user.js @@ -736,7 +736,7 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored - * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2] + * [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled [2] (fixed in FF83) * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) * [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) * [1] https://bugzilla.mozilla.org/1613063 [META] From 0e10a820d9f69a446ea526ffc8a93900b8c6a620 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Oct 2020 14:01:41 +0000 Subject: [PATCH 1479/1961] 81 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 54efc6f..03acb59 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 23 Sep 2020 -* version 81-beta +* date: 13 Oct 2020 +* version 81 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From f591a8adf84346797704f683b76e6a582ecf6fcb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 13 Oct 2020 14:12:53 +0000 Subject: [PATCH 1480/1961] 82-alpha, 82 deprecated, remove old deprecated --- user.js | 105 ++++---------------------------------------------------- 1 file changed, 7 insertions(+), 98 deletions(-) diff --git a/user.js b/user.js index 03acb59..e2a9466 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js * date: 13 Oct 2020 -* version 81 +* version 82-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -160,10 +160,6 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] -/* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" - * i.e. ignore all of Mozilla's various search engines in multiple locales ***/ -user_pref("browser.search.geoSpecificDefaults", false); -user_pref("browser.search.geoSpecificDefaults.url", ""); /* 0207: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ user_pref("browser.region.network.url", ""); // [FF78+] @@ -1691,99 +1687,12 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); // [-] https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); // * * * / -// ***/ - -/* ESR68.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF69 -// 1405: disable WOFF2 (Web Open Font Format) [FF35+] - // [-] https://bugzilla.mozilla.org/1556991 - // user_pref("gfx.downloadable_fonts.woff2.enabled", false); -// 1802: enforce click-to-play for plugins - // [-] https://bugzilla.mozilla.org/1519434 -user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] -// 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) - // [-] https://bugzilla.mozilla.org/1562331 - // user_pref("media.autoplay.allow-muted", false); -// * * * / -// FF71 -// 2608: disable WebIDE and ADB extension download - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1539462 -user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] -user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -// 2731: enforce websites to ask to store data for offline use - // [1] https://support.mozilla.org/questions/1098540 - // [2] https://bugzilla.mozilla.org/959985 - // [-] https://bugzilla.mozilla.org/1574480 -user_pref("offline-apps.allow_by_default", false); -// * * * / -// FF72 -// 0105a: disable Activity Stream telemetry - // [-] https://bugzilla.mozilla.org/1597697 -user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -// 0330: disable Hybdrid Content telemetry - // [-] https://bugzilla.mozilla.org/1520491 -user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] -// 2720: enforce IndexedDB (IDB) as enabled - // IDB is required for extensions and Firefox internals (even before FF63 in [1]) - // To control *website* IDB data, control allowing cookies and service workers, or use - // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize - // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically - // via an extension. Note that IDB currently cannot be sanitized by host. - // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ - // [-] https://bugzilla.mozilla.org/1488583 -user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] -// * * * / -// FF74 -// 0203: use Mozilla geolocation service instead of Google when geolocation is enabled - // Optionally enable logging to the console (defaults to false) - // [-] https://bugzilla.mozilla.org/1613627 -user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] -// 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] - // 0=no menu (default), 1=show when clicked, 2=show on long press - // [1] https://bugzilla.mozilla.org/1328756 - // [-] https://bugzilla.mozilla.org/1606265 -user_pref("privacy.userContext.longPressBehavior", 2); -// 2012: limit WebGL - // [-] https://bugzilla.mozilla.org/1477756 -user_pref("webgl.disable-extensions", true); -// * * * / -// FF76 -// 0401: sanitize blocklist url - // [2] https://trac.torproject.org/projects/tor/ticket/16931 - // [-] https://bugzilla.mozilla.org/1618188 -user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -// 2201: prevent websites from disabling new window features - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524 -user_pref("dom.disable_window_open_feature.close", true); -user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.menubar", true); -user_pref("dom.disable_window_open_feature.minimizable", true); -user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] -user_pref("dom.disable_window_open_feature.titlebar", true); -user_pref("dom.disable_window_open_feature.toolbar", true); -// * * * / -// FF77 -// 0850e: disable location bar one-off searches [FF51+] - // [-] https://bugzilla.mozilla.org/1628926 - // user_pref("browser.urlbar.oneOffSearches", false); -// 2605: block web content in file processes [FF55+] - // [SETUP-WEB] You may want to disable this for corporate or developer environments - // [1] https://bugzilla.mozilla.org/1343184 - // [-] https://bugzilla.mozilla.org/1603007 -user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -// * * * / -// FF78 -// 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' - // [-] https://bugzilla.mozilla.org/1509933 -user_pref("media.autoplay.enabled.user-gestures-needed", false); -// 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4520) - // [-] https://bugzilla.mozilla.org/1640501 - // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] +// FF82 +// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" + // i.e. ignore all of Mozilla's various search engines in multiple locales + // [-] https://bugzilla.mozilla.org/1619926 +user_pref("browser.search.geoSpecificDefaults", false); +user_pref("browser.search.geoSpecificDefaults.url", ""); // * * * / // ***/ From 0adfddd1e2ab18b3fcbc45f6d04c4d9394149d6a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Oct 2020 00:58:20 +1300 Subject: [PATCH 1481/1961] misc (#1040) * misc - cleanup of old release notation in comments: e.g. if it's not applicable to ESR78+ - same with default version info - simplify and save bytes on section 4700 - update 4500 header - and unify the message about using extensions as counterproductive - letterboxing - provide info on stepped ranged (and drop crap about FF67) - don't judge users who dislike seeing margins (I don't like them either, but I force my window to exact dimensions and stay there) - screenshots uploading was disabled in FF67+ : [67 release notes](https://www.mozilla.org/en-US/firefox/67.0/releasenotes/) - the pref is still there (default false) but so far I'm 99% sure this pref now does anything - I will add it to the scatchpad script if this change sticks * simplify 4500 RFP, see #1041 * update removed script * tidy readme, see #1045 - also put readme before releases * RIP FX Site Compat * clean out RFP Alts info: the information is redundant: it's already in the readme --- scratchpad-scripts/arkenfox-clear-removed.js | 6 +- user.js | 254 ++++++++----------- 2 files changed, 110 insertions(+), 150 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 8ade622..c5e40fd 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 2-Oct-2020 + Last updated: 18-Oct-2020 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -225,6 +225,10 @@ 'browser.urlbar.usepreloadedtopurls.enabled', /* 80 */ 'dom.IntersectionObserver.enabled', + /* 82-beta */ + 'extensions.screenshots.upload-disabled', + 'security.ssl3.dhe_rsa_aes_128_sha', + 'security.ssl3.dhe_rsa_aes_256_sha', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] diff --git a/user.js b/user.js index e2a9466..7cdf263 100644 --- a/user.js +++ b/user.js @@ -5,40 +5,34 @@ * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt -* releases: These are end-of-stable-life-cycle legacy archives. - *Always* use the master branch user.js for a current up-to-date version - url: https://github.com/arkenfox/user.js/releases - * README: - 0. Consider using Tor Browser if it meets your needs or fits your threat model better - * https://www.torproject.org/about/torusers.html.en - 1. READ the full README - * https://github.com/arkenfox/user.js/blob/master/README.md - 2. READ this - * https://github.com/arkenfox/user.js/wiki/1.3-Implementation - 3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum - * Real time binary checks with Google services are disabled (0412) - * You will still get prompts to update Firefox, but auto-installing them is disabled (0302a) - * Some user data is erased on close (section 2800). Change this to suit your needs - * EACH RELEASE check: - - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF) - or enable them as an alternative to RFP (or some of them for ESR users) - - 9999s: reset deprecated prefs in about:config or enable the relevant section for ESR - * Site breakage WILL happen - - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting - and these need to be balanced against Functionality & Convenience & Breakage - * You will need to make changes, and to troubleshoot at times (choose wisely, there is always a trade-off). - While not 100% definitive, search for "[SETUP". If required, add each pref to your overrides section at - default values (or comment them out and reset them in about:config). Here are the main ones: + 1. Consider using Tor Browser if it meets your needs or fits your threat model better + * https://www.torproject.org/about/torusers.html.en + 2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries + * https://github.com/arkenfox/user.js/wiki + 3. If you skipped step 2, return to step 2 + 4. Make changes + * There are often trade-offs and conflicts between security vs privacy vs anti-fingerprinting + and these need to be balanced against functionality & convenience & breakage + * Some site breakage and unintended consequences will happen. Everyone's experience will differ + e.g. some user data is erased on close (section 2800), change this to suit your needs + * While not 100% definitive, search for "[SETUP" tags + * Take the wiki link in step 2 and read the Troubleshooting entry + 5. Some tag info [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break - [SETUP-CHROME] changes how Firefox itself behaves (i.e. NOT directly website related) + [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) [SETUP-PERF] may impact performance - [SETUP-HARDEN] maybe you should consider using the Tor Browser - * [WARNING] tags are extra special and used sparingly, so heed them - 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) - 5. KEEP UP TO DATE: https://github.com/arkenfox/user.js/wiki#small_orange_diamond-maintenance + [WARNING] used sparingly, heed them + +* RELEASES + + * Archive: https://github.com/arkenfox/user.js/releases + * Use the correct release that matches your Firefox version + * Each release + - run the prefsCleaner or reset deprecated prefs (9999s) and prefs made redundant by RFP (4600s) + - re-enable section 4600 if you don't use RFP * INDEX: @@ -68,7 +62,7 @@ 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) 4600: RFP ALTERNATIVES - 4700: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) + 4700: RFP ALTERNATIVES (USER AGENT SPOOFING) 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED @@ -340,10 +334,8 @@ user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0340) ***/ user_pref("browser.ping-centre.telemetry", false); -/* 0515: disable Screenshots - * alternatively in FF60+, disable uploading to the Screenshots server ***/ +/* 0515: disable Screenshots ***/ // user_pref("extensions.screenshots.disabled", true); // [FF55+] - // user_pref("extensions.screenshots.upload-disabled", true); // [FF60+] /* 0517: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes @@ -365,7 +357,7 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] @@ -417,8 +409,7 @@ user_pref("network.http.altsvc.oe", false); * as a remote Tor node will handle the DNS request * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0708: disable FTP [FF60+] - * [1] https://www.fxsitecompat.dev/en-CA/docs/2020/ftp-support-will-be-removed/ ***/ +/* 0708: disable FTP [FF60+] ***/ // user_pref("network.ftp.enabled", false); /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares @@ -546,8 +537,7 @@ user_pref("signon.formlessCapture.enabled", false); * hardens against potential credentials phishing * 0=don't allow sub-resources to open HTTP authentication credentials dialogs * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs - * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) - * [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ ***/ + * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS @@ -648,7 +638,7 @@ user_pref("security.ssl.require_safe_negotiation", true); * [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. * [1] https://www.ssllabs.com/ssl-pulse/ ***/ - // user_pref("security.tls.version.min", 3); // [DEFAULT: 3 FF78+] + // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ user_pref("security.tls.version.enable-deprecated", false); @@ -753,10 +743,6 @@ user_pref("security.mixed_content.block_object_subrequest", true); * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ // user_pref("security.ssl3.rsa_des_ede3_sha", false); -/* 1263: disable DHE (Diffie-Hellman Key Exchange) - * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ - // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF78+] - // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF78+] /* 1264: disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/ // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); @@ -783,7 +769,7 @@ user_pref("browser.ssl_override_behavior", 1); * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); /* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/ - // user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true FF70+] + // user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true] user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ @@ -819,9 +805,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); harden it a bit: set XOriginPolicy (1603) to 1 (as per the settings below) harden it a bit more: set XOriginPolicy (1603) to 2 (and optionally 1604 to 1 or 2), expect breakage --- - If you want any REAL control over referers and breakage, then use an extension. Either: - uMatrix: limited by scope, all requests are spoofed or not-spoofed - Smart Referrer: granular with source<->destination, whitelists + If you want any REAL control over referers and breakage, then use an extension --- full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html @@ -981,9 +965,6 @@ user_pref("dom.popup_allowed_events", "click dblclick"); including service and shared workers. Shared workers can be utilized by multiple scripts and communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - [NOTE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) - #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 - [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API @@ -1065,7 +1046,6 @@ user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] /* 2422: disable WebAssembly [FF52+] [SETUP-PERF] - * [NOTE] In FF71+ this no longer affects extensions (1576254) * [1] https://developer.mozilla.org/docs/WebAssembly ***/ user_pref("javascript.options.wasm", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] @@ -1250,14 +1230,13 @@ user_pref("security.dialog_enable_delay", 700); user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, - * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+) + * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default) * [NOTE] You can set exceptions under site permissions or use an extension * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/ user_pref("network.cookie.cookieBehavior", 1); user_pref("browser.contentblocking.category", "custom"); -/* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only - and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only +/* 2702: set third-party cookies (if enabled, see 2701) to session-only [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ @@ -1388,72 +1367,67 @@ user_pref("privacy.firstparty.isolate", true); user_pref("privacy.partition.network_state", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) - This master switch will be used for a wide range of items, many of which will - **override** existing prefs from FF55+, often providing a **better** solution + RFP covers a wide range of ongoing fingerprinting solutions. + It is an all-or-nothing buy in: you cannot pick and choose what parts you want - IMPORTANT: As existing prefs become redundant, and some of them WILL interfere - with how RFP works, they will be moved to section 4600 and made inactive + [WARNING] Do NOT use extensions to alter RFP protected metrics + [WARNING] Do NOT use prefs in section 4600 with RFP as they can interfere - ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) - [NOTE] Info only: To set a size, open a XUL (chrome) page (such as about:config) which is at - 100% zoom, hit Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. - Test your window size, do some math, resize to allow for all the non inner window elements + FF41+ + 418986 - limit window.screen & CSS media queries leaking identifiable info [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - ** 1281949 - spoof screen orientation (FF50+) - ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) - ** 1330890 - spoof timezone as UTC 0 (FF55+) - FF58: Date.toLocaleFormat deprecated (818634) - FF60: Date.toLocaleDateString and Intl.DateTimeFormat fixed (1409973) - ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+) - This spoof *shouldn't* affect core chrome/Firefox performance - ** 1217238 - reduce precision of time exposed by javascript (FF55+) - ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+) - ** 1333651 & 1383495 & 1396468 - spoof User Agent & Navigator API (see section 4700) (FF56+) - FF56: Version: rounded down to the nearest multiple of 10 - FF57: Version: match current ESR (1393283, 1418672, 1418162, 1511763) - FF59: OS: Windows, OSX, Android, or Linux (to reduce breakage) (1404608) - FF66: OS: HTTP Headers reduced to Windows or Android (1509829) - FF68: OS: updated to Windows 10, OS 10.14, and Android 8.1 (1511434) - FF78: OS: updated to OS 10.15 and Android 9.0 (1635011) - ** 1369319 - disable device sensor API (see 4604) (FF56+) - ** 1369357 - disable site specific zoom (see 4605) (FF56+) - ** 1337161 - hide gamepads from content (see 4606) (FF56+) - ** 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) (FF56+) - ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+) - ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0202) (FF56-62) - ** 1369309 - spoof media statistics (see 4610) (FF57+) - ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+) - ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) - ** 1382545 - reduce fingerprinting in Animation API (FF57+) - ** 1354633 - limit MediaError.message to a whitelist (FF57+) - ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+) + FF50+ + 1281949 - spoof screen orientation + 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + FF55+ + 1330890 - spoof timezone as UTC 0 + 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) + 1217238 - reduce precision of time exposed by javascript + FF56+ + 1369303 - spoof/disable performance API (see 4602, 4603) + 1333651 - spoof User Agent & Navigator API (see section 4700) + JS: FF78+ the version is spoofed as 78, and the OS as Windows 10, OS 10.15, Android 9, or Linux + HTTP Headers: spoofed as Windows or Android + 1369319 - disable device sensor API (see 4604) + 1369357 - disable site specific zoom (see 4605) + 1337161 - hide gamepads from content (see 4606) + 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) + 1333641 - reduce fingerprinting in WebSpeech API (see 4608) + FF57+ + 1369309 - spoof media statistics (see 4610) + 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) + 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) + 1382545 - reduce fingerprinting in Animation API + 1354633 - limit MediaError.message to a whitelist + 1382533 - enable fingerprinting resistance for Presentation API This blocks exposure of local IP Addresses via mDNS (Multicast DNS) - ** 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction (FF58+) - FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865) - ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+) + FF58+ + 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction + FF59+ + 1372073 - spoof/block fingerprinting in MediaDevices API Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if media.navigator.enabled is true (see 2505 which we chose to keep disabled) Block: suppresses the ondevicechange event (see 4612) - ** 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) (FF59+) - ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+) + 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) + 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. - FF60: Fix keydown/keyup events (1438795) - ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) - ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+) - ** 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+) + FF60-67 + 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) + 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) + 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+) + 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+) FF65: pointerEvent.pointerid (1492766) - ** 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+) - ** 1407366 - enable inner window letterboxing (see 4504) (FF67+) - ** 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+) - [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme - ** 1564422 - spoof audioContext outputLatency (FF70+) - ** 1595823 - spoof audioContext sampleRate (FF72+) - ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) - ** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - ** 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) + 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+) + 1407366 - enable inner window letterboxing (see 4504) (FF67+) + 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+) + FF68-77 + 1564422 - spoof audioContext outputLatency (FF70+) + 1595823 - spoof audioContext sampleRate (FF72+) + 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) + FF78+ + 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) + 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1470,22 +1444,22 @@ user_pref("privacy.resistFingerprinting", true); // user_pref("privacy.window.maxInnerWidth", 1000); // user_pref("privacy.window.maxInnerHeight", 1000); /* 4503: disable mozAddonManager Web API [FF57+] - * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need - * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect + * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] /* 4504: enable RFP letterboxing [FF67+] - * Dynamically resizes the inner window (FF67; 200w x100h: FF68+; stepped ranges) by applying letterboxing, - * using dimensions which waste the least content area, If you use the dimension pref, then it will only apply - * those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") - * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but you're - * not taking anti-fingerprinting seriously and a little visual change upsets you, then feel free to flip this pref + * Dynamically resizes the inner window by applying margins in stepped ranges, see [2] + * If you use the dimension pref, then it will only apply those resolutions. The format is + * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") + * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but + * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it - * [1] https://bugzilla.mozilla.org/1407366 ***/ + * [1] https://bugzilla.mozilla.org/1407366 + * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] /* 4510: disable showing about:blank as soon as possible during startup [FF60+] - * When default true (FF62+) this no longer masks the RFP chrome resizing activity + * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); /* 4520: disable chrome animations [FF77+] [RESTART] @@ -1493,15 +1467,7 @@ user_pref("browser.startup.blankWindow", false); user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 4600]: RFP ALTERNATIVES - * non-RFP users: - Enable the whole section (see the SETUP tag below) - * RFP users: - Make sure these are reset in about:config. They are redundant. In fact, some - even cause RFP to not behave as you would expect and alter your fingerprint - * ESR RFP users: - Reset those *up to and including* your version. Add those *after* your version - as active prefs in your overrides. This is assuming that the patch wasn't also - backported to Firefox ESR. Backporting RFP patches to ESR is rare. + [WARNING] Do NOT use prefs in this section with RFP as they can interfere ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these @@ -1600,32 +1566,22 @@ user_pref("layout.css.font-visibility.level", 1); // * * * / // ***/ -/*** [SECTION 4700]: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING) - This is FYI ONLY. These prefs are INSUFFICIENT(a) on their own, you need - to use RFP (4500) or an extension, in which case they become POINTLESS. - (a) Many of the components that make up your UA can be derived by other means. - And when those values differ, you provide more bits and raise entropy. - Examples of leaks include workers, navigator objects, date locale/formats, - iframes, headers, tcp/ip attributes, feature detection, and **many** more. - ALL values below intentionally left blank - use RFP, or get a vetted, tested - extension and mimic RFP values to *lower* entropy, or randomize to *raise* it +/*** [SECTION 4700]: RFP ALTERNATIVES (USER AGENT SPOOFING) + These prefs are insufficient and leak. Use RFP and **nothing else** + - Many of the user agent components can be derived by other means. When those + values differ, you provide more bits and raise entropy. Examples include + workers, iframes, headers, tcp/ip attributes, feature detection, and many more + - Web extensions also lack APIs to fully protect spoofing ***/ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); -/* 4701: navigator.userAgent ***/ - // user_pref("general.useragent.override", ""); // [HIDDEN PREF] -/* 4702: navigator.buildID - * Revealed build time down to the second. In FF64+ it now returns a fixed timestamp - * [1] https://bugzilla.mozilla.org/583181 - * [2] https://www.fxsitecompat.com/en-CA/docs/2018/navigator-buildid-now-returns-a-fixed-timestamp/ ***/ - // user_pref("general.buildID.override", ""); // [HIDDEN PREF] -/* 4703: navigator.appName ***/ +/* 4701: navigator DOM object overrides + * [WARNING] DO NOT USE ***/ // user_pref("general.appname.override", ""); // [HIDDEN PREF] -/* 4704: navigator.appVersion ***/ // user_pref("general.appversion.override", ""); // [HIDDEN PREF] -/* 4705: navigator.platform ***/ - // user_pref("general.platform.override", ""); // [HIDDEN PREF] -/* 4706: navigator.oscpu ***/ + // user_pref("general.buildID.override", ""); // [HIDDEN PREF] // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] + // user_pref("general.platform.override", ""); // [HIDDEN PREF] + // user_pref("general.useragent.override", ""); // [HIDDEN PREF] /*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides ***/ From 9f9988527250b2797b1864dce18f5dae7a0dc547 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Oct 2020 12:57:00 +0000 Subject: [PATCH 1482/1961] clean up acknowledgments --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 32849d5..ec755c6 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,6 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef - [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) ### 🟥 acknowledgments -Literally thousands of sources, references and suggestions. Special mention to: +Literally thousands of sources, references and suggestions. Many thanks, and much appreciated. - * This [12bytes article](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs) which uses the `arkenfox user.js` and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement) From 26d47684475830af4c9f16daae55cfce020113ca Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 21 Oct 2020 13:44:21 +0000 Subject: [PATCH 1483/1961] add media.autoplay.blocking_policy --- scratchpad-scripts/troubleshooter.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index a33d803..9284132 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** arkenfox user.js troubleshooter.js v1.6.1 ***/ +/*** arkenfox user.js troubleshooter.js v1.6.2 ***/ (function() { @@ -62,6 +62,7 @@ 'dom.webaudio.enabled', 'media.autoplay.enabled', 'media.autoplay.default', // FF63+ + 'media.autoplay.blocking_policy', // FF78+ /* Forms */ 'browser.formfill.enable', From e14732aad3a90a62ee15649c2c8694724ef87802 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Oct 2020 12:29:31 +1300 Subject: [PATCH 1484/1961] 2031: better reference: closes #1022 (#1048) --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 7cdf263..96c3b3c 100644 --- a/user.js +++ b/user.js @@ -932,8 +932,9 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // user_pref("media.autoplay.default", 5); /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+] * 0=sticky (default), 1=transient, 2=user + * Firefox's Autoplay Policy Documentation [PDF] is linked below via SUMO * [NOTE] If you have trouble with some video sites, then add an exception (see 2030) - * [1] https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation ***/ + * [1] https://support.mozilla.org/questions/1293231 ***/ user_pref("media.autoplay.blocking_policy", 2); /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ From c45780d79bc047568e486ac181a3a9b39df85b60 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Oct 2020 10:34:54 +0000 Subject: [PATCH 1485/1961] 0701 PHP localhost + IPv6, fixes #1053 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 96c3b3c..1eabb13 100644 --- a/user.js +++ b/user.js @@ -378,6 +378,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. + * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [TEST] https://ipleak.org/ * [1] https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ From ac52886ea8c54f2bee386456459c1d34c09cf265 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Oct 2020 23:37:49 +1300 Subject: [PATCH 1486/1961] 2422 WASM, add reason for disabling, fixes #1037 (#1054) --- user.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 1eabb13..0b49739 100644 --- a/user.js +++ b/user.js @@ -1047,8 +1047,14 @@ user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] -/* 2422: disable WebAssembly [FF52+] [SETUP-PERF] - * [1] https://developer.mozilla.org/docs/WebAssembly ***/ +/* 2422: disable WebAssembly [FF52+] + * Vulnerabilities have increasingly been found, including those known and fixed + * in native programs years ago [2]. WASM has powerful low-level access, making + * certain attacks (brute-force) and vulnerabilities more possible + * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3] + * [1] https://developer.mozilla.org/docs/WebAssembly + * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly + * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ user_pref("javascript.options.wasm", false); /* 2429: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ From 07cccd538618f27d9a120db292b19999150bb111 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 3 Nov 2020 06:05:40 +1300 Subject: [PATCH 1487/1961] remove 4003: partition, see #1051 (#1057) --- scratchpad-scripts/arkenfox-clear-removed.js | 3 +- user.js | 43 ++++++++------------ 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index c5e40fd..4e824dc 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 18-Oct-2020 + Last updated: 02-Nov-2020 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -227,6 +227,7 @@ 'dom.IntersectionObserver.enabled', /* 82-beta */ 'extensions.screenshots.upload-disabled', + 'privacy.partition.network_state', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', /* reset parrot: check your open about:config after running the script */ diff --git a/user.js b/user.js index 0b49739..955004d 100644 --- a/user.js +++ b/user.js @@ -1331,28 +1331,24 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences user_pref("privacy.sanitize.timeSpan", 0); /*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) - 4001: FPI - ** 1278037 - isolate indexedDB (FF51+) - ** 1277803 - isolate favicons (FF52+) - ** 1264562 - isolate OCSP cache (FF52+) - ** 1268726 - isolate Shared Workers (FF52+) - ** 1316283 - isolate SSL session cache (FF52+) - ** 1317927 - isolate media cache (FF53+) - ** 1323644 - isolate HSTS and HPKP (FF54+) - ** 1334690 - isolate HTTP Alternative Services (FF54+) - ** 1334693 - isolate SPDY/HTTP2 (FF55+) - ** 1337893 - isolate DNS cache (FF55+) - ** 1344170 - isolate blob: URI (FF55+) - ** 1300671 - isolate data:, about: URLs (FF55+) - ** 1473247 - isolate IP addresses (FF63+) - ** 1492607 - isolate postMessage with targetOrigin "*" (requires 4002) (FF65+) - ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+) - ** 1506693 - isolate pdfjs range-based requests (FF68+) - ** 1330467 - isolate site permissions (FF69+) - ** 1534339 - isolate IPv6 (FF73+) - 4003: NETWORK PARTITON - ** 1647732 - isolate font cache (FF80+) - ** 1649673 - isolate speculative connections (FF80+) + 1278037 - indexedDB (FF51+) + 1277803 - favicons (FF52+) + 1264562 - OCSP cache (FF52+) + 1268726 - Shared Workers (FF52+) + 1316283 - SSL session cache (FF52+) + 1317927 - media cache (FF53+) + 1323644 - HSTS and HPKP (FF54+) + 1334690 - HTTP Alternative Services (FF54+) + 1334693 - SPDY/HTTP2 (FF55+) + 1337893 - DNS cache (FF55+) + 1344170 - blob: URI (FF55+) + 1300671 - data:, about: URLs (FF55+) + 1473247 - IP addresses (FF63+) + 1492607 - postMessage with targetOrigin "*" (requires 4002) (FF65+) + 1542309 - top-level domain URLs when host is in the public suffix list (FF68+) + 1506693 - pdfjs range-based requests (FF68+) + 1330467 - site permissions (FF69+) + 1534339 - IPv6 (FF73+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] @@ -1370,9 +1366,6 @@ user_pref("privacy.firstparty.isolate", true); * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); -/* 4003: enable site partitioning (FF78+) - * [1] https://bugzilla.mozilla.org/1590107 [META] */ -user_pref("privacy.partition.network_state", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. From 910d7004c691837cfb2bcfb3ebb71933dd96a0b0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 16:12:57 +0000 Subject: [PATCH 1488/1961] release info, fixes #1042 now we have somewhere to add things like HTTPS-Only Mode, appCache, secure downloads when we make changes that impact ESR --- user.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 955004d..41aa7f8 100644 --- a/user.js +++ b/user.js @@ -26,13 +26,17 @@ [SETUP-PERF] may impact performance [WARNING] used sparingly, heed them -* RELEASES +* RELEASES: https://github.com/arkenfox/user.js/releases - * Archive: https://github.com/arkenfox/user.js/releases - * Use the correct release that matches your Firefox version - * Each release - - run the prefsCleaner or reset deprecated prefs (9999s) and prefs made redundant by RFP (4600s) + * It is best to use the arkenfox release that is optimized for and matches your Firefox version + * EVERYONE: each release + - run prefsCleaner or reset deprecated prefs (9999s) and prefs made redundant by RPF (4600s) - re-enable section 4600 if you don't use RFP + ESR78 + - If you are not using arkenfox v78... (not a definitive list) + - 1401: document fonts is inactive as it is now covered by RFP in FF80+ + - 4600: some prefs may apply even if you use RFP (currently none apply as of FF84) + - 9999: switch the appropriate deprecated section(s) back on * INDEX: From accef19af474c4aba5534325f465d45c5fb85ea1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 16:27:43 +0000 Subject: [PATCH 1489/1961] add LSNG, fixes #1059 --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 41aa7f8..caad195 100644 --- a/user.js +++ b/user.js @@ -1280,6 +1280,8 @@ user_pref("browser.cache.offline.enable", false); /* 2755: disable Storage Access API [FF65+] * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ // user_pref("dom.storage_access.enabled", false); +/* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ +user_pref("dom.storage.next_gen", true); /*** [SECTION 2800]: SHUTDOWN You should set the values to what suits you best. From f2fe7f02b01068be6413fa1cb7e8e65295db7527 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 16:59:27 +0000 Subject: [PATCH 1490/1961] add 2624: window.name protection, fixes #1012 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index caad195..c21b2d6 100644 --- a/user.js +++ b/user.js @@ -1183,6 +1183,10 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ user_pref("permissions.delegation.enabled", false); +/* 2624: enable "window.name" protection [FF82+] + * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original + * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ +user_pref("privacy.window.name.update.enabled", true); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From f7bee988de76778bd0ae0911e1b96b9852634974 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 18:08:06 +0000 Subject: [PATCH 1491/1961] 0517: add creditCards.available / defense-in-depth see https://github.com/arkenfox/user.js/issues/1038#issuecomment-713643850 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index c21b2d6..a960ad5 100644 --- a/user.js +++ b/user.js @@ -347,6 +347,7 @@ user_pref("browser.ping-centre.telemetry", false); * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] user_pref("extensions.formautofill.available", "off"); // [FF56+] +user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0518: disable Web Compatibility Reporter [FF56+] From 8dc43cfdc21edc6e7b208bf0779869c3cacf22ac Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 18:20:13 +0000 Subject: [PATCH 1492/1961] RFP 82+ changes Note - this is not the same as 2517 which disables the API - RFP does not determine what is supported or not supported: so that entropy remains - with or without RFP, if the media config is not supported it returns false,false (so there is nothing to spoof here) --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index a960ad5..0004cef 100644 --- a/user.js +++ b/user.js @@ -1440,6 +1440,7 @@ user_pref("privacy.firstparty.isolate", true); FF78+ 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) + 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From ea0eb85404bc742a72c6ab3db877ecbc7fe95c3c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 18:23:00 +0000 Subject: [PATCH 1493/1961] 82-beta --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0004cef..bf75735 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 13 Oct 2020 -* version 82-alpha +* date: 11 Nov 2020 +* version 82-beta * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From d6186819f4e914dae416cebcd20896b34f5295c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 18:42:29 +0000 Subject: [PATCH 1494/1961] domIntersectionObserver it was removed after 81-beta was released --- scratchpad-scripts/arkenfox-clear-removed.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 4e824dc..46886f4 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -223,9 +223,8 @@ 'browser.search.region', /* 79-beta */ 'browser.urlbar.usepreloadedtopurls.enabled', - /* 80 */ - 'dom.IntersectionObserver.enabled', /* 82-beta */ + 'dom.IntersectionObserver.enabled', 'extensions.screenshots.upload-disabled', 'privacy.partition.network_state', 'security.ssl3.dhe_rsa_aes_128_sha', From 5b0d173078a4ec96904e8895b6f1d5ba0463b47e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 13 Nov 2020 00:55:45 +0000 Subject: [PATCH 1495/1961] 82 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bf75735..d0d86fd 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 11 Nov 2020 -* version 82-beta +* date: 12 Nov 2020 +* version 82 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From ccbca41e2d73fa63908fd87c2a7d35615016e7f7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 13 Nov 2020 01:03:29 +0000 Subject: [PATCH 1496/1961] start 83 alpha, fixup 1244 setting info `browser.preferences.exposeHTTPSOnly` is now default true --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d0d86fd..3d6dc70 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js * date: 12 Nov 2020 -* version 82 +* version 83-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -730,7 +730,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored * [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled [2] (fixed in FF83) * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) - * [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) + * [SETTING] Privacy & Security>HTTPS-Only Mode * [1] https://bugzilla.mozilla.org/1613063 [META] * [2] https://bugzilla.mozilla.org/1647829 ***/ // user_pref("dom.security.https_only_mode", true); // [FF76+] From c6ddda1aa3e3000336e3e421d6af21f62208c7cf Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 17 Nov 2020 19:17:59 +0000 Subject: [PATCH 1497/1961] Update troubleshooter.js - add `privacy.window.name.update.enabled` - remove `media.autoplay.enabled` (removed in FF63) - remove `dom.indexedDB.enabled` (removed in FF72) --- scratchpad-scripts/troubleshooter.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 9284132..cce4069 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -17,7 +17,6 @@ /* Storage + Cache */ 'browser.cache.offline.enable', - 'dom.indexedDB.enabled', 'dom.storage.enabled', 'browser.storageManager.enabled', 'dom.storageManager.enabled', @@ -60,7 +59,6 @@ /* Audio + Video */ 'dom.webaudio.enabled', - 'media.autoplay.enabled', 'media.autoplay.default', // FF63+ 'media.autoplay.blocking_policy', // FF78+ @@ -103,6 +101,7 @@ 'network.protocol-handler.external.ms-windows-store', 'privacy.trackingprotection.enabled', 'security.data_uri.block_toplevel_data_uri_navigations', + 'privacy.window.name.update.enabled', // FF82+ 'last.one.without.comma' ] From ef93a754cee4425efe373d6abe77dbb276380b1b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Nov 2020 01:49:19 +0000 Subject: [PATCH 1498/1961] warnings always come after notes --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3d6dc70..8a9e0f3 100644 --- a/user.js +++ b/user.js @@ -800,8 +800,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618) + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] From 94712f59a3aa2064255ca8e90ca0f6f4ae0a47d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Nov 2020 17:05:34 +0000 Subject: [PATCH 1499/1961] 83 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8a9e0f3..02273d7 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 Nov 2020 -* version 83-alpha +* date: 22 Nov 2020 +* version 83 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 0189438e46980406ca5ab15b2158606329e8a352 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Nov 2020 17:11:31 +0000 Subject: [PATCH 1500/1961] start 84-alpha --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 02273d7..cfbb273 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js * date: 22 Nov 2020 -* version 83 +* version 84-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 699eacf1fdfc5f1f0a6394ecda306c3300d4c16c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Nov 2020 06:21:31 +1300 Subject: [PATCH 1501/1961] add FPI scheme, closes #1066 (#1067) --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index cfbb273..a7728ba 100644 --- a/user.js +++ b/user.js @@ -1377,6 +1377,10 @@ user_pref("privacy.firstparty.isolate", true); * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); +/* 4003: enable scheme with FPI [FF78+] + * [NOTE] Experimental: existing data and site permissions are incompatible + * and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/ + // user_pref("privacy.firstparty.isolate.use_site", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. From a7e4268d8b956f05b5fa01415cadd7ed43bd9f8c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Nov 2020 17:25:33 +0000 Subject: [PATCH 1502/1961] 2730 appCache, closes #1055 --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a7728ba..a445871 100644 --- a/user.js +++ b/user.js @@ -1268,8 +1268,10 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2730: disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); +/* 2730: enforce no offline cache storage (appCache) + * The API is easily fingerprinted, use the "storage" pref instead ***/ + // user_pref("browser.cache.offline.enable", false); +user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: false FF84+] /* 2740: disable service worker cache and cache storage * [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ From 91cbc1e09a15c2fb5ad151529712f4326a6b7308 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Nov 2020 17:59:44 +0000 Subject: [PATCH 1503/1961] HTTPS-Only mode, closes #1047 --- user.js | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a445871..34d13dc 100644 --- a/user.js +++ b/user.js @@ -34,6 +34,7 @@ - re-enable section 4600 if you don't use RFP ESR78 - If you are not using arkenfox v78... (not a definitive list) + - 1244: HTTPS-Only mode is enabled - 1401: document fonts is inactive as it is now covered by RFP in FF80+ - 4600: some prefs may apply even if you use RFP (currently none apply as of FF84) - 9999: switch the appropriate deprecated section(s) back on @@ -728,14 +729,22 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored - * [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled [2] (fixed in FF83) - * [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) + * [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily * [SETTING] Privacy & Security>HTTPS-Only Mode + * [TEST] http://example.com [upgrade] + * [TEST] http://neverssl.org/ [no upgrade] * [1] https://bugzilla.mozilla.org/1613063 [META] * [2] https://bugzilla.mozilla.org/1647829 ***/ - // user_pref("dom.security.https_only_mode", true); // [FF76+] +user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] - // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] +/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ + // user_pref("dom.security.https_only_mode.upgrade_local", true); +/* 1246: disable HTTP background requests [FF82+] + * When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox + * sends HTTP requests requests in order to check if the server supports HTTPS or not. + * This is done to avoid waiting for a timeout which takes 90 seconds + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ +user_pref("dom.security.https_only_mode_send_http_background_request", false); /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) From cf53982086633cfae7f4d79f07dd0ebd6b785b16 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Nov 2020 18:15:25 +0000 Subject: [PATCH 1504/1961] 1244: CRLite, closes #1065 --- user.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user.js b/user.js index 34d13dc..eee9baf 100644 --- a/user.js +++ b/user.js @@ -717,6 +717,15 @@ user_pref("security.family_safety.mode", 0); * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); +/* 1224: enforce CRLite [FF73+] + * In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP, see [2] + * [1] https://bugzilla.mozilla.org/1429800 [META] + * [2] https://bugzilla.mozilla.org/1670985 + * [3] https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/ + * [4] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/ + * [5] https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/ ***/ +user_pref("security.remote_settings.crlite_filters.enabled", true); +user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ /* 1240: enforce no insecure active content on https pages From fa85c9da5b357726e6f35a138d6b96b977655012 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Nov 2020 10:46:30 +0000 Subject: [PATCH 1505/1961] fixup double word --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index eee9baf..c3b7b38 100644 --- a/user.js +++ b/user.js @@ -750,7 +750,7 @@ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode.upgrade_local", true); /* 1246: disable HTTP background requests [FF82+] * When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox - * sends HTTP requests requests in order to check if the server supports HTTPS or not. + * sends HTTP requests in order to check if the server supports HTTPS or not. * This is done to avoid waiting for a timeout which takes 90 seconds * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); From 77abf35761c746d703eee454ccefadaa6a2a41a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Dec 2020 21:09:07 +0000 Subject: [PATCH 1506/1961] tidy - shrink and remove outdated info from section 0300 header - combine some bugzillas - drop some references - 1647829 for HTTPS-Only mode - hardware metrics: not going to implicitly encourage users to use this pref or tell them what sizes to use - update [STATS] - also remove TLS [STATS].. stats on TLS 1.0 and 1.1 are irrelevant: the default is now TLS 1.2+ - single CRLite reference for all blog articles - save 588 bytes so all you bastards can theoretically load Firefox just that tiny bit faster --- user.js | 45 ++++++++++++++++++--------------------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/user.js b/user.js index c3b7b38..b6f5990 100644 --- a/user.js +++ b/user.js @@ -172,19 +172,17 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0211: enforce US English locale regardless of the system locale - * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [2] - * [1] https://bugzilla.mozilla.org/867501 - * [2] https://bugzilla.mozilla.org/1629630 ***/ + * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [1] + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIET FOX - Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts - to update, in one click. We have NEVER disabled auto-CHECKING, and highly discourage that. - Previously we also disabled auto-INSTALLING of extensions (302b). + We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update, + and it only takes one click. We highly discourage disabling auto-CHECKING for updates. - There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized - extensions, time constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is - still important to do updates for security reasons, please do so manually if you make changes. + Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time + constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important + to do updates for security reasons, please do so manually if you make changes. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301b: disable auto-CHECKING for extension and theme updates ***/ @@ -221,7 +219,7 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ +user_pref("toolkit.telemetry.enabled", false); // see [NOTE] user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] @@ -304,7 +302,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -/* 0419: disable 'ignore this warning' on SB warnings +/* 0419: disable 'ignore this warning' on SB warnings [FF45+] * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ @@ -380,7 +378,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's * even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 - * [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 + * [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -642,7 +640,6 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 - * [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] @@ -718,12 +715,9 @@ user_pref("security.family_safety.mode", 0); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enforce CRLite [FF73+] - * In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP, see [2] - * [1] https://bugzilla.mozilla.org/1429800 [META] - * [2] https://bugzilla.mozilla.org/1670985 - * [3] https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/ - * [4] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/ - * [5] https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/ ***/ + * In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985 + * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ user_pref("security.remote_settings.crlite_filters.enabled", true); user_pref("security.pki.crlite_mode", 2); @@ -742,8 +736,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); * [SETTING] Privacy & Security>HTTPS-Only Mode * [TEST] http://example.com [upgrade] * [TEST] http://neverssl.org/ [no upgrade] - * [1] https://bugzilla.mozilla.org/1613063 [META] - * [2] https://bugzilla.mozilla.org/1647829 ***/ + * [1] https://bugzilla.mozilla.org/1613063 [META] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ @@ -778,7 +771,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) * Bug: warning padlock not indicated for subresources on a secure page! [2] - * [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation [3] + * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [3] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://bugzilla.mozilla.org/1353705 * [3] https://www.ssllabs.com/ssl-pulse/ ***/ @@ -1384,13 +1377,12 @@ user_pref("privacy.sanitize.timeSpan", 0); user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] * [SETUP-WEB] May break cross-domain logins and site functionality until perfected - * [1] https://bugzilla.mozilla.org/1260931 - * [2] https://bugzilla.mozilla.org/1299996 [META] ***/ + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] * [NOTE] Setting this to false may reduce the breakage in 4001 * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But - * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2],[3] + * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2] [3] * The 2nd pref removes that limitation and will only allow communication if FPDs also match. * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 @@ -1476,8 +1468,7 @@ user_pref("privacy.resistFingerprinting", true); /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] * Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control - * [1] https://bugzilla.mozilla.org/1330882 - * [2] https://hardware.metrics.mozilla.com/ ***/ + * [1] https://bugzilla.mozilla.org/1330882 ***/ // user_pref("privacy.window.maxInnerWidth", 1000); // user_pref("privacy.window.maxInnerHeight", 1000); /* 4503: disable mozAddonManager Web API [FF57+] From 5c37d50f4e0c22df321d57f92c6211c9690f0335 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 7 Dec 2020 19:34:14 +0000 Subject: [PATCH 1507/1961] tidy - remove useless `see` word for reference links - fixup 0701 - "do not play nice" is not measurable - don't reference to self as a source: people can just search "VPN leak Ipv6" or something --- user.js | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/user.js b/user.js index b6f5990..adf4864 100644 --- a/user.js +++ b/user.js @@ -172,7 +172,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0211: enforce US English locale regardless of the system locale - * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [1] + * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] @@ -215,7 +215,7 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); * IF unified=true then .enabled ONLY controls whether to record extended data * so make sure to have both set as false * [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease - * or release builds (true and false respectively), see [2] + * or release builds (true and false respectively) [2] * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); @@ -376,16 +376,15 @@ user_pref("browser.send_pings.require_same_host", true); // defense-in-depth /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 - * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's - * even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 + * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even + * assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 * [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [TEST] https://ipleak.org/ - * [1] https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 - * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ + * [1] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to @@ -496,7 +495,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 0860: disable search and form history - * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties, see [1] [2] + * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (see 2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html @@ -593,7 +592,7 @@ user_pref("browser.sessionstore.privacy_level", 2); /* 1022: disable resuming session from crash ***/ // user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations - * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] + * Increasing this can help on older machines and some websites, as well as reducing writes [1] * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * i.e. the longer the interval the more chance a quick tab open/close won't be captured. @@ -805,7 +804,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1408: disable graphite - * Graphite has had many critical security issues in the past, see [1] + * Graphite has had many critical security issues in the past [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); @@ -914,7 +913,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); * [1] https://www.privacytools.io/#webrtc ***/ user_pref("media.peerconnection.enabled", false); /* 2002: limit WebRTC IP leaks if using WebRTC - * In FF70+ these settings match Mode 4 (Mode 3 in older versions), see [3] + * In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3] * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy @@ -1033,7 +1032,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one - * is default false) then enabling this pref can leak clipboard content, see [1] + * is default false) then enabling this pref can leak clipboard content [1] * [1] https://bugzilla.mozilla.org/1528289 */ // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] @@ -1082,7 +1081,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * Initially a Linux issue (high precision readout) that was fixed. * However, it is still another metric for fingerprinting, used to raise entropy. * e.g. do you have a battery or not, current charging status, charge level, times remaining etc - * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code, see [1] + * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); /* 2505: disable media device enumeration [FF29+] @@ -1382,7 +1381,7 @@ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] * [NOTE] Setting this to false may reduce the breakage in 4001 * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But - * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2] [3] + * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3] * The 2nd pref removes that limitation and will only allow communication if FPDs also match. * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 @@ -1476,7 +1475,7 @@ user_pref("privacy.resistFingerprinting", true); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] /* 4504: enable RFP letterboxing [FF67+] - * Dynamically resizes the inner window by applying margins in stepped ranges, see [2] + * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. The format is * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but @@ -1586,7 +1585,7 @@ user_pref("ui.use_standins_for_native_colors", true); user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // FF80+ // 4618: limit font visbility (non-ANDROID) [FF79+] - // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] + // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // [NOTE] Bundled fonts are auto-allowed // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc From 335ee84540f140f417914b17a8e3c4ced4b0fd9b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 9 Dec 2020 09:26:50 +0000 Subject: [PATCH 1508/1961] remove layout.css.visited_links_enabled, #933 This no longer has any affect since FF77+: see https://bugzilla.mozilla.org/1632765 --- user.js | 8 -------- 1 file changed, 8 deletions(-) diff --git a/user.js b/user.js index adf4864..3396b9b 100644 --- a/user.js +++ b/user.js @@ -455,14 +455,6 @@ user_pref("keyword.enabled", false); user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0805: disable coloring of visited links - CSS history leak - * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's - * only in 'certain circumstances', also see latest comments in [2] - * [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) - * [1] https://dbaron.org/mozilla/visited-privacy - * [2] https://bugzilla.mozilla.org/147777 - * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ -user_pref("layout.css.visited_links_enabled", false); /* 0807: disable live search suggestions /* [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine From aa1c2145bb8c43a302f8840bb6f0da56d997701d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 9 Dec 2020 09:30:21 +0000 Subject: [PATCH 1509/1961] layout.css.visited_links_enabled --- scratchpad-scripts/arkenfox-clear-removed.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 46886f4..fe86fc2 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -229,6 +229,8 @@ 'privacy.partition.network_state', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', + /* 84-beta */ + 'layout.css.visited_links_enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From feaa1c3e99f658f28dc59d6aa92ed1cfeefbe57d Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 16 Dec 2020 14:40:42 +0000 Subject: [PATCH 1510/1961] prefs update `browser.storageManager.enabled` -- removed in FF61 (1428306) `security.csp.experimentalEnabled` -- removed in FF68 (1386214) `gfx.downloadable_fonts.woff2.enabled` -- removed in FF69 (1556991) `plugin.sessionPermissionNow.intervalInMinutes` -- removed in FF70 (1581664) `plugin.defaultXpi.state` -- removed in FF72 (1596090) `geo.wifi.uri` -- renamed to `geo.provider.network.url` in FF74 (1613627) `browser.tabs.remote.allowLinkedWebInFileUriProcess` -- removed in FF77 (1603007) --- scratchpad-scripts/troubleshooter.js | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index cce4069..3fec9ca 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,5 +1,5 @@ -/*** arkenfox user.js troubleshooter.js v1.6.2 ***/ +/*** arkenfox user.js troubleshooter.js v1.6.3 ***/ (function() { @@ -18,7 +18,6 @@ /* Storage + Cache */ 'browser.cache.offline.enable', 'dom.storage.enabled', - 'browser.storageManager.enabled', 'dom.storageManager.enabled', /* Workers, Web + Push Notifications */ @@ -33,7 +32,6 @@ /* Fonts */ 'browser.display.use_document_fonts', 'font.blacklist.underline_offset', - 'gfx.downloadable_fonts.woff2.enabled', 'gfx.font_rendering.graphite.enabled', 'gfx.font_rendering.opentype_svg.enabled', 'layout.css.font-loading-api.enabled', @@ -46,12 +44,10 @@ 'dom.IntersectionObserver.enabled', 'dom.popup_allowed_events', 'full-screen-api.enabled', - 'geo.wifi.uri', 'intl.accept_languages', 'javascript.options.asmjs', 'javascript.options.wasm', 'permissions.default.shortcuts', - 'security.csp.experimentalEnabled', /* Hardware */ 'dom.vr.enabled', @@ -87,13 +83,11 @@ /* Plugins + Flash */ 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.sessionPermissionNow.intervalInMinutes', 'plugin.state.flash', /* unlikely to cause problems */ - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', 'dom.popup_maximum', + 'geo.provider.network.url' 'layout.css.visited_links_enabled', 'mathml.disabled', 'network.auth.subresource-http-auth-allow', From c980bda695df4232c769535fbe19327bf5ae86d8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 16 Dec 2020 14:43:46 +0000 Subject: [PATCH 1511/1961] Update troubleshooter.js oops --- scratchpad-scripts/troubleshooter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 3fec9ca..4c54f8f 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -87,7 +87,7 @@ /* unlikely to cause problems */ 'dom.popup_maximum', - 'geo.provider.network.url' + 'geo.provider.network.url', 'layout.css.visited_links_enabled', 'mathml.disabled', 'network.auth.subresource-http-auth-allow', From 2cfbba14722676f6b6438e2df3a2c53b3ce6c806 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 19 Dec 2020 07:23:13 +0000 Subject: [PATCH 1512/1961] search-to-tab: FF85+ --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index 3396b9b..f8df1f9 100644 --- a/user.js +++ b/user.js @@ -475,6 +475,10 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.openpage", false); // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] +/* 0850b: disable tab-to-search [FF85+] + * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + // user_pref("browser.urlbar.suggest.engines", false); /* 0850c: disable location bar dropdown * This value controls the total number of entries to appear in the location bar dropdown * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always From 46bab27f9455fb1c15a8993ddb17cf0c1e9bf672 Mon Sep 17 00:00:00 2001 From: ray851107 <16625236+ray851107@users.noreply.github.com> Date: Fri, 25 Dec 2020 14:02:35 +0000 Subject: [PATCH 1513/1961] updater.sh: support custom script names (#1075) thanks @ray851107 --- updater.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/updater.sh b/updater.sh index a27e98a..99d9d3b 100755 --- a/updater.sh +++ b/updater.sh @@ -10,9 +10,9 @@ readonly CURRDIR=$(pwd) -sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) -[ -z "$sfp" ] && sfp=${BASH_SOURCE[0]} -readonly SCRIPT_DIR=$(dirname "${sfp}") +SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) +[ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]} +readonly SCRIPT_DIR=$(dirname "${SCRIPT_FILE}") ######################### @@ -198,7 +198,7 @@ update_updater () { declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed - if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then + if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then if [ $UPDATE = 'check' ]; then echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r @@ -208,9 +208,9 @@ update_updater () { else return 0 # No update available fi - mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" - chmod u+x "${SCRIPT_DIR}/updater.sh" - "${SCRIPT_DIR}/updater.sh" "$@" -d + mv "${tmpfile}" "$SCRIPT_FILE" + chmod u+x "$SCRIPT_FILE" + "$SCRIPT_FILE" "$@" -d exit 0 } From 63d1258f2e6a60f412aa095d9e64c36bf64832d2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 25 Dec 2020 14:03:40 +0000 Subject: [PATCH 1514/1961] updater.sh v2.9 rollout the latest changes --- updater.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.sh b/updater.sh index 99d9d3b..5f37ebc 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 2.8 +## version: 2.9 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac From e6cf90146abd67c78bba3206b4d76a6996f77f72 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 Dec 2020 15:55:01 +0000 Subject: [PATCH 1515/1961] add override recipes --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 4ed3b19..955c367 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -15,6 +15,7 @@ Before you proceed... - Note: We do not support forks See also: + - Override Recipes [issue 1080](https://github.com/arkenfox/user.js/issues/1080) - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391) - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350) From 0152b38b8bebc9e0ac35998ab9ed19668776f4f5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 25 Dec 2020 16:06:32 +0000 Subject: [PATCH 1516/1961] add override recipes link to readme steps --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index f8df1f9..a667278 100644 --- a/user.js +++ b/user.js @@ -25,6 +25,7 @@ [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) [SETUP-PERF] may impact performance [WARNING] used sparingly, heed them + 6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080 * RELEASES: https://github.com/arkenfox/user.js/releases From 8c9d0bbe7280307ff172b1a9db244344cabd424a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Dec 2020 05:01:33 +0000 Subject: [PATCH 1517/1961] harden cross-domain referers, closes #1077 --- user.js | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index a667278..1e60234 100644 --- a/user.js +++ b/user.js @@ -815,10 +815,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /*** [SECTION 1600]: HEADERS / REFERERS Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone --- - harden it a bit: set XOriginPolicy (1603) to 1 (as per the settings below) - harden it a bit more: set XOriginPolicy (1603) to 2 (and optionally 1604 to 1 or 2), expect breakage - --- - If you want any REAL control over referers and breakage, then use an extension + Expect some breakage: Use an extension if you need precise control --- full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html @@ -829,17 +826,17 @@ user_pref("gfx.font_rendering.graphite.enabled", false); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ - // user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2] + // user_pref("network.http.sendRefererHeader", 2); /* 1602: ALL: control the amount of information to send * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ - // user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0] + // user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ -user_pref("network.http.referer.XOriginPolicy", 1); +user_pref("network.http.referer.XOriginPolicy", 2); /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ -user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0] +user_pref("network.http.referer.XOriginTrimmingPolicy", 2); /* 1605: ALL: disable spoofing a referer * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * (Cross-Site Request Forgery) protections that some sites may rely on ***/ From 9d74cb95266f60e73d4aba4a73e0623e4721082c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Dec 2020 10:17:35 +0000 Subject: [PATCH 1518/1961] remove useless snippet pref --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 1e60234..853df49 100644 --- a/user.js +++ b/user.js @@ -116,7 +116,6 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false); * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}"); /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); From 755a45505fb6f00e8f712006f4799cbeb934e720 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 30 Dec 2020 10:25:26 +0000 Subject: [PATCH 1519/1961] snippets providers `browser.newtabpage.activity-stream.asrouter.providers.snippets` These (which landed in FF64 with snippets above) are not in the user.js, so why bother with the snippet one - `browser.newtabpage.activity-stream.asrouter.providers.cfr` - `browser.newtabpage.activity-stream.asrouter.providers.onboarding` also these aren't in the user.js - `browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa` - `browser.newtabpage.activity-stream.asrouter.providers.message-groups` - `browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments` - `browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel` There are no privacy concerns here. At the end of the day, what Firefox connects to and sends is E2EE and only used locally in non-web content: and you have other prefs and a UI to disable them from being displayed --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index fe86fc2..1b0be69 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 02-Nov-2020 + Last updated: 30-Dec-2020 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -230,6 +230,7 @@ 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', /* 84-beta */ + 'browser.newtabpage.activity-stream.asrouter.providers.snippets', 'layout.css.visited_links_enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From da58f84fa6f2f978c8623e204ecdfb5a3a2bb9ed Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 30 Dec 2020 15:06:49 +0000 Subject: [PATCH 1520/1961] Update troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 4c54f8f..2fcf2fa 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -176,9 +176,9 @@ if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n"); if (aDbg.length == aALL.length) { - let msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n"; - msg += "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n"; - msg += "In case it's the latter, the script can add a dummy pref and you can try again - Try again?"; + const msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n" + + "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n" + + "In case it's the latter, the script can add a dummy pref and you can try again - Try again?"; if (confirm(msg)) return _main([...aALL, oFILLER]); } else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) { return _main(aDbg.reverse()); @@ -194,14 +194,18 @@ const aBAK = getMyList(aPREFS); //console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); + + const sMsg = "all detected prefs reset.\n\n" + + "!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" + + "IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" + + "Click OK if your problem is fixed."; focus(); myreset(aBAK); - if (!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { + if (!confirm(sMsg)) { reapply(aBAK); return; } - _main(aBAK); })(); From c570e4fdbd68a1cdbb3fef5d946498b5e585345f Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 30 Dec 2020 15:12:07 +0000 Subject: [PATCH 1521/1961] Update troubleshooter.js --- scratchpad-scripts/troubleshooter.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index 2fcf2fa..be64708 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -161,8 +161,8 @@ reapply(aALL); myreset(aTmp.slice(0, _h(aTmp))); while (aTmp.length) { - alert("NOW TEST AGAIN !"); - if (confirm("if the problem still exists click OK, otherwise click cancel.")) { + alert('NOW TEST AGAIN !'); + if (confirm('if the problem still exists click OK, otherwise click Cancel.')) { aTmp = aTmp.slice(_h(aTmp)); } else { aTmp = aTmp.slice(0, _h(aTmp)); @@ -185,7 +185,7 @@ } alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); - console.log("The problem is caused by 2 or more of these prefs:"); + console.log('The problem is caused by 2 or more of these prefs:'); for (const oPref of aDbg) console.log(oPref.name); } From 27dd6aa62d1d73e9cdb0b751a7d4d4acdb893b75 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Jan 2021 13:13:52 +0000 Subject: [PATCH 1522/1961] 84 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 853df49..8d3ed2c 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 22 Nov 2020 -* version 84-alpha +* date: 05 Jan 2021 +* version 84 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 11977e701730ba6a352d1d0bb7fe6f724688162e Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 17 Jan 2021 15:27:50 +0000 Subject: [PATCH 1523/1961] v2.4 - add strlen check for prefs.js cmd.exe has a command line length limit of 8192 characters. Abort if prefs.js contains strings that would get dropped while recreating the new prefs.js. --- prefsCleaner.bat | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index f82658a..616ec28 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.3 +REM ## version: 2.4 CD /D "%~dp0" @@ -13,7 +13,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.3 #### +ECHO #### v2.4 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -28,6 +28,7 @@ IF ERRORLEVEL 3 (EXIT /B) IF ERRORLEVEL 2 (GOTO :showhelp) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) +CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." SET "_time=%time: =0%" @@ -50,6 +51,21 @@ ECHO: ECHO: %~1 ECHO: GOTO :EOF +REM ### string length Check Function #### +:strlenCheck +SET /a cnt=0 +setlocal ENABLEDELAYEDEXPANSION +FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO ( + ECHO:%%H >nul + SET /a cnt += 1 + IF /I "%%G" NEQ "!cnt!" ( + ECHO: + CALL :message "ERROR: line !cnt! in prefs.js is too long." + (CALL :abort "Aborting ..." 30) + ) +) +endlocal +GOTO :EOF REM ####### Firefox Check Function ###### :FFcheck TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL From 1f098f2eaf7b68387dfd666942f856c1176e0ca7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Jan 2021 23:04:37 +0000 Subject: [PATCH 1524/1961] start 85-alpha, also fix #1090 --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 8d3ed2c..255e3b8 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 05 Jan 2021 -* version 84 +* date: 17 Jan 2021 +* version 85-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1191,6 +1191,9 @@ user_pref("permissions.delegation.enabled", false); * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ user_pref("privacy.window.name.update.enabled", true); +/* 2625: disable bypassing 3rd party extension install prompts [FF82+] + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ +user_pref("extensions.postDownloadThirdPartyPrompt", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From ae6c76fe546a1e21601b99cf51f89108cb57a741 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Jan 2021 17:07:39 +0000 Subject: [PATCH 1525/1961] v4.13 - fix TLS issue with PowerShell --- updater.bat | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/updater.bat b/updater.bat index 7783860..2597ac1 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.12 +REM ## version: 4.13 REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts -SET v=4.12 +SET v=4.13 VERIFY ON CD /D "%~dp0" @@ -51,9 +51,7 @@ IF DEFINED _updateb ( CALL :message "Updating script..." REM Uncomment the next line and comment out the PowerShell call for testing. REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul - ( - PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat', '[updated]!_myname!.bat')" - ) >nul 2>&1 + CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat "[updated]!_myname!.bat" IF EXIST "[updated]!_myname!.bat" ( START /min CMD /C "[updated]!_myname!.bat" !_myparams! ) ELSE ( @@ -132,9 +130,7 @@ IF DEFINED _log ( ) IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." -( - PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/user.js', 'user.js.new')" -) >nul 2>&1 +CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new" IF EXIST user.js.new ( IF DEFINED _rfpalts ( CALL :message "Activating RFP Alternatives section..." @@ -218,6 +214,13 @@ IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF +::::::::::::: Download ::::::::::::: +:psdownload +( + PowerShell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object Net.WebClient).DownloadFile('%~1', '%~2')" +) >nul 2>&1 +GOTO :EOF + ::::::::::::::: Activate Section ::::::::::::::: :activate :: arg1 = file From 0cbd8a13a313b5f1e489532f34f6e52dba8757a3 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 19 Jan 2021 17:17:03 +0000 Subject: [PATCH 1526/1961] Update updater.bat --- updater.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updater.bat b/updater.bat index 2597ac1..43b516d 100644 --- a/updater.bat +++ b/updater.bat @@ -214,7 +214,7 @@ IF NOT "2"=="%_log%" (ECHO:) ENDLOCAL GOTO :EOF -::::::::::::: Download ::::::::::::: +::::::::::::::: Download ::::::::::::::: :psdownload ( PowerShell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object Net.WebClient).DownloadFile('%~1', '%~2')" From 480933484fbce3bf4e9147e5429eefbb646c91f6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 21 Jan 2021 11:17:16 +0000 Subject: [PATCH 1527/1961] 2624: windows.name default FF86+ https://bugzilla.mozilla.org/1685089 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 255e3b8..a0be1a8 100644 --- a/user.js +++ b/user.js @@ -1190,7 +1190,7 @@ user_pref("permissions.delegation.enabled", false); /* 2624: enable "window.name" protection [FF82+] * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ -user_pref("privacy.window.name.update.enabled", true); +user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); From c974b3252dc4bc67104382058280c5d455f9f87e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 22 Jan 2021 12:10:15 +0000 Subject: [PATCH 1528/1961] move [STATS] from 1270 to 1201, #1094 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index a0be1a8..7a78bb2 100644 --- a/user.js +++ b/user.js @@ -629,9 +629,11 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * if it disables renegotiations but the problem is that the browser can't know that. * Setting this pref to true is the only way for the browser to ensure there will be * no unsafe renegotiations on the channel between the browser and the server. + * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://tools.ietf.org/html/rfc5746 - * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/ + * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 + * [4] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 @@ -766,10 +768,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) * Bug: warning padlock not indicated for subresources on a secure page! [2] - * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [3] * [1] https://wiki.mozilla.org/Security:Renegotiation - * [2] https://bugzilla.mozilla.org/1353705 - * [3] https://www.ssllabs.com/ssl-pulse/ ***/ + * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) From 59ac1727f7be79fafca792c693292f834072d771 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 22 Jan 2021 12:15:12 +0000 Subject: [PATCH 1529/1961] v4.14 - check for TLS1.2 (#1097) --- updater.bat | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/updater.bat b/updater.bat index 43b516d..a806ca6 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.13 +REM ## version: 4.14 REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts -SET v=4.13 +SET v=4.14 VERIFY ON CD /D "%~dp0" @@ -28,6 +28,15 @@ SHIFT GOTO parse :endparse +FOR /F %%i IN ('PowerShell -Command "[Enum]::GetNames([Net.SecurityProtocolType]) -contains 'Tls12'"') DO ( + IF "%%i" == "False" ( + CALL :message "Your PowerShell version doesn't support TLS1.2 ^!" + ECHO: Instructions to update PowerShell are on the arkenfox wiki + PAUSE + EXIT + ) +) + IF DEFINED _updateb ( REM The normal flow here goes from phase 1 to phase 2 and then phase 3. IF NOT "!_myname:~0,9!"=="[updated]" ( From 306610da8e3ba7580674e6385759f2764dad3b84 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Jan 2021 19:37:54 +0000 Subject: [PATCH 1530/1961] remove 2614, see #1100 --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index 7a78bb2..9a33ad3 100644 --- a/user.js +++ b/user.js @@ -1143,10 +1143,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2611: disable middle mouse click opening links from clipboard * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) - * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) - * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ -user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ From 2dd455ef83413468a5fcccec1d4097275fc13e94 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Jan 2021 19:39:33 +0000 Subject: [PATCH 1531/1961] network.http.redirection-limit, fixes #1100 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 1b0be69..060f76c 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 30-Dec-2020 + Last updated: 26-Jan-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -232,6 +232,8 @@ /* 84-beta */ 'browser.newtabpage.activity-stream.asrouter.providers.snippets', 'layout.css.visited_links_enabled', + /* 85-beta */ + 'network.http.redirection-limit', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 2f6b14ab6eb5189637592a9575924db58e6f73fd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Jan 2021 19:58:57 +0000 Subject: [PATCH 1532/1961] 1201: add error code, fixes #1094 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 9a33ad3..dd05a00 100644 --- a/user.js +++ b/user.js @@ -624,10 +624,10 @@ user_pref("browser.shell.shortcutFavicons", false); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /* 1201: require safe negotiation - * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially - * vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack - * if it disables renegotiations but the problem is that the browser can't know that. - * Setting this pref to true is the only way for the browser to ensure there will be + * Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2] + * as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be + * safe from the attack if it disables renegotiations but the problem is that the browser can't + * know that. Setting this pref to true is the only way for the browser to ensure there will be * no unsafe renegotiations on the channel between the browser and the server. * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation From fa78c53114c7c5e2a9b7b61e3c0a502ae6082105 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 28 Jan 2021 03:13:36 +0000 Subject: [PATCH 1533/1961] v85 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index dd05a00..7d3ee43 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 17 Jan 2021 -* version 85-alpha +* date: 28 Jan 2021 +* version 85 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From b6e8dcab81e74d8f8a8b3b074e702cc68590cdd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 30 Jan 2021 00:28:28 +0000 Subject: [PATCH 1534/1961] fixup spelling mistake --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7d3ee43..3d0e228 100644 --- a/user.js +++ b/user.js @@ -1576,7 +1576,7 @@ user_pref("ui.use_standins_for_native_colors", true); // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // FF80+ -// 4618: limit font visbility (non-ANDROID) [FF79+] +// 4618: limit font visibility (non-ANDROID) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // [NOTE] Bundled fonts are auto-allowed From 96d558dd0c375b2350fd61dfc84f21644850624c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 31 Jan 2021 07:28:05 +0000 Subject: [PATCH 1535/1961] add window.name test --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3d0e228..08e8630 100644 --- a/user.js +++ b/user.js @@ -1185,7 +1185,8 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] user_pref("permissions.delegation.enabled", false); /* 2624: enable "window.name" protection [FF82+] * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original - * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ + * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks + * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ From 21fcd0bd358f41ef35b33c8d26785605d054a780 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 1 Feb 2021 05:14:46 +0000 Subject: [PATCH 1536/1961] update xul/xhtml config info - the XUL version is also pre FF71 - the XHTML version was removed in FF87+ --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 08e8630..009636d 100644 --- a/user.js +++ b/user.js @@ -82,8 +82,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0000: disable about:config warning - * FF71-72: chrome://global/content/config.xul - * FF73+: chrome://global/content/config.xhtml ***/ + * FF72 or lower: chrome://global/content/config.xul + * FF73-86: chrome://global/content/config.xhtml ***/ user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] From fa5125123532c0f517d9f774aa00075a961568fb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 1 Feb 2021 17:17:16 +0000 Subject: [PATCH 1537/1961] remove widevine vis pref, see #1107 - It is controlled in both runtime and via user.js by the state of `media.eme.enabled`. Also, who cares about the vis of a ui option - note, there is no need to add this to the removed scratchpad list --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 009636d..3767880 100644 --- a/user.js +++ b/user.js @@ -890,7 +890,6 @@ user_pref("plugin.state.flash", 0); // user_pref("media.gmp-provider.enabled", false); /* 1825: disable widevine CDM (Content Decryption Module) * [SETUP-WEB] if you *need* CDM, e.g. Netflix, Amazon Prime, Hulu, whatever ***/ -user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.enabled", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) * [SETUP-WEB] if you *need* EME, e.g. Netflix, Amazon Prime, Hulu, whatever From 0b51e98d91851a881e248aeb68b67a485fdc1c8a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 1 Feb 2021 17:25:00 +0000 Subject: [PATCH 1538/1961] media.gmp-widevinecdm.visible, see #1107 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 060f76c..c9883b0 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 26-Jan-2021 + Last updated: 01-Feb-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -234,6 +234,8 @@ 'layout.css.visited_links_enabled', /* 85-beta */ 'network.http.redirection-limit', + /* 86-beta */ + 'media.gmp-widevinecdm.visible', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From cfaf354fe359eee6bdc219c4b75823b94f77d2c0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Feb 2021 04:09:50 +0000 Subject: [PATCH 1539/1961] oophs, better start 86-alpha --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3767880..f7ec4a1 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 28 Jan 2021 -* version 85 +* date: 01 Feb 2021 +* version 86-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From ecf99bf9e7df122f273392104ecc0f574c3252cc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 3 Feb 2021 16:45:34 +0000 Subject: [PATCH 1540/1961] 0603: add default value AFAICT: false 48-51: true 52-55.0.1/ESR52.1: false ever since --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f7ec4a1..7716dc7 100644 --- a/user.js +++ b/user.js @@ -364,7 +364,7 @@ user_pref("network.dns.disablePrefetch", true); user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); -user_pref("network.predictor.enable-prefetch", false); // [FF48+] +user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); From a35a616de7e10b6fa37bd42a134659d2054cffc5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 Feb 2021 07:19:28 +0000 Subject: [PATCH 1541/1961] highlight 1603 (cross origin referer), fixes 1108 especially since we recently hardened it: also added it to the few things highlighted in the wiki --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 7716dc7..85fe751 100644 --- a/user.js +++ b/user.js @@ -18,6 +18,7 @@ * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on close (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags + e.g. third party images/videos not loading on some sites? check 1603 * Take the wiki link in step 2 and read the Troubleshooting entry 5. Some tag info [SETUP-SECURITY] it's one item, read it From 82bb3f987de619ccd61b1577d0fbb9e80675b76c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 8 Feb 2021 07:20:06 +0000 Subject: [PATCH 1542/1961] 2604, closes #1111 --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 85fe751..424f1a9 100644 --- a/user.js +++ b/user.js @@ -1119,8 +1119,7 @@ user_pref("beacon.enabled", false); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2604: disable page thumbnail collection - * look in profile/thumbnails directory - you may want to clean that out ***/ +/* 2604: disable page thumbnail collection ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); From de74f812eeb18866698ea01d6c5fa81f9deb3391 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Feb 2021 15:00:06 +0000 Subject: [PATCH 1543/1961] 2012: webgl default FF86+ --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 424f1a9..07d3aa0 100644 --- a/user.js +++ b/user.js @@ -923,7 +923,7 @@ user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); /* 2012: limit WebGL ***/ user_pref("webgl.min_capability_mode", true); -user_pref("webgl.disable-fail-if-major-performance-caveat", true); +user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); From 6505a9fefd2bf2ba9b5f804fbb53053961d8bed7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Feb 2021 15:30:58 +0000 Subject: [PATCH 1544/1961] FF86 deprecated --- user.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 07d3aa0..a5d7b82 100644 --- a/user.js +++ b/user.js @@ -653,11 +653,6 @@ user_pref("security.tls.version.enable-deprecated", false); * [2] https://bugzilla.mozilla.org/967977 * [3] https://arxiv.org/abs/1810.07304 ***/ user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] -/* 1205: disable SSL Error Reporting - * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/ -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ @@ -1202,8 +1197,6 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); -/* 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ -user_pref("browser.download.hide_plugins_without_extensions", false); /* 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN] * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * in such a way that it is forbidden to run external applications. @@ -1653,6 +1646,16 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* ESR78.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them +// FF86 +// 1205: disable SSL Error Reporting + // [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html + // [-] https://bugzilla.mozilla.org/1681839 +user_pref("security.ssl.errorReporting.automatic", false); +user_pref("security.ssl.errorReporting.enabled", false); +user_pref("security.ssl.errorReporting.url", ""); +// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin + // [-] https://bugzilla.mozilla.org/1581678 +user_pref("browser.download.hide_plugins_without_extensions", false); // FF79 // 0212: enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will @@ -1661,14 +1664,12 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // [-] https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); -// * * * / // FF82 // 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" // i.e. ignore all of Mozilla's various search engines in multiple locales // [-] https://bugzilla.mozilla.org/1619926 user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); -// * * * / // ***/ /* END: internal custom pref to test for syntax errors ***/ From c31c825a74ca6bdf227887c069a15bc75994d1ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Feb 2021 15:50:37 +0000 Subject: [PATCH 1545/1961] 2212: popup events, fixes DDG https://bugzilla.mozilla.org/show_bug.cgi?id=1686045 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a5d7b82..1175af6 100644 --- a/user.js +++ b/user.js @@ -961,8 +961,8 @@ user_pref("browser.link.open_newwindow.restriction", 0); * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); /* 2212: limit events that can cause a popup [SETUP-WEB] - * default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" ***/ -user_pref("dom.popup_allowed_events", "click dblclick"); + * default FF86+: "change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu ***/ +user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2300]: WEB WORKERS A worker is a JS "background task" running in a global context, i.e. it is different from From d905b4387def4b3da55c9edbd893602c922d729d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 21 Feb 2021 20:52:20 +0000 Subject: [PATCH 1546/1961] deprecated: put FF86 items in the right place --- user.js | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 1175af6..056232a 100644 --- a/user.js +++ b/user.js @@ -1646,16 +1646,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* ESR78.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them -// FF86 -// 1205: disable SSL Error Reporting - // [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html - // [-] https://bugzilla.mozilla.org/1681839 -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); -// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin - // [-] https://bugzilla.mozilla.org/1581678 -user_pref("browser.download.hide_plugins_without_extensions", false); // FF79 // 0212: enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will @@ -1670,6 +1660,16 @@ user_pref("intl.charset.fallback.override", "windows-1252"); // [-] https://bugzilla.mozilla.org/1619926 user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); +// FF86 +// 1205: disable SSL Error Reporting + // [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html + // [-] https://bugzilla.mozilla.org/1681839 +user_pref("security.ssl.errorReporting.automatic", false); +user_pref("security.ssl.errorReporting.enabled", false); +user_pref("security.ssl.errorReporting.url", ""); +// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin + // [-] https://bugzilla.mozilla.org/1581678 +user_pref("browser.download.hide_plugins_without_extensions", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 7c978d4e70af121d30d62f632a63162f02fb13e0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Feb 2021 20:05:25 +0000 Subject: [PATCH 1547/1961] 0708: FTP default FF88+ https://bugzilla.mozilla.org/show_bug.cgi?id=1691890 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 056232a..723dba6 100644 --- a/user.js +++ b/user.js @@ -415,7 +415,7 @@ user_pref("network.http.altsvc.oe", false); * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); /* 0708: disable FTP [FF60+] ***/ - // user_pref("network.ftp.enabled", false); + // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ From e54ae465370556713f616d0e3d11abca98385ffc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Feb 2021 15:11:59 +0000 Subject: [PATCH 1548/1961] 1204: ssl session ids inactive, closes #1110 --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 723dba6..2767b32 100644 --- a/user.js +++ b/user.js @@ -645,14 +645,15 @@ user_pref("security.ssl.require_safe_negotiation", true); /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ user_pref("security.tls.version.enable-deprecated", false); /* 1204: disable SSL session tracking [FF36+] - * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking - * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the - * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, - * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. + * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) + * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001) + * and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state) + * [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing + * tracking via this method does not address IPs, nor handle any sanitizing of current identifiers * [1] https://tools.ietf.org/html/rfc5077 * [2] https://bugzilla.mozilla.org/967977 * [3] https://arxiv.org/abs/1810.07304 ***/ -user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] + // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ From cb5cdca99dc3956cfdbf403bc97d37852b8b09c9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Feb 2021 22:10:29 +0000 Subject: [PATCH 1549/1961] update adding site exceptions - https://bugzilla.mozilla.org/show_bug.cgi?id=1692553 - also HoM is not Page Info --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 2767b32..633ecae 100644 --- a/user.js +++ b/user.js @@ -149,7 +149,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease /* 0202: set a default permission for Location (see 0201) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API - * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); /* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+] @@ -726,7 +726,7 @@ user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored - * [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily + * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On/Off/Off temporarily * [SETTING] Privacy & Security>HTTPS-Only Mode * [TEST] http://example.com [upgrade] * [TEST] http://neverssl.org/ [no upgrade] @@ -926,7 +926,7 @@ user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); /* 2024: set a default permission for Camera/Microphone [FF58+] * 0=always ask (default), 1=allow, 2=block - * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); @@ -1008,7 +1008,7 @@ user_pref("dom.push.enabled", false); /* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API - * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); @@ -1099,7 +1099,7 @@ user_pref("dom.webaudio.enabled", false); // user_pref("dom.vr.enabled", false); /* 2521: set a default permission for Virtual Reality (see 2520) [FF73+] * 0=always ask (default), 1=allow, 2=block - * [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ // user_pref("permissions.default.xr", 0); @@ -1140,7 +1140,7 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] user_pref("middlemouse.contentLoadURL", false); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block - * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); /* 2616: remove special permissions for certain mozilla domains [FF35+] * [1] resource://app/defaults/permissions ***/ From 911206eed57d4e389d6ff6df792136c79cc33cc1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 Feb 2021 01:22:08 +0000 Subject: [PATCH 1550/1961] 5000s: disable ctrl-q quit shortcut FF87+ https://bugzilla.mozilla.org/show_bug.cgi?id=52821 .. 21 years, old enough to drink and vote --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 633ecae..914889b 100644 --- a/user.js +++ b/user.js @@ -1619,6 +1619,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line /* UX BEHAVIOR ***/ // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing + // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] From 4596d721e6479aa2341554dc9e21cd999cd704a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 26 Feb 2021 11:39:52 +0000 Subject: [PATCH 1551/1961] 2012: make webgl.min_capability_mode inactive - This is too minimal to be of any use, breaks too much (e.g. zoom video) - Tor browser stopped flipping this (I *think*) about 5 years ago: it certainly hasn't been used in ESR60+ based TB builds, I checked - we already disable webgl, so making this inactive removes yet another pref users need to flip/troubleshoot - I will leave it in the user js for a few releases so prefsCleaner will pick it up --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 914889b..b7f0413 100644 --- a/user.js +++ b/user.js @@ -918,7 +918,7 @@ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70 user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); /* 2012: limit WebGL ***/ -user_pref("webgl.min_capability_mode", true); + // user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); From 612cfbf3134d8685a1448d9dc2500dd8b91feb6e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Feb 2021 21:18:17 +0000 Subject: [PATCH 1552/1961] 0805: re-add visited links It can still be used to mitigate social engineering attacks (e.g. using visibility and user clicks), and advanced/targeted scripts --- user.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/user.js b/user.js index b7f0413..eec7d00 100644 --- a/user.js +++ b/user.js @@ -456,6 +456,17 @@ user_pref("keyword.enabled", false); user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); +/* 0805: disable coloring of visited links - CSS history leak + * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive + * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing + * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] + * and advanced targeted timing attacks could still produce usable results + * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector + * [2] https://dbaron.org/mozilla/visited-privacy + * [3] https://bugzilla.mozilla.org/1632765 + * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) + * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ + // user_pref("layout.css.visited_links_enabled", false); /* 0807: disable live search suggestions /* [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine From 65fb24ff1b97ef2045aec354269934e11f274830 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Feb 2021 21:20:00 +0000 Subject: [PATCH 1553/1961] layout.css.visited_links_enabled added back to the user.js in https://github.com/arkenfox/user.js/commit/612cfbf3134d8685a1448d9dc2500dd8b91feb6e --- scratchpad-scripts/arkenfox-clear-removed.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index c9883b0..9a89288 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 01-Feb-2021 + Last updated: 27-Feb-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -231,7 +231,6 @@ 'security.ssl3.dhe_rsa_aes_256_sha', /* 84-beta */ 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - 'layout.css.visited_links_enabled', /* 85-beta */ 'network.http.redirection-limit', /* 86-beta */ From 7163efdd1eed4c517d9ec475cbd8bfdfde114b74 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Feb 2021 15:57:27 +0000 Subject: [PATCH 1554/1961] 1825: inactive: it is redundant, fixes #1107 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index eec7d00..75914a2 100644 --- a/user.js +++ b/user.js @@ -897,10 +897,10 @@ user_pref("plugin.state.flash", 0); * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); /* 1825: disable widevine CDM (Content Decryption Module) - * [SETUP-WEB] if you *need* CDM, e.g. Netflix, Amazon Prime, Hulu, whatever ***/ -user_pref("media.gmp-widevinecdm.enabled", false); + * [NOTE] This is covered by the EME master switch (1830) **/ + // user_pref("media.gmp-widevinecdm.enabled", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) - * [SETUP-WEB] if you *need* EME, e.g. Netflix, Amazon Prime, Hulu, whatever + * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); From 5f9bb59b9524d97dfe9f9fa2611667e292aee1d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Feb 2021 20:49:57 +0000 Subject: [PATCH 1555/1961] 86 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 75914a2..5f53b37 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 01 Feb 2021 -* version 86-alpha +* date: 28 Feb 2021 +* version 86 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 03ffb901864a57bd9273e1f8cf26bb95522cb8f8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Mar 2021 20:02:41 +0000 Subject: [PATCH 1556/1961] start 87-alpha, also fixes #1129 make all inactive permissions.default = same, blocked --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 5f53b37..5298948 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 28 Feb 2021 -* version 86 +* date: 02 March 2021 +* version 87-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1112,7 +1112,7 @@ user_pref("dom.webaudio.enabled", false); * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ - // user_pref("permissions.default.xr", 0); + // user_pref("permissions.default.xr", 2); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From 844f3ce9c81f12ea1d6b2994f440916ec4bdb4b0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 5 Mar 2021 10:15:26 +0000 Subject: [PATCH 1557/1961] tidy --- scratchpad-scripts/arkenfox-clear-removed.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 9a89288..20e7305 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 27-Feb-2021 + Last updated: 04-Mar-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -9,7 +9,7 @@ (function() { let ops = [ - /* removed in arkenfox user.js v52-57 */ + /* removed in arkenfox user.js */ /* 52-alpha */ 'browser.search.reset.enabled', 'browser.search.reset.whitelist', @@ -26,7 +26,6 @@ 'extensions.pocket.api', // covered by extensions.pocket.enabled 'extensions.pocket.oAuthConsumerKey', // ditto 'extensions.pocket.site', // ditto - /* 56-alpha: none */ /* 57-alpha */ 'geo.wifi.xhr.timeout', // covered by geo.enabled 'browser.search.geoip.timeout', // ditto From 3430507ae4062761cddf018397364710375c4ae2 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 7 Mar 2021 13:29:33 +0000 Subject: [PATCH 1558/1961] v3.0 - improve readIniFile() (#1128) - grep -c equals grep | wc -l - make output prettier - work with variable instead of temporary file + a few minor changes/cleanup --- updater.sh | 51 +++++++++++++++++++++------------------------------ 1 file changed, 21 insertions(+), 30 deletions(-) diff --git a/updater.sh b/updater.sh index 5f37ebc..e265445 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 2.9 +## version: 3.0 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -103,7 +103,6 @@ Optional Arguments: # File Handling # ######################### -# Download files download_file () { # expects URL as argument ($1) declare -r tf=$(mktemp) @@ -122,36 +121,33 @@ open_file () { # expects one argument: file_path readIniFile () { # expects one argument: absolute path of profiles.ini declare -r inifile="$1" - declare -r tfile=$(mktemp) - if [ $(grep '^\[Profile' "$inifile" | wc -l) == "1" ]; then ### only 1 profile found - grep '^\[Profile' -A 4 "$inifile" | grep -v '^\[Profile' > $tfile + # tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile + if [ $(grep -c '^\[Profile' "${inifile}") -eq "1" ]; then ### only 1 profile found + tempIni="$(grep '^\[Profile' -A 4 "${inifile}")" else - grep -E -v '^\[General\]|^StartWithLastProfile=|^IsRelative=' "$inifile" - echo '' + echo -e "Profiles found:\n––––––––––––––––––––––––––––––" + ## cmd-substitution to strip trailing newlines and in quotes to keep internal ones: + echo "$(grep --color=never -E 'Default=[^1]|\[Profile[0-9]*\]|Name=|Path=|^$' "${inifile}")" + echo '––––––––––––––––––––––––––––––' read -p 'Select the profile number ( 0 for Profile0, 1 for Profile1, etc ) : ' -r echo -e "\n" if [[ $REPLY =~ ^(0|[1-9][0-9]*)$ ]]; then - grep '^\[Profile'${REPLY} -A 4 "$inifile" | grep -v '^\[Profile'${REPLY} > $tfile - if [[ "$?" != "0" ]]; then - echo "Profile${REPLY} does not exist!" && exit 1 - fi + tempIni="$(grep "^\[Profile${REPLY}" -A 4 "${inifile}")" || { + echo -e "${RED}Profile${REPLY} does not exist!${NC}" && exit 1 + } else - echo "Invalid selection!" && exit 1 + echo -e "${RED}Invalid selection!${NC}" && exit 1 fi fi - declare -r profpath=$(grep '^Path=' $tfile) - declare -r pathisrel=$(grep '^IsRelative=' $tfile) + # extracting 0 or 1 from the "IsRelative=" line + declare -r pathisrel=$(sed -n 's/^IsRelative=\([01]\)$/\1/p' <<< "${tempIni}") - rm "$tfile" - - # update global variable - if [[ ${pathisrel#*=} == "1" ]]; then - PROFILE_PATH="$(dirname "$inifile")/${profpath#*=}" - else - PROFILE_PATH="${profpath#*=}" - fi + # extracting only the path itself, excluding "Path=" + PROFILE_PATH=$(sed -n 's/^Path=\(.*\)$/\1/p' <<< "${tempIni}") + # update global variable if path is relative + [[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}" } getProfilePath () { @@ -161,16 +157,14 @@ getProfilePath () { if [ "$PROFILE_PATH" = false ]; then PROFILE_PATH="$SCRIPT_DIR" elif [ "$PROFILE_PATH" = 'list' ]; then - local ini='' if [[ -f "$f1" ]]; then - ini="$f1" + readIniFile "$f1" # updates PROFILE_PATH or exits on error elif [[ -f "$f2" ]]; then - ini="$f2" + readIniFile "$f2" else echo -e "${RED}Error: Sorry, -l is not supported for your OS${NC}" exit 1 fi - readIniFile "$ini" # updates PROFILE_PATH or exits on error #else # PROFILE_PATH already set by user with -p fi @@ -191,9 +185,7 @@ get_updater_version () { # -d: New version will not be looked for and update will not occur # -u: Check for update, if available, execute without asking update_updater () { - if [ $UPDATE = 'no' ]; then - return 0 # User signified not to check for updates - fi + [ $UPDATE = 'no' ] && return 0 # User signified not to check for updates declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed @@ -214,7 +206,6 @@ update_updater () { exit 0 } - ######################### # Update user.js # ######################### From 692ed70ea9f1eddc1a72725df25197a4847110d7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 8 Mar 2021 01:49:21 +0000 Subject: [PATCH 1559/1961] remove maintenance of this comment --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5298948..eee08bd 100644 --- a/user.js +++ b/user.js @@ -38,7 +38,7 @@ - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - 1401: document fonts is inactive as it is now covered by RFP in FF80+ - - 4600: some prefs may apply even if you use RFP (currently none apply as of FF84) + - 4600: some prefs may apply even if you use RFP - 9999: switch the appropriate deprecated section(s) back on * INDEX: From 9138e342fdccfed95c899ac795f8e7a0c6f20b55 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 10 Mar 2021 00:06:30 +0000 Subject: [PATCH 1560/1961] misc (#1136) - 0000: remove old XUL info, dropped in FF73+ - 0201: save 3 chars - 0350: add default status for unsubmittedCheck - 0351: change to enforce: has been default false going back to at least FF60, including current Beta/Dev/Nightly - along with 0602 `network.dns.disablePrefetchFromHTTPS` and 0603 `network.predictor.enable-prefetch`, I considered making them inactive, but decided it was good to leave them active for non-stable users just in case they get flipped - 0515: add default status - 0850c: remove info: out of date: doesn't work lilke that anymore and can't be assed figuring it out what with megabar and urlbar2 changes - 0871: make inactive: default false since at least FF60 - no need to enforce for non-stable in case it is flipped. It's a pretty minor shoulder-surfer privacy issue and the previews are small. If you're not sure what this pref does. On false you get one tab shown, on true you get as many as can fit across your screen. I squeezed in 15, and after that it became a list - fixup `***/` - shave off six lines and almost 400 bytes for you bastards --- user.js | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/user.js b/user.js index eee08bd..2eee2e0 100644 --- a/user.js +++ b/user.js @@ -83,9 +83,8 @@ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); /* 0000: disable about:config warning - * FF72 or lower: chrome://global/content/config.xul * FF73-86: chrome://global/content/config.xhtml ***/ -user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version +user_pref("general.warnOnAboutConfig", false); // XHTML version user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] /*** [SECTION 0100]: STARTUP ***/ @@ -143,7 +142,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /** GEOLOCATION ***/ /* 0201: disable Location-Aware Browsing - * [NOTE] Best left at default "true", fingerprintable, is already behind a prompt (see 0202) + * [NOTE] Best left at default "true", fingerprintable, already behind a prompt (see 0202) * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); /* 0202: set a default permission for Location (see 0201) [FF58+] @@ -251,10 +250,10 @@ user_pref("browser.discovery.enabled", false); /* 0350: disable Crash Reports ***/ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] -/* 0351: disable backlogged Crash Reports +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false except Nightly] +/* 0351: enforce no submission of backlogged Crash Reports [FF58+] * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+] +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] /* 0390: disable Captive Portal detection * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ @@ -352,7 +351,7 @@ user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0518: disable Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ -user_pref("extensions.webcompat-reporter.enabled", false); +user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false in stable] /*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); @@ -492,12 +491,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ // user_pref("browser.urlbar.suggest.engines", false); /* 0850c: disable location bar dropdown - * This value controls the total number of entries to appear in the location bar dropdown - * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always - * be displayed (no we do not know how these are calculated or what the threshold is), - * and this does not affect the search by search engine suggestion (see 0807) - * [NOTE] This setting is only useful if you want to enable search engine keywords - * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/ + * This value controls the total number of entries to appear in the location bar dropdown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ @@ -519,7 +513,7 @@ user_pref("browser.taskbar.lists.frequent.enabled", false); user_pref("browser.taskbar.lists.recent.enabled", false); user_pref("browser.taskbar.lists.tasks.enabled", false); /* 0871: disable Windows taskbar preview [WINDOWS] ***/ -user_pref("browser.taskbar.previews.enable", false); + // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] /*** [SECTION 0900]: PASSWORDS ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); @@ -653,7 +647,7 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); -/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ +/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ user_pref("security.tls.version.enable-deprecated", false); /* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) @@ -897,7 +891,7 @@ user_pref("plugin.state.flash", 0); * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); /* 1825: disable widevine CDM (Content Decryption Module) - * [NOTE] This is covered by the EME master switch (1830) **/ + * [NOTE] This is covered by the EME master switch (1830) ***/ // user_pref("media.gmp-widevinecdm.enabled", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV @@ -1033,7 +1027,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one * is default false) then enabling this pref can leak clipboard content [1] - * [1] https://bugzilla.mozilla.org/1528289 */ + * [1] https://bugzilla.mozilla.org/1528289 ***/ // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard @@ -1187,7 +1181,7 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * Currently applies to cross-origin geolocation, camera, mic and screen-sharing * permissions, and fullscreen requests. Disabling delegation means any prompts * for these will show/use their correct 3rd party origin - * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ + * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ user_pref("permissions.delegation.enabled", false); /* 2624: enable "window.name" protection [FF82+] * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original From 95645f59a39d6a6f3b2b824b6a1c0b2f4eb22be6 Mon Sep 17 00:00:00 2001 From: earthlng Date: Thu, 11 Mar 2021 14:06:38 +0000 Subject: [PATCH 1561/1961] Add files via upload --- wikipiki/parseError.png | Bin 0 -> 3467 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/parseError.png diff --git a/wikipiki/parseError.png b/wikipiki/parseError.png new file mode 100644 index 0000000000000000000000000000000000000000..8f8a42005986f13d2726cff807e732d4f4427dc0 GIT binary patch literal 3467 zcmZu!cQhN&9uC#gC_z)ZvCA`BB~@CR6tzc-PP3uJUNIV*QdNRjMbW0iD7B@viy~&V zh}ndO8i`#b4{x0F&Ut^_@!fOB@BGI1o%__xM2`)~4+H=JYzF$e761U_(fl$C<6#et z;D#Lz489h6+JG{=Ao&n5!L^LF0Dy{Q)_wbvhxoLYzO63+z}|M$7&<-QIvw65Y@n-U z74%^FWuJ#&J!kj8+> z)KYi(FUkIZ?fj$*ar7Os-9jgww)wDWe{E-BbvuuS+$WkA9q1LEzBiq`O{eaVr)j(E z_$JiuUNW8UV54cWyCsOuQKnXxr`q`X$LI2dLaBt-0cwF%LLrL_(hLkUXR1;?1X7H5 zAi)cN|BhFKNn1rr$SY*AONT3ZwP+vAz$Px+1zDHARu#5OC9N;?3k&he1K(hl+EmZ1 z((Sn8^6yBFNB~uR1OlNM(>^=<>T}-!b>O-xqHZ~( zQ+h`p)V8OQ+0k;Q+VOs2ytXshimJe$Q~+^DAU=ofaZ5+Yfd=Yuxae`f^71m`#}!zQ z&gxp#Y)y~K`SP&Z`EtrT^p;k4-0GtU8!`MbwfLci6OXF@jVWGpk zl7+J^G+oT`ddby2D+Q-F+?dWgh%i}YmLpqbeRk()2mT?;I9l4xfQP8wzd;59LJwD` zP_)KI28o}v17x8%LAx!xd1?1`*f>774KAFce>EM~EE!qKA)1quGutMr^B=p&OD?~_ zVd4B7_?N?= ziEb0Mi&>GT<$=VV{yv|ll#>Vk^1)mIq9K0?TZIrB~;p0FUg&twzJFHF06UCeqH zzXCJ*^704R3UP1{vTBz-X9*zQrVefAey6+0%%q_;8NzI!NlpPRemfV=zBF)=cY0O( zpj6Qjf;5eH9oG;t)Jd^F3e{7ufU_TY*CH=>y1J?J&nUKrWmly!yPLXIKn2I=(W0U4 zy4{J9uHzCj4i^|bFd^#KI{{~vnmeOZA#JJG{ z&mY?ArCB1HUvN(#oR_0d>13EeG$B*ckRytiU#R-*8>BlPne|>(6TaPCM0yn%G_Kh?v-hbg zq$5C`fCGK=YY!PKu(Ujq3ph$^(f+O#P z?iS(h)anA;iq^kOF&XR+SCs;dGLui9tx0BO>}B`pV_Me}O~>84e;tFeR~_-+MvrB0~C8Fb;7K>XKPC-En?7xNeH-Q zeF4C~W>8UIe|mXHqow%R1zrX=k%umR zo)I@S>w0%o<2UGr^)lVc?!WuaE^?iO)E}$O$uHu7K+7Xe{~chl!qt#xjaH`?lC;dh zFwXxggxj>8U+4$H=Qa z)}U5Au(NHHuU{$5fno|D9&yUUX_VO{>(Ti*Yk}!f7;~?jUnb6%F(T&ga5Uxp{Lo@b zr!8Of$|N`(w&_Lbw$+@vyEP-|1To>PU{}Wl|0Mew<~K4wQETp%B#yLeWIlr!}@f))uwLbg;}RE*Ufr#=$S&8 zAx$0OeE}w%$3#qgy?0#NQ*+ghxr+2{tx9m~GV!OsZ`hQv()0fNT0Z4lnNN*C(%8GL z6W_QpgAQhO+28x9MfRUzd1f7gnAtcb0Q(44|lo8(CbLdXn zEfuYg9oE`?!6ULeZC!g_eR484@pgJv5xv)@#%GnC!N5U|g>xCq?3e(wyfnUb`Q}%~ z^*n8S^uWBWQaII1rVQQ^9Q#&<@=?ygCquJ?{SdVMt z@&$P_*9E`INzy9`JQ-K4+@mhZQp4!Hbng=fJa#~DgiujfY_1<@l@;d^)Wx10D=%HA z6>q}7^Y&+p+q~D31Jt5V7>#a_BjI7-}HRCUN0w zmqGoOLEn(r76Y*7By=w+yQHhP!Lu0 zglk62mA-&?&;uZw_r-R}t0T*w>=MhFL>$<>A3;f?7=4+WYuFrz_L)()UxPD6`uX}7 zoQk?+se&+WOknJ)rqM@P0Zo)Ms(aK|ysx*dEWR((IcBEk#Et0~i=QShPV=~=7R#zR z2#G&_qjR&z`lClq=s@Tkhn?hwLs;HJJgjaj3&H;CDu@Wc9&r|an;G3TBH5<- z2j`wx*t=0$L4sl($#*1Z(Ntku)08WUphi(8$Bc8@QXut%VtcBS1(yP+xITYaJt$Sm zkFUen*{PMfDQWKS4cMfHdvqm=y(}P~IANJz1k*~c`%}>57YqELl*Rf*DkYVBTsUyg zEIULYVVDc9q8=%yV{mZ{$OSe32%%&>Ff=XyWXXe?+iHYs`R|~tzbv%i#7QUWO6XkYsk?7qJdi; zL+DDWUF2h#*&LA!=4X%Yq4s<5`by6qrqsF?S~og-VvGta&YEZxxn;mWHA&Z;-U1b^XG?$wC3L$6QgU73JB* zcDOwflk($zRp3k|d!0dwqE=;I%ayzKQ%y35RdiQA8!i}vDIhUKagA;`cxT)1Qcw8t zZCo8bV^i72dy`iIFM}RVx2qo Date: Sun, 14 Mar 2021 11:21:13 +0000 Subject: [PATCH 1562/1961] tweak defaults (#1140) - don't differentiate between channels - both can be made inactive - webcompat requires user action: and I don't see this as a bad thing to have in non-stable - unsubmitted crashReports on Nightly is probably already covered by killing the URL, so no big deal --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2eee2e0..05ab9cd 100644 --- a/user.js +++ b/user.js @@ -250,7 +250,7 @@ user_pref("browser.discovery.enabled", false); /* 0350: disable Crash Reports ***/ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] -user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false except Nightly] + // user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false] /* 0351: enforce no submission of backlogged Crash Reports [FF58+] * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] @@ -351,7 +351,7 @@ user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0518: disable Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ -user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false in stable] + // user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 3a24c01f030ef6b83c75b1a31ad4f030dbc66179 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Mar 2021 14:01:16 +0000 Subject: [PATCH 1563/1961] 0518: enforce no Web Compat Reporter only stable is false, at the time of writing. but enforcing this for all channels is good, so no-one ends up wasting mozilla resources reporting a compat problem when they've got 200 odd prefs flipped --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 05ab9cd..019a73c 100644 --- a/user.js +++ b/user.js @@ -349,9 +349,9 @@ user_pref("extensions.formautofill.available", "off"); // [FF56+] user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -/* 0518: disable Web Compatibility Reporter [FF56+] +/* 0518: enforce disabling of Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ - // user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] +user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); From 3b6cd93749f3885b5cbbc54013e7342b6ce995ac Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Mar 2021 07:32:19 +0000 Subject: [PATCH 1564/1961] 1606: default Referrer Policy default --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 019a73c..00b6ab3 100644 --- a/user.js +++ b/user.js @@ -847,8 +847,9 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy * [1] https://www.w3.org/TR/referrer-policy/ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy - * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/ - // user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] + * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ + * [4] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ ***/ + // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] * [NOTE] Firefox cannot access .onion sites by default. We recommend you use From b592e0e592bb80141b0b4f880dc3b0069e21301c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Mar 2021 07:49:14 +0000 Subject: [PATCH 1565/1961] 87 deprecated It is simpler to leave the PointerEvent pref where it is, until ESR78 is EOL - FF87+ users who use RFP Alts simply add a dead pref, no harm - This way ESR78 users don't have to worry about extra char flipping: it's the same as before: 1 flip for ESR, 1 flip for RFP Alts --- user.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 00b6ab3..4729016 100644 --- a/user.js +++ b/user.js @@ -121,8 +121,6 @@ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] -/* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/ - // user_pref("browser.library.activity-stream.enabled", false); /* 0105e: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); @@ -1562,8 +1560,9 @@ user_pref("webgl.enable-debug-renderer-info", false); // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // FF64+ -// 4615: [2516] disable PointerEvents +// 4615: [2516] disable PointerEvents [FF86 or lower] // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent + // [-] https://bugzilla.mozilla.org/1688105 user_pref("dom.w3c_pointer_events.enabled", false); // * * * / // FF67+ @@ -1678,6 +1677,10 @@ user_pref("security.ssl.errorReporting.url", ""); // 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin // [-] https://bugzilla.mozilla.org/1581678 user_pref("browser.download.hide_plugins_without_extensions", false); +// FF87 +// 0105d: disable Activity Stream recent Highlights in the Library [FF57+] + // [-] https://bugzilla.mozilla.org/1689405 + // user_pref("browser.library.activity-stream.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From b1927f9de1e7a2559f0e83c484d5cb243a4d5722 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 27 Mar 2021 18:42:52 +0000 Subject: [PATCH 1566/1961] 1607 make inactive Useless, since Firefox doesn't use Tor (and which we don't recommend). It was added for the info factor. --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4729016..f3b34f2 100644 --- a/user.js +++ b/user.js @@ -853,7 +853,7 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); * [NOTE] Firefox cannot access .onion sites by default. We recommend you use * the Tor Browser which is specifically designed for hidden services * [1] https://bugzilla.mozilla.org/1305144 ***/ -user_pref("network.http.referer.hideOnionSource", true); + // user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ From 46ccd9f6547bac30f57840e95a453b434051ef12 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Apr 2021 14:20:39 +0000 Subject: [PATCH 1567/1961] cleanup 0600s three prefs are default since at least 78, and one pref is redundant for a pref that has been at our default since it was added --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index f3b34f2..49a3267 100644 --- a/user.js +++ b/user.js @@ -359,17 +359,16 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] + // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); -user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] + // user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] /* 0605: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); /* 0606: enforce no "Hyperlink Auditing" (click tracking) * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ -user_pref("browser.send_pings", false); // [DEFAULT: false] -user_pref("browser.send_pings.require_same_host", true); // defense-in-depth + // user_pref("browser.send_pings", false); // [DEFAULT: false] /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); From 87cd828b5b30d78e6ed7cfc660a012267cbf7ef3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 3 Apr 2021 14:25:46 +0000 Subject: [PATCH 1568/1961] browser.send_pings.require_same_host redundant/defense-in-depth pref for `browser.send_pings` which is still at default false after six years of watching it (false is what we want) --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 20e7305..8ec83a0 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 04-Mar-2021 + Last updated: 03-Apr-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -234,6 +234,8 @@ 'network.http.redirection-limit', /* 86-beta */ 'media.gmp-widevinecdm.visible', + /* 87-beta */ + 'browser.send_pings.require_same_host', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 8f1c0044b91e7df4e7f369c71b7aed2a4ba7bdd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 11:07:39 +0000 Subject: [PATCH 1569/1961] 2701: add cookie behavior 5 --- user.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 49a3267..11d46bc 100644 --- a/user.js +++ b/user.js @@ -1244,12 +1244,18 @@ user_pref("security.dialog_enable_delay", 700); accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable 3rd-party cookies and site-data [SETUP-WEB] - * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, - * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default) - * [NOTE] You can set exceptions under site permissions or use an extension +/* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB] + * 0 = Accept cookies and site data + * 1 = (Block) All third-party cookies + * 2 = (Block) All cookies + * 3 = (Block) Cookies from unvisited websites + * 4 = (Block) Cross-site tracking cookies (default) + * 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+) + * Option 5 with FPI enabled (4001) is ignored and not shown, and option 4 used instead + * [NOTE] You can set cookie exceptions under site permissions or use an extension * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored - * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/ + * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies + * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/ user_pref("network.cookie.cookieBehavior", 1); user_pref("browser.contentblocking.category", "custom"); /* 2702: set third-party cookies (if enabled, see 2701) to session-only From f77102713892d92a34f781e75840a09091a5c485 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 11:18:54 +0000 Subject: [PATCH 1570/1961] 2720 was removed in FF72 https://bugzilla.mozilla.org/1488583 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 11d46bc..59dc5fd 100644 --- a/user.js +++ b/user.js @@ -1298,7 +1298,7 @@ user_pref("dom.storage.next_gen", true); /*** [SECTION 2800]: SHUTDOWN You should set the values to what suits you best. - "Offline Website Data" includes appCache (2730), localStorage (2710), - service worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) + service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced ***/ From ca99add0067c5644bf280a00ca26e2aaea1621f3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 11:49:07 +0000 Subject: [PATCH 1571/1961] turn ETP on everywhere It literally cannot hurt [1], and makes it easier for users to use custom mode with TCP/dFPI. Turning on socialtracking helps gain parity with strict mode [1] gorhill: https://old.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gl9rn9n/ > All extensions and ETP work in parallel, they all inspect network requests and all make the decision to block or not, hence if they all decide to block, they will all report that they block something. ETP is a bit different than normal extension in that it will give precedence to an extension trying to redirect to a local resource, this ensures ETP works harmoniously with normal extensions. > > Once something is not blocked, it then goes through a DNS query, and the browser waits for the response. > > I will add examples of how ETP + multiple blocker extensions work together when dealing with a network request; let's say "A" and "B" are two different blockers: > > - ETP=block, A=allow, B=allow: result=block > - ETP=allow, A=block, B=allow: result=block > - ETP=allow, A=allow, B=redirect: result=redirect > - ETP=allow, A=block, B=redirect: result=block > - ETP=block, A=allow, B=redirect: result=redirect > > So as you can see, ETP is a bit different than a normal extension in that it won't prevent redirection from happening if ever a network request is redirected by one of the normal extension. --- user.js | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 59dc5fd..636ed0f 100644 --- a/user.js +++ b/user.js @@ -1269,7 +1269,16 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ // user_pref("network.cookie.lifetimePolicy", 2); -/* 2710: disable DOM (Document Object Model) Storage +/* 2710: enable Enhanced Tracking Protection (ETP) in all windows + * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content + * [SETTING] to add site exceptions: Urlbar>ETP Shield + * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ +user_pref("privacy.trackingprotection.enabled", true); +/* 2711: enable various ETP lists ***/ +user_pref("privacy.trackingprotection.socialtracking.enabled", true); + // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] + // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] +/* 2720: disable DOM (Document Object Model) Storage * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); @@ -1297,7 +1306,7 @@ user_pref("dom.storage.next_gen", true); /*** [SECTION 2800]: SHUTDOWN You should set the values to what suits you best. - - "Offline Website Data" includes appCache (2730), localStorage (2710), + - "Offline Website Data" includes appCache (2730), localStorage (2720), service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced From 728c962684db82b9dcace81aa6c1e4901caf65d2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 12:01:49 +0000 Subject: [PATCH 1572/1961] 2402: potential clipboard leak fixed in FF89+ Thanks @gwarser for testing, creating the bugzilla, being patient, and confirming the fix --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 636ed0f..7a2eaf5 100644 --- a/user.js +++ b/user.js @@ -1023,8 +1023,8 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! /* 2402: disable website access to clipboard events/content [SETUP-HARDEN] * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website - * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one - * is default false) then enabling this pref can leak clipboard content [1] + * [WARNING] In FF88 or lower, with clipboardevents enabled, if both 'middlemouse.paste' and + * 'general.autoScroll' are true (at least one is default false) then the clipboard can leak [1] * [1] https://bugzilla.mozilla.org/1528289 ***/ // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] From bc07ca94c09e35d1b7b4faefd68b5c8bab77677e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 12:37:17 +0000 Subject: [PATCH 1573/1961] 1830: add [TEST] --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 7a2eaf5..10b4610 100644 --- a/user.js +++ b/user.js @@ -894,6 +894,7 @@ user_pref("plugin.state.flash", 0); /* 1830: disable all DRM content (EME: Encryption Media Extension) * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV * [SETTING] General>DRM Content>Play DRM-controlled content + * [TEST] https://bitmovin.com/demos/drm * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); From abe37add6e39975b4372253ca7e35a5e5fbf444d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 12:54:17 +0000 Subject: [PATCH 1574/1961] save some overrides, closes #1157 I do not think anyone will bemoan these four "personal" choices --- user.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 10b4610..46f6de9 100644 --- a/user.js +++ b/user.js @@ -1617,10 +1617,11 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.useragent.override", ""); // [HIDDEN PREF] /*** [SECTION 5000]: PERSONAL - Non-project related but useful. If any of these interest you, add them to your overrides ***/ + Non-project related but useful. If any of these interest you, add them to your overrides + To save some overrides, we've made a few active as they seem to be universally used ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* WELCOME & WHAT's NEW NOTICES ***/ - // user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch +user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch // user_pref("startup.homepage_welcome_url", ""); // user_pref("startup.homepage_welcome_url.additional", ""); // user_pref("startup.homepage_override_url", ""); // What's New page after updates @@ -1647,15 +1648,15 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] /* UX FEATURES: disable and hide the icons and menus ***/ - // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+] +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] // user_pref("reader.parse-on-load.enabled", false); // Reader View /* OTHER ***/ // user_pref("browser.bookmarks.max_backups", 2); - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend extensions as you browse - // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend features as you browse // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) From f0822782175932a96d0eed4fecc51c0a2bab239a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 14:15:53 +0000 Subject: [PATCH 1575/1961] 1607: save one line and some bytes and make it even MOAR clear we do NOT support tor over firefox --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 46f6de9..b5e8478 100644 --- a/user.js +++ b/user.js @@ -849,8 +849,7 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] - * [NOTE] Firefox cannot access .onion sites by default. We recommend you use - * the Tor Browser which is specifically designed for hidden services + * [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser * [1] https://bugzilla.mozilla.org/1305144 ***/ // user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header From 2071939c5e5fdb0898aadb06b37cdbc3ccb70011 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 14:21:24 +0000 Subject: [PATCH 1576/1961] use [TOR] tags, add 1247 not that we recommend using tor over firefox: but at least the info is there for fiddlers --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index b5e8478..985f68f 100644 --- a/user.js +++ b/user.js @@ -743,6 +743,10 @@ user_pref("dom.security.https_only_mode", true); // [FF76+] * This is done to avoid waiting for a timeout which takes 90 seconds * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); +/* 1247: treat .onion as a secure context [FF60+] [TOR] + * [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser + * [1] https://bugzilla.mozilla.org/1382359 ***/ + // user_pref("dom.securecontext.whitelist_onions", true); /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) @@ -848,7 +852,7 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); * [4] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ ***/ // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] -/* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] +/* 1607: hide (not spoof) referrer when leaving a .onion domain [FF54+] [TOR] * [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser * [1] https://bugzilla.mozilla.org/1305144 ***/ // user_pref("network.http.referer.hideOnionSource", true); From ada8158caf3f0c0fac7f1e4d2694fcdf7fc28b59 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Apr 2021 20:33:23 +0000 Subject: [PATCH 1577/1961] v87 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 985f68f..60874a5 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 02 March 2021 -* version 87-alpha +* date: 04 April 2021 +* version 87 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 2da3b0192f14a47e5d48446989251e1fd9c380a0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Apr 2021 09:36:01 +0000 Subject: [PATCH 1578/1961] update HTTP2 stats --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 60874a5..1569e7e 100644 --- a/user.js +++ b/user.js @@ -386,8 +386,8 @@ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * enhance privacy, and opens up a number of server-side fingerprinting opportunities. - * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is - * at 40% (December 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites + * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is over + * 50% of sites (April 2021) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 From 5dcf639d33d645df1278b5ffba1a5d8726473684 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Apr 2021 09:36:56 +0000 Subject: [PATCH 1579/1961] oophs .. and start 88-alpha --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 1569e7e..dfa382f 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 04 April 2021 -* version 87 +* date: 06 April 2021 +* version 88-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 7ad3bb9e614f77d150f359686b7afa624b1634d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Apr 2021 09:44:24 +0000 Subject: [PATCH 1580/1961] 0702: use a [STATS] tag --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index dfa382f..1d0dc7e 100644 --- a/user.js +++ b/user.js @@ -386,8 +386,8 @@ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * enhance privacy, and opens up a number of server-side fingerprinting opportunities. - * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is over - * 50% of sites (April 2021) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites + * [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites + * [STATS] Over 50% of sites (April 2021) and growing [5] * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 From 6c10e03ce52423d87fada431a49369c7b73a4337 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Apr 2021 01:19:42 +0000 Subject: [PATCH 1581/1961] 2012: remove webgl.min_capability_mode as promised in https://github.com/arkenfox/user.js/commit/4596d721e6479aa2341554dc9e21cd999cd704a8 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 1d0dc7e..be4ea89 100644 --- a/user.js +++ b/user.js @@ -925,7 +925,6 @@ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70 user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); /* 2012: limit WebGL ***/ - // user_pref("webgl.min_capability_mode", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); From 9b8735a87a1696a0124246b92d5c6beadf2d4567 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Apr 2021 01:21:14 +0000 Subject: [PATCH 1582/1961] webgl.min_capability_mode --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 8ec83a0..74cd070 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 03-Apr-2021 + Last updated: 07-Apr-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -236,6 +236,8 @@ 'media.gmp-widevinecdm.visible', /* 87-beta */ 'browser.send_pings.require_same_host', + /* 88-beta */ + 'webgl.min_capability_mode', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From 7738e320d5a05e662c0c523ba502b0462661b28b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 15 Apr 2021 07:10:54 +0000 Subject: [PATCH 1583/1961] RFP & Presentation API --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index be4ea89..07cd486 100644 --- a/user.js +++ b/user.js @@ -1433,7 +1433,7 @@ user_pref("privacy.firstparty.isolate", true); 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist - 1382533 - enable fingerprinting resistance for Presentation API + 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) FF58+ 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction From 9930cfbc077917497f54ad6d449b76432e97b697 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 17 Apr 2021 07:12:20 +0000 Subject: [PATCH 1584/1961] 0102: add setup tag #1166 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 07cd486..cc11451 100644 --- a/user.js +++ b/user.js @@ -92,7 +92,8 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0101: disable default browser check * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); -/* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) +/* 0102: set startup page [SETUP-CHROME] + * 0=blank, 1=home, 2=last visited page, 3=resume previous session * [NOTE] Session Restore is not used in PB mode (0110) and is cleared with history (2803, 2804) * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); From da9f912862172f49454b5be977e0c7d133c03b25 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 23 Apr 2021 14:25:54 +0000 Subject: [PATCH 1585/1961] 2620: disable pdfjs scripting, v88 final --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index cc11451..c029dd5 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 06 April 2021 -* version 88-alpha +* date: 23 April 2021 +* version 88 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1163,17 +1163,18 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enforce Firefox's built-in PDF reader [SETUP-CHROME] +/* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) - * Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. + * Exploits are rare (one serious case in seven years), treated seriously and patched quickly. * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. * CONS: You may prefer a different pdf reader for security reasons * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) * [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] +user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 2622: enforce no system colors; they can be fingerprinted From cfd7cd01d1ac131df8b0a0b8bccad757c0aec046 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 25 Apr 2021 11:18:39 +0000 Subject: [PATCH 1586/1961] cleanup 0500s, #1170 - they all have on/off switches - dxr no longer exists: update URL - don't recommend users delete files - saves two lines - they poses zero threat (they have prefs) - deleting them can causes unwanted console errors/noise --- user.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index c029dd5..08e5572 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 23 April 2021 -* version 88 +* date: 25 April 2021 +* version 89-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -312,8 +312,6 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); built-in features to Firefox, that are hidden from the about:addons UI. To view your System Add-ons go to about:support, they are listed under "Firefox Features" - Some System Add-ons have no on-off prefs. Instead you can manually remove them. Note that app - updates will restore them. They may also be updated and possibly restored automatically (see 0505) * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" @@ -321,7 +319,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * Linux: "/usr/lib/firefox/browser/features" (or similar) [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html - [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions + [2] https://searchfox.org/mozilla-central/source/browser/extensions ***/ user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0503: disable Normandy/Shield [FF60+] From 79c5539edb939e4c005e794119312ec7d2f3dcba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 May 2021 16:41:43 +0000 Subject: [PATCH 1587/1961] goodbye flash The prefs still exist, but won't do anything since most of the NPAPI code has been removed --- user.js | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index 08e5572..96be4c4 100644 --- a/user.js +++ b/user.js @@ -200,10 +200,6 @@ user_pref("app.update.auto", false); /* 0308: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); -/* 0309: disable sending Flash crash reports ***/ -user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -/* 0310: disable sending the URL of the website where a plugin crashed ***/ -user_pref("dom.ipc.plugins.reportCrashURL", false); /* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ @@ -882,11 +878,6 @@ user_pref("privacy.userContext.enabled", true); /*** [SECTION 1800]: PLUGINS ***/ user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1803: disable Flash plugin - * 0=deactivated, 1=ask, 2=enabled - * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash - * [NOTE] You can still override individual sites via site permissions ***/ -user_pref("plugin.state.flash", 0); /* 1820: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); @@ -1699,6 +1690,19 @@ user_pref("browser.download.hide_plugins_without_extensions", false); // 0105d: disable Activity Stream recent Highlights in the Library [FF57+] // [-] https://bugzilla.mozilla.org/1689405 // user_pref("browser.library.activity-stream.enabled", false); +// FF89 +// 0309: disable sending Flash crash reports + // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] +user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +// 0310: disable sending the URL of the website where a plugin crashed + // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] +user_pref("dom.ipc.plugins.reportCrashURL", false); +// 1803: disable Flash plugin + // 0=deactivated, 1=ask, 2=enabled + // ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash + // [NOTE] You can still override individual sites via site permissions + // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] +user_pref("plugin.state.flash", 0); // [DEFAULT: 1] // ***/ /* END: internal custom pref to test for syntax errors ***/ From ba9b3c217be47c752876d6b55166e52f2d315a8c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 May 2021 14:45:32 +0000 Subject: [PATCH 1588/1961] tweak 4600s: closes #1172 --- user.js | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 96be4c4..85f9516 100644 --- a/user.js +++ b/user.js @@ -1497,20 +1497,18 @@ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these // FF55+ -// 4601: [2514] spoof (or limit?) number of CPU cores [FF48+] - // [NOTE] *may* affect core chrome/Firefox performance, will affect content. +// 4601: [2514] spoof number of CPU cores [FF48+] // [1] https://bugzilla.mozilla.org/1008453 // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675 // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127 // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency - // user_pref("dom.maxHardwareConcurrency", 2); -// * * * / +user_pref("dom.maxHardwareConcurrency", 2); // FF56+ // 4602: [2411] disable resource/navigation timing user_pref("dom.enable_resource_timing", false); // 4603: [2412] disable timing attacks // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -user_pref("dom.enable_performance", false); + // user_pref("dom.enable_performance", false); // 4604: [2512] disable device sensor API // Optional protection depending on your device // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 @@ -1537,7 +1535,6 @@ user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis // [3] https://wiki.mozilla.org/HTML5_Speech_API user_pref("media.webspeech.synth.enabled", false); -// * * * / // FF57+ // 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757 @@ -1550,19 +1547,16 @@ user_pref("media.video_stats.enabled", false); // [1] https://developer.mozilla.org/docs/Web/API/Touch_events // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286 // user_pref("dom.w3c_touch_events.enabled", 0); -// * * * / // FF59+ // 4612: [2511] disable MediaDevices change detection [FF51+] // [1] https://developer.mozilla.org/docs/Web/Events/devicechange // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); -// * * * / // FF60+ // 4613: [2011] disable WebGL debug info being available to websites // [1] https://bugzilla.mozilla.org/1171228 // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info user_pref("webgl.enable-debug-renderer-info", false); -// * * * / // FF63+ // 4614: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce @@ -1572,7 +1566,6 @@ user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent // [-] https://bugzilla.mozilla.org/1688105 user_pref("dom.w3c_pointer_events.enabled", false); -// * * * / // FF67+ // 4616: [2618] disable exposure of system colors to CSS or canvas [FF44+] // [NOTE] See second listed bug: may cause black on black for elements with undefined colors @@ -1589,7 +1582,6 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // [NOTE] Bundled fonts are auto-allowed // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc user_pref("layout.css.font-visibility.level", 1); -// * * * / // ***/ /*** [SECTION 4700]: RFP ALTERNATIVES (USER AGENT SPOOFING) From 0566ded651817b0150a803652064ad9348d40d00 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 9 May 2021 17:52:38 +0000 Subject: [PATCH 1589/1961] fixup, closes #1174 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 74cd070..b390a18 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 07-Apr-2021 + Last updated: 09-May-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -127,7 +127,6 @@ 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'browser.cache.offline.insecure.enable', - 'browser.safebrowsing.downloads.remote.url', 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', 'browser.safebrowsing.provider.google.reportPhishMistakeURL', 'browser.safebrowsing.provider.google.reportURL', @@ -178,7 +177,6 @@ 'browser.safebrowsing.provider.mozilla.updateURL', 'browser.urlbar.userMadeSearchSuggestionsChoice', 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.enabled', 'privacy.trackingprotection.lower_network_priority', 'privacy.trackingprotection.pbmode.enabled', 'services.blocklist.addons.collection', From 9419e2faabc9f88619adf9650fc190fb7688e167 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 May 2021 17:30:40 +0000 Subject: [PATCH 1590/1961] remove 1210 been default true since FF26 - thanks earthlng --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index 85f9516..0c5b9ef 100644 --- a/user.js +++ b/user.js @@ -658,9 +658,6 @@ user_pref("security.tls.enable_0rtt_data", false); /** OCSP (Online Certificate Status Protocol) #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ -/* 1210: enable OCSP Stapling - * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ -user_pref("security.ssl.enable_ocsp_stapling", true); /* 1211: control when to use OCSP fetching (to confirm current validity of certificates) * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) From 9cc132e69db7688aa1d5f9ff72b99627527e5e78 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 May 2021 17:32:07 +0000 Subject: [PATCH 1591/1961] security.ssl.enable_ocsp_stapling default true since FF26 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index b390a18..5b05072 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 09-May-2021 + Last updated: 25-May-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -236,6 +236,8 @@ 'browser.send_pings.require_same_host', /* 88-beta */ 'webgl.min_capability_mode', + /* 89-beta */ + 'security.ssl.enable_ocsp_stapling', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ] From f0b5e3649d75a2b3f467a0b832eb24ee3e7d686b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 May 2021 17:46:45 +0000 Subject: [PATCH 1592/1961] tidy --- user.js | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 0c5b9ef..82878bf 100644 --- a/user.js +++ b/user.js @@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false); /* 0105b: disable Activity Stream Snippets * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+] /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); @@ -273,9 +273,9 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing - [2] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work + [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [2] https://wiki.mozilla.org/Security/Safe_Browsing + [3] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work ***/ /* 0410: disable SB (Safe Browsing) * [WARNING] Do this at your own risk! These are the master switches. @@ -425,8 +425,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] your environment (no unwanted eyeballs), your device (restricted access), your device's unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check the items cleared on shutdown in section 2800. - [NOTE] The urlbar is also commonly referred to as the location bar and address bar - #Required reading [#] https://xkcd.com/538/ + [1] https://xkcd.com/538/ ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search @@ -657,7 +656,9 @@ user_pref("security.tls.version.enable-deprecated", false); user_pref("security.tls.enable_0rtt_data", false); /** OCSP (Online Certificate Status Protocol) - #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/ + [1] https://scotthelme.co.uk/revocation-is-broken/ + [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +***/ /* 1211: control when to use OCSP fetching (to confirm current validity of certificates) * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) @@ -815,7 +816,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 --- - #Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ + [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer @@ -1250,8 +1251,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin user_pref("network.cookie.cookieBehavior", 1); user_pref("browser.contentblocking.category", "custom"); /* 2702: set third-party cookies (if enabled, see 2701) to session-only - [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and - .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones + * [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and + * .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] @@ -1449,7 +1450,7 @@ user_pref("privacy.firstparty.isolate", true); 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) FF78+ 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) + 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); From 74f804a0567181049b7653475ba3653ee5c1643b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 25 May 2021 18:19:22 +0000 Subject: [PATCH 1593/1961] 1243: more dead flash --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 82878bf..65dfd4b 100644 --- a/user.js +++ b/user.js @@ -716,9 +716,6 @@ user_pref("security.pki.crlite_mode", 2); user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ user_pref("security.mixed_content.block_display_content", true); -/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] - * [1] https://bugzilla.mozilla.org/1190623 ***/ -user_pref("security.mixed_content.block_object_subrequest", true); /* 1244: enable HTTPS-Only mode [FF76+] * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On/Off/Off temporarily @@ -1687,6 +1684,10 @@ user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // 0310: disable sending the URL of the website where a plugin crashed // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("dom.ipc.plugins.reportCrashURL", false); +// 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] + // [1] https://bugzilla.mozilla.org/1190623 + // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] +user_pref("security.mixed_content.block_object_subrequest", true); // 1803: disable Flash plugin // 0=deactivated, 1=ask, 2=enabled // ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash From b6d7b2bff53b1a87b8bfdbb28ba0c019eadadfbb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 1 Jun 2021 11:02:30 +0000 Subject: [PATCH 1594/1961] RFP info tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 65dfd4b..bef679e 100644 --- a/user.js +++ b/user.js @@ -1406,7 +1406,7 @@ user_pref("privacy.firstparty.isolate", true); FF56+ 1369303 - spoof/disable performance API (see 4602, 4603) 1333651 - spoof User Agent & Navigator API (see section 4700) - JS: FF78+ the version is spoofed as 78, and the OS as Windows 10, OS 10.15, Android 9, or Linux + JS: FF78+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 9 (FF91+ as 10), or Linux HTTP Headers: spoofed as Windows or Android 1369319 - disable device sensor API (see 4604) 1369357 - disable site specific zoom (see 4605) From d973e1171415282d1a2b7a88dbafd1e6d3a0e549 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 5 Jun 2021 17:36:56 +0000 Subject: [PATCH 1595/1961] add instagram word, closes #1184 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index bef679e..42243e4 100644 --- a/user.js +++ b/user.js @@ -824,7 +824,7 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); // user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: CROSS ORIGIN: control when to send a referer * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ + * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ user_pref("network.http.referer.XOriginPolicy", 2); /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ From ada31d4f504d666530c038d9cf75fcfbb940ba67 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 6 Jun 2021 18:01:56 +0000 Subject: [PATCH 1596/1961] v3.1 - (mostly) fix diff functionality see #1188 this should fix the issue that "All prefs after a multi-line comment declaration, on a single line, are deleted with the remove_comments function from the updater." --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index e265445..c054a22 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.0 +## version: 3.1 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -236,7 +236,7 @@ add_override () { } remove_comments () { # expects 2 arguments: from-file and to-file - sed -e 's/^[[:space:]]*\/\/.*$//' -e '/^\/\*/,/\*\//d' -e '/^[[:space:]]*$/d' -e 's/);[[:space:]]*\/\/.*/);/' "$1" > "$2" + sed -e 's/^[[:space:]]*\/\/.*$//' -e '/^\/\*.\+\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e '/^[[:space:]]*$/d' -e 's/);[[:space:]]*\/\/.*/);/' "$1" > "$2" } # Applies latest version of user.js and any custom overrides From 6968b9a369c30f912195e56c132f6357c00ba8e8 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 6 Jun 2021 21:30:14 +0000 Subject: [PATCH 1597/1961] v3.2 - proper fix for the diff issue - re-arrange the match patterns to fix the remaining issue of dropping lines after the 9999 block - make it work on Mac too - use `|` where possible so we don't need to escape the forward-slashes. That saves a few bytes and makes the pattern easier to read --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index c054a22..6f761c9 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.1 +## version: 3.2 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -236,7 +236,7 @@ add_override () { } remove_comments () { # expects 2 arguments: from-file and to-file - sed -e 's/^[[:space:]]*\/\/.*$//' -e '/^\/\*.\+\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e '/^[[:space:]]*$/d' -e 's/);[[:space:]]*\/\/.*/);/' "$1" > "$2" + sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2" } # Applies latest version of user.js and any custom overrides From 9018577a3e4880b881981e801891a3531c433aba Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 7 Jun 2021 11:18:40 +0000 Subject: [PATCH 1598/1961] v1.4 (#1189) - add -s parameter to start immediately / skip prompt / run non-interactive This is useful if the user wants to automate the process of updating the user.js and cleaning prefs. - fQuit: error messages to stderr - fFF_check: info msg to stderr Better support for suppressing/redirecting stdout while still showing any error messages in the console, useful for example with `prefsCleaner.sh -s >/dev/null` --- prefsCleaner.sh | 49 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 17 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index c9d92d9..60cf70e 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.3 +## version: 1.4 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -20,15 +20,22 @@ cd "$(dirname "${sfp}")" fQuit() { ## change directory back to the original working directory cd "${currdir}" - echo -e "\n$2" + [ $1 -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2 exit $1 } +fUsage() { + echo -e "\nUsage: $0 [-s]" + echo -e " +Optional Arguments: + -s Start immediately" +} + fFF_check() { # there are many ways to see if firefox is running or not, some more reliable than others # this isn't elegant and might not be future-proof but should at least be compatible with any environment while [ -e lock ]; do - echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" + echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" >&2 read -p "Press any key to continue." done } @@ -54,34 +61,42 @@ fClean() { done < "$1" > prefs.js } +fStart() { + if [ ! -e user.js ]; then + fQuit 1 "user.js not found in the current directory." + elif [ ! -e prefs.js ]; then + fQuit 1 "prefs.js not found in the current directory." + fi + + fFF_check + bakfile="prefs.js.backup.$(date +"%Y-%m-%d_%H%M")" + mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile" + echo -e "\nprefs.js backed up: $bakfile" + echo "Cleaning prefs.js..." + fClean "$bakfile" + fQuit 0 "All done!" +} + echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.3 ║" +echo " ║ v1.4 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." echo "This will allow inactive preferences to be reset to their default values." echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" + +[ "$1" == '-s' ] && fStart + select option in Start Help Exit; do case $option in Start) - if [ ! -e user.js ]; then - fQuit 1 "user.js not found in the current directory." - elif [ ! -e prefs.js ]; then - fQuit 1 "prefs.js not found in the current directory." - fi - - fFF_check - bakfile="prefs.js.backup.$(date +"%Y-%m-%d_%H%M")" - mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile" - echo -e "\nprefs.js backed up: $bakfile" - echo "Cleaning prefs.js..." - fClean "$bakfile" - fQuit 0 "All done!" + fStart ;; Help) + fUsage echo -e "\nThis script creates a backup of your prefs.js file before doing anything." echo -e "It should be safe, but you can follow these steps if something goes wrong:\n" echo "1. Make sure Firefox is closed." From efcceaf2c36e42f503cc80b9a1aae1e03f9190a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 15 Jun 2021 09:55:42 +0000 Subject: [PATCH 1599/1961] enforce non-native widget theme --- user.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 42243e4..42500d7 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 25 April 2021 -* version 89-alpha +* date: 15 June 2021 +* version 89 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -38,6 +38,7 @@ - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - 1401: document fonts is inactive as it is now covered by RFP in FF80+ + - 2626: non-native widget theme is enforced - 4600: some prefs may apply even if you use RFP - 9999: switch the appropriate deprecated section(s) back on @@ -1178,6 +1179,12 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); +/* 2626: enforce non-native widget theme + * Security: removes/reduces system API calls, e.g. win32k API [1] + * Fingerprinting: provides a uniform look and feel across platforms [2] + * [1] https://bugzilla.mozilla.org/1381938 + * [2] https://bugzilla.mozilla.org/1411425 ***/ +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop From 12c063190098b6a62e0671db0f704939678811eb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 16 Jun 2021 16:48:14 +0000 Subject: [PATCH 1600/1961] 4501: remove confusing RFP line --- user.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 42500d7..96cf304 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 15 June 2021 -* version 89 +* date: 16 June 2021 +* version 90-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1459,7 +1459,6 @@ user_pref("privacy.firstparty.isolate", true); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] - * This pref is the master switch for all other privacy.resist* prefs unless stated * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects, * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing). * [1] https://bugzilla.mozilla.org/418986 ***/ From c98606430c770dab1386756c60c55c6d49e3f260 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Jun 2021 09:29:38 +0000 Subject: [PATCH 1601/1961] move 2505 to RFP alts, closes #1099 --- user.js | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/user.js b/user.js index 96cf304..cba1306 100644 --- a/user.js +++ b/user.js @@ -782,7 +782,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4619) * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ // user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering @@ -800,8 +800,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618) - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618) + * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4619) + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4619) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -1065,11 +1065,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); -/* 2505: disable media device enumeration [FF29+] - * [NOTE] media.peerconnection.enabled should also be set to false (see 2001) - * [1] https://wiki.mozilla.org/Media/getUserMedia - * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/ -user_pref("media.navigator.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN] * [WARNING] Affects text rendering (fonts will look different), impacts video performance, * and parts of Quantum that utilize the GPU will also be affected as they are rolled out @@ -1433,28 +1428,28 @@ user_pref("privacy.firstparty.isolate", true); FF59+ 1372073 - spoof/block fingerprinting in MediaDevices API Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if - media.navigator.enabled is true (see 2505 which we chose to keep disabled) - Block: suppresses the ondevicechange event (see 4612) + media.navigator.enabled is true (see 4612 which we chose to keep disabled) + Block: suppresses the ondevicechange event (see 4613) 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60-67 - 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) + 1337157 - disable WebGL debug renderer info (see 4614) (FF60+) 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+) - 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+) + 1479239 - return "no-preference" with prefers-reduced-motion (see 4615) (FF63+) + 1363508 - spoof/suppress Pointer Events (see 4616) (FF64+) FF65: pointerEvent.pointerid (1492766) - 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+) + 1485266 - disable exposure of system colors to CSS or canvas (see 4617) (FF67+) 1407366 - enable inner window letterboxing (see 4504) (FF67+) - 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+) + 1494034 - return "light" with prefers-color-scheme (see 4618) (FF67+) FF68-77 1564422 - spoof audioContext outputLatency (FF70+) 1595823 - spoof audioContext sampleRate (FF72+) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) FF78+ 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (Windows, Mac, some Linux) (FF80+) + 1653987 - limit font visibility to bundled and "Base Fonts" (see 4619) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); @@ -1549,35 +1544,40 @@ user_pref("media.video_stats.enabled", false); // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286 // user_pref("dom.w3c_touch_events.enabled", 0); // FF59+ -// 4612: [2511] disable MediaDevices change detection [FF51+] +// 4612: [2505] disable media device enumeration [FF29+] + // [NOTE] media.peerconnection.enabled should also be set to false (see 2001) + // [1] https://wiki.mozilla.org/Media/getUserMedia + // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices +user_pref("media.navigator.enabled", false); +// 4613: [2511] disable MediaDevices change detection [FF51+] // [1] https://developer.mozilla.org/docs/Web/Events/devicechange // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); // FF60+ -// 4613: [2011] disable WebGL debug info being available to websites +// 4614: [2011] disable WebGL debug info being available to websites // [1] https://bugzilla.mozilla.org/1171228 // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info user_pref("webgl.enable-debug-renderer-info", false); // FF63+ -// 4614: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] +// 4615: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] // 0=no-preference, 1=reduce user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // FF64+ -// 4615: [2516] disable PointerEvents [FF86 or lower] +// 4616: [2516] disable PointerEvents [FF86 or lower] // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent // [-] https://bugzilla.mozilla.org/1688105 user_pref("dom.w3c_pointer_events.enabled", false); // FF67+ -// 4616: [2618] disable exposure of system colors to CSS or canvas [FF44+] +// 4617: [2618] disable exposure of system colors to CSS or canvas [FF44+] // [NOTE] See second listed bug: may cause black on black for elements with undefined colors // [SETUP-CHROME] Might affect CSS in themes and extensions // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 user_pref("ui.use_standins_for_native_colors", true); -// 4617: enforce prefers-color-scheme as light [FF67+] +// 4618: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // FF80+ -// 4618: limit font visibility (non-ANDROID) [FF79+] +// 4619: limit font visibility (non-ANDROID) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // [NOTE] Bundled fonts are auto-allowed From b93a5e334c1f66d1a2cb7b7b79dfe506805c888e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Jun 2021 12:49:57 +0000 Subject: [PATCH 1602/1961] 2510 webaudio -> inactive RFP alts, closes #1194 --- user.js | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index cba1306..928d15b 100644 --- a/user.js +++ b/user.js @@ -782,7 +782,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4619) + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ // user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering @@ -800,8 +800,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4619) - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4619) + * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4620) + * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -1072,9 +1072,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] // user_pref("layers.acceleration.disabled", true); -/* 2510: disable Web Audio API [FF51+] - * [1] https://bugzilla.mozilla.org/1288359 ***/ -user_pref("dom.webaudio.enabled", false); /* 2517: disable Media Capabilities API [FF63+] * [WARNING] This *may* affect media performance if disabled, no one is sure * [1] https://github.com/WICG/media-capabilities @@ -1444,12 +1441,12 @@ user_pref("privacy.firstparty.isolate", true); 1407366 - enable inner window letterboxing (see 4504) (FF67+) 1494034 - return "light" with prefers-color-scheme (see 4618) (FF67+) FF68-77 - 1564422 - spoof audioContext outputLatency (FF70+) - 1595823 - spoof audioContext sampleRate (FF72+) + 1564422 - spoof audioContext outputLatency (see 4619) (FF70+) + 1595823 - return audioContext sampleRate as 44100 (see 4619) (FF72+) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) FF78+ 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (see 4619) (Windows, Mac, some Linux) (FF80+) + 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); @@ -1576,8 +1573,12 @@ user_pref("ui.use_standins_for_native_colors", true); // 4618: enforce prefers-color-scheme as light [FF67+] // 0=light, 1=dark : This overrides your OS value user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] +// FF72+ +// 4619: [2510] disable Web Audio API [FF51+] + // [1] https://bugzilla.mozilla.org/1288359 + // user_pref("dom.webaudio.enabled", false); // FF80+ -// 4619: limit font visibility (non-ANDROID) [FF79+] +// 4620: limit font visibility (non-ANDROID) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // [NOTE] Bundled fonts are auto-allowed From a6d20eaf5b4d6fc306257cf56beb89595c6be173 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 23 Jun 2021 16:22:10 +0000 Subject: [PATCH 1603/1961] 1264: update ciphers, fixes #1196 (#1197) --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 928d15b..7d5b929 100644 --- a/user.js +++ b/user.js @@ -740,8 +740,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // user_pref("dom.securecontext.whitelist_onions", true); /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] - * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) - * Additionally some have other weaknesses like key sizes of 128 (or lower) [2] and/or no Perfect Forward Secrecy [3]. + * These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC, + * and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128 * [1] https://browserleaks.com/ssl * [2] https://en.wikipedia.org/wiki/Key_size * [3] https://en.wikipedia.org/wiki/Forward_secrecy @@ -756,6 +756,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); + // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS + // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS From d940ffb3c6294ad30b1ffc2027b5b3b03c8744f3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jul 2021 06:32:58 +0000 Subject: [PATCH 1604/1961] 105c: add "sponsored shortcuts" --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 7d5b929..0ee1997 100644 --- a/user.js +++ b/user.js @@ -123,6 +123,7 @@ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] +user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] /* 0105e: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); From 981462ee54cd627682038b7e5251ae706c7743be Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Jul 2021 13:26:44 +0000 Subject: [PATCH 1605/1961] FF90 deprecated --- user.js | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 0ee1997..b00bb63 100644 --- a/user.js +++ b/user.js @@ -407,8 +407,6 @@ user_pref("network.http.altsvc.oe", false); * as a remote Tor node will handle the DNS request * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0708: disable FTP [FF60+] ***/ - // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ @@ -1273,10 +1271,8 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2730: enforce no offline cache storage (appCache) - * The API is easily fingerprinted, use the "storage" pref instead ***/ - // user_pref("browser.cache.offline.enable", false); -user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: false FF84+] +/* 2730: enforce no offline cache storage (appCache) [FF71+] ***/ +user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] /* 2740: disable service worker cache and cache storage * [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ @@ -1699,11 +1695,17 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("security.mixed_content.block_object_subrequest", true); // 1803: disable Flash plugin - // 0=deactivated, 1=ask, 2=enabled - // ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash - // [NOTE] You can still override individual sites via site permissions - // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] + // 0=deactivated, 1=ask, 2=enabled + // ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash + // [NOTE] You can still override individual sites via site permissions + // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("plugin.state.flash", 0); // [DEFAULT: 1] +// FF90 +// 0708: disable FTP [FF60+] + // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] +// 2730: disable offline cache (appCache) + // The API is easily fingerprinted, use "browser.cache.offline.storage.enable" instead + // user_pref("browser.cache.offline.enable", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From f229a3cb753e59c06ab9ba43eec455db831ca452 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 7 Jul 2021 11:51:44 +0000 Subject: [PATCH 1606/1961] fixup FF90 deprecated (#1207) --- user.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index b00bb63..2313b78 100644 --- a/user.js +++ b/user.js @@ -1271,8 +1271,10 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); * [WARNING] This will break a LOT of sites' functionality AND extensions! * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); -/* 2730: enforce no offline cache storage (appCache) [FF71+] ***/ -user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] +/* 2730: disable offline cache (appCache) + * [NOTE] In FF90+ the storage (not the API) is disabled. For FF78-89 see the 2730 deprecated pref + * [WARNING] The API is easily fingerprinted, do not disable ***/ + // user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage * [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ @@ -1702,10 +1704,11 @@ user_pref("security.mixed_content.block_object_subrequest", true); user_pref("plugin.state.flash", 0); // [DEFAULT: 1] // FF90 // 0708: disable FTP [FF60+] + // [-] https://bugzilla.mozilla.org/1574475 // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] -// 2730: disable offline cache (appCache) - // The API is easily fingerprinted, use "browser.cache.offline.storage.enable" instead - // user_pref("browser.cache.offline.enable", false); +// 2730: enforce no offline cache storage (appCache) [FF71+] + // [-] https://bugzilla.mozilla.org/1694662 +user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] // ***/ /* END: internal custom pref to test for syntax errors ***/ From a231c1e90e64d345b3002e2f2ace6aae8b17069c Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Jul 2021 14:10:24 +0000 Subject: [PATCH 1607/1961] Update arkenfox-clear-RFP-alternatives.js --- .../arkenfox-clear-RFP-alternatives.js | 57 ++++++++++--------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js index 4be4b81..b9a1b29 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js @@ -1,16 +1,19 @@ /*** - Version: up to and including FF/ESR78 + Version: up to and including FF/ESR78 - This will reset the preferences that are under sections 4600 & 4700 in the - arkenfox user.js. These are the prefs that are no longer necessary, or they - conflict with, privacy.resistFingerprinting if you have that enabled. + This will reset the preferences that are under sections 4600 & 4700 in the + arkenfox user.js. These are the prefs that are no longer necessary, or they + conflict with, privacy.resistFingerprinting if you have that enabled. - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + For instructions see: + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ - -(function() { - let ops = [ + +(() => { + + if ("undefined" === typeof(Services)) return alert('about:config needs to be the active tab!'); + + const aPREFS = [ /* section 4600 */ 'dom.maxHardwareConcurrency', 'dom.enable_resource_timing', @@ -37,29 +40,27 @@ 'general.oscpu.override', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' - ] + ]; + + console.clear(); - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); + for (const sPname of aPREFS) { + if (Services.prefs.prefHasUserValue(sPname)) { + Services.prefs.clearUserPref(sPname); + if (!Services.prefs.prefHasUserValue(sPname)) { + console.info("reset", sPname); c++; - } else { console.log("failed to reset", ops[i]); } + } else console.warn("failed to reset", sPname); } } - + focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - + + const d = (c==1) ? " pref" : " prefs"; + alert(c ? "successfully reset " + c + d + "\n\nfor details check the console" : 'nothing to reset'); + + return 'all done'; + })(); + From 3b573bf9f0f69dcc26c6d20c41056ca4c6e7503f Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Jul 2021 14:15:51 +0000 Subject: [PATCH 1608/1961] Update arkenfox-clear-RFP-alternatives.js --- scratchpad-scripts/arkenfox-clear-RFP-alternatives.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js index b9a1b29..c82c5fa 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js @@ -11,7 +11,7 @@ (() => { - if ("undefined" === typeof(Services)) return alert('about:config needs to be the active tab!'); + if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); const aPREFS = [ /* section 4600 */ @@ -49,16 +49,16 @@ if (Services.prefs.prefHasUserValue(sPname)) { Services.prefs.clearUserPref(sPname); if (!Services.prefs.prefHasUserValue(sPname)) { - console.info("reset", sPname); + console.info('reset', sPname); c++; - } else console.warn("failed to reset", sPname); + } else console.warn('failed to reset', sPname); } } focus(); - const d = (c==1) ? " pref" : " prefs"; - alert(c ? "successfully reset " + c + d + "\n\nfor details check the console" : 'nothing to reset'); + const d = (c==1) ? ' pref' : ' prefs'; + alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); return 'all done'; From 939d75e5ebb886708abfdd5c3cd4ade171f9a650 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Jul 2021 14:25:08 +0000 Subject: [PATCH 1609/1961] Update arkenfox-clear-removed.js --- scratchpad-scripts/arkenfox-clear-removed.js | 52 ++++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 5b05072..f460c6e 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,14 +1,17 @@ /*** - This will reset the preferences that have been removed completely from the arkenfox user.js. + This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 25-May-2021 + Last updated: 25-May-2021 - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + For instructions see: + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ - -(function() { - let ops = [ + +(() => { + + if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); + + const aPREFS = [ /* removed in arkenfox user.js */ /* 52-alpha */ 'browser.search.reset.enabled', @@ -240,29 +243,26 @@ 'security.ssl.enable_ocsp_stapling', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' - ] + ]; + + console.clear(); - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); + for (const sPname of aPREFS) { + if (Services.prefs.prefHasUserValue(sPname)) { + Services.prefs.clearUserPref(sPname); + if (!Services.prefs.prefHasUserValue(sPname)) { + console.info('reset', sPname); c++; - } else { console.log("failed to reset", ops[i]); } + } else console.warn('failed to reset', sPname); } } - + focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - + + const d = (c==1) ? ' pref' : ' prefs'; + alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); + + return 'all done'; + })(); From acc1376c37f6ac385f43095d1a7db4c395c97b19 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 7 Jul 2021 14:33:20 +0000 Subject: [PATCH 1610/1961] Update arkenfox-clear-deprecated.js --- .../arkenfox-clear-deprecated.js | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-deprecated.js b/scratchpad-scripts/arkenfox-clear-deprecated.js index 766dd33..e12f0f4 100644 --- a/scratchpad-scripts/arkenfox-clear-deprecated.js +++ b/scratchpad-scripts/arkenfox-clear-deprecated.js @@ -1,17 +1,20 @@ /*** - Version: up to and including FF/ESR78 + Version: up to and including FF/ESR78 - This will reset the preferences that have been deprecated by Mozilla - and used in the arkenfox user.js + This will reset the preferences that have been deprecated by Mozilla + and used in the arkenfox user.js - It is in reverse order, so feel free to remove sections that do not apply + It is in reverse order, so feel free to remove sections that do not apply - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + For instructions see: + https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ -(function() { - let ops = [ +(() => { + + if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); + + const aPREFS = [ /* deprecated */ /* 78 */ @@ -220,29 +223,26 @@ /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' - ] + ]; + + console.clear(); - if("undefined" === typeof(Services)) { - alert("about:config needs to be the active tab!"); - return; - } - let c = 0; - for (let i = 0, len = ops.length; i < len; i++) { - if (Services.prefs.prefHasUserValue(ops[i])) { - Services.prefs.clearUserPref(ops[i]); - if (!Services.prefs.prefHasUserValue(ops[i])) { - console.log("reset", ops[i]); + for (const sPname of aPREFS) { + if (Services.prefs.prefHasUserValue(sPname)) { + Services.prefs.clearUserPref(sPname); + if (!Services.prefs.prefHasUserValue(sPname)) { + console.info('reset', sPname); c++; - } else { console.log("failed to reset", ops[i]); } + } else console.warn('failed to reset', sPname); } } - + focus(); - - let d = (c==1) ? " pref" : " prefs"; - if (c > 0) { - alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)"); - } else { alert("nothing to reset"); } - + + const d = (c==1) ? ' pref' : ' prefs'; + alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); + + return 'all done'; + })(); From 31e864c16c95c4c9a4d8c4d0c151a7623b962f17 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Jul 2021 06:21:53 +0000 Subject: [PATCH 1611/1961] 0913: disable windows SSO FF91+ - and make 2730 more accurate and add bugzilla - future RFP additions will be FF91+ --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2313b78..5d41699 100644 --- a/user.js +++ b/user.js @@ -536,6 +536,9 @@ user_pref("signon.formlessCapture.enabled", false); * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); +/* 0913: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS] + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301 ***/ +user_pref("network.http.windows-sso.enabled", false); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) @@ -1272,7 +1275,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); * You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); /* 2730: disable offline cache (appCache) - * [NOTE] In FF90+ the storage (not the API) is disabled. For FF78-89 see the 2730 deprecated pref + * [NOTE] In FF90+ the storage capability has been removed (1694662). For FF78-89 see the 2730 deprecated pref * [WARNING] The API is easily fingerprinted, do not disable ***/ // user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage @@ -1445,7 +1448,7 @@ user_pref("privacy.firstparty.isolate", true); 1564422 - spoof audioContext outputLatency (see 4619) (FF70+) 1595823 - return audioContext sampleRate as 44100 (see 4619) (FF72+) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) - FF78+ + FF78-90 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) From 0da2ecdb4df27360d059c7e4fd2e5c658caa2aab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Jul 2021 06:41:59 +0000 Subject: [PATCH 1612/1961] keep current rather than every ESR --- .../arkenfox-clear-RFP-alternatives.js | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js index c82c5fa..92d619d 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js @@ -1,10 +1,10 @@ /*** - Version: up to and including FF/ESR78 - This will reset the preferences that are under sections 4600 & 4700 in the arkenfox user.js. These are the prefs that are no longer necessary, or they conflict with, privacy.resistFingerprinting if you have that enabled. + Last updated: 08-July-2021 + For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ @@ -25,19 +25,22 @@ 'media.webspeech.synth.enabled', 'media.video_stats.enabled', 'dom.w3c_touch_events.enabled', + 'media.navigator.enabled', 'media.ondevicechange.enabled', 'webgl.enable-debug-renderer-info', - 'dom.w3c_pointer_events.enabled', + 'ui.prefersReducedMotion', + 'dom.w3c_pointer_events.enabled', // deprecated FF87 'ui.use_standins_for_native_colors', 'ui.systemUsesDarkTheme', - 'ui.prefersReducedMotion', + 'dom.webaudio.enabled', + 'layout.css.font-visibility.level', /* section 4700 */ - 'general.useragent.override', - 'general.buildID.override', 'general.appname.override', 'general.appversion.override', - 'general.platform.override', + 'general.buildID.override', 'general.oscpu.override', + 'general.platform.override', + 'general.useragent.override', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From b761a9dd32f79395b0fca183ad8fe45f7e99d26f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Jul 2021 07:08:38 +0000 Subject: [PATCH 1613/1961] 4505: experimental RFP prefs and tidy up all instances (eight) of "do not use": all caps, no asterisks, immediately after [warning] --- user.js | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 5d41699..79757b0 100644 --- a/user.js +++ b/user.js @@ -786,7 +786,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) + * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ // user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering @@ -805,7 +805,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4620) - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) + * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -1393,8 +1393,8 @@ user_pref("privacy.firstparty.isolate", true); RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want - [WARNING] Do NOT use extensions to alter RFP protected metrics - [WARNING] Do NOT use prefs in section 4600 with RFP as they can interfere + [WARNING] DO NOT USE extensions to alter RFP protected metrics + [WARNING] DO NOT USE prefs in section 4600 with RFP as they can interfere FF41+ 418986 - limit window.screen & CSS media queries leaking identifiable info @@ -1475,11 +1475,16 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable - * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it + * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] +/* 4505: experimental RFP [FF91+] + * [WARNING] DO NOT USE unless testing, see [1] comment 12 + * [1] https://bugzilla.mozilla.org/1635603 ***/ + // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); + // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4510: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ @@ -1489,7 +1494,7 @@ user_pref("browser.startup.blankWindow", false); user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 4600]: RFP ALTERNATIVES - [WARNING] Do NOT use prefs in this section with RFP as they can interfere + [WARNING] DO NOT USE prefs in this section with RFP as they can interfere ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these From 3bb9fc713f141d794fc4adfb38d3fcf86c9307ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jul 2021 02:00:33 +0000 Subject: [PATCH 1614/1961] remove 1203 default false since it was added in FF71 - see https://bugzilla.mozilla.org/1579285 --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 79757b0..af9c87d 100644 --- a/user.js +++ b/user.js @@ -641,8 +641,6 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); -/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ -user_pref("security.tls.version.enable-deprecated", false); /* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001) From 4c8c9bc01f214aee0bc60b76e4175ffff2bfca0d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jul 2021 02:02:26 +0000 Subject: [PATCH 1615/1961] security.tls.version.enable-deprecated default false since it was added in FF71 - see https://bugzilla.mozilla.org/1579285 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index f460c6e..e61e258 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 25-May-2021 + Last updated: 20-July-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -241,6 +241,8 @@ 'webgl.min_capability_mode', /* 89-beta */ 'security.ssl.enable_ocsp_stapling', + /* 90-beta */ + 'security.tls.version.enable-deprecated', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From 44a8088481f3ee46b38f5a8549652e31a61973df Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jul 2021 02:51:52 +0000 Subject: [PATCH 1616/1961] tidy - "enforce" is for when we set the default value - use [WARNING] for inactive (they're inactive for a reason and people really do not need to turn them on) but less scary [NOTE] for active (tweak away at your own risk) - seems neater, easier and less scary for users setting up the first time: i.e they only need to initially look at active items - FYI: I was going to add something to LSNG (2760) that it is required for Fission, but will wait, and it struck me that 2680 was the only active item with a warning: seems inconsistent - 2684: security delay .. make enforce mean enforce (default) ... not worth occasionally saving .3 seconds - for now it's one less item in differences/flips - might make this inactive in 91+, and add a warning - it has been a very long time since we added this due to bad advise/references on the internet on how to speed up Firefox --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index af9c87d..da504fa 100644 --- a/user.js +++ b/user.js @@ -25,7 +25,7 @@ [SETUP-WEB] can cause some websites to break [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) [SETUP-PERF] may impact performance - [WARNING] used sparingly, heed them + [WARNING] used on some commented out items, heed them 6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080 * RELEASES: https://github.com/arkenfox/user.js/releases @@ -172,7 +172,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] /* 0210: set preferred language for displaying web pages * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); -/* 0211: enforce US English locale regardless of the system locale +/* 0211: use US English locale regardless of the system locale * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] @@ -402,7 +402,7 @@ user_pref("network.dns.disableIPv6", true); * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ user_pref("network.http.altsvc.enabled", false); user_pref("network.http.altsvc.oe", false); -/* 0704: enforce the proxy server to do any DNS lookups when using SOCKS +/* 0704: set the proxy server to do any DNS lookups when using SOCKS * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ @@ -698,13 +698,13 @@ user_pref("security.family_safety.mode", 0); * Saved logins and passwords are not available. Reset the pref and restart to return them. * [1] https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/ // user_pref("security.nocertdb", true); // [HIDDEN PREF] -/* 1223: enforce strict pinning +/* 1223: enable strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); -/* 1224: enforce CRLite [FF73+] +/* 1224: enable CRLite [FF73+] * In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ @@ -1133,7 +1133,7 @@ user_pref("middlemouse.contentLoadURL", false); user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); -/* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing +/* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing * Firefox has *some* protections, but it is better to be safe than sorry * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) @@ -1185,7 +1185,7 @@ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] * 0=desktop, 1=downloads (default), 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); -/* 2651: enforce user interaction for security by always asking where to download +/* 2651: enable user interaction for security by always asking where to download * [SETUP-CHROME] On Android this blocks longtapping and saving images * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); @@ -1212,12 +1212,12 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /** SECURITY ***/ /* 2680: enforce CSP (Content Security Policy) - * [WARNING] CSP is a very important and widespread security feature. Don't disable it! + * [NOTE] CSP is a very important and widespread security feature. Don't disable it! * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 700); +user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /*** [SECTION 2700]: PERSISTENT STORAGE Data SET by websites including From bb48fe4ebe27fe0ca9b3de9ad8c75af8f75ea049 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jul 2021 03:34:49 +0000 Subject: [PATCH 1617/1961] RFP: 4612 is not disabled (by default) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index da504fa..da7bea2 100644 --- a/user.js +++ b/user.js @@ -1427,7 +1427,7 @@ user_pref("privacy.firstparty.isolate", true); FF59+ 1372073 - spoof/block fingerprinting in MediaDevices API Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if - media.navigator.enabled is true (see 4612 which we chose to keep disabled) + media.navigator.enabled is true (see 4612) Block: suppresses the ondevicechange event (see 4613) 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events From b22e349d44b578d38ee4b2ef0fbb1f9988c6df68 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 20 Jul 2021 03:38:49 +0000 Subject: [PATCH 1618/1961] make 4620 more accurate and match RFP section info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index da7bea2..52bee1f 100644 --- a/user.js +++ b/user.js @@ -1585,7 +1585,7 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // [1] https://bugzilla.mozilla.org/1288359 // user_pref("dom.webaudio.enabled", false); // FF80+ -// 4620: limit font visibility (non-ANDROID) [FF79+] +// 4620: limit font visibility (Windows, Mac, some Linux) [FF79+] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // [NOTE] Bundled fonts are auto-allowed From babb9f3682c1353124939f0a7e96c3039b7b34a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 22 Jul 2021 03:41:39 +0000 Subject: [PATCH 1619/1961] 4612: remove outdated confusing line --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 52bee1f..448696a 100644 --- a/user.js +++ b/user.js @@ -1549,7 +1549,6 @@ user_pref("media.video_stats.enabled", false); // user_pref("dom.w3c_touch_events.enabled", 0); // FF59+ // 4612: [2505] disable media device enumeration [FF29+] - // [NOTE] media.peerconnection.enabled should also be set to false (see 2001) // [1] https://wiki.mozilla.org/Media/getUserMedia // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices user_pref("media.navigator.enabled", false); From a7ba61c0d4e5af6f63a27b89e73baeb09ba146cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 00:52:38 +0000 Subject: [PATCH 1620/1961] 0304: background service app update [windows] - the service implies a check is done first, I'm more concerned with the actual updating: not that updates are bad, it's about controlling when (if ever e.g. my test suite) - since 0301 has to be done manually in Windows, 0302 is a good fallback **IF** the background service is applicable (read the link) - clean up the numbering --- user.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 448696a..4526ca1 100644 --- a/user.js +++ b/user.js @@ -186,13 +186,17 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] to do updates for security reasons, please do so manually if you make changes. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301b: disable auto-CHECKING for extension and theme updates ***/ - // user_pref("extensions.update.enabled", false); -/* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] +/* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ user_pref("app.update.auto", false); -/* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b) +/* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] + * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running + * [1] https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows ***/ +user_pref("app.update.background.scheduling.enabled", false); +/* 0303: disable auto-CHECKING for extension and theme updates ***/ + // user_pref("extensions.update.enabled", false); +/* 0304: disable auto-INSTALLING extension and theme updates (after the check in 0303) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.autoUpdateDefault", false); /* 0306: disable extension metadata From f24899fcac1114b0bff087280a71886fa2ec0832 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 01:04:03 +0000 Subject: [PATCH 1621/1961] cleanup language specific links --- user.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 4526ca1..cdbd164 100644 --- a/user.js +++ b/user.js @@ -192,7 +192,7 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the user_pref("app.update.auto", false); /* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running - * [1] https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows ***/ + * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ user_pref("app.update.background.scheduling.enabled", false); /* 0303: disable auto-CHECKING for extension and theme updates ***/ // user_pref("extensions.update.enabled", false); @@ -281,7 +281,7 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [2] https://wiki.mozilla.org/Security/Safe_Browsing - [3] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work + [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work ***/ /* 0410: disable SB (Safe Browsing) * [WARNING] Do this at your own risk! These are the master switches. @@ -489,7 +489,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * This value controls the total number of entries to appear in the location bar dropdown ***/ // user_pref("browser.urlbar.maxRichResults", 0); /* 0850d: disable location bar autofill - * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ + * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 0860: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] @@ -999,8 +999,8 @@ user_pref("dom.serviceWorkers.enabled", false); * a prompt (2306). Disabling service workers alone doesn't stop Firefox polling the * Mozilla Push Server. To remove all subscriptions, reset your userAgentID (in about:config * or on start), and you will get a new one within a few seconds. - * [1] https://support.mozilla.org/en-US/kb/push-notifications-firefox - * [2] https://developer.mozilla.org/en-US/docs/Web/API/Push_API ***/ + * [1] https://support.mozilla.org/kb/push-notifications-firefox + * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); // user_pref("dom.push.userAgentID", ""); /* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] @@ -1293,7 +1293,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ // user_pref("dom.storageManager.enabled", false); /* 2755: disable Storage Access API [FF65+] - * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/ + * [1] https://developer.mozilla.org/docs/Web/API/Storage_Access_API ***/ // user_pref("dom.storage_access.enabled", false); /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); @@ -1383,7 +1383,7 @@ user_pref("privacy.firstparty.isolate", true); * The 2nd pref removes that limitation and will only allow communication if FPDs also match. * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 - * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ + * [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); /* 4003: enable scheme with FPI [FF78+] @@ -1571,7 +1571,7 @@ user_pref("webgl.enable-debug-renderer-info", false); user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] // FF64+ // 4616: [2516] disable PointerEvents [FF86 or lower] - // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent + // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent // [-] https://bugzilla.mozilla.org/1688105 user_pref("dom.w3c_pointer_events.enabled", false); // FF67+ From f394fd0290e9399629cb1926aa656364a5dcecdd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 01:56:46 +0000 Subject: [PATCH 1622/1961] move webgl to hardware fingerprinting - merge into a single number, update the alt pref number - update RFP info to reflect that it is not a cure-all --- user.js | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index cdbd164..baded50 100644 --- a/user.js +++ b/user.js @@ -909,15 +909,6 @@ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+] -/* 2010: disable WebGL (Web Graphics Library) - * [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy, - * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501) - * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ - * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ -user_pref("webgl.disabled", true); -user_pref("webgl.enable-webgl2", false); -/* 2012: limit WebGL ***/ -user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /* 2022: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); @@ -1092,6 +1083,14 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ // user_pref("permissions.default.xr", 2); +/* 2522: disable/limit WebGL (Web Graphics Library) + * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, + * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501) + * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ + * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ +user_pref("webgl.disabled", true); +user_pref("webgl.enable-webgl2", false); +user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1421,7 +1420,7 @@ user_pref("privacy.firstparty.isolate", true); FF57+ 1369309 - spoof media statistics (see 4610) 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) - 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) + 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) @@ -1561,7 +1560,7 @@ user_pref("media.navigator.enabled", false); // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange user_pref("media.ondevicechange.enabled", false); // FF60+ -// 4614: [2011] disable WebGL debug info being available to websites +// 4614: [2522] disable WebGL debug info being available to websites // [1] https://bugzilla.mozilla.org/1171228 // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info user_pref("webgl.enable-debug-renderer-info", false); From cc8674c16de021bc4efeb9c714a8ffe09c3dc8c5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 12:49:39 +0000 Subject: [PATCH 1623/1961] revert last commit --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index e61e258..fe97e52 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 20-July-2021 + Last updated: 24-July-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -241,8 +241,6 @@ 'webgl.min_capability_mode', /* 89-beta */ 'security.ssl.enable_ocsp_stapling', - /* 90-beta */ - 'security.tls.version.enable-deprecated', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From 18dbb56a3d143a97dc2f78e0cf63c4565c16db33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 12:51:15 +0000 Subject: [PATCH 1624/1961] put 1203 back see https://github.com/arkenfox/user.js/commit/3bb9fc713f141d794fc4adfb38d3fcf86c9307ab --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index baded50..164a4b9 100644 --- a/user.js +++ b/user.js @@ -645,6 +645,8 @@ user_pref("security.ssl.require_safe_negotiation", true); * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); +/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ +user_pref("security.tls.version.enable-deprecated", false); /* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001) From f53f01823f482d600017d33c3c220a761c799984 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 24 Jul 2021 12:56:27 +0000 Subject: [PATCH 1625/1961] 1203 default info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 164a4b9..a734cfa 100644 --- a/user.js +++ b/user.js @@ -646,7 +646,7 @@ user_pref("security.ssl.require_safe_negotiation", true); // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ -user_pref("security.tls.version.enable-deprecated", false); +user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 1204: disable SSL session tracking [FF36+] * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001) From b8f3d93a5cbcd431405e2915508827ac69bfaa8b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Jul 2021 03:11:09 +0000 Subject: [PATCH 1626/1961] v90 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a734cfa..55ae12a 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 16 June 2021 -* version 90-alpha +* date: 26 July 2021 +* version 90 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 5c93ebb54f7248bb9419ebed27ced383e65be324 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 30 Jul 2021 05:48:17 +0000 Subject: [PATCH 1627/1961] misc, closes #1220 --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 55ae12a..f1a9bc3 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 26 July 2021 -* version 90 +* date: 30 July 2021 +* version 91-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -585,8 +585,7 @@ user_pref("media.memory_cache_max_size", 65536); /* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ // user_pref("browser.sessionstore.max_tabs_undo", 0); /* 1021: disable storing extra session data [SETUP-CHROME] - * extra session data contains contents of forms, scrollbar positions, cookies and POST data - * define on which sites to save extra session data: + * define on which sites to save extra session data such as form content, cookies and POST data * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); /* 1022: disable resuming session from crash ***/ @@ -1371,6 +1370,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1506693 - pdfjs range-based requests (FF68+) 1330467 - site permissions (FF69+) 1534339 - IPv6 (FF73+) + 1721858 - WebSocket (FF92+) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] From eb4363dc180666554ca81a7909156e0893e80c3b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 1 Aug 2021 17:36:04 +0000 Subject: [PATCH 1628/1961] tweak info in section 2800 header, #1223 --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f1a9bc3..b846464 100644 --- a/user.js +++ b/user.js @@ -1299,7 +1299,11 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); user_pref("dom.storage.next_gen", true); /*** [SECTION 2800]: SHUTDOWN - You should set the values to what suits you best. + - Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under + Privacy & Security>Delete cookies and site data when Firefox is closed (1681701) + - If you want to keep some sites' cookies (exception as "Allow") and optionally other site + data but clear all the rest on close, then you need to set the "cookie" and optionally the + "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) - "Offline Website Data" includes appCache (2730), localStorage (2720), service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the From 06e5de43328a75b1b249987aa0c67744083729cf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Aug 2021 10:32:33 +0000 Subject: [PATCH 1629/1961] tweak windows SSO info/reference --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index b846464..17ae8d1 100644 --- a/user.js +++ b/user.js @@ -540,8 +540,9 @@ user_pref("signon.formlessCapture.enabled", false); * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); -/* 0913: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301 ***/ +/* 0913: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] + * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... + * [1] https://support.mozilla.org/kb/windows-sso ***/ user_pref("network.http.windows-sso.enabled", false); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS From 404d1d466a35fada3050222261a85c0bf422a887 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Aug 2021 17:23:38 +0000 Subject: [PATCH 1630/1961] update [STATS] - just in time for ESR91 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 17ae8d1..375908d 100644 --- a/user.js +++ b/user.js @@ -376,7 +376,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even * assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 - * [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6 + * [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6 * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -388,7 +388,7 @@ user_pref("network.dns.disableIPv6", true); * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * enhance privacy, and opens up a number of server-side fingerprinting opportunities. * [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites - * [STATS] Over 50% of sites (April 2021) and growing [5] + * [STATS] ~46% of sites (July 2021) [5] * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 @@ -633,7 +633,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * safe from the attack if it disables renegotiations but the problem is that the browser can't * know that. Setting this pref to true is the only way for the browser to ensure there will be * no unsafe renegotiations on the channel between the browser and the server. - * [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4] + * [STATS] SSL Labs (July 2020) reports over 99% of sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://tools.ietf.org/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 From 92b7fb81d0ca6bfd58aeca175749b4bd2777ef20 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Aug 2021 18:45:15 +0000 Subject: [PATCH 1631/1961] fixup STATS year --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 375908d..2878c4e 100644 --- a/user.js +++ b/user.js @@ -633,7 +633,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * safe from the attack if it disables renegotiations but the problem is that the browser can't * know that. Setting this pref to true is the only way for the browser to ensure there will be * no unsafe renegotiations on the channel between the browser and the server. - * [STATS] SSL Labs (July 2020) reports over 99% of sites have secure renegotiation [4] + * [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://tools.ietf.org/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 From dd112a167def8de25707ced259a7f62e3d252f81 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Aug 2021 20:39:47 +0000 Subject: [PATCH 1632/1961] final update --- ...x-clear-RFP-alternatives.js => arkenfox-clear-non-RFP.js} | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) rename scratchpad-scripts/{arkenfox-clear-RFP-alternatives.js => arkenfox-clear-non-RFP.js} (91%) diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-non-RFP.js similarity index 91% rename from scratchpad-scripts/arkenfox-clear-RFP-alternatives.js rename to scratchpad-scripts/arkenfox-clear-non-RFP.js index 92d619d..9d251d4 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-non-RFP.js @@ -3,8 +3,11 @@ arkenfox user.js. These are the prefs that are no longer necessary, or they conflict with, privacy.resistFingerprinting if you have that enabled. - Last updated: 08-July-2021 + Final update: 10-August-2021 + As of v91, section 4600 is no longer recommended, and is all inactive. This + now includes the old 4700 section. You can reset them using prefsCleaner. + For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ From d19d4ba784bb96ccc8301d59da77c0e58746bb21 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 9 Aug 2021 20:42:51 +0000 Subject: [PATCH 1633/1961] final update in hindsight, the original name is more accurate --- ...kenfox-clear-non-RFP.js => arkenfox-clear-RFP-alternatives.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scratchpad-scripts/{arkenfox-clear-non-RFP.js => arkenfox-clear-RFP-alternatives.js} (100%) diff --git a/scratchpad-scripts/arkenfox-clear-non-RFP.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js similarity index 100% rename from scratchpad-scripts/arkenfox-clear-non-RFP.js rename to scratchpad-scripts/arkenfox-clear-RFP-alternatives.js From 4b38e20f14cbb62378cad1de3628cec7250a6760 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 10 Aug 2021 00:18:19 +0000 Subject: [PATCH 1634/1961] change 4600s into do not use, #1221 (#1225) see https://github.com/arkenfox/user.js/issues/1221#issuecomment-895623028 --- user.js | 354 +++++++++++++++++++++++--------------------------------- 1 file changed, 146 insertions(+), 208 deletions(-) diff --git a/user.js b/user.js index 2878c4e..ceedf39 100644 --- a/user.js +++ b/user.js @@ -32,14 +32,12 @@ * It is best to use the arkenfox release that is optimized for and matches your Firefox version * EVERYONE: each release - - run prefsCleaner or reset deprecated prefs (9999s) and prefs made redundant by RPF (4600s) - - re-enable section 4600 if you don't use RFP + - run prefsCleaner to reset prefs made inactive, including deprecated (9999s) ESR78 - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - 1401: document fonts is inactive as it is now covered by RFP in FF80+ - 2626: non-native widget theme is enforced - - 4600: some prefs may apply even if you use RFP - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -69,8 +67,7 @@ 2800: SHUTDOWN 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) - 4600: RFP ALTERNATIVES - 4700: RFP ALTERNATIVES (USER AGENT SPOOFING) + 4600: NON-RFP 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED @@ -178,12 +175,12 @@ user_pref("intl.accept_languages", "en-US, en"); user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIET FOX - We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update, - and it only takes one click. We highly discourage disabling auto-CHECKING for updates. + We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update, + and it only takes one click. We highly discourage disabling auto-CHECKING for updates. - Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time - constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important - to do updates for security reasons, please do so manually if you make changes. + Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time + constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important + to do updates for security reasons, please do so manually if you make changes. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] @@ -273,15 +270,15 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] /** SAFE BROWSING (SB) - Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never - sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real - PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. - Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) - doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) + Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never + sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real + PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. + Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) + doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [2] https://wiki.mozilla.org/Security/Safe_Browsing - [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work + [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [2] https://wiki.mozilla.org/Security/Safe_Browsing + [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work ***/ /* 0410: disable SB (Safe Browsing) * [WARNING] Do this at your own risk! These are the master switches. @@ -310,18 +307,18 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); // user_pref("browser.safebrowsing.allowOverride", false); /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS - System Add-ons are a method for shipping extensions, considered to be - built-in features to Firefox, that are hidden from the about:addons UI. - To view your System Add-ons go to about:support, they are listed under "Firefox Features" + System Add-ons are a method for shipping extensions, considered to be + built-in features to Firefox, that are hidden from the about:addons UI. + To view your System Add-ons go to about:support, they are listed under "Firefox Features" - * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) - * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) - * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" - [NOTE] On Mac you can right-click on the application and select "Show Package Contents" - * Linux: "/usr/lib/firefox/browser/features" (or similar) + * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) + * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) + * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" + [NOTE] On Mac you can right-click on the application and select "Show Package Contents" + * Linux: "/usr/lib/firefox/browser/features" (or similar) - [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html - [2] https://searchfox.org/mozilla-central/source/browser/extensions + [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html + [2] https://searchfox.org/mozilla-central/source/browser/extensions ***/ user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0503: disable Normandy/Shield [FF60+] @@ -425,11 +422,11 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS - Change items 0850 and above to suit for privacy vs convenience and functionality. Consider - your environment (no unwanted eyeballs), your device (restricted access), your device's - unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check - the items cleared on shutdown in section 2800. - [1] https://xkcd.com/538/ + Change items 0850 and above to suit for privacy vs convenience and functionality. Consider + your environment (no unwanted eyeballs), your device (restricted access), your device's + unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check + the items cleared on shutdown in section 2800. + [1] https://xkcd.com/538/ ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search @@ -546,20 +543,20 @@ user_pref("network.auth.subresource-http-auth-allow", 1); user_pref("network.http.windows-sso.enabled", false); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS - Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) - *and* memory (1003) caches is one solution; but that's extreme and fingerprintable. A hardened - Temporary Containers configuration can effectively do the same thing, by isolating every tab [4]. + Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) + *and* memory (1003) caches is one solution; but that's extreme and fingerprintable. A hardened + Temporary Containers configuration can effectively do the same thing, by isolating every tab [4]. - We consider avoiding disk cache (1001) so cache is session/memory only (like Private Browsing - mode), and isolating cache to first party (4001) is sufficient and a good balance between - risk and performance. ETAGs can also be neutralized by modifying response headers [5], and - you can clear the cache manually or on a regular basis with an extension. + We consider avoiding disk cache (1001) so cache is session/memory only (like Private Browsing + mode), and isolating cache to first party (4001) is sufficient and a good balance between + risk and performance. ETAGs can also be neutralized by modifying response headers [5], and + you can clear the cache manually or on a regular basis with an extension. - [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags - [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ - [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache - [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 - [5] https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor + [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags + [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ + [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache + [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [5] https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /** CACHE ***/ @@ -663,8 +660,8 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] user_pref("security.tls.enable_0rtt_data", false); /** OCSP (Online Certificate Status Protocol) - [1] https://scotthelme.co.uk/revocation-is-broken/ - [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ + [1] https://scotthelme.co.uk/revocation-is-broken/ + [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ /* 1211: control when to use OCSP fetching (to confirm current validity of certificates) * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only @@ -746,11 +743,11 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // user_pref("dom.securecontext.whitelist_onions", true); /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] - * These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC, - * and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128 - * [1] https://browserleaks.com/ssl - * [2] https://en.wikipedia.org/wiki/Key_size - * [3] https://en.wikipedia.org/wiki/Forward_secrecy + These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC, + and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128 + [1] https://browserleaks.com/ssl + [2] https://en.wikipedia.org/wiki/Key_size + [3] https://en.wikipedia.org/wiki/Forward_secrecy ***/ /* 1261: disable 3DES (effective key size < 128 and no PFS) * [1] https://en.wikipedia.org/wiki/3des#Security @@ -814,15 +811,15 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] /*** [SECTION 1600]: HEADERS / REFERERS - Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone - --- - Expect some breakage: Use an extension if you need precise control - --- - full URI: https://example.com:8888/foo/bar.html?id=1234 - scheme+host+port+path: https://example.com:8888/foo/bar.html - scheme+host+port: https://example.com:8888 - --- - [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ + Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone + --- + Expect some breakage: Use an extension if you need precise control + --- + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+port+path: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 + --- + [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: ALL: control when images/links send a referer @@ -861,12 +858,12 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS - If you want to *really* leverage containers, we highly recommend Temporary Containers [2]. - Read the article by the extension author [3], and check out the github wiki/repo [4]. - [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers - [2] https://addons.mozilla.org/firefox/addon/temporary-containers/ - [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 - [4] https://github.com/stoically/temporary-containers/wiki + If you want to *really* leverage containers, we highly recommend Temporary Containers [2]. + Read the article by the extension author [3], and check out the github wiki/repo [4]. + [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers + [2] https://addons.mozilla.org/firefox/addon/temporary-containers/ + [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 + [4] https://github.com/stoically/temporary-containers/wiki ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); /* 1701: enable Container Tabs setting in preferences (see 1702) [FF50+] @@ -957,17 +954,17 @@ user_pref("dom.disable_open_during_load", true); user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2300]: WEB WORKERS - A worker is a JS "background task" running in a global context, i.e. it is different from - the current window. Workers can spawn new workers (must be the same origin & scheme), - including service and shared workers. Shared workers can be utilized by multiple scripts and - communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. + A worker is a JS "background task" running in a global context, i.e. it is different from + the current window. Workers can spawn new workers (must be the same origin & scheme), + including service and shared workers. Shared workers can be utilized by multiple scripts and + communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API - [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker - [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API - [4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker - [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker - [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 + [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API + [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker + [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API + [4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker + [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker + [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 ***/ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2302: disable service workers [FF32, FF44-compat] @@ -1225,18 +1222,18 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /*** [SECTION 2700]: PERSISTENT STORAGE - Data SET by websites including - cookies : profile\cookies.sqlite - localStorage : profile\webappsstore.sqlite - indexedDB : profile\storage\default - appCache : profile\OfflineCache - serviceWorkers : + Data SET by websites including + cookies : profile\cookies.sqlite + localStorage : profile\webappsstore.sqlite + indexedDB : profile\storage\default + appCache : profile\OfflineCache (FF89 or lower) + serviceWorkers : - [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode - [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), - indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications) - If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become - accessible to websites except shared/service workers where the cookie setting *must* be "Allow" + [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode + [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), + indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications) + If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become + accessible to websites except shared/service workers where the cookie setting *must* be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB] @@ -1300,15 +1297,15 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); user_pref("dom.storage.next_gen", true); /*** [SECTION 2800]: SHUTDOWN - - Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under - Privacy & Security>Delete cookies and site data when Firefox is closed (1681701) - - If you want to keep some sites' cookies (exception as "Allow") and optionally other site - data but clear all the rest on close, then you need to set the "cookie" and optionally the - "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) - - "Offline Website Data" includes appCache (2730), localStorage (2720), - service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - - In both 2803 + 2804, the 'download' and 'history' prefs are combined in the - Firefox interface as "Browsing & Download History" and their values will be synced + * Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under + Privacy & Security>Delete cookies and site data when Firefox is closed (1681701) + * If you want to keep some sites' cookies (exception as "Allow") and optionally other site + data but clear all the rest on close, then you need to set the "cookie" and optionally the + "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) + * "Offline Website Data" includes appCache (2730), localStorage (2720), + service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) + * In both 2803 + 2804, the 'download' and 'history' prefs are combined in the + Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear items on shutdown (see 2803) @@ -1409,14 +1406,14 @@ user_pref("privacy.firstparty.isolate", true); [TEST] https://arkenfox.github.io/TZP/tzp.html#screen FF50+ 1281949 - spoof screen orientation - 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes FF55+ 1330890 - spoof timezone as UTC 0 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) 1217238 - reduce precision of time exposed by javascript FF56+ 1369303 - spoof/disable performance API (see 4602, 4603) - 1333651 - spoof User Agent & Navigator API (see section 4700) + 1333651 - spoof User Agent & Navigator API (see 4650) JS: FF78+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 9 (FF91+ as 10), or Linux HTTP Headers: spoofed as Windows or Android 1369319 - disable device sensor API (see 4604) @@ -1501,117 +1498,53 @@ user_pref("browser.startup.blankWindow", false); * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] -/*** [SECTION 4600]: RFP ALTERNATIVES - [WARNING] DO NOT USE prefs in this section with RFP as they can interfere +/*** [SECTION 4600]: NON-RFP + [WARNING] DO NOT USE with RFP. RFP already covers these, and they can interfere + [NOTE] These prefs will not help anti-fingerprinting. They are insufficient + on their own, can cause breakage, and will make you stand out ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); -/* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these -// FF55+ -// 4601: [2514] spoof number of CPU cores [FF48+] - // [1] https://bugzilla.mozilla.org/1008453 - // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675 - // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127 - // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency -user_pref("dom.maxHardwareConcurrency", 2); -// FF56+ -// 4602: [2411] disable resource/navigation timing -user_pref("dom.enable_resource_timing", false); -// 4603: [2412] disable timing attacks - // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +/* 4601: spoof number of CPU cores [FF48+] ***/ + // user_pref("dom.maxHardwareConcurrency", 2); +/* 4602: disable Resource Timing API ***/ + // user_pref("dom.enable_resource_timing", false); +/* 4603: disable Navigation Timing API ***/ // user_pref("dom.enable_performance", false); -// 4604: [2512] disable device sensor API - // Optional protection depending on your device - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 - // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 +/* 4604: disable device Sensor APIs ***/ // user_pref("device.sensors.enabled", false); -// 4605: [2515] disable site specific zoom - // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using - // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs - // and new windows are reset to default and only the current tab retains the current zoom -user_pref("browser.zoom.siteSpecific", false); -// 4606: [2501] disable gamepad API - USB device ID enumeration - // Optional protection depending on your connected devices - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023 +/* 4605: disable remembering site specific zoom ***/ + // user_pref("browser.zoom.siteSpecific", false); +/* 4606: disable gamepad API to prevent USB device ID enumeration ***/ // user_pref("dom.gamepad.enabled", false); -// 4607: [2503] disable giving away network info [FF31+] - // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API - // [2] https://wicg.github.io/netinfo/ - // [3] https://bugzilla.mozilla.org/960426 -user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] -// 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API - // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API - // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis - // [3] https://wiki.mozilla.org/HTML5_Speech_API -user_pref("media.webspeech.synth.enabled", false); -// FF57+ -// 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757 - // [2] https://bugzilla.mozilla.org/654550 -user_pref("media.video_stats.enabled", false); -// 4611: [2509] disable touch events - // fingerprinting attack vector - leaks screen res & actual screen coordinates - // 0=disabled, 1=enabled, 2=autodetect - // Optional protection depending on your device - // [1] https://developer.mozilla.org/docs/Web/API/Touch_events - // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286 +/* 4607: disable Network Information API [FF31+] ***/ + // user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] +/* 4608: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API ***/ + // user_pref("media.webspeech.synth.enabled", false); +/* 4610: disable video statistics to mitigate JS performance fingerprinting [FF25+] ***/ + // user_pref("media.video_stats.enabled", false); +/* 4611: disable touch events: 0=disabled, 1=enabled, 2=autodetect ***/ // user_pref("dom.w3c_touch_events.enabled", 0); -// FF59+ -// 4612: [2505] disable media device enumeration [FF29+] - // [1] https://wiki.mozilla.org/Media/getUserMedia - // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices -user_pref("media.navigator.enabled", false); -// 4613: [2511] disable MediaDevices change detection [FF51+] - // [1] https://developer.mozilla.org/docs/Web/Events/devicechange - // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange -user_pref("media.ondevicechange.enabled", false); -// FF60+ -// 4614: [2522] disable WebGL debug info being available to websites - // [1] https://bugzilla.mozilla.org/1171228 - // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info -user_pref("webgl.enable-debug-renderer-info", false); -// FF63+ -// 4615: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] - // 0=no-preference, 1=reduce -user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -// FF64+ -// 4616: [2516] disable PointerEvents [FF86 or lower] - // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent - // [-] https://bugzilla.mozilla.org/1688105 -user_pref("dom.w3c_pointer_events.enabled", false); -// FF67+ -// 4617: [2618] disable exposure of system colors to CSS or canvas [FF44+] - // [NOTE] See second listed bug: may cause black on black for elements with undefined colors - // [SETUP-CHROME] Might affect CSS in themes and extensions - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 -user_pref("ui.use_standins_for_native_colors", true); -// 4618: enforce prefers-color-scheme as light [FF67+] - // 0=light, 1=dark : This overrides your OS value -user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -// FF72+ -// 4619: [2510] disable Web Audio API [FF51+] - // [1] https://bugzilla.mozilla.org/1288359 +/* 4612: disable media device enumeration [FF29+] ***/ + // user_pref("media.navigator.enabled", false); +/* 4613: disable MediaDevices change detection [FF51+] ***/ + // user_pref("media.ondevicechange.enabled", false); +/* 4614: disable WebGL debug info being available to websites ***/ + // user_pref("webgl.enable-debug-renderer-info", false); +/* 4615: enforce prefers-reduced-motion as no-preference: 0=no-preference, 1=reduce [FF63+] [RESTART] ***/ + // user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] +/* 4617: disable exposure of system colors to CSS or canvas [FF44+] ***/ + // user_pref("ui.use_standins_for_native_colors", true); +/* 4618: enforce prefers-color-scheme as light: 0=light, 1=dark [FF67+] ***/ + // user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] +/* 4619: disable Web Audio API [FF51+] ***/ // user_pref("dom.webaudio.enabled", false); -// FF80+ -// 4620: limit font visibility (Windows, Mac, some Linux) [FF79+] - // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] - // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - // [NOTE] Bundled fonts are auto-allowed - // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc -user_pref("layout.css.font-visibility.level", 1); -// ***/ - -/*** [SECTION 4700]: RFP ALTERNATIVES (USER AGENT SPOOFING) - These prefs are insufficient and leak. Use RFP and **nothing else** - - Many of the user agent components can be derived by other means. When those - values differ, you provide more bits and raise entropy. Examples include - workers, iframes, headers, tcp/ip attributes, feature detection, and many more - - Web extensions also lack APIs to fully protect spoofing -***/ -user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); -/* 4701: navigator DOM object overrides - * [WARNING] DO NOT USE ***/ +/* 4620: limit font visibility (Windows, Mac, some Linux) [FF79+] + * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed + * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts + * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ + // user_pref("layout.css.font-visibility.level", 1); +/* 4650: navigator DOM object overrides + * [WANRING] NO NOT USE: these prefs are insufficient and leak ***/ // user_pref("general.appname.override", ""); // [HIDDEN PREF] // user_pref("general.appversion.override", ""); // [HIDDEN PREF] // user_pref("general.buildID.override", ""); // [HIDDEN PREF] @@ -1620,8 +1553,9 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow // user_pref("general.useragent.override", ""); // [HIDDEN PREF] /*** [SECTION 5000]: PERSONAL - Non-project related but useful. If any of these interest you, add them to your overrides - To save some overrides, we've made a few active as they seem to be universally used ***/ + Non-project related but useful. If any of these interest you, add them to your overrides + To save some overrides, we've made a few active as they seem to be universally used +***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); /* WELCOME & WHAT's NEW NOTICES ***/ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch @@ -1665,9 +1599,9 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], - which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets - [1] https://github.com/arkenfox/user.js/issues/123 + Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], + which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets + [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); /* ESR78.x still uses all the following prefs @@ -1700,6 +1634,10 @@ user_pref("browser.download.hide_plugins_without_extensions", false); // 0105d: disable Activity Stream recent Highlights in the Library [FF57+] // [-] https://bugzilla.mozilla.org/1689405 // user_pref("browser.library.activity-stream.enabled", false); +// 4616: disable PointerEvents + // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent + // [-] https://bugzilla.mozilla.org/1688105 + // user_pref("dom.w3c_pointer_events.enabled", false); // FF89 // 0309: disable sending Flash crash reports // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] From c3b7f7538c3c97331d000b08fedaa889df9e204b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 10 Aug 2021 01:21:04 +0000 Subject: [PATCH 1635/1961] i do not like mixed case lists --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ec755c6..39ddaa1 100644 --- a/README.md +++ b/README.md @@ -15,9 +15,9 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef ### 🟧 sitemap - - [Releases](https://github.com/arkenfox/user.js/releases) + - [releases](https://github.com/arkenfox/user.js/releases) - [changelogs](https://github.com/arkenfox/user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog) - - [Wiki](https://github.com/arkenfox/user.js/wiki) + - [wiki](https://github.com/arkenfox/user.js/wiki) - [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22) - [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) From c45094fdd95b02f4d5cb70422ef953937a4d9e80 Mon Sep 17 00:00:00 2001 From: icpantsparti <35049679+icpantsparti@users.noreply.github.com> Date: Wed, 11 Aug 2021 20:56:51 +0000 Subject: [PATCH 1636/1961] nits! (edit 2 typos) (#1232) --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index ceedf39..da72086 100644 --- a/user.js +++ b/user.js @@ -459,7 +459,7 @@ user_pref("browser.urlbar.trimURLs", false); * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ // user_pref("layout.css.visited_links_enabled", false); /* 0807: disable live search suggestions -/* [NOTE] Both must be true for the location bar to work + * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); @@ -1544,7 +1544,7 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ // user_pref("layout.css.font-visibility.level", 1); /* 4650: navigator DOM object overrides - * [WANRING] NO NOT USE: these prefs are insufficient and leak ***/ + * [WARNING] NO NOT USE: these prefs are insufficient and leak ***/ // user_pref("general.appname.override", ""); // [HIDDEN PREF] // user_pref("general.appversion.override", ""); // [HIDDEN PREF] // user_pref("general.buildID.override", ""); // [HIDDEN PREF] From 568a05ad7dfa744fe3bf6d2afc6b97ebbaf5dff0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 14 Aug 2021 04:18:04 +0000 Subject: [PATCH 1637/1961] 2502: trim this info is useless .. save three lines --- user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/user.js b/user.js index da72086..29d8c90 100644 --- a/user.js +++ b/user.js @@ -1055,9 +1055,6 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2502: disable Battery Status API - * Initially a Linux issue (high precision readout) that was fixed. - * However, it is still another metric for fingerprinting, used to raise entropy. - * e.g. do you have a battery or not, current charging status, charge level, times remaining etc * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); From 1b33f574bbfa3f3f8639a0b108e2575daffc8313 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 14 Aug 2021 04:44:50 +0000 Subject: [PATCH 1638/1961] RFP stuff --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 29d8c90..3108477 100644 --- a/user.js +++ b/user.js @@ -1454,6 +1454,8 @@ user_pref("privacy.firstparty.isolate", true); 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) + FF91+ + 531915 - use fdlibm's sin, cos and tan in jsmath (FF93+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] From 68568c1abfceea921676290cb7e4b8386b71ab5d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 04:02:15 +0000 Subject: [PATCH 1639/1961] trim 1198 bytes (u lucky bastards!) + 13 lines --- user.js | 169 ++++++++++++++++++++++++++------------------------------ 1 file changed, 78 insertions(+), 91 deletions(-) diff --git a/user.js b/user.js index 3108477..bdf68c9 100644 --- a/user.js +++ b/user.js @@ -7,7 +7,7 @@ * README: - 1. Consider using Tor Browser if it meets your needs or fits your threat model better + 1. Consider using Tor Browser if it meets your needs or fits your threat model * https://www.torproject.org/about/torusers.html.en 2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries * https://github.com/arkenfox/user.js/wiki @@ -71,11 +71,12 @@ 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + ******/ /* START: internal custom pref to test for syntax errors - * [NOTE] In FF60+, not all syntax errors cause parsing to abort i.e. reaching the last debug - * pref no longer necessarily means that all prefs have been applied. Check the console right + * [NOTE] Not all syntax errors cause parsing to abort i.e. reaching the last debug pref + * no longer necessarily means that all prefs have been applied. Check the console right * after startup for any warnings/error messages related to non-applied prefs * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); @@ -105,7 +106,7 @@ user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtab.preload", false); /* 0105: disable Activity Stream stuff (AS) - * AS is the default homepage/newtab in FF57+, based on metadata and browsing behavior. + * AS is the default homepage/newtab based on metadata and browsing behavior * **NOT LISTING ALL OF THESE: USE THE PREFERENCES UI** * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ /* 0105a: disable Activity Stream telemetry ***/ @@ -125,7 +126,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /* 0110: start Firefox in PB (Private Browsing) mode - * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed + * [NOTE] In this mode all windows are "private windows" and the PB mode icon is not displayed * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). * In fact, PB mode limits or removes the ability to control some of these, and you need to quit @@ -177,10 +178,6 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIET FOX We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update, and it only takes one click. We highly discourage disabling auto-CHECKING for updates. - - Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time - constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important - to do updates for security reasons, please do so manually if you make changes. ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] @@ -208,11 +205,10 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); /* 0330: disable telemetry - * the pref (.unified) affects the behaviour of the pref (.enabled) - * IF unified=false then .enabled controls the telemetry module - * IF unified=true then .enabled ONLY controls whether to record extended data - * so make sure to have both set as false - * [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease + * The "unified" pref affects the behaviour of the "enabled" pref + * - If "unified" is false then "enabled" controls the telemetry module + * - If "unified" is true then "enabled" only controls whether to record extended data + * [NOTE] FF58+ "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease * or release builds (true and false respectively) [2] * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ @@ -281,8 +277,8 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work ***/ /* 0410: disable SB (Safe Browsing) - * [WARNING] Do this at your own risk! These are the master switches. - * [SETTING] Privacy & Security>Security>... "Block dangerous and deceptive content" ***/ + * [WARNING] Do this at your own risk! These are the master switches + * [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content ***/ // user_pref("browser.safebrowsing.malware.enabled", false); // user_pref("browser.safebrowsing.phishing.enabled", false); /* 0411: disable SB checks for downloads (both local lookups + remote) @@ -300,7 +296,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -/* 0419: disable 'ignore this warning' on SB warnings [FF45+] +/* 0419: disable "ignore this warning" on SB warnings [FF45+] * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ @@ -331,7 +327,7 @@ user_pref("app.normandy.api_url", ""); user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0340) ***/ + * Currently blocked by "datareporting.healthreport.uploadEnabled" (see 0340) ***/ user_pref("browser.ping-centre.telemetry", false); /* 0515: disable Screenshots ***/ // user_pref("extensions.screenshots.disabled", true); // [FF55+] @@ -371,10 +367,10 @@ user_pref("network.http.speculative-parallel-limit", 0); /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 - * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even - * assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 + * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming + * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 * [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6 - * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an + * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" @@ -383,7 +379,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to - * enhance privacy, and opens up a number of server-side fingerprinting opportunities. + * enhance privacy, and opens up a number of server-side fingerprinting opportunities * [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites * [STATS] ~46% of sites (July 2021) [5] * [1] https://http2.github.io/faq/ @@ -396,7 +392,7 @@ user_pref("network.dns.disableIPv6", true); // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 0703: disable HTTP Alternative Services [FF37+] - * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the + * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) and you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [1] https://tools.ietf.org/html/rfc7838#section-9 @@ -422,18 +418,18 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS - Change items 0850 and above to suit for privacy vs convenience and functionality. Consider - your environment (no unwanted eyeballs), your device (restricted access), your device's - unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check - the items cleared on shutdown in section 2800. + Change 0850 and above to suit for privacy vs convenience and functionality. + Consider your environment (no unwanted eyeballs), your device (restricted access), + your device's unattended state (locked, encrypted, forensic hardened). Likewise, + you may want to check the items cleared on shutdown in section 2800. [1] https://xkcd.com/538/ ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - * Don't leak URL typos to a search engine, give an error message instead. + * Don't leak URL typos to a search engine, give an error message instead * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" - * [NOTE] This does **not** affect explicit user action such as using search buttons in the - * dropdown, or using keyword search shortcuts you configure in options (e.g. 'd' for DuckDuckGo) + * [NOTE] This does not affect explicit user action such as using search buttons in the + * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search * engine that respects privacy, then you probably don't need this ***/ user_pref("keyword.enabled", false); @@ -514,7 +510,7 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/ // user_pref("signon.rememberSignons", false); /* 0902: use a primary password - * There are no preferences for this. It is all handled internally. + * There are no preferences for this. It is all handled internally * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ /* 0903: set how often Firefox should ask for the primary password @@ -545,12 +541,12 @@ user_pref("network.http.windows-sso.enabled", false); /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) *and* memory (1003) caches is one solution; but that's extreme and fingerprintable. A hardened - Temporary Containers configuration can effectively do the same thing, by isolating every tab [4]. + Temporary Containers configuration can effectively do the same thing, by isolating every tab [4] We consider avoiding disk cache (1001) so cache is session/memory only (like Private Browsing mode), and isolating cache to first party (4001) is sufficient and a good balance between risk and performance. ETAGs can also be neutralized by modifying response headers [5], and - you can clear the cache manually or on a regular basis with an extension. + you can clear the cache manually or on a regular basis with an extension [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ @@ -590,12 +586,10 @@ user_pref("browser.sessionstore.privacy_level", 2); // user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes [1] - * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc - * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: - * i.e. the longer the interval the more chance a quick tab open/close won't be captured. - * This longer interval *may* affect history but we cannot replicate any history not recorded + * [SETUP-CHROME] This can affect entries in "Recently Closed Tabs": i.e. the + * longer the interval the more chance a quick tab open/close won't be captured * [1] https://bugzilla.mozilla.org/1304389 ***/ -user_pref("browser.sessionstore.interval", 30000); +user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 1500] /* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); @@ -603,7 +597,7 @@ user_pref("toolkit.winRegisterApplicationRestart", false); /** FAVICONS ***/ /* 1030: disable favicons in shortcuts * URL shortcuts use a cached randomly named .ico file which is stored in your - * profile/shortcutCache directory. The .ico remains after the shortcut is deleted. + * profile/shortcutCache directory. The .ico remains after the shortcut is deleted * If set to false then the shortcuts use a generic Firefox icon ***/ user_pref("browser.shell.shortcutFavicons", false); /* 1031: disable favicons in history and bookmarks @@ -638,7 +632,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 - * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. + * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint * [1] https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); @@ -686,8 +680,8 @@ user_pref("security.OCSP.require", true); * 2=deprecated option that now maps to 1 * 3=only allowed for locally-added roots (e.g. anti-virus) * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and - * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. + * [SETUP-CHROME] When disabled, some man-in-the-middle devices, e.g. security scanners and + * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] @@ -732,8 +726,8 @@ user_pref("dom.security.https_only_mode", true); // [FF76+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ // user_pref("dom.security.https_only_mode.upgrade_local", true); /* 1246: disable HTTP background requests [FF82+] - * When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox - * sends HTTP requests in order to check if the server supports HTTPS or not. + * When attempting to upgrade, if the server doesn't respond within 3 seconds, + * Firefox sends HTTP requests in order to check if the server supports HTTPS or not * This is done to avoid waiting for a timeout which takes 90 seconds * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); @@ -805,14 +799,13 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4620) + * [NOTE] In FF81+ the whitelist overrides RFP's font visibility (see 4620) * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] /*** [SECTION 1600]: HEADERS / REFERERS Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone - --- Expect some breakage: Use an extension if you need precise control --- full URI: https://example.com:8888/foo/bar.html?id=1234 @@ -935,8 +928,8 @@ user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); /* 2202: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead - * This stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window. + * Stops malicious window sizes and some screen resolution leaks. + * You can still right-click a link and open in a new window * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab @@ -949,8 +942,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); /* 2210: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); -/* 2212: limit events that can cause a popup [SETUP-WEB] - * default FF86+: "change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu ***/ +/* 2212: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2300]: WEB WORKERS @@ -971,11 +963,11 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * Service workers essentially act as proxy servers that sit between web apps, and the * browser and network, are event driven, and can control the web page/site it is associated * with, intercepting and modifying navigation and resource requests, and caching resources. - * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. - * [NOTE] Service workers only run over HTTPS. Service workers have no DOM access. + * [NOTE] Service workers require HTTPS, have no DOM access, and are not supported in PB mode [1] * [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for * service worker notifications (2304), push notifications (disabled, 2305) and service worker - * cache (2740). If you enable this pref, then check those settings as well ***/ + * cache (2740). If you enable this pref, then check those settings as well + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (2306) @@ -984,11 +976,10 @@ user_pref("dom.serviceWorkers.enabled", false); // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] /* 2305: disable Push Notifications [FF44+] * Push is an API that allows websites to send you (subscribed) messages even when the site - * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server. + * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind * a prompt (2306). Disabling service workers alone doesn't stop Firefox polling the - * Mozilla Push Server. To remove all subscriptions, reset your userAgentID (in about:config - * or on start), and you will get a new one within a few seconds. + * Mozilla Push Server. To remove all subscriptions, reset your userAgentID. * [1] https://support.mozilla.org/kb/push-notifications-firefox * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); @@ -1008,8 +999,8 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! /* 2402: disable website access to clipboard events/content [SETUP-HARDEN] * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website - * [WARNING] In FF88 or lower, with clipboardevents enabled, if both 'middlemouse.paste' and - * 'general.autoScroll' are true (at least one is default false) then the clipboard can leak [1] + * [WARNING] In FF88 or lower, with clipboardevents enabled, if both "middlemouse.paste" and + * "general.autoScroll" are true (at least one is default false) then the clipboard can leak [1] * [1] https://bugzilla.mozilla.org/1528289 ***/ // user_pref("dom.event.clipboardevents.enabled", false); /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] @@ -1017,9 +1008,8 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); /* 2405: disable "Confirm you want to leave" dialog on page close - * Does not prevent JS leaks of the page close event. - * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload - * [2] https://support.mozilla.org/questions/1043508 ***/ + * Does not prevent JS leaks of the page close event + * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/ user_pref("dom.disable_beforeunload", true); /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); @@ -1117,7 +1107,7 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] * [1] https://bugzilla.mozilla.org/1173199 ***/ // user_pref("mathml.disabled", true); /* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] - * [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. + * [WARNING] Expect breakage including youtube player controls * [1] https://bugzilla.mozilla.org/1216893 ***/ // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard @@ -1144,12 +1134,12 @@ user_pref("network.IDN_show_punycode", true); /* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) + * PROS: pdfjs is lightweight, open source, and as secure/vetted more than most * Exploits are rare (one serious case in seven years), treated seriously and patched quickly. * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. * CONS: You may prefer a different pdf reader for security reasons - * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) + * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code * [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] @@ -1268,11 +1258,10 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 2720: disable DOM (Document Object Model) Storage - * [WARNING] This will break a LOT of sites' functionality AND extensions! - * You are better off using an extension for more granular control ***/ + * [WARNING] This will break lots of sites and extensions! ***/ // user_pref("dom.storage.enabled", false); /* 2730: disable offline cache (appCache) - * [NOTE] In FF90+ the storage capability has been removed (1694662). For FF78-89 see the 2730 deprecated pref + * [NOTE] In FF90+ the storage capability has been removed (1694662) * [WARNING] The API is easily fingerprinted, do not disable ***/ // user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage @@ -1301,7 +1290,7 @@ user_pref("dom.storage.next_gen", true); "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) * "Offline Website Data" includes appCache (2730), localStorage (2720), service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - * In both 2803 + 2804, the 'download' and 'history' prefs are combined in the + * In both 2803 + 2804, the "download" and "history" prefs are combined in the Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -1309,11 +1298,10 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] - * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value - * but if 'history' is false, downloads can still be cleared independently - * However, this may not always be the case. The interface combines and syncs these - * prefs when set from there, and the sanitize code may change at any time - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/ + * [NOTE] If "history" is true, downloads will also be cleared + * [NOTE] Active Logins does not refer to logins via cookies, but rather HTTP Basic Authentication [1] + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings + * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", true); user_pref("privacy.clearOnShutdown.downloads", true); // see note above @@ -1324,9 +1312,9 @@ user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences /* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History - * Firefox remembers your last choices. This will reset them when you start Firefox. - * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as 'history' ***/ + * Firefox remembers your last choices. This will reset them when you start Firefox + * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog + * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ user_pref("privacy.cpd.cache", true); user_pref("privacy.cpd.cookies", true); // user_pref("privacy.cpd.downloads", true); // not used, see note above @@ -1342,12 +1330,11 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); -/* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804) - * Firefox remembers your last choice. This will reset the value when you start Firefox. - * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, - * 4=today, 5=last five minutes, 6=last twenty-four hours - * [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a - * blank value if they are used, but they do work as advertised ***/ +/* 2806: reset default "Time range to clear" for "Clear Recent History" (see 2804) + * Firefox remembers your last choice. This will reset the value when you start Firefox + * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today + * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, + * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); /*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) @@ -1380,7 +1367,7 @@ user_pref("privacy.firstparty.isolate", true); * [NOTE] Setting this to false may reduce the breakage in 4001 * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3] - * The 2nd pref removes that limitation and will only allow communication if FPDs also match. + * The 2nd pref removes that limitation and will only allow communication if FPDs also match * [1] https://bugzilla.mozilla.org/1319773#c22 * [2] https://bugzilla.mozilla.org/1492607 * [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/ @@ -1459,13 +1446,13 @@ user_pref("privacy.firstparty.isolate", true); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] - * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects, - * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing). + * [SETUP-WEB] RFP can some cause website breakage: mainly canvas, use a site exception via the urlbar + * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] * Width will round down to multiples of 200s and height to 100s, to fit your screen. - * The override values are a starting point to round from if you want some control + * The max values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 ***/ // user_pref("privacy.window.maxInnerWidth", 1000); // user_pref("privacy.window.maxInnerHeight", 1000); @@ -1475,10 +1462,10 @@ user_pref("privacy.resistFingerprinting", true); user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] - * If you use the dimension pref, then it will only apply those resolutions. The format is - * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") - * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but - * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable + * If you use the dimension pref, then it will only apply those resolutions. + * The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000") + * [SETUP-WEB] This is independent of RFP (4501). If you're not using RFP, or you are but + * dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ @@ -1556,7 +1543,7 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan To save some overrides, we've made a few active as they seem to be universally used ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); -/* WELCOME & WHAT's NEW NOTICES ***/ +/* WELCOME & WHAT'S NEW NOTICES ***/ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch // user_pref("startup.homepage_welcome_url", ""); // user_pref("startup.homepage_welcome_url.additional", ""); From dcc736bb85240c63b9897d770ef08bddcd77bd29 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 04:03:56 +0000 Subject: [PATCH 1640/1961] I meant 14 lines, u lucky bastards --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index bdf68c9..1105839 100644 --- a/user.js +++ b/user.js @@ -71,7 +71,6 @@ 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED - ******/ /* START: internal custom pref to test for syntax errors From 7d1e244f5aef715da3488c9969305df571671a0d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 04:10:20 +0000 Subject: [PATCH 1641/1961] 0506: clarify oh noes! what's blocked, the pref or the ping? .. also save MOAR bytes --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1105839..71ac044 100644 --- a/user.js +++ b/user.js @@ -326,7 +326,7 @@ user_pref("app.normandy.api_url", ""); user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Currently blocked by "datareporting.healthreport.uploadEnabled" (see 0340) ***/ + * Defense-in-depth: currently covered by 0340 ***/ user_pref("browser.ping-centre.telemetry", false); /* 0515: disable Screenshots ***/ // user_pref("extensions.screenshots.disabled", true); // [FF55+] From 8d6ee7c0c74b0b458091164a691f90d83f39beed Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 04:18:12 +0000 Subject: [PATCH 1642/1961] oophs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 71ac044..6c1a4aa 100644 --- a/user.js +++ b/user.js @@ -588,7 +588,7 @@ user_pref("browser.sessionstore.privacy_level", 2); * [SETUP-CHROME] This can affect entries in "Recently Closed Tabs": i.e. the * longer the interval the more chance a quick tab open/close won't be captured * [1] https://bugzilla.mozilla.org/1304389 ***/ -user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 1500] +user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000] /* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); From e7872b193be81126e20da7f25d3fac4984901c7c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 04:22:46 +0000 Subject: [PATCH 1643/1961] !yoda no bytes were harmed in the making of this commit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6c1a4aa..e21c8cf 100644 --- a/user.js +++ b/user.js @@ -1445,7 +1445,7 @@ user_pref("privacy.firstparty.isolate", true); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] - * [SETUP-WEB] RFP can some cause website breakage: mainly canvas, use a site exception via the urlbar + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); From 51e388ae866a2f133b575c7b3c850afdfd46a0c3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 15:06:06 +0000 Subject: [PATCH 1644/1961] dom.storage.enabled --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index fe97e52..6d23182 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 24-July-2021 + Last updated: 16-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -241,6 +241,8 @@ 'webgl.min_capability_mode', /* 89-beta */ 'security.ssl.enable_ocsp_stapling', + /* 91-beta */ + 'dom.storage.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From 668e843fcea93871fefe968894309b17d520ba1c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 16 Aug 2021 15:34:57 +0000 Subject: [PATCH 1645/1961] misc - remove 2720 - this is a very old pref, been inactive since at least our first github release: v51 - disabling the API is not how you control client side state: you do that by blocking cookies which also controls other state such as IDB etc - 2700 section header - history/downloads is redundant - Offline Website Data info -> relevant item number with Active Logins info - ^ technically it still includes appCache for ESR78 users, but that will be moot in less than three months - tidy RFP - update to FF91 userAgent spoofing: there is no Android ESR so we don't need to mention "Android 9" - we don't need to say if the API is enabled for mediaDevices --- user.js | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index e21c8cf..2e1c291 100644 --- a/user.js +++ b/user.js @@ -1256,9 +1256,6 @@ user_pref("privacy.trackingprotection.enabled", true); user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] -/* 2720: disable DOM (Document Object Model) Storage - * [WARNING] This will break lots of sites and extensions! ***/ - // user_pref("dom.storage.enabled", false); /* 2730: disable offline cache (appCache) * [NOTE] In FF90+ the storage capability has been removed (1694662) * [WARNING] The API is easily fingerprinted, do not disable ***/ @@ -1287,10 +1284,6 @@ user_pref("dom.storage.next_gen", true); * If you want to keep some sites' cookies (exception as "Allow") and optionally other site data but clear all the rest on close, then you need to set the "cookie" and optionally the "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) - * "Offline Website Data" includes appCache (2730), localStorage (2720), - service worker cache (2740), and QuotaManager (IndexedDB, asm-cache) - * In both 2803 + 2804, the "download" and "history" prefs are combined in the - Firefox interface as "Browsing & Download History" and their values will be synced ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2802: enable Firefox to clear items on shutdown (see 2803) @@ -1298,7 +1291,8 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] * [NOTE] If "history" is true, downloads will also be cleared - * [NOTE] Active Logins does not refer to logins via cookies, but rather HTTP Basic Authentication [1] + * [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication [1] + * [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cache", true); @@ -1389,15 +1383,15 @@ user_pref("privacy.firstparty.isolate", true); [TEST] https://arkenfox.github.io/TZP/tzp.html#screen FF50+ 1281949 - spoof screen orientation - 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes + 1281963 - hide contents of navigator.plugins and navigator.mimeTypes FF55+ - 1330890 - spoof timezone as UTC 0 + 1330890 - spoof timezone as UTC0 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) 1217238 - reduce precision of time exposed by javascript FF56+ 1369303 - spoof/disable performance API (see 4602, 4603) 1333651 - spoof User Agent & Navigator API (see 4650) - JS: FF78+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 9 (FF91+ as 10), or Linux + JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux HTTP Headers: spoofed as Windows or Android 1369319 - disable device sensor API (see 4604) 1369357 - disable site specific zoom (see 4605) @@ -1411,13 +1405,12 @@ user_pref("privacy.firstparty.isolate", true); 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) - This blocks exposure of local IP Addresses via mDNS (Multicast DNS) + Blocks exposure of local IP Addresses via mDNS (Multicast DNS) FF58+ 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction FF59+ 1372073 - spoof/block fingerprinting in MediaDevices API - Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if - media.navigator.enabled is true (see 4612) + Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" (see 4612) Block: suppresses the ondevicechange event (see 4613) 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events From 1d63e836ee02e19b081fd7f49c8b61dbe1dc53c8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Aug 2021 02:52:19 +0000 Subject: [PATCH 1646/1961] musical chairs part 1 - move 2200s into respective sections - move FPing items into 2500s --- user.js | 76 +++++++++++++++++++++++++++------------------------------ 1 file changed, 36 insertions(+), 40 deletions(-) diff --git a/user.js b/user.js index 2e1c291..4ef5425 100644 --- a/user.js +++ b/user.js @@ -37,7 +37,7 @@ - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - 1401: document fonts is inactive as it is now covered by RFP in FF80+ - - 2626: non-native widget theme is enforced + - 2525: non-native widget theme is enforced - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -58,7 +58,6 @@ 1700: CONTAINERS 1800: PLUGINS 2000: MEDIA / CAMERA / MIC - 2200: WINDOW MEDDLING & LEAKS / POPUPS 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT 2500: HARDWARE FINGERPRINTING @@ -922,28 +921,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false); * [1] https://support.mozilla.org/questions/1293231 ***/ user_pref("media.autoplay.blocking_policy", 2); -/*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/ -user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!"); -/* 2202: prevent scripts from moving and resizing open windows ***/ -user_pref("dom.disable_window_move_resize", true); -/* 2203: open links targeting new windows in a new tab instead - * Stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab -user_pref("browser.link.open_newwindow.restriction", 0); -/* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks - * [NOTE] You can still manually toggle the browser's fullscreen state (F11), - * but this pref will disable embedded video/game fullscreen controls, e.g. youtube - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/ - // user_pref("full-screen-api.enabled", false); -/* 2210: block popup windows - * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ -user_pref("dom.disable_open_during_load", true); -/* 2212: limit events that can cause a popup [SETUP-WEB] ***/ -user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); - /*** [SECTION 2300]: WEB WORKERS A worker is a JS "background task" running in a global context, i.e. it is different from the current window. Workers can spawn new workers (must be the same origin & scheme), @@ -1002,14 +979,24 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket! * "general.autoScroll" are true (at least one is default false) then the clipboard can leak [1] * [1] https://bugzilla.mozilla.org/1528289 ***/ // user_pref("dom.event.clipboardevents.enabled", false); -/* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] +/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); -/* 2405: disable "Confirm you want to leave" dialog on page close +/* 2404: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/ user_pref("dom.disable_beforeunload", true); +/* 2405: prevent scripts from moving and resizing open windows ***/ +user_pref("dom.disable_window_move_resize", true); +/* 2406: block popup windows + * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ +user_pref("dom.disable_open_during_load", true); +/* 2407: limit events that can cause a popup [SETUP-WEB] ***/ +user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/* 2408: enable (limited but sufficient) window.opener protection [FF65+] + * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /* 2414: disable shaking the screen ***/ user_pref("dom.vibrator.enabled", false); /* 2420: disable asm.js [FF22+] [SETUP-PERF] @@ -1037,14 +1024,11 @@ user_pref("javascript.options.asmjs", false); * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ user_pref("javascript.options.wasm", false); -/* 2429: enable (limited but sufficient) window.opener protection [FF65+] - * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); /* 2502: disable Battery Status API - * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1] + * [NOTE] FF52+ Battery Status API is only available in chrome/privileged code [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); /* 2508: disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN] @@ -1076,6 +1060,22 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] +/* 2523: enforce no system colors + * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ +user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] +/* 2524: open links targeting new windows in a new tab instead + * Stops malicious window sizes and some screen resolution leaks. + * You can still right-click a link and open in a new window + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ +user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab +user_pref("browser.link.open_newwindow.restriction", 0); +/* 2525: enforce non-native widget theme + * Security: removes/reduces system API calls, e.g. win32k API [1] + * Fingerprinting: provides a uniform look and feel across platforms [2] + * [1] https://bugzilla.mozilla.org/1381938 + * [2] https://bugzilla.mozilla.org/1411425 ***/ +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1144,9 +1144,6 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ user_pref("network.protocol-handler.external.ms-windows-store", false); -/* 2622: enforce no system colors; they can be fingerprinted - * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] /* 2623: disable permissions delegation [FF73+] * Currently applies to cross-origin geolocation, camera, mic and screen-sharing * permissions, and fullscreen requests. Disabling delegation means any prompts @@ -1161,12 +1158,11 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); -/* 2626: enforce non-native widget theme - * Security: removes/reduces system API calls, e.g. win32k API [1] - * Fingerprinting: provides a uniform look and feel across platforms [2] - * [1] https://bugzilla.mozilla.org/1381938 - * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] +/* 2626: disable Fullscreen API (requires user interaction) + * [NOTE] You can still toggle fullscreen with F11 + * [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/ + // user_pref("full-screen-api.enabled", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop @@ -1276,7 +1272,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); * [1] https://developer.mozilla.org/docs/Web/API/Storage_Access_API ***/ // user_pref("dom.storage_access.enabled", false); /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ -user_pref("dom.storage.next_gen", true); +user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /*** [SECTION 2800]: SHUTDOWN * Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under From 77410bf86d4dd2d2ca163bbdbcfd54e65bc49ddb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Aug 2021 03:08:48 +0000 Subject: [PATCH 1647/1961] musical chairs part 2 merge plugins with webrtc (camera + mic) and "media" --- user.js | 38 +++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index 4ef5425..598abe1 100644 --- a/user.js +++ b/user.js @@ -56,8 +56,7 @@ 1400: FONTS 1600: HEADERS / REFERERS 1700: CONTAINERS - 1800: PLUGINS - 2000: MEDIA / CAMERA / MIC + 2000: PLUGINS / MEDIA / WEBRTC 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT 2500: HARDWARE FINGERPRINTING @@ -868,22 +867,7 @@ user_pref("privacy.userContext.enabled", true); * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); -/*** [SECTION 1800]: PLUGINS ***/ -user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); -/* 1820: disable GMP (Gecko Media Plugins) - * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ - // user_pref("media.gmp-provider.enabled", false); -/* 1825: disable widevine CDM (Content Decryption Module) - * [NOTE] This is covered by the EME master switch (1830) ***/ - // user_pref("media.gmp-widevinecdm.enabled", false); -/* 1830: disable all DRM content (EME: Encryption Media Extension) - * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV - * [SETTING] General>DRM Content>Play DRM-controlled content - * [TEST] https://bitmovin.com/demos/drm - * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ -user_pref("media.eme.enabled", false); - -/*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/ +/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) * [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not @@ -899,18 +883,30 @@ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+] -/* 2022: disable screensharing ***/ +/* 2003: disable screensharing ***/ user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); -/* 2024: set a default permission for Camera/Microphone [FF58+] +/* 2004: set a default permission for Camera/Microphone [FF58+] * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ // user_pref("permissions.default.camera", 2); // user_pref("permissions.default.microphone", 2); +/* 2020: disable GMP (Gecko Media Plugins) + * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ + // user_pref("media.gmp-provider.enabled", false); +/* 2021: disable widevine CDM (Content Decryption Module) + * [NOTE] This is covered by the EME master switch (2022) ***/ + // user_pref("media.gmp-widevinecdm.enabled", false); +/* 2022: disable all DRM content (EME: Encryption Media Extension) + * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV + * [SETTING] General>DRM Content>Play DRM-controlled content + * [TEST] https://bitmovin.com/demos/drm + * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ +user_pref("media.eme.enabled", false); /* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allow all, 1=Block non-muted media (default in FF67+), 2=Prompt (removed in FF66), 5=Block all (FF69+) + * 0=Allow all, 1=Block non-muted media (default), 5=Block all * [NOTE] You can set exceptions under site permissions * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/ // user_pref("media.autoplay.default", 5); From d7208ccf344a254c2117c911ba41c38428161479 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Aug 2021 03:41:56 +0000 Subject: [PATCH 1648/1961] tidy --- user.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 598abe1..51d1d01 100644 --- a/user.js +++ b/user.js @@ -1027,20 +1027,19 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [NOTE] FF52+ Battery Status API is only available in chrome/privileged code [1] * [1] https://bugzilla.mozilla.org/1313580 ***/ // user_pref("dom.battery.enabled", false); -/* 2508: disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN] - * [WARNING] Affects text rendering (fonts will look different), impacts video performance, - * and parts of Quantum that utilize the GPU will also be affected as they are rolled out +/* 2508: disable hardware acceleration [SETUP-HARDEN] + * [WARNING] Affects rendering and performance * [SETTING] General>Performance>Custom>Use hardware acceleration when available * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] // user_pref("layers.acceleration.disabled", true); /* 2517: disable Media Capabilities API [FF63+] - * [WARNING] This *may* affect media performance if disabled, no one is sure + * [WARNING] The API state is fingerprintable and disabling may affect performance * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); /* 2520: disable virtual reality devices - * Optional protection depending on your connected devices + * [WARNING] The API state is fingerprintable * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ // user_pref("dom.vr.enabled", false); /* 2521: set a default permission for Virtual Reality (see 2520) [FF73+] From 41c3c0ec26ef4392169fa1d04fd5783ac03bfc8e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 17 Aug 2021 03:47:33 +0000 Subject: [PATCH 1649/1961] tweak 2522: webgl - we already disable webgl, that's enough - the other two prefs are not going to provide much protection if a user decides they want webgl - "disable-fail-if-major-performance-caveat" only applies to ESR78 and will removed in the future - one (or two) less pref(2) for users to troubleshoot/flip --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 51d1d01..27885ea 100644 --- a/user.js +++ b/user.js @@ -1053,8 +1053,8 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); -user_pref("webgl.enable-webgl2", false); -user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] + // user_pref("webgl.enable-webgl2", false); + // user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /* 2523: enforce no system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] From fdc9376c69ef850ef2cc58e9da3c97f247dd0407 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 01:50:09 +0000 Subject: [PATCH 1650/1961] tidy - 0105*: merge into a single block - 1220: make values more readable with spaces, like 2701 (no need for value 2), add default, update advise (get a new AV, SHA1 is dead baby) - 2619: remove fluff --- user.js | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/user.js b/user.js index 27885ea..cba4c36 100644 --- a/user.js +++ b/user.js @@ -102,24 +102,18 @@ user_pref("browser.startup.homepage", "about:blank"); * [SETTING] Home>New Windows and Tabs>New tabs ***/ user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtab.preload", false); -/* 0105: disable Activity Stream stuff (AS) - * AS is the default homepage/newtab based on metadata and browsing behavior - * **NOT LISTING ALL OF THESE: USE THE PREFERENCES UI** +/* 0105: disable some Activity Stream items + * Activity Stream is the default homepage/newtab based on metadata and browsing behavior * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ -/* 0105a: disable Activity Stream telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); -/* 0105b: disable Activity Stream Snippets - * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server - * [1] https://abouthome-snippets-service.readthedocs.io/ ***/ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+] -/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] -/* 0105e: clear default topsites +/* 0106: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /* 0110: start Firefox in PB (Private Browsing) mode @@ -263,7 +257,7 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] /** SAFE BROWSING (SB) - Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never + Safe Browsing has taken many steps to preserve privacy. If required, a full url is never sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) @@ -672,13 +666,11 @@ user_pref("security.OCSP.require", true); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ /* 1220: disable or limit SHA-1 certificates - * 0=all SHA1 certs are allowed - * 1=all SHA1 certs are blocked - * 2=deprecated option that now maps to 1 - * 3=only allowed for locally-added roots (e.g. anti-virus) - * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [SETUP-CHROME] When disabled, some man-in-the-middle devices, e.g. security scanners and - * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete + * 0 = allow all + * 1 = block all + * 3 = only allow locally-added roots (e.g. anti-virus) (default) + * 4 = only allow locally-added roots or for certs in 2015 and earlier + * [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] @@ -802,7 +794,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] /*** [SECTION 1600]: HEADERS / REFERERS - Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone + Only **cross domain** referers need controlling: leave 1601, 1602, 1605 and 1606 alone Expect some breakage: Use an extension if you need precise control --- full URI: https://example.com:8888/foo/bar.html?id=1234 @@ -848,7 +840,7 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS - If you want to *really* leverage containers, we highly recommend Temporary Containers [2]. + If you want to really leverage containers, we recommend Temporary Containers [2]. Read the article by the extension author [3], and check out the github wiki/repo [4]. [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [2] https://addons.mozilla.org/firefox/addon/temporary-containers/ @@ -1117,7 +1109,6 @@ user_pref("permissions.manager.defaultsUrl", ""); /* 2617: remove webchannel whitelist ***/ user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing - * Firefox has *some* protections, but it is better to be safe than sorry * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) * [1] https://wiki.mozilla.org/IDN_Display_Algorithm @@ -1210,7 +1201,7 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications) If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become - accessible to websites except shared/service workers where the cookie setting *must* be "Allow" + accessible to websites except shared/service workers where the cookie setting must be "Allow" ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB] @@ -1425,7 +1416,7 @@ user_pref("privacy.firstparty.isolate", true); 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) FF91+ - 531915 - use fdlibm's sin, cos and tan in jsmath (FF93+) + 531915 - use fdlibm's sin, cos and tan in jsmath (FF93+, ESR91.1+) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1620,7 +1611,7 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); user_pref("security.mixed_content.block_object_subrequest", true); // 1803: disable Flash plugin // 0=deactivated, 1=ask, 2=enabled - // ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash + // ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash // [NOTE] You can still override individual sites via site permissions // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("plugin.state.flash", 0); // [DEFAULT: 1] From 08e9fb35fd9f432bd9513c62be8268691db1f5bc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 07:16:19 +0000 Subject: [PATCH 1651/1961] update some references --- user.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index cba4c36..4568704 100644 --- a/user.js +++ b/user.js @@ -125,7 +125,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing - * [2] https://spreadprivacy.com/is-private-browsing-really-private/ ***/ + * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ // user_pref("browser.privatebrowsing.autostart", true); /*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ @@ -240,8 +240,7 @@ user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] /* 0390: disable Captive Portal detection - * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy - * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/ + * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // [FF52+] /* 0391: disable Network Connectivity checks [FF65+] @@ -310,8 +309,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0503: disable Normandy/Shield [FF60+] * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" - * [1] https://wiki.mozilla.org/Firefox/Shield - * [2] https://github.com/mozilla/normandy ***/ + * [1] https://mozilla.github.io/normandy/ ***/ user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); /* 0505: disable System Add-on updates ***/ From e7e6cfffe852a558f870e74ab3f6bcff7f894781 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 07:30:55 +0000 Subject: [PATCH 1652/1961] 0503: tidy --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 4568704..14492d4 100644 --- a/user.js +++ b/user.js @@ -308,7 +308,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); ***/ user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); /* 0503: disable Normandy/Shield [FF60+] - * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" + * Shield is a telemetry system that can push and test "recipes" * [1] https://mozilla.github.io/normandy/ ***/ user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); From 783786290d2278d00a3bb13d3e61678991845a5c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 08:24:44 +0000 Subject: [PATCH 1653/1961] tidy - geo -> warning - merge container prefs - remove redundant "see"s - remove corresponding 4600's item number in RFP mitigations - it's pretty clear by the preference names in 4600 - could be misconstrued that the 4600 pref is the same result - RFP's language prompt only checks for en*, not en-US (so en-GB, en-CA etc do not get prompted) - https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPHelper.jsm#196 --- user.js | 102 +++++++++++++++++++++++++++----------------------------- 1 file changed, 49 insertions(+), 53 deletions(-) diff --git a/user.js b/user.js index 14492d4..13e2533 100644 --- a/user.js +++ b/user.js @@ -132,10 +132,10 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /** GEOLOCATION ***/ /* 0201: disable Location-Aware Browsing - * [NOTE] Best left at default "true", fingerprintable, already behind a prompt (see 0202) + * [WARNING] The API state is fingerprintable. Permission is already behind a prompt (0202) * [1] https://www.mozilla.org/firefox/geolocation/ ***/ // user_pref("geo.enabled", false); -/* 0202: set a default permission for Location (see 0201) [FF58+] +/* 0202: set a default permission for Location (0201) [FF58+] * 0=always ask (default), 1=allow, 2=block * [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location @@ -154,7 +154,7 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("browser.region.network.url", ""); // [FF78+] user_pref("browser.region.update.enabled", false); // [[FF79+] /* 0208: set search region - * [NOTE] May not be hidden if Firefox has changed your settings due to your region (see 0207) ***/ + * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0207) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /** LANGUAGE / LOCALE ***/ @@ -224,7 +224,7 @@ user_pref("datareporting.healthreport.uploadEnabled", false); * If disabled, no policy is shown or upload takes place, ever * [1] https://bugzilla.mozilla.org/1195552 ***/ user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0342: disable Studies (see 0503) +/* 0342: disable Studies * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); /* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+] @@ -364,7 +364,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * then this won't make much difference. If you are masking your IP, then it can only help. * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [TEST] https://ipleak.org/ - * [1] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/ + * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); /* 0702: disable HTTP2 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to @@ -381,7 +381,7 @@ user_pref("network.dns.disableIPv6", true); // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 0703: disable HTTP Alternative Services [FF37+] - * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) and you understand the + * [SETUP-PERF] Relax this if you have FPI enabled (4001) and you understand the * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [1] https://tools.ietf.org/html/rfc7838#section-9 @@ -475,13 +475,13 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // user_pref("browser.urlbar.autoFill", false); /* 0860: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] - * [NOTE] We also clear formdata on exit (see 2803) + * [NOTE] We also clear formdata on exit (2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); /* 0862: disable browsing and download history - * [NOTE] We also clear history and downloads on exiting Firefox (see 2803) + * [NOTE] We also clear history and downloads on exit (2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 0870: disable Windows jumplist [WINDOWS] ***/ @@ -503,11 +503,10 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ /* 0903: set how often Firefox should ask for the primary password - * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/ + * 0=the first time (default), 1=every time it's needed, 2=every n minutes (0904) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Firefox should ask for the primary password (see 0903) - * in minutes, default is 30 ***/ -user_pref("security.password_lifetime", 5); +/* 0904: set how often in minutes Firefox should ask for the primary password (0903) ***/ +user_pref("security.password_lifetime", 5); // [DEFAULT: 30] /* 0905: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed * [NOTE] Username & password is still available when you enter the field @@ -548,7 +547,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m /* 1001: disable disk cache * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), * or you use a hardened Temporary Containers, then feel free to override this - * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/ + * [NOTE] We also clear cache on exit (2803) ***/ user_pref("browser.cache.disk.enable", false); /* 1003: disable memory cache * capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/ @@ -786,7 +785,7 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist overrides RFP's font visibility (see 4620) + * [NOTE] In FF81+ the whitelist overrides RFP's font visibility (4620) * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -846,12 +845,10 @@ user_pref("privacy.donottrackheader.enabled", true); [4] https://github.com/stoically/temporary-containers/wiki ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); -/* 1701: enable Container Tabs setting in preferences (see 1702) [FF50+] - * [1] https://bugzilla.mozilla.org/1279029 ***/ -user_pref("privacy.userContext.ui.enabled", true); -/* 1702: enable Container Tabs [FF50+] +/* 1702: enable Container Tabs and it's UI setting [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); +user_pref("privacy.userContext.ui.enabled", true); /* 1703: set behaviour on "+ Tab" button to display container menu on left click [FF74+] * [NOTE] The menu is always shown on long press and right click * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ @@ -903,7 +900,7 @@ user_pref("media.eme.enabled", false); /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+] * 0=sticky (default), 1=transient, 2=user * Firefox's Autoplay Policy Documentation [PDF] is linked below via SUMO - * [NOTE] If you have trouble with some video sites, then add an exception (see 2030) + * [NOTE] If you have trouble with some video sites, then add an exception (2030) * [1] https://support.mozilla.org/questions/1293231 ***/ user_pref("media.autoplay.blocking_policy", 2); @@ -1024,22 +1021,22 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] // user_pref("layers.acceleration.disabled", true); /* 2517: disable Media Capabilities API [FF63+] - * [WARNING] The API state is fingerprintable and disabling may affect performance + * [WARNING] The API state is fingerprintable. Disabling may affect performance * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); /* 2520: disable virtual reality devices - * [WARNING] The API state is fingerprintable + * [WARNING] The API state is fingerprintable. Permission is already behind a prompt (2521) * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ // user_pref("dom.vr.enabled", false); -/* 2521: set a default permission for Virtual Reality (see 2520) [FF73+] +/* 2521: set a default permission for Virtual Reality (2520) [FF73+] * 0=always ask (default), 1=allow, 2=block * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ // user_pref("permissions.default.xr", 2); /* 2522: disable/limit WebGL (Web Graphics Library) * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, - * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501) + * especially with readPixels(). Some of the other entropy is lessened with RFP (4501) * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ user_pref("webgl.disabled", true); @@ -1237,11 +1234,10 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 2730: disable offline cache (appCache) - * [NOTE] In FF90+ the storage capability has been removed (1694662) - * [WARNING] The API is easily fingerprinted, do not disable ***/ + * [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+ (1694662) ***/ // user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage - * [NOTE] We clear service worker cache on exiting Firefox (see 2803) + * [NOTE] We clear service worker cache on exit (2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ // user_pref("dom.caches.enabled", false); /* 2750: disable Storage API [FF51+] @@ -1266,7 +1262,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/* 2802: enable Firefox to clear items on shutdown (see 2803) +/* 2802: enable Firefox to clear items on shutdown (2803) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] @@ -1298,12 +1294,12 @@ user_pref("privacy.cpd.passwords", false); // this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] - * [NOTE] Not needed if Session Restore is not used (see 0102) or is already cleared with history (see 2803) - * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (see 1022) + * [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803) + * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (1022) * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); -/* 2806: reset default "Time range to clear" for "Clear Recent History" (see 2804) +/* 2806: reset default "Time range to clear" for "Clear Recent History" (2804) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -1348,7 +1344,7 @@ user_pref("privacy.firstparty.isolate", true); // user_pref("privacy.firstparty.isolate.block_post_message", true); /* 4003: enable scheme with FPI [FF78+] * [NOTE] Experimental: existing data and site permissions are incompatible - * and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/ + * and some site exceptions may not work e.g. HTTPS-only mode (1244) ***/ // user_pref("privacy.firstparty.isolate.use_site", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) @@ -1366,21 +1362,21 @@ user_pref("privacy.firstparty.isolate", true); 1281963 - hide contents of navigator.plugins and navigator.mimeTypes FF55+ 1330890 - spoof timezone as UTC0 - 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) + 1360039 - spoof navigator.hardwareConcurrency as 2 1217238 - reduce precision of time exposed by javascript FF56+ - 1369303 - spoof/disable performance API (see 4602, 4603) - 1333651 - spoof User Agent & Navigator API (see 4650) + 1369303 - spoof/disable performance API + 1333651 - spoof User Agent & Navigator API JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux HTTP Headers: spoofed as Windows or Android - 1369319 - disable device sensor API (see 4604) - 1369357 - disable site specific zoom (see 4605) - 1337161 - hide gamepads from content (see 4606) - 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) - 1333641 - reduce fingerprinting in WebSpeech API (see 4608) + 1369319 - disable device sensor API + 1369357 - disable site specific zoom + 1337161 - hide gamepads from content + 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true + 1333641 - reduce fingerprinting in WebSpeech API FF57+ - 1369309 - spoof media statistics (see 4610) - 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) + 1369309 - spoof media statistics + 1382499 - reduce screen co-ordinate fingerprinting in Touch API 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist @@ -1390,28 +1386,28 @@ user_pref("privacy.firstparty.isolate", true); 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction FF59+ 1372073 - spoof/block fingerprinting in MediaDevices API - Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" (see 4612) - Block: suppresses the ondevicechange event (see 4613) - 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) + Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" + Block: suppresses the ondevicechange event + 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60-67 - 1337157 - disable WebGL debug renderer info (see 4614) (FF60+) + 1337157 - disable WebGL debug renderer info (FF60+) 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - 1479239 - return "no-preference" with prefers-reduced-motion (see 4615) (FF63+) - 1363508 - spoof/suppress Pointer Events (see 4616) (FF64+) + 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) + 1363508 - spoof/suppress Pointer Events (FF64+) FF65: pointerEvent.pointerid (1492766) - 1485266 - disable exposure of system colors to CSS or canvas (see 4617) (FF67+) - 1407366 - enable inner window letterboxing (see 4504) (FF67+) - 1494034 - return "light" with prefers-color-scheme (see 4618) (FF67+) + 1485266 - disable exposure of system colors to CSS or canvas (FF67+) + 1407366 - enable inner window letterboxing (4504) (FF67+) + 1494034 - return "light" with prefers-color-scheme (FF67+) FF68-77 - 1564422 - spoof audioContext outputLatency (see 4619) (FF70+) - 1595823 - return audioContext sampleRate as 44100 (see 4619) (FF72+) + 1564422 - spoof audioContext outputLatency (FF70+) + 1595823 - return audioContext sampleRate as 44100 (FF72+) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) FF78-90 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) + 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) FF91+ 531915 - use fdlibm's sin, cos and tan in jsmath (FF93+, ESR91.1+) From 679648b33e633f1e494fcffa051672813f1e7cda Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 09:03:16 +0000 Subject: [PATCH 1654/1961] RFP info tweak --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 13e2533..3823594 100644 --- a/user.js +++ b/user.js @@ -1397,7 +1397,7 @@ user_pref("privacy.firstparty.isolate", true); 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) 1363508 - spoof/suppress Pointer Events (FF64+) - FF65: pointerEvent.pointerid (1492766) + 1492766 - spoof pointerEvent.pointerid (FF65+) 1485266 - disable exposure of system colors to CSS or canvas (FF67+) 1407366 - enable inner window letterboxing (4504) (FF67+) 1494034 - return "light" with prefers-color-scheme (FF67+) From 29ad768a22d4b097188f6e0dcfbbeb29aa6f13c3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 09:08:36 +0000 Subject: [PATCH 1655/1961] RFP tweak letterboxing is not part of RFP, it is a separate pref: bugzilla and FF version info is in 4504 --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 3823594..77c712d 100644 --- a/user.js +++ b/user.js @@ -1399,7 +1399,6 @@ user_pref("privacy.firstparty.isolate", true); 1363508 - spoof/suppress Pointer Events (FF64+) 1492766 - spoof pointerEvent.pointerid (FF65+) 1485266 - disable exposure of system colors to CSS or canvas (FF67+) - 1407366 - enable inner window letterboxing (4504) (FF67+) 1494034 - return "light" with prefers-color-scheme (FF67+) FF68-77 1564422 - spoof audioContext outputLatency (FF70+) From 2ce269362e6103312cdb46200e874da62aa5cf51 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 12:40:27 +0000 Subject: [PATCH 1656/1961] dom.battery.enabled --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 6d23182..a2ec706 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 16-August-2021 + Last updated: 18-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -242,6 +242,7 @@ /* 89-beta */ 'security.ssl.enable_ocsp_stapling', /* 91-beta */ + 'dom.battery.enabled', 'dom.storage.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From a70c31293830625145db7035af8ec142546c4b5b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 12:46:24 +0000 Subject: [PATCH 1657/1961] goodbye battery - dead weight since 2017-06-13 when ESR45 reached EOL .. good riddance - if someone does use it, it's not going to do any harm, so no need to carry it for prefsCleaner --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index 77c712d..cef74b9 100644 --- a/user.js +++ b/user.js @@ -1010,10 +1010,6 @@ user_pref("javascript.options.wasm", false); /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* 2502: disable Battery Status API - * [NOTE] FF52+ Battery Status API is only available in chrome/privileged code [1] - * [1] https://bugzilla.mozilla.org/1313580 ***/ - // user_pref("dom.battery.enabled", false); /* 2508: disable hardware acceleration [SETUP-HARDEN] * [WARNING] Affects rendering and performance * [SETTING] General>Performance>Custom>Use hardware acceleration when available From dc63a752a58d591ec5c48b5c98ad815ce7bad463 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Aug 2021 13:55:41 +0000 Subject: [PATCH 1658/1961] tidy 0300 + 0301 --- user.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index cef74b9..24c316d 100644 --- a/user.js +++ b/user.js @@ -166,13 +166,10 @@ user_pref("intl.accept_languages", "en-US, en"); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -/*** [SECTION 0300]: QUIET FOX - We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update, - and it only takes one click. We highly discourage disabling auto-CHECKING for updates. -***/ +/*** [SECTION 0300]: QUIET FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] - * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed +/* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS] + * [NOTE] You will still get prompts to update, and should do so in a timely manner * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ user_pref("app.update.auto", false); /* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] From 7264271063c0c3c8baa1412f12ddf13511e65c91 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 00:15:30 +0000 Subject: [PATCH 1659/1961] rusty-snake improvements, #1235 --- user.js | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index 24c316d..173450a 100644 --- a/user.js +++ b/user.js @@ -370,7 +370,7 @@ user_pref("network.dns.disableIPv6", true); * [STATS] ~46% of sites (July 2021) [5] * [1] https://http2.github.io/faq/ * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html - * [3] https://http2.github.io/http2-spec/#rfc.section.10.8 + * [3] https://datatracker.ietf.org/doc/html/rfc7540#section-10.8 * [4] https://queue.acm.org/detail.cfm?id=2716278 * [5] https://w3techs.com/technologies/details/ce-http2/all/all ***/ // user_pref("network.http.spdy.enabled", false); @@ -981,17 +981,14 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] user_pref("dom.vibrator.enabled", false); /* 2420: disable asm.js [FF22+] [SETUP-PERF] * [1] http://asmjs.org/ - * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/ - * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/ - * [4] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 - * [5] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 - * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ + * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js + * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); /* 2421: disable Ion and baseline JIT to harden against JS exploits [SETUP-HARDEN] * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new * hidden pref is enabled, then Ion can still be used by extensions (1599226) * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss - * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Firefox+JIT ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] @@ -1568,7 +1565,7 @@ user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); // FF86 // 1205: disable SSL Error Reporting - // [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html + // [1] https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html // [-] https://bugzilla.mozilla.org/1681839 user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); From f19d8508452ab96f1648f672f4c5c431264d8e33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 01:46:47 +0000 Subject: [PATCH 1660/1961] tidy #1235 8000s (was 4600s) - move below personal, so user-relevant part is shorter - swap out font vis with document fonts + font whitelist - font vis still has usability/visual purposes: it just won't really help much with fingerprinting - ESR78 users (who can't use font vis), sorry, but we made doc fonts inactive for a while now, and now recommend you don't use it anyway --- user.js | 155 +++++++++++++++++++++++++++----------------------------- 1 file changed, 76 insertions(+), 79 deletions(-) diff --git a/user.js b/user.js index 173450a..3cfa190 100644 --- a/user.js +++ b/user.js @@ -36,7 +36,6 @@ ESR78 - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - - 1401: document fonts is inactive as it is now covered by RFP in FF80+ - 2525: non-native widget theme is enforced - 9999: switch the appropriate deprecated section(s) back on @@ -65,8 +64,9 @@ 2800: SHUTDOWN 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) - 4600: NON-RFP 5000: PERSONAL + 7000: DON'T BOTHER + 8000: DON'T BOTHER: NON-RFP 9999: DEPRECATED / REMOVED / LEGACY / RENAMED ******/ @@ -118,10 +118,10 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // user_pref("browser.newtabpage.activity-stream.default.sites", ""); /* 0110: start Firefox in PB (Private Browsing) mode * [NOTE] In this mode all windows are "private windows" and the PB mode icon is not displayed - * [WARNING] The P in PB mode is misleading: it means no "persistent" disk storage such as history, + * [WARNING] The P in PB mode can be misleading: it means no "persistent" disk state such as history, * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). * In fact, PB mode limits or removes the ability to control some of these, and you need to quit - * Firefox to clear them. PB is best used as a one off window (File>New Private Window) to provide + * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing @@ -141,7 +141,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); -/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+] +/* 0203: use Mozilla geolocation service instead of Google if geolocation is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] @@ -719,7 +719,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [1] https://bugzilla.mozilla.org/1382359 ***/ // user_pref("dom.securecontext.whitelist_onions", true); -/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] +/** CIPHERS + [WARNING] DO NOT USE: see the section 1200 intro These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC, and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128 [1] https://browserleaks.com/ssl @@ -762,30 +763,25 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1401: disable websites choosing fonts (0=block, 1=allow) - * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) - * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ - // user_pref("browser.display.use_document_fonts", 0); -/* 1403: disable icon fonts (glyphs) and local fallback rendering - * [1] https://bugzilla.mozilla.org/789788 - * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ - // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] - // user_pref("gfx.downloadable_fonts.fallback_delay", -1); -/* 1404: disable rendering of SVG OpenType fonts +/* 1401: disable rendering of SVG OpenType fonts * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1408: disable graphite +/* 1402: disable graphite * Graphite has had many critical security issues in the past [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] - * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist overrides RFP's font visibility (4620) - * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) - * [1] https://bugzilla.mozilla.org/1121643 ***/ - // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] +/* 1403: limit font visibility (Windows, Mac, some Linux) [FF79+] + * [NOTE] IN FF8)+ RFP ignores the pref and uses value 1 + * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed + * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts + * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ + // user_pref("layout.css.font-visibility.level", 1); +/* 1404: disable icon fonts (glyphs) and local fallback rendering + * [1] https://bugzilla.mozilla.org/789788 + * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ + // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] + // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /*** [SECTION 1600]: HEADERS / REFERERS Only **cross domain** referers need controlling: leave 1601, 1602, 1605 and 1606 alone @@ -1342,7 +1338,7 @@ user_pref("privacy.firstparty.isolate", true); It is an all-or-nothing buy in: you cannot pick and choose what parts you want [WARNING] DO NOT USE extensions to alter RFP protected metrics - [WARNING] DO NOT USE prefs in section 4600 with RFP as they can interfere + [WARNING] DO NOT USE prefs in section 8000 with RFP as they can interfere FF41+ 418986 - limit window.screen & CSS media queries leaking identifiable info @@ -1441,60 +1437,6 @@ user_pref("browser.startup.blankWindow", false); * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] -/*** [SECTION 4600]: NON-RFP - [WARNING] DO NOT USE with RFP. RFP already covers these, and they can interfere - [NOTE] These prefs will not help anti-fingerprinting. They are insufficient - on their own, can cause breakage, and will make you stand out -***/ -user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); -/* 4601: spoof number of CPU cores [FF48+] ***/ - // user_pref("dom.maxHardwareConcurrency", 2); -/* 4602: disable Resource Timing API ***/ - // user_pref("dom.enable_resource_timing", false); -/* 4603: disable Navigation Timing API ***/ - // user_pref("dom.enable_performance", false); -/* 4604: disable device Sensor APIs ***/ - // user_pref("device.sensors.enabled", false); -/* 4605: disable remembering site specific zoom ***/ - // user_pref("browser.zoom.siteSpecific", false); -/* 4606: disable gamepad API to prevent USB device ID enumeration ***/ - // user_pref("dom.gamepad.enabled", false); -/* 4607: disable Network Information API [FF31+] ***/ - // user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] -/* 4608: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API ***/ - // user_pref("media.webspeech.synth.enabled", false); -/* 4610: disable video statistics to mitigate JS performance fingerprinting [FF25+] ***/ - // user_pref("media.video_stats.enabled", false); -/* 4611: disable touch events: 0=disabled, 1=enabled, 2=autodetect ***/ - // user_pref("dom.w3c_touch_events.enabled", 0); -/* 4612: disable media device enumeration [FF29+] ***/ - // user_pref("media.navigator.enabled", false); -/* 4613: disable MediaDevices change detection [FF51+] ***/ - // user_pref("media.ondevicechange.enabled", false); -/* 4614: disable WebGL debug info being available to websites ***/ - // user_pref("webgl.enable-debug-renderer-info", false); -/* 4615: enforce prefers-reduced-motion as no-preference: 0=no-preference, 1=reduce [FF63+] [RESTART] ***/ - // user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -/* 4617: disable exposure of system colors to CSS or canvas [FF44+] ***/ - // user_pref("ui.use_standins_for_native_colors", true); -/* 4618: enforce prefers-color-scheme as light: 0=light, 1=dark [FF67+] ***/ - // user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -/* 4619: disable Web Audio API [FF51+] ***/ - // user_pref("dom.webaudio.enabled", false); -/* 4620: limit font visibility (Windows, Mac, some Linux) [FF79+] - * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ - // user_pref("layout.css.font-visibility.level", 1); -/* 4650: navigator DOM object overrides - * [WARNING] NO NOT USE: these prefs are insufficient and leak ***/ - // user_pref("general.appname.override", ""); // [HIDDEN PREF] - // user_pref("general.appversion.override", ""); // [HIDDEN PREF] - // user_pref("general.buildID.override", ""); // [HIDDEN PREF] - // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] - // user_pref("general.platform.override", ""); // [HIDDEN PREF] - // user_pref("general.useragent.override", ""); // [HIDDEN PREF] - /*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides To save some overrides, we've made a few active as they seem to be universally used @@ -1541,6 +1483,61 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) +/*** [SECTION 8000]: DON'T BOTHER: NON-RFP + [WHY] They are insufficient to help anti-fingerprinting and can cause breakage + [WARNING] DO NOT USE with RFP. RFP already covers these, and they can interfere +***/ +user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan"); +/* 8001: spoof number of CPU cores [FF48+] ***/ + // user_pref("dom.maxHardwareConcurrency", 2); +/* 8002: disable Resource Timing API ***/ + // user_pref("dom.enable_resource_timing", false); +/* 8003: disable Navigation Timing API ***/ + // user_pref("dom.enable_performance", false); +/* 8004: disable device Sensor APIs ***/ + // user_pref("device.sensors.enabled", false); +/* 8005: disable remembering site specific zoom ***/ + // user_pref("browser.zoom.siteSpecific", false); +/* 8006: disable gamepad API to prevent USB device ID enumeration ***/ + // user_pref("dom.gamepad.enabled", false); +/* 8007: disable Network Information API [FF31+] ***/ + // user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] +/* 8008: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API ***/ + // user_pref("media.webspeech.synth.enabled", false); +/* 8010: disable video statistics to mitigate JS performance fingerprinting [FF25+] ***/ + // user_pref("media.video_stats.enabled", false); +/* 8011: disable touch events: 0=disabled, 1=enabled, 2=autodetect ***/ + // user_pref("dom.w3c_touch_events.enabled", 0); +/* 8012: disable media device enumeration [FF29+] ***/ + // user_pref("media.navigator.enabled", false); +/* 8013: disable MediaDevices change detection [FF51+] ***/ + // user_pref("media.ondevicechange.enabled", false); +/* 8014: disable WebGL debug info being available to websites ***/ + // user_pref("webgl.enable-debug-renderer-info", false); +/* 8015: enforce prefers-reduced-motion as no-preference: 0=no-preference, 1=reduce [FF63+] [RESTART] ***/ + // user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] +/* 8017: disable exposure of system colors to CSS or canvas [FF44+] ***/ + // user_pref("ui.use_standins_for_native_colors", true); +/* 8018: enforce prefers-color-scheme as light: 0=light, 1=dark [FF67+] ***/ + // user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] +/* 8019: disable Web Audio API [FF51+] ***/ + // user_pref("dom.webaudio.enabled", false); +/* 8020: disable websites choosing fonts (0=block, 1=allow) ***/ + // user_pref("browser.display.use_document_fonts", 0); +/* 8021: limit system font exposure to a whitelist [FF52+] [RESTART] + * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed + * [NOTE] In FF81+ the whitelist overrides RFP and font visibility (1403) + * [1] https://bugzilla.mozilla.org/1121643 ***/ + // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] +/* 8050: navigator DOM object overrides + * [WHY] These prefs are insufficient and leak ***/ + // user_pref("general.appname.override", ""); // [HIDDEN PREF] + // user_pref("general.appversion.override", ""); // [HIDDEN PREF] + // user_pref("general.buildID.override", ""); // [HIDDEN PREF] + // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] + // user_pref("general.platform.override", ""); // [HIDDEN PREF] + // user_pref("general.useragent.override", ""); // [HIDDEN PREF] + /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets From ac84da2af4b1c9454b3d97a93e67d58b1f448c38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 02:07:03 +0000 Subject: [PATCH 1661/1961] remove XHTML config warning dead weight: ESR users will already be aware of and ticked the warning box by now --- user.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 3cfa190..9e9c78c 100644 --- a/user.js +++ b/user.js @@ -78,10 +78,8 @@ * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/ user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); -/* 0000: disable about:config warning - * FF73-86: chrome://global/content/config.xhtml ***/ -user_pref("general.warnOnAboutConfig", false); // XHTML version -user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] +/* 0000: disable about:config warning ***/ +user_pref("browser.aboutConfig.showWarning", false); /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); From 00fa8f1b50dbc717ef9cc702679f3829d91fee05 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 02:14:23 +0000 Subject: [PATCH 1662/1961] general.warnOnAboutConfig https://github.com/arkenfox/user.js/commit/ac84da2af4b1c9454b3d97a93e67d58b1f448c38 --- scratchpad-scripts/arkenfox-clear-removed.js | 35 ++++---------------- 1 file changed, 6 insertions(+), 29 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index a2ec706..040604f 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 18-August-2021 + Last updated: 19-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -13,15 +13,13 @@ const aPREFS = [ /* removed in arkenfox user.js */ - /* 52-alpha */ + /* 60 or lower */ 'browser.search.reset.enabled', 'browser.search.reset.whitelist', - /* 54-alpha */ 'browser.migrate.automigrate.enabled', 'services.sync.enabled', 'webextensions.storage.sync.enabled', 'webextensions.storage.sync.serverURL', - /* 55-alpha */ 'dom.keyboardevent.dispatch_during_composition', // default is false anyway 'dom.vr.oculus.enabled', // covered by dom.vr.enabled 'dom.vr.openvr.enabled', // ditto @@ -29,12 +27,10 @@ 'extensions.pocket.api', // covered by extensions.pocket.enabled 'extensions.pocket.oAuthConsumerKey', // ditto 'extensions.pocket.site', // ditto - /* 57-alpha */ 'geo.wifi.xhr.timeout', // covered by geo.enabled 'browser.search.geoip.timeout', // ditto 'media.webspeech.recognition.enable', // default is false anyway 'gfx.layerscope.enabled', // default is false anyway - /* 58-alpha */ // excluding these e10 settings // 'browser.tabs.remote.autostart', // 'browser.tabs.remote.autostart.2', @@ -56,7 +52,6 @@ 'dom.presentation.enabled', 'dom.presentation.receiver.enabled', 'dom.presentation.session_transport.data_channel.enable', - /* 59-alpha */ 'browser.stopReloadAnimation.enabled', 'browser.tabs.insertRelatedAfterCurrent', 'browser.tabs.loadDivertedInBackground', @@ -80,7 +75,6 @@ 'media.wmf.enabled', 'media.wmf.vp9.enabled', 'ui.submenuDelay', - /* 60-beta - these were all at default anyway */ 'device.storage.enabled', 'general.useragent.compatMode.firefox', 'network.dns.blockDotOnion', @@ -88,7 +82,7 @@ 'security.block_script_with_wrong_mime', 'security.fileuri.strict_origin_policy', 'security.sri.enable', - /* 61-beta */ + /* 61-68 */ 'browser.laterrun.enabled', 'browser.offline-apps.notify', 'browser.rights.3.shown', @@ -101,14 +95,11 @@ 'network.http.fast-fallback-to-IPv4', 'offline-apps.quota.warn', 'services.blocklist.signing.enforced', - /* 62-beta */ 'browser.urlbar.autoFill.typed', 'security.tls.version.fallback-limit', - /* 63-beta */ 'extensions.webextensions.keepStorageOnUninstall', 'extensions.webextensions.keepUuidOnUninstall', 'privacy.trackingprotection.ui.enabled', - /* 64-beta */ 'browser.eme.ui.enabled', 'browser.sessionstore.max_windows_undo', 'network.auth.subresource-img-cross-origin-http-auth-allow', @@ -119,10 +110,8 @@ 'media.peerconnection.use_document_iceservers', 'media.peerconnection.video.enabled', 'media.navigator.video.enabled', - /* 65-beta */ 'browser.contentblocking.enabled', 'browser.urlbar.maxHistoricalSearchSuggestions', - /* 67-beta */ 'app.update.service.enabled', 'app.update.silent', 'app.update.staging.enabled', @@ -168,7 +157,6 @@ 'signon.autofillForms.http', 'signon.storeWhenAutocompleteOff', 'xpinstall.whitelist.required', - /* 67-beta: Blocklist, SB & TP cleanup: these were all inactive */ 'browser.safebrowsing.downloads.remote.block_dangerous', 'browser.safebrowsing.downloads.remote.block_dangerous_host', 'browser.safebrowsing.blockedURIs.enabled', @@ -188,7 +176,6 @@ 'services.blocklist.plugins.collection', 'services.blocklist.update_enabled', 'urlclassifier.trackingTable', - /* 68-beta */ 'dom.forms.datetime', 'font.blacklist.underline_offset', 'font.name.monospace.x-unicode', @@ -199,9 +186,8 @@ 'font.name.serif.x-western', 'layout.css.font-loading-api.enabled', 'toolkit.telemetry.cachedClientID', - /* 69-beta */ + /* 69-78 */ 'plugin.sessionPermissionNow.intervalInMinutes', - /* 70-beta */ 'browser.cache.disk_cache_ssl', 'browser.sessionhistory.max_entries', 'dom.push.connection.enabled', @@ -215,35 +201,26 @@ 'security.insecure_connection_icon.pbmode.enabled', 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', - /* 71-beta */ 'media.block-autoplay-until-in-foreground', 'middlemouse.paste', - /* 75-beta */ 'browser.search.geoip.url', 'browser.search.region', - /* 79-beta */ + /* 79-91 */ 'browser.urlbar.usepreloadedtopurls.enabled', - /* 82-beta */ 'dom.IntersectionObserver.enabled', 'extensions.screenshots.upload-disabled', 'privacy.partition.network_state', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', - /* 84-beta */ 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - /* 85-beta */ 'network.http.redirection-limit', - /* 86-beta */ 'media.gmp-widevinecdm.visible', - /* 87-beta */ 'browser.send_pings.require_same_host', - /* 88-beta */ 'webgl.min_capability_mode', - /* 89-beta */ 'security.ssl.enable_ocsp_stapling', - /* 91-beta */ 'dom.battery.enabled', 'dom.storage.enabled', + 'general.warnOnAboutConfig', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From 93f6aea06afd0fefc37f8df84a4129e4ee1354a8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 13:17:07 +0000 Subject: [PATCH 1663/1961] 1605: change to active enforced --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 9e9c78c..dd6452e 100644 --- a/user.js +++ b/user.js @@ -805,10 +805,10 @@ user_pref("network.http.referer.XOriginPolicy", 2); /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); -/* 1605: ALL: disable spoofing a referer - * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF - * (Cross-Site Request Forgery) protections that some sites may rely on ***/ - // user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] +/* 1605: ALL: enforce no spoofing of referer + * Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) + * protections that some sites may rely on ***/ +user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] /* 1606: ALL: set the default Referrer Policy [FF59+] * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy From 45c52b66201d4ded8e119530195329e3185b7465 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 14:44:06 +0000 Subject: [PATCH 1664/1961] start section 7000s --- user.js | 75 +++++++++++++++++++++------------------------------------ 1 file changed, 28 insertions(+), 47 deletions(-) diff --git a/user.js b/user.js index dd6452e..bd4b41b 100644 --- a/user.js +++ b/user.js @@ -128,18 +128,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/** GEOLOCATION ***/ -/* 0201: disable Location-Aware Browsing - * [WARNING] The API state is fingerprintable. Permission is already behind a prompt (0202) - * [1] https://www.mozilla.org/firefox/geolocation/ ***/ - // user_pref("geo.enabled", false); -/* 0202: set a default permission for Location (0201) [FF58+] - * 0=always ask (default), 1=allow, 2=block - * [NOTE] Best left at default "always ask", fingerprintable via Permissions API - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ - // user_pref("permissions.default.geo", 2); -/* 0203: use Mozilla geolocation service instead of Google if geolocation is granted [FF74+] +/* 0203: use Mozilla geolocation service instead of Google if permission is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] @@ -154,8 +143,6 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] /* 0208: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0207) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] - -/** LANGUAGE / LOCALE ***/ /* 0210: set preferred language for displaying web pages * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); @@ -865,12 +852,6 @@ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70 user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); -/* 2004: set a default permission for Camera/Microphone [FF58+] - * 0=always ask (default), 1=allow, 2=block - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ - // user_pref("permissions.default.camera", 2); - // user_pref("permissions.default.microphone", 2); /* 2020: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); @@ -920,7 +901,7 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/ user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications - * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (2306) + * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (7002) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ // user_pref("dom.webnotifications.enabled", false); // [FF22+] // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] @@ -928,18 +909,12 @@ user_pref("dom.serviceWorkers.enabled", false); * Push is an API that allows websites to send you (subscribed) messages even when the site * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind - * a prompt (2306). Disabling service workers alone doesn't stop Firefox polling the + * a prompt (7002). Disabling service workers alone doesn't stop Firefox polling the * Mozilla Push Server. To remove all subscriptions, reset your userAgentID. * [1] https://support.mozilla.org/kb/push-notifications-firefox * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ user_pref("dom.push.enabled", false); // user_pref("dom.push.userAgentID", ""); -/* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] - * 0=always ask (default), 1=allow, 2=block - * [NOTE] Best left at default "always ask", fingerprintable via Permissions API - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ - // user_pref("permissions.default.desktop-notification", 2); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); @@ -1009,15 +984,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://github.com/WICG/media-capabilities * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ // user_pref("media.media-capabilities.enabled", false); -/* 2520: disable virtual reality devices - * [WARNING] The API state is fingerprintable. Permission is already behind a prompt (2521) - * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ - // user_pref("dom.vr.enabled", false); -/* 2521: set a default permission for Virtual Reality (2520) [FF73+] - * 0=always ask (default), 1=allow, 2=block - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ - // user_pref("permissions.default.xr", 2); /* 2522: disable/limit WebGL (Web Graphics Library) * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, * especially with readPixels(). Some of the other entropy is lessened with RFP (4501) @@ -1123,11 +1089,6 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); -/* 2626: disable Fullscreen API (requires user interaction) - * [NOTE] You can still toggle fullscreen with F11 - * [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/ - // user_pref("full-screen-api.enabled", false); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop @@ -1173,7 +1134,6 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] cookies : profile\cookies.sqlite localStorage : profile\webappsstore.sqlite indexedDB : profile\storage\default - appCache : profile\OfflineCache (FF89 or lower) serviceWorkers : [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode @@ -1217,9 +1177,6 @@ user_pref("privacy.trackingprotection.enabled", true); user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] -/* 2730: disable offline cache (appCache) - * [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+ (1694662) ***/ - // user_pref("browser.cache.offline.enable", false); /* 2740: disable service worker cache and cache storage * [NOTE] We clear service worker cache on exit (2803) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ @@ -1481,6 +1438,30 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) +/*** [SECTION 7000] DON'T BOTHER ***/ +user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies!"); +/* 7001: disable APIs + * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality + * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002). + * appCache storage capability was removed in FF90. Full screen requires user interaction, + * and you can still toggle fullscreen with F11 ***/ + // user_pref("geo.enabled", false); + // user_pref("full-screen-api.enabled", false); + // user_pref("browser.cache.offline.enable", false); + // user_pref("dom.vr.enabled", false); +/* 7002: set default permissions + * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] + * 0=always ask (default), 1=allow, 2=block + * [WHY] These are fingerprintable via Permissions API, except VR. Just add site + * exceptions as block for frequently visited annoying sites: i.e not global + * [SETTING] to add site exceptions: Ctrl+I>Permissions> + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ + // user_pref("permissions.default.geo", 0); + // user_pref("permissions.default.camera", 0); + // user_pref("permissions.default.microphone", 0); + // user_pref("permissions.default.desktop-notification", 0); + // user_pref("permissions.default.xr", 0); // Virtual Reality + /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and can cause breakage [WARNING] DO NOT USE with RFP. RFP already covers these, and they can interfere @@ -1597,7 +1578,7 @@ user_pref("plugin.state.flash", 0); // [DEFAULT: 1] // 0708: disable FTP [FF60+] // [-] https://bugzilla.mozilla.org/1574475 // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] -// 2730: enforce no offline cache storage (appCache) [FF71+] +// 7001: enforce no offline cache storage (appCache) [FF71+] // [-] https://bugzilla.mozilla.org/1694662 user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] // ***/ From 5ab3c47b6bd5c61512a451aa65ac91ad8bb72509 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 19 Aug 2021 15:26:22 +0000 Subject: [PATCH 1665/1961] 7001: tweak F11 has nothing to do with the API or why --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index bd4b41b..4577a80 100644 --- a/user.js +++ b/user.js @@ -1443,8 +1443,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies /* 7001: disable APIs * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002). - * appCache storage capability was removed in FF90. Full screen requires user interaction, - * and you can still toggle fullscreen with F11 ***/ + * appCache storage capability was removed in FF90. Full screen requires user interaction ***/ // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); // user_pref("browser.cache.offline.enable", false); From a8e95e73107cd40a73229c571caf7a265b656301 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 02:13:53 +0000 Subject: [PATCH 1666/1961] dexter would be proud #1235 - just to be clear, this section is not supported: not interested in references or explanations or FF version numbers or default info etc - "do more harm than good" - ambiguous, not interested in explaining why exactly: but FYI - some leak - most break shit - almost all are easily fingerprinted and the combo of them would make you really stand out - removed the duplicate `ui.prefersReducedMotion` - this should move to personal as well - moved `ui.systemUsesDarkTheme` to personal --- user.js | 59 +++++++++++++++++++-------------------------------------- 1 file changed, 19 insertions(+), 40 deletions(-) diff --git a/user.js b/user.js index 4577a80..0719d45 100644 --- a/user.js +++ b/user.js @@ -1389,6 +1389,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); /* 4520: disable chrome animations [FF77+] [RESTART] + * 0=no-preference, 1=reduce * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] @@ -1410,6 +1411,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] + // user_pref("ui.systemUsesDarkTheme", 1); // with RFP this only affects chrome: 0=light, 1=dark [FF67+] [HIDDEN PREF] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" @@ -1462,59 +1464,36 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies // user_pref("permissions.default.xr", 0); // Virtual Reality /*** [SECTION 8000]: DON'T BOTHER: NON-RFP - [WHY] They are insufficient to help anti-fingerprinting and can cause breakage - [WARNING] DO NOT USE with RFP. RFP already covers these, and they can interfere + [WHY] They are insufficient to help anti-fingerprinting and do more harm than good + [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere ***/ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan"); -/* 8001: spoof number of CPU cores [FF48+] ***/ - // user_pref("dom.maxHardwareConcurrency", 2); -/* 8002: disable Resource Timing API ***/ - // user_pref("dom.enable_resource_timing", false); -/* 8003: disable Navigation Timing API ***/ - // user_pref("dom.enable_performance", false); -/* 8004: disable device Sensor APIs ***/ +/* 8001: disable APIs ***/ // user_pref("device.sensors.enabled", false); -/* 8005: disable remembering site specific zoom ***/ - // user_pref("browser.zoom.siteSpecific", false); -/* 8006: disable gamepad API to prevent USB device ID enumeration ***/ + // user_pref("dom.enable_performance", false); + // user_pref("dom.enable_resource_timing", false); // user_pref("dom.gamepad.enabled", false); -/* 8007: disable Network Information API [FF31+] ***/ - // user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] -/* 8008: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API ***/ - // user_pref("media.webspeech.synth.enabled", false); -/* 8010: disable video statistics to mitigate JS performance fingerprinting [FF25+] ***/ - // user_pref("media.video_stats.enabled", false); -/* 8011: disable touch events: 0=disabled, 1=enabled, 2=autodetect ***/ - // user_pref("dom.w3c_touch_events.enabled", 0); -/* 8012: disable media device enumeration [FF29+] ***/ - // user_pref("media.navigator.enabled", false); -/* 8013: disable MediaDevices change detection [FF51+] ***/ - // user_pref("media.ondevicechange.enabled", false); -/* 8014: disable WebGL debug info being available to websites ***/ - // user_pref("webgl.enable-debug-renderer-info", false); -/* 8015: enforce prefers-reduced-motion as no-preference: 0=no-preference, 1=reduce [FF63+] [RESTART] ***/ - // user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -/* 8017: disable exposure of system colors to CSS or canvas [FF44+] ***/ - // user_pref("ui.use_standins_for_native_colors", true); -/* 8018: enforce prefers-color-scheme as light: 0=light, 1=dark [FF67+] ***/ - // user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -/* 8019: disable Web Audio API [FF51+] ***/ + // user_pref("dom.netinfo.enabled", false); // user_pref("dom.webaudio.enabled", false); -/* 8020: disable websites choosing fonts (0=block, 1=allow) ***/ +/* 8002: disable other ***/ // user_pref("browser.display.use_document_fonts", 0); -/* 8021: limit system font exposure to a whitelist [FF52+] [RESTART] - * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed - * [NOTE] In FF81+ the whitelist overrides RFP and font visibility (1403) - * [1] https://bugzilla.mozilla.org/1121643 ***/ + // user_pref("browser.zoom.siteSpecific", false); + // user_pref("dom.w3c_touch_events.enabled", 0); + // user_pref("media.navigator.enabled", false); + // user_pref("media.ondevicechange.enabled", false); + // user_pref("media.video_stats.enabled", false); + // user_pref("media.webspeech.synth.enabled", false); + // user_pref("webgl.enable-debug-renderer-info", false); +/* 8003: spoof ***/ + // user_pref("dom.maxHardwareConcurrency", 2); // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] -/* 8050: navigator DOM object overrides - * [WHY] These prefs are insufficient and leak ***/ // user_pref("general.appname.override", ""); // [HIDDEN PREF] // user_pref("general.appversion.override", ""); // [HIDDEN PREF] // user_pref("general.buildID.override", ""); // [HIDDEN PREF] // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] // user_pref("general.platform.override", ""); // [HIDDEN PREF] // user_pref("general.useragent.override", ""); // [HIDDEN PREF] + // user_pref("ui.use_standins_for_native_colors", true); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], From cef08b63f1947847e21e40021dc3d426afe5bdb9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 02:52:55 +0000 Subject: [PATCH 1667/1961] 4520 -> personal --- user.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 0719d45..7be38af 100644 --- a/user.js +++ b/user.js @@ -1388,10 +1388,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/* 4520: disable chrome animations [FF77+] [RESTART] - * 0=no-preference, 1=reduce - * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ -user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides @@ -1411,8 +1407,11 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("ui.systemUsesDarkTheme", 1); // with RFP this only affects chrome: 0=light, 1=dark [FF67+] [HIDDEN PREF] + // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] + // 0=light, 1=dark: with RFP this only affects chrome // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent + // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] + // 0=no-preference, 1=reduce: with RFP this only affects chrome /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] @@ -1454,7 +1453,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block * [WHY] These are fingerprintable via Permissions API, except VR. Just add site - * exceptions as block for frequently visited annoying sites: i.e not global + * exceptions as allow/block for frequently visited/annoying sites: i.e. not global * [SETTING] to add site exceptions: Ctrl+I>Permissions> * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ // user_pref("permissions.default.geo", 0); From 2d3d8ae5b0c8d57187c808c39dbfbc1070f1a177 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 03:12:59 +0000 Subject: [PATCH 1668/1961] alerts.showFavicons --- scratchpad-scripts/arkenfox-clear-removed.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 040604f..2ad92a9 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 19-August-2021 + Last updated: 20-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -205,7 +205,7 @@ 'middlemouse.paste', 'browser.search.geoip.url', 'browser.search.region', - /* 79-91 */ + /* 79-90 */ 'browser.urlbar.usepreloadedtopurls.enabled', 'dom.IntersectionObserver.enabled', 'extensions.screenshots.upload-disabled', @@ -218,6 +218,8 @@ 'browser.send_pings.require_same_host', 'webgl.min_capability_mode', 'security.ssl.enable_ocsp_stapling', + /* 91 */ + 'alerts.showFavicons', 'dom.battery.enabled', 'dom.storage.enabled', 'general.warnOnAboutConfig', From 78d953bfda9e6c91639f643a8397da3f5f9facc2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 03:16:25 +0000 Subject: [PATCH 1669/1961] remove 1032 dead wood: marked as default false since at least v68, inactive since at least v78, and web notifications are controlled in 2300s --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index 7be38af..a60750a 100644 --- a/user.js +++ b/user.js @@ -576,8 +576,6 @@ user_pref("browser.shell.shortcutFavicons", false); * control that instead; e.g. disable history, clear history on close, use PB mode * [NOTE] favicons.sqlite is sanitized on Firefox close, not in-session ***/ // user_pref("browser.chrome.site_icons", false); -/* 1032: disable favicons in web notifications ***/ - // user_pref("alerts.showFavicons", false); // [DEFAULT: false] /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) Your cipher and other settings can be used in server side fingerprinting From 95136382e1abbb8a8e6744bd049204a1988a86bd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 13:18:43 +0000 Subject: [PATCH 1670/1961] improve 1244, closes #1047 again --- user.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index a60750a..49513fa 100644 --- a/user.js +++ b/user.js @@ -680,13 +680,12 @@ user_pref("security.pki.crlite_mode", 2); user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ user_pref("security.mixed_content.block_display_content", true); -/* 1244: enable HTTPS-Only mode [FF76+] - * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored - * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On/Off/Off temporarily - * [SETTING] Privacy & Security>HTTPS-Only Mode +/* 1244: enable HTTPS-Only mode in all windows [FF76+] + * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) + * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") + * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) * [TEST] http://example.com [upgrade] - * [TEST] http://neverssl.org/ [no upgrade] - * [1] https://bugzilla.mozilla.org/1613063 [META] ***/ + * [TEST] http://neverssl.org/ [no upgrade] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ From c9bdceb8d6fe734197655fe1fcfa3dbdc0af66e3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 13:23:59 +0000 Subject: [PATCH 1671/1961] 1244: fix no upgrade test --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 49513fa..f7fb75a 100644 --- a/user.js +++ b/user.js @@ -685,7 +685,7 @@ user_pref("security.mixed_content.block_display_content", true); * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) * [TEST] http://example.com [upgrade] - * [TEST] http://neverssl.org/ [no upgrade] ***/ + * [TEST] http://neverssl.com/ [no upgrade] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ From 37ded2a519745850e888a374dd9e681c24a3578a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 20 Aug 2021 14:10:09 +0000 Subject: [PATCH 1672/1961] remove redundant warning --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index f7fb75a..5006b2b 100644 --- a/user.js +++ b/user.js @@ -1290,7 +1290,6 @@ user_pref("privacy.firstparty.isolate", true); It is an all-or-nothing buy in: you cannot pick and choose what parts you want [WARNING] DO NOT USE extensions to alter RFP protected metrics - [WARNING] DO NOT USE prefs in section 8000 with RFP as they can interfere FF41+ 418986 - limit window.screen & CSS media queries leaking identifiable info From 27ce48f31943a6c26403fac85bb5eaa0d7c6b7e8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 02:00:43 +0000 Subject: [PATCH 1673/1961] trim fluff --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index 5006b2b..8b94f41 100644 --- a/user.js +++ b/user.js @@ -1491,8 +1491,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan // user_pref("ui.use_standins_for_native_colors", true); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1], - which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets + Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); From da0c291127529fdafc072aa781e3c0163bd0678e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 02:26:17 +0000 Subject: [PATCH 1674/1961] update to ESR91 --- .../arkenfox-clear-deprecated.js | 338 +++++++++--------- 1 file changed, 161 insertions(+), 177 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-deprecated.js b/scratchpad-scripts/arkenfox-clear-deprecated.js index e12f0f4..9ef8100 100644 --- a/scratchpad-scripts/arkenfox-clear-deprecated.js +++ b/scratchpad-scripts/arkenfox-clear-deprecated.js @@ -1,5 +1,5 @@ /*** - Version: up to and including FF/ESR78 + Version: up to and including FF/ESR91 This will reset the preferences that have been deprecated by Mozilla and used in the arkenfox user.js @@ -16,210 +16,194 @@ const aPREFS = [ /* deprecated */ - - /* 78 */ - 'media.autoplay.enabled.user-gestures-needed', - 'toolkit.cosmeticAnimations.enabled', - /* 77 */ - 'browser.urlbar.oneOffSearches', - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - /* 76 */ - 'extensions.blocklist.url', - /* 74 */ - 'geo.wifi.uri', - 'geo.wifi.logging.enabled', - 'privacy.userContext.longPressBehavior', - 'webgl.disable-extensions', - /* 72 */ + /* FF79-91 */ + 'browser.cache.offline.storage.enable', + 'browser.download.hide_plugins_without_extensions', + 'browser.library.activity-stream.enabled', + 'browser.search.geoSpecificDefaults', + 'browser.search.geoSpecificDefaults.url', + 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', + 'dom.ipc.plugins.reportCrashURL', + 'dom.w3c_pointer_events.enabled', + 'intl.charset.fallback.override', + 'network.ftp.enabled', + 'plugin.state.flash', + 'security.mixed_content.block_object_subrequest', + 'security.ssl.errorReporting.automatic', + 'security.ssl.errorReporting.enabled', + 'security.ssl.errorReporting.url', + /* 69-78 */ 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', - 'toolkit.telemetry.hybridContent.enabled', - 'dom.indexedDB.enabled', - /* 71 */ - 'devtools.webide.enabled', + 'browser.tabs.remote.allowLinkedWebInFileUriProcess', + 'browser.urlbar.oneOffSearches', 'devtools.webide.autoinstallADBExtension', - 'offline-apps.allow_by_default', - /* 69 */ + 'devtools.webide.enabled', + 'dom.indexedDB.enabled', + 'extensions.blocklist.url', + 'geo.wifi.logging.enabled', + 'geo.wifi.uri', 'gfx.downloadable_fonts.woff2.enabled', - 'plugins.click_to_play', 'media.autoplay.allow-muted', - /* 68 */ - 'browser.newtabpage.activity-stream.disableSnippets', + 'media.autoplay.enabled.user-gestures-needed', + 'offline-apps.allow_by_default', + 'plugins.click_to_play', + 'privacy.userContext.longPressBehavior', + 'toolkit.cosmeticAnimations.enabled', + 'toolkit.telemetry.hybridContent.enabled', + 'webgl.disable-extensions', + /* 61-68 */ + 'app.update.enabled', 'browser.aboutHomeSnippets.updateUrl', - 'lightweightThemes.update.enabled', - 'security.csp.experimentalEnabled', - /* F67 */ - 'dom.event.highrestimestamp.enabled', - 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', - /* 66 */ 'browser.chrome.errorReporter.enabled', 'browser.chrome.errorReporter.submitUrl', - 'network.allow-experiments', - /* 65 */ - 'browser.urlbar.autocomplete.enabled', - 'browser.fixup.hide_user_pass', - /* 64 */ - 'browser.onboarding.enabled', - 'devtools.webide.autoinstallADBHelper', - 'devtools.webide.adbAddonURL', - 'security.csp.enable_violation_events', - /* 63 */ - 'browser.search.countryCode', - 'app.update.enabled', - 'shield.savant.enabled', 'browser.chrome.favicons', - 'media.autoplay.enabled', - 'network.cookie.lifetime.days', 'browser.ctrlTab.previews', - /* 62 */ - 'plugin.state.java', - /* 61 */ + 'browser.fixup.hide_user_pass', + 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', + 'browser.newtabpage.activity-stream.disableSnippets', + 'browser.onboarding.enabled', + 'browser.search.countryCode', + 'browser.urlbar.autocomplete.enabled', + 'devtools.webide.adbAddonURL', + 'devtools.webide.autoinstallADBHelper', + 'dom.event.highrestimestamp.enabled', + 'experiments.activeExperiment', 'experiments.enabled', 'experiments.manifest.uri', 'experiments.supported', - 'experiments.activeExperiment', + 'lightweightThemes.update.enabled', + 'media.autoplay.enabled', + 'network.allow-experiments', + 'network.cookie.lifetime.days', 'network.jar.block-remote-files', 'network.jar.open-unsafe-types', - /* 60 */ + 'plugin.state.java', + 'security.csp.enable_violation_events', + 'security.csp.experimentalEnabled', + 'shield.savant.enabled', + /* 60 or earlier */ + 'browser.bookmarks.showRecentlyBookmarked', + 'browser.casting.enabled', + 'browser.crashReports.unsubmittedCheck.autoSubmit', + 'browser.formautofill.enabled', + 'browser.formfill.saveHttpsForms', + 'browser.fullscreen.animate', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + 'browser.newtabpage.activity-stream.enabled', + 'browser.newtabpage.directory.ping', 'browser.newtabpage.directory.source', 'browser.newtabpage.enhanced', 'browser.newtabpage.introShown', - 'extensions.shield-recipe-client.enabled', - 'extensions.shield-recipe-client.api_url', - 'browser.newtabpage.activity-stream.enabled', - 'dom.workers.enabled', - /* 59 */ - 'intl.locale.matchOS', - 'general.useragent.locale', - 'datareporting.healthreport.about.reportUrl', - 'dom.flyweb.enabled', - 'security.mixed_content.use_hsts', - 'security.mixed_content.send_hsts_priming', - 'network.http.referer.userControlPolicy', - 'security.xpconnect.plugin.unrestricted', - 'media.getusermedia.screensharing.allowed_domains', - 'camera.control.face_detection.enabled', - 'dom.disable_window_status_change', - 'dom.idle-observers-api.enabled', - /* 58 */ - 'browser.crashReports.unsubmittedCheck.autoSubmit', - /* 57 */ - 'social.whitelist', - 'social.toast-notifications.enabled', - 'social.shareDirectory', - 'social.remote-install.enabled', - 'social.directories', - 'social.share.activationPanelEnabled', - 'social.enabled', - 'media.eme.chromium-api.enabled', - 'devtools.webide.autoinstallFxdtAdapters', - 'browser.casting.enabled', - 'browser.bookmarks.showRecentlyBookmarked', - /* 56 */ - 'extensions.screenshots.system-disabled', - 'extensions.formautofill.experimental', - /* 55 */ - 'geo.security.allowinsecure', + 'browser.pocket.api', + 'browser.pocket.enabled', + 'browser.pocket.oAuthConsumerKey', + 'browser.pocket.site', + 'browser.polaris.enabled', + 'browser.safebrowsing.appRepURL', + 'browser.safebrowsing.enabled', + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.safebrowsing.provider.google.appRepURL', + 'browser.safebrowsing.reportErrorURL', + 'browser.safebrowsing.reportGenericURL', + 'browser.safebrowsing.reportMalwareErrorURL', + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportMalwareURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'browser.safebrowsing.reportURL', + 'browser.safebrowsing.updateURL', + 'browser.search.showOneOffButtons', 'browser.selfsupport.enabled', 'browser.selfsupport.url', - 'browser.newtabpage.directory.ping', - 'browser.formfill.saveHttpsForms', - 'browser.formautofill.enabled', - 'dom.enable_user_timing', - 'dom.keyboardevent.code.enabled', + 'browser.sessionstore.privacy_level_deferred', 'browser.tabs.animate', - 'browser.fullscreen.animate', - /* 54 */ - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'media.eme.apiVisible', - 'dom.archivereader.enabled', - /* 53 */ - 'security.tls.unrestricted_rc4_fallback', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'dom.beforeAfterKeyboardEvent.enabled', - /* 52 */ - 'network.http.sendSecureXSiteReferrer', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'media.gmp-eme-adobe.autoupdate', - 'dom.telephony.enabled', - 'dom.battery.enabled', - /* 51 */ - 'media.block-play-until-visible', - 'dom.vr.oculus050.enabled', - 'network.http.spdy.enabled.v3-1', - /* 50 */ + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'browser.urlbar.unifiedcomplete', 'browser.usedOnWindows10.introURL', - 'plugins.update.notifyUser', - 'browser.safebrowsing.enabled', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'plugins.update.url', - /* 49 */ + 'camera.control.autofocus_moving_callback.enabled', + 'camera.control.face_detection.enabled', + 'datareporting.healthreport.about.reportUrl', + 'datareporting.healthreport.about.reportUrlUnified', + 'datareporting.healthreport.documentServerURI', + 'datareporting.healthreport.service.enabled', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'devtools.webide.autoinstallFxdtAdapters', + 'dom.archivereader.enabled', + 'dom.battery.enabled', + 'dom.beforeAfterKeyboardEvent.enabled', + 'dom.disable_image_src_set', + 'dom.disable_window_open_feature.scrollbars', + 'dom.disable_window_status_change', + 'dom.enable_user_timing', + 'dom.flyweb.enabled', + 'dom.idle-observers-api.enabled', + 'dom.keyboardevent.code.enabled', + 'dom.network.enabled', + 'dom.push.udp.wakeupEnabled', + 'dom.telephony.enabled', + 'dom.vr.oculus050.enabled', + 'dom.workers.enabled', + 'dom.workers.sharedWorkers.enabled', + 'extensions.formautofill.experimental', + 'extensions.screenshots.system-disabled', + 'extensions.shield-recipe-client.api_url', + 'extensions.shield-recipe-client.enabled', + 'full-screen-api.approval-required', + 'general.useragent.locale', + 'geo.security.allowinsecure', + 'intl.locale.matchOS', 'loop.enabled', - 'loop.server', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', 'loop.facebook.appId', 'loop.facebook.enabled', 'loop.facebook.fallbackUrl', 'loop.facebook.shareUrl', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', 'loop.logDomains', - 'dom.disable_window_open_feature.scrollbars', - 'dom.push.udp.wakeupEnabled', - /* 48 */ - 'browser.urlbar.unifiedcomplete', - /* 47 */ - 'toolkit.telemetry.unifiedIsOptIn', - 'datareporting.healthreport.about.reportUrlUnified', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - /* 46 */ - 'datareporting.healthreport.service.enabled', - 'datareporting.healthreport.documentServerURI', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'browser.safebrowsing.appRepURL', - 'browser.polaris.enabled', - 'browser.pocket.enabled', - 'browser.pocket.api', - 'browser.pocket.site', - 'browser.pocket.oAuthConsumerKey', - /* 45 */ - 'browser.sessionstore.privacy_level_deferred', - /* 44 */ - 'browser.safebrowsing.provider.google.appRepURL', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'dom.workers.sharedWorkers.enabled', - 'dom.disable_image_src_set', - /* 43 */ - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.updateURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', + 'loop.server', + 'media.block-play-until-visible', + 'media.eme.apiVisible', + 'media.eme.chromium-api.enabled', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'media.getusermedia.screensharing.allowed_domains', + 'media.gmp-eme-adobe.autoupdate', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'network.http.referer.userControlPolicy', + 'network.http.sendSecureXSiteReferrer', + 'network.http.spdy.enabled.http2draft', + 'network.http.spdy.enabled.v3-1', + 'network.websocket.enabled', + 'pageThumbs.enabled', 'pfs.datasource.url', - 'browser.search.showOneOffButtons', - /* 42 and earlier */ - 'privacy.clearOnShutdown.passwords', // 42 - 'full-screen-api.approval-required', // 42 - 'browser.safebrowsing.reportErrorURL', // 41 - 'browser.safebrowsing.reportGenericURL', // 41 - 'browser.safebrowsing.reportMalwareErrorURL', // 41 - 'browser.safebrowsing.reportMalwareURL', // 41 - 'browser.safebrowsing.reportURL', // 41 - 'plugins.enumerable_names', // 41 - 'network.http.spdy.enabled.http2draft', // 41 - 'camera.control.autofocus_moving_callback.enabled', // 37 - 'privacy.donottrackheader.value', // 36 - 'network.websocket.enabled', // 35 - 'dom.network.enabled', // 31 - 'pageThumbs.enabled', // 25 + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'plugins.enumerable_names', + 'plugins.update.notifyUser', + 'plugins.update.url', + 'privacy.clearOnShutdown.passwords', + 'privacy.donottrackheader.value', + 'security.mixed_content.send_hsts_priming', + 'security.mixed_content.use_hsts', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'security.tls.unrestricted_rc4_fallback', + 'security.xpconnect.plugin.unrestricted', + 'social.directories', + 'social.enabled', + 'social.remote-install.enabled', + 'social.share.activationPanelEnabled', + 'social.shareDirectory', + 'social.toast-notifications.enabled', + 'social.whitelist', + 'toolkit.telemetry.unifiedIsOptIn', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 213467d91bb1bc4f5c517c2d542b11fe41422387 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 03:21:32 +0000 Subject: [PATCH 1675/1961] remove 2517 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - inactive since we added it in v63 - this is not how you defeat fingerprinting (unless done in an enforced set) - for the record: not even tor browser disable this - fingerprinting this is not cheap in gecko (for now) - from [2] - decoding/encoding capabilities: "it is expected that the entropy ... isn’t going to be significant" - HDR detection: "... has the potential to add significant entropy .. however .. but ... thus minimizing effective entropy" - it is what it is - note that RFP has some mitigations in FF82+ 1461454 --- user.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/user.js b/user.js index 8b94f41..59021dc 100644 --- a/user.js +++ b/user.js @@ -976,11 +976,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] // user_pref("layers.acceleration.disabled", true); -/* 2517: disable Media Capabilities API [FF63+] - * [WARNING] The API state is fingerprintable. Disabling may affect performance - * [1] https://github.com/WICG/media-capabilities - * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ - // user_pref("media.media-capabilities.enabled", false); /* 2522: disable/limit WebGL (Web Graphics Library) * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, * especially with readPixels(). Some of the other entropy is lessened with RFP (4501) From 2a011f10539a473434303165cf8a578a3ebe50e6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 03:23:17 +0000 Subject: [PATCH 1676/1961] media.media-capabilities.enabled see https://github.com/arkenfox/user.js/commit/213467d91bb1bc4f5c517c2d542b11fe41422387 --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 2ad92a9..efafd79 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 20-August-2021 + Last updated: 21-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -223,6 +223,7 @@ 'dom.battery.enabled', 'dom.storage.enabled', 'general.warnOnAboutConfig', + 'media.media-capabilities.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From aded0707a4ad6c91f68d81d5b0fc75578d5aa048 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 04:39:08 +0000 Subject: [PATCH 1677/1961] misc - renumber 0200s, 2500s - remove 2414: doesn't apply to desktop, and I think it has been neutered in android --- user.js | 64 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/user.js b/user.js index 59021dc..4ee3628 100644 --- a/user.js +++ b/user.js @@ -36,7 +36,7 @@ ESR78 - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - - 2525: non-native widget theme is enforced + - 2502: non-native widget theme is enforced - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -58,7 +58,7 @@ 2000: PLUGINS / MEDIA / WEBRTC 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT - 2500: HARDWARE FINGERPRINTING + 2500: FINGERPRINTING 2600: MISCELLANEOUS 2700: PERSISTENT STORAGE 2800: SHUTDOWN @@ -128,20 +128,20 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0203: use Mozilla geolocation service instead of Google if permission is granted [FF74+] +/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] -/* 0204: disable using the OS's geolocation service ***/ +/* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] -/* 0207: disable region updates +/* 0203: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ user_pref("browser.region.network.url", ""); // [FF78+] user_pref("browser.region.update.enabled", false); // [[FF79+] -/* 0208: set search region - * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0207) ***/ +/* 0204: set search region + * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /* 0210: set preferred language for displaying web pages * [TEST] https://addons.mozilla.org/about ***/ @@ -943,8 +943,6 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 2408: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] -/* 2414: disable shaking the screen ***/ -user_pref("dom.vibrator.enabled", false); /* 2420: disable asm.js [FF22+] [SETUP-PERF] * [1] http://asmjs.org/ * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js @@ -968,15 +966,25 @@ user_pref("javascript.options.asmjs", false); * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ user_pref("javascript.options.wasm", false); -/*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/ +/*** [SECTION 2500]: FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* 2508: disable hardware acceleration [SETUP-HARDEN] - * [WARNING] Affects rendering and performance - * [SETTING] General>Performance>Custom>Use hardware acceleration when available - * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ - // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] - // user_pref("layers.acceleration.disabled", true); -/* 2522: disable/limit WebGL (Web Graphics Library) +/* 2501: enforce no system colors + * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ +user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] +/* 2502: enforce non-native widget theme + * Security: removes/reduces system API calls, e.g. win32k API [1] + * Fingerprinting: provides a uniform look and feel across platforms [2] + * [1] https://bugzilla.mozilla.org/1381938 + * [2] https://bugzilla.mozilla.org/1411425 ***/ +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] +/* 2503: open links targeting new windows in a new tab instead + * Stops malicious window sizes and some screen resolution leaks. + * You can still right-click a link and open in a new window + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ +user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab +user_pref("browser.link.open_newwindow.restriction", 0); +/* 2504: disable/limit WebGL (Web Graphics Library) * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, * especially with readPixels(). Some of the other entropy is lessened with RFP (4501) * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ @@ -984,22 +992,12 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m user_pref("webgl.disabled", true); // user_pref("webgl.enable-webgl2", false); // user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] -/* 2523: enforce no system colors - * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] -/* 2524: open links targeting new windows in a new tab instead - * Stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab -user_pref("browser.link.open_newwindow.restriction", 0); -/* 2525: enforce non-native widget theme - * Security: removes/reduces system API calls, e.g. win32k API [1] - * Fingerprinting: provides a uniform look and feel across platforms [2] - * [1] https://bugzilla.mozilla.org/1381938 - * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] +/* 2508: disable hardware acceleration [SETUP-HARDEN] + * [WARNING] Affects rendering and performance + * [SETTING] General>Performance>Custom>Use hardware acceleration when available + * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ + // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] + // user_pref("layers.acceleration.disabled", true); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From 7cdc76ecf9a72372487de7d27821bd810e9ea589 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 21 Aug 2021 04:40:11 +0000 Subject: [PATCH 1678/1961] dom.vibrator.enabled see https://github.com/arkenfox/user.js/commit/aded0707a4ad6c91f68d81d5b0fc75578d5aa048 --- scratchpad-scripts/arkenfox-clear-removed.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index efafd79..5c5a352 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -222,6 +222,7 @@ 'alerts.showFavicons', 'dom.battery.enabled', 'dom.storage.enabled', + 'dom.vibrator.enabled', 'general.warnOnAboutConfig', 'media.media-capabilities.enabled', /* reset parrot: check your open about:config after running the script */ From 04d648d55b4aeff5aada935356b59031ab75b482 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Aug 2021 01:53:01 +0000 Subject: [PATCH 1679/1961] remove 2508 - inactive in user.js since - v55: gfx.direct2d.disabled - v67: layers.acceleration.disabled - the way to counter hardware fingerprinting is within each API that may expose it - this may have made some sense way back in the day, when there were less options/protections, but not any more - [are we web render yet](https://arewewebrenderyet.com/) - yes, 100% - there is no need to cripple your browser's perf --- user.js | 6 ------ 1 file changed, 6 deletions(-) diff --git a/user.js b/user.js index 4ee3628..b681b28 100644 --- a/user.js +++ b/user.js @@ -992,12 +992,6 @@ user_pref("browser.link.open_newwindow.restriction", 0); user_pref("webgl.disabled", true); // user_pref("webgl.enable-webgl2", false); // user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] -/* 2508: disable hardware acceleration [SETUP-HARDEN] - * [WARNING] Affects rendering and performance - * [SETTING] General>Performance>Custom>Use hardware acceleration when available - * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ - // user_pref("gfx.direct2d.disabled", true); // [WINDOWS] - // user_pref("layers.acceleration.disabled", true); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); From 8bfee5b59f41aa0ad67cf421560524f7fe87625f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Aug 2021 01:55:28 +0000 Subject: [PATCH 1680/1961] hardware acceleration see https://github.com/arkenfox/user.js/commit/04d648d55b4aeff5aada935356b59031ab75b482 --- scratchpad-scripts/arkenfox-clear-removed.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 5c5a352..a5e1a01 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 21-August-2021 + Last updated: 22-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -224,6 +224,8 @@ 'dom.storage.enabled', 'dom.vibrator.enabled', 'general.warnOnAboutConfig', + 'gfx.direct2d.disabled', + 'layers.acceleration.disabled', 'media.media-capabilities.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' From 2b26cd4f41d7d7e8e0d00ab2a7411238aac98d67 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Aug 2021 05:18:54 +0000 Subject: [PATCH 1681/1961] 7000s: ciphers, #1235 - merged 3DES cipher to bottom: it is still the same order of [1] - 3DES pref will be deprecated: pref name changes, and the cipher slated to be unavailable unless you downgrade to < TLS1.2 - see https://bugzilla.mozilla.org/show_bug.cgi?id=1724072 - FYI: we reset TLS downgrades to session only by resetting the pref currently in 1203 - "Minimal/non-existent threat of downgrade attacks" - FYI: these old ciphers are about 1-2% of traffic (from memory) - but that's still significant breakage - So the only reason to do this would be to harden against downgrade attacks (and inadvertently use weak sites = breakage): but that doesn't fit most user's threat model: and is probably never going to happen for them. Not sure if I can word that much better and just as succinct --- user.js | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index b681b28..2208639 100644 --- a/user.js +++ b/user.js @@ -51,7 +51,7 @@ 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: CACHE / SESSION (RE)STORE / FAVICONS - 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) + 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1400: FONTS 1600: HEADERS / REFERERS 1700: CONTAINERS @@ -577,7 +577,7 @@ user_pref("browser.shell.shortcutFavicons", false); * [NOTE] favicons.sqlite is sanitized on Firefox close, not in-session ***/ // user_pref("browser.chrome.site_icons", false); -/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS) +/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) Your cipher and other settings can be used in server side fingerprinting [TEST] https://www.ssllabs.com/ssltest/viewMyClient.html [TEST] https://browserleaks.com/ssl @@ -701,29 +701,6 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [1] https://bugzilla.mozilla.org/1382359 ***/ // user_pref("dom.securecontext.whitelist_onions", true); -/** CIPHERS - [WARNING] DO NOT USE: see the section 1200 intro - These are the ciphers listed under "Cipher Suites" [1] that are either still using SHA-1 and CBC, - and/or are missing Perfect Forward Secrecy [3] and/or have other weaknesses like key sizes of 128 - [1] https://browserleaks.com/ssl - [2] https://en.wikipedia.org/wiki/Key_size - [3] https://en.wikipedia.org/wiki/Forward_secrecy - ***/ -/* 1261: disable 3DES (effective key size < 128 and no PFS) - * [1] https://en.wikipedia.org/wiki/3des#Security - * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack - * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/ - // user_pref("security.ssl3.rsa_des_ede3_sha", false); -/* 1264: disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); - // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); - // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); - // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS - // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS - // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS - // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS - /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) * Bug: warning padlock not indicated for subresources on a secure page! [2] @@ -1444,6 +1421,18 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies // user_pref("permissions.default.microphone", 0); // user_pref("permissions.default.desktop-notification", 0); // user_pref("permissions.default.xr", 0); // Virtual Reality +/* 7003: disable non-modern cipher suites [1] + * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks + * [1] https://browserleaks.com/ssl ***/ + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); + // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS + // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS + // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS + // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS + // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From cf379bcce01e88e6a442943e1b64a5ec34353968 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Aug 2021 05:45:08 +0000 Subject: [PATCH 1682/1961] typos --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2208639..f51ede8 100644 --- a/user.js +++ b/user.js @@ -731,7 +731,7 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1403: limit font visibility (Windows, Mac, some Linux) [FF79+] - * [NOTE] IN FF8)+ RFP ignores the pref and uses value 1 + * [NOTE] In FF80+ RFP ignores the pref and uses value 1 * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ From c55e6dcd682f275018122f0e7093d0b5208e80fb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 22 Aug 2021 08:27:15 +0000 Subject: [PATCH 1683/1961] flip order, order within groups - note: keeping 91 separate for now for the easy info factpr --- scratchpad-scripts/arkenfox-clear-removed.js | 386 +++++++++---------- 1 file changed, 193 insertions(+), 193 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index a5e1a01..5120643 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -13,24 +13,205 @@ const aPREFS = [ /* removed in arkenfox user.js */ + /* 91 */ + 'alerts.showFavicons', + 'dom.battery.enabled', + 'dom.storage.enabled', + 'dom.vibrator.enabled', + 'general.warnOnAboutConfig', + 'gfx.direct2d.disabled', + 'layers.acceleration.disabled', + 'media.media-capabilities.enabled', + /* 79-90 */ + 'browser.newtabpage.activity-stream.asrouter.providers.snippets', + 'browser.send_pings.require_same_host', + 'browser.urlbar.usepreloadedtopurls.enabled', + 'dom.IntersectionObserver.enabled', + 'extensions.screenshots.upload-disabled', + 'media.gmp-widevinecdm.visible', + 'network.http.redirection-limit', + 'privacy.partition.network_state', + 'security.ssl.enable_ocsp_stapling', + 'security.ssl3.dhe_rsa_aes_128_sha', + 'security.ssl3.dhe_rsa_aes_256_sha', + 'webgl.min_capability_mode', + /* 69-78 */ + 'browser.cache.disk_cache_ssl', + 'browser.search.geoip.url', + 'browser.search.region', + 'browser.sessionhistory.max_entries', + 'dom.push.connection.enabled', + 'dom.push.serverURL', + 'extensions.getAddons.discovery.api_url', + 'extensions.htmlaboutaddons.discover.enabled', + 'extensions.webservice.discoverURL', + 'intl.locale.requested', + 'intl.regional_prefs.use_os_locales', + 'media.block-autoplay-until-in-foreground', + 'middlemouse.paste', + 'plugin.sessionPermissionNow.intervalInMinutes', + 'privacy.usercontext.about_newtab_segregation.enabled', + 'security.insecure_connection_icon.pbmode.enabled', + 'security.insecure_connection_text.pbmode.enabled', + 'webgl.dxgl.enabled', + /* 61-68 */ + 'app.update.service.enabled', + 'app.update.silent', + 'app.update.staging.enabled', + 'browser.cache.disk.capacity', + 'browser.cache.disk.smart_size.enabled', + 'browser.cache.disk.smart_size.first_run', + 'browser.cache.offline.insecure.enable', + 'browser.contentblocking.enabled', + 'browser.eme.ui.enabled', + 'browser.laterrun.enabled', + 'browser.offline-apps.notify', + 'browser.rights.3.shown', + 'browser.safebrowsing.blockedURIs.enabled', + 'browser.safebrowsing.downloads.remote.block_dangerous', + 'browser.safebrowsing.downloads.remote.block_dangerous_host', + 'browser.safebrowsing.provider.google.gethashURL', + 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google.reportURL', + 'browser.safebrowsing.provider.google.updateURL', + 'browser.safebrowsing.provider.google4.dataSharing.enabled', + 'browser.safebrowsing.provider.google4.dataSharingURL', + 'browser.safebrowsing.provider.google4.gethashURL', + 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', + 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', + 'browser.safebrowsing.provider.google4.reportURL', + 'browser.safebrowsing.provider.google4.updateURL', + 'browser.safebrowsing.provider.mozilla.gethashURL', + 'browser.safebrowsing.provider.mozilla.updateURL', + 'browser.safebrowsing.reportPhishURL', + 'browser.sessionhistory.max_total_viewers', + 'browser.sessionstore.max_windows_undo', + 'browser.slowStartup.maxSamples', + 'browser.slowStartup.notificationDisabled', + 'browser.slowStartup.samples', + 'browser.storageManager.enabled', + 'browser.urlbar.autoFill.typed', + 'browser.urlbar.filter.javascript', + 'browser.urlbar.maxHistoricalSearchSuggestions', + 'browser.urlbar.userMadeSearchSuggestionsChoice', + 'canvas.capturestream.enabled', + 'dom.allow_scripts_to_close_windows', + 'dom.disable_window_flip', + 'dom.forms.datetime', + 'dom.imagecapture.enabled', + 'dom.popup_maximum', + 'extensions.webextensions.keepStorageOnUninstall', + 'extensions.webextensions.keepUuidOnUninstall', + 'font.blacklist.underline_offset', + 'font.name.monospace.x-unicode', + 'font.name.monospace.x-western', + 'font.name.sans-serif.x-unicode', + 'font.name.sans-serif.x-western', + 'font.name.serif.x-unicode', + 'font.name.serif.x-western', + 'gfx.offscreencanvas.enabled', + 'javascript.options.shared_memory', + 'layout.css.font-loading-api.enabled', + 'media.gmp-gmpopenh264.autoupdate', + 'media.gmp-gmpopenh264.enabled', + 'media.gmp-manager.updateEnabled', + 'media.gmp-manager.url', + 'media.gmp-manager.url.override', + 'media.gmp-widevinecdm.autoupdate', + 'media.gmp.trial-create.enabled', + 'media.navigator.video.enabled', + 'media.peerconnection.ice.tcp', + 'media.peerconnection.identity.enabled', + 'media.peerconnection.identity.timeout', + 'media.peerconnection.turn.disable', + 'media.peerconnection.use_document_iceservers', + 'media.peerconnection.video.enabled', + 'network.auth.subresource-img-cross-origin-http-auth-allow', + 'network.cookie.leave-secure-alone', + 'network.cookie.same-site.enabled', + 'network.dnsCacheEntries', + 'network.dnsCacheExpiration', + 'network.http.fast-fallback-to-IPv4', + 'network.proxy.autoconfig_url.include_path', + 'offline-apps.quota.warn', + 'pdfjs.enableWebGL', + 'plugin.default.state', + 'plugin.defaultXpi.state', + 'plugin.scan.plid.all', + 'privacy.trackingprotection.annotate_channels', + 'privacy.trackingprotection.lower_network_priority', + 'privacy.trackingprotection.pbmode.enabled', + 'privacy.trackingprotection.ui.enabled', + 'security.data_uri.block_toplevel_data_uri_navigations', + 'security.insecure_field_warning.contextual.enabled', + 'security.insecure_password.ui.enabled', + 'security.tls.version.fallback-limit', + 'services.blocklist.addons.collection', + 'services.blocklist.gfx.collection', + 'services.blocklist.onecrl.collection', + 'services.blocklist.plugins.collection', + 'services.blocklist.signing.enforced', + 'services.blocklist.update_enabled', + 'signon.autofillForms.http', + 'signon.storeWhenAutocompleteOff', + 'toolkit.telemetry.cachedClientID', + 'urlclassifier.trackingTable', + 'xpinstall.whitelist.required', /* 60 or lower */ + 'browser.migrate.automigrate.enabled', + 'browser.search.geoip.timeout', 'browser.search.reset.enabled', 'browser.search.reset.whitelist', - 'browser.migrate.automigrate.enabled', + 'browser.stopReloadAnimation.enabled', + 'browser.tabs.insertRelatedAfterCurrent', + 'browser.tabs.loadDivertedInBackground', + 'browser.tabs.loadInBackground', + 'browser.tabs.selectOwnerOnClose', + 'browser.urlbar.clickSelectsAll', + 'browser.urlbar.doubleClickSelectsAll', + 'device.storage.enabled', + 'dom.keyboardevent.dispatch_during_composition', + 'dom.presentation.controller.enabled', + 'dom.presentation.discoverable', + 'dom.presentation.discovery.enabled', + 'dom.presentation.enabled', + 'dom.presentation.receiver.enabled', + 'dom.presentation.session_transport.data_channel.enable', + 'dom.vr.oculus.enabled', + 'dom.vr.openvr.enabled', + 'dom.vr.osvr.enabled', + 'extensions.pocket.api', + 'extensions.pocket.oAuthConsumerKey', + 'extensions.pocket.site', + 'general.useragent.compatMode.firefox', + 'geo.wifi.xhr.timeout', + 'gfx.layerscope.enabled', + 'media.flac.enabled', + 'media.mediasource.enabled', + 'media.mediasource.mp4.enabled', + 'media.mediasource.webm.audio.enabled', + 'media.mediasource.webm.enabled', + 'media.mp4.enabled', + 'media.ogg.enabled', + 'media.ogg.flac.enabled', + 'media.opus.enabled', + 'media.raw.enabled', + 'media.wave.enabled', + 'media.webm.enabled', + 'media.webspeech.recognition.enable', + 'media.wmf.amd.vp9.enabled', + 'media.wmf.enabled', + 'media.wmf.vp9.enabled', + 'network.dns.blockDotOnion', + 'network.stricttransportsecurity.preloadlist', + 'security.block_script_with_wrong_mime', + 'security.fileuri.strict_origin_policy', + 'security.sri.enable', 'services.sync.enabled', + 'ui.submenuDelay', 'webextensions.storage.sync.enabled', 'webextensions.storage.sync.serverURL', - 'dom.keyboardevent.dispatch_during_composition', // default is false anyway - 'dom.vr.oculus.enabled', // covered by dom.vr.enabled - 'dom.vr.openvr.enabled', // ditto - 'dom.vr.osvr.enabled', // ditto - 'extensions.pocket.api', // covered by extensions.pocket.enabled - 'extensions.pocket.oAuthConsumerKey', // ditto - 'extensions.pocket.site', // ditto - 'geo.wifi.xhr.timeout', // covered by geo.enabled - 'browser.search.geoip.timeout', // ditto - 'media.webspeech.recognition.enable', // default is false anyway - 'gfx.layerscope.enabled', // default is false anyway // excluding these e10 settings // 'browser.tabs.remote.autostart', // 'browser.tabs.remote.autostart.2', @@ -46,187 +227,6 @@ // 'dom.ipc.plugins.sandbox-level.default', // 'dom.ipc.plugins.sandbox-level.flash', // 'security.sandbox.logging.enabled', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - 'browser.stopReloadAnimation.enabled', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.doubleClickSelectsAll', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'ui.submenuDelay', - 'device.storage.enabled', - 'general.useragent.compatMode.firefox', - 'network.dns.blockDotOnion', - 'network.stricttransportsecurity.preloadlist', - 'security.block_script_with_wrong_mime', - 'security.fileuri.strict_origin_policy', - 'security.sri.enable', - /* 61-68 */ - 'browser.laterrun.enabled', - 'browser.offline-apps.notify', - 'browser.rights.3.shown', - 'browser.slowStartup.maxSamples', - 'browser.slowStartup.notificationDisabled', - 'browser.slowStartup.samples', - 'browser.storageManager.enabled', - 'dom.allow_scripts_to_close_windows', - 'dom.disable_window_flip', - 'network.http.fast-fallback-to-IPv4', - 'offline-apps.quota.warn', - 'services.blocklist.signing.enforced', - 'browser.urlbar.autoFill.typed', - 'security.tls.version.fallback-limit', - 'extensions.webextensions.keepStorageOnUninstall', - 'extensions.webextensions.keepUuidOnUninstall', - 'privacy.trackingprotection.ui.enabled', - 'browser.eme.ui.enabled', - 'browser.sessionstore.max_windows_undo', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', - 'media.navigator.video.enabled', - 'browser.contentblocking.enabled', - 'browser.urlbar.maxHistoricalSearchSuggestions', - 'app.update.service.enabled', - 'app.update.silent', - 'app.update.staging.enabled', - 'browser.cache.disk.capacity', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.offline.insecure.enable', - 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google.reportURL', - 'browser.safebrowsing.provider.google4.dataSharing.enabled', - 'browser.safebrowsing.provider.google4.dataSharingURL', - 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google4.reportURL', - 'browser.safebrowsing.reportPhishURL', - 'browser.sessionhistory.max_total_viewers', - 'browser.urlbar.filter.javascript', - 'canvas.capturestream.enabled', - 'dom.imagecapture.enabled', - 'dom.popup_maximum', - 'gfx.offscreencanvas.enabled', - 'javascript.options.shared_memory', - 'media.gmp-gmpopenh264.autoupdate', - 'media.gmp-gmpopenh264.enabled', - 'media.gmp-manager.updateEnabled', - 'media.gmp-manager.url', - 'media.gmp-manager.url.override', - 'media.gmp.trial-create.enabled', - 'media.gmp-widevinecdm.autoupdate', - 'network.cookie.leave-secure-alone', - 'network.cookie.same-site.enabled', - 'network.dnsCacheEntries', - 'network.dnsCacheExpiration', - 'network.proxy.autoconfig_url.include_path', - 'pdfjs.enableWebGL', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', - 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.insecure_field_warning.contextual.enabled', - 'security.insecure_password.ui.enabled', - 'signon.autofillForms.http', - 'signon.storeWhenAutocompleteOff', - 'xpinstall.whitelist.required', - 'browser.safebrowsing.downloads.remote.block_dangerous', - 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.provider.google.gethashURL', - 'browser.safebrowsing.provider.google.updateURL', - 'browser.safebrowsing.provider.google4.gethashURL', - 'browser.safebrowsing.provider.google4.updateURL', - 'browser.safebrowsing.provider.mozilla.gethashURL', - 'browser.safebrowsing.provider.mozilla.updateURL', - 'browser.urlbar.userMadeSearchSuggestionsChoice', - 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.lower_network_priority', - 'privacy.trackingprotection.pbmode.enabled', - 'services.blocklist.addons.collection', - 'services.blocklist.gfx.collection', - 'services.blocklist.onecrl.collection', - 'services.blocklist.plugins.collection', - 'services.blocklist.update_enabled', - 'urlclassifier.trackingTable', - 'dom.forms.datetime', - 'font.blacklist.underline_offset', - 'font.name.monospace.x-unicode', - 'font.name.monospace.x-western', - 'font.name.sans-serif.x-unicode', - 'font.name.sans-serif.x-western', - 'font.name.serif.x-unicode', - 'font.name.serif.x-western', - 'layout.css.font-loading-api.enabled', - 'toolkit.telemetry.cachedClientID', - /* 69-78 */ - 'plugin.sessionPermissionNow.intervalInMinutes', - 'browser.cache.disk_cache_ssl', - 'browser.sessionhistory.max_entries', - 'dom.push.connection.enabled', - 'dom.push.serverURL', - 'extensions.getAddons.discovery.api_url', - 'extensions.htmlaboutaddons.discover.enabled', - 'extensions.webservice.discoverURL', - 'intl.locale.requested', - 'intl.regional_prefs.use_os_locales', - 'privacy.usercontext.about_newtab_segregation.enabled', - 'security.insecure_connection_icon.pbmode.enabled', - 'security.insecure_connection_text.pbmode.enabled', - 'webgl.dxgl.enabled', - 'media.block-autoplay-until-in-foreground', - 'middlemouse.paste', - 'browser.search.geoip.url', - 'browser.search.region', - /* 79-90 */ - 'browser.urlbar.usepreloadedtopurls.enabled', - 'dom.IntersectionObserver.enabled', - 'extensions.screenshots.upload-disabled', - 'privacy.partition.network_state', - 'security.ssl3.dhe_rsa_aes_128_sha', - 'security.ssl3.dhe_rsa_aes_256_sha', - 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - 'network.http.redirection-limit', - 'media.gmp-widevinecdm.visible', - 'browser.send_pings.require_same_host', - 'webgl.min_capability_mode', - 'security.ssl.enable_ocsp_stapling', - /* 91 */ - 'alerts.showFavicons', - 'dom.battery.enabled', - 'dom.storage.enabled', - 'dom.vibrator.enabled', - 'general.warnOnAboutConfig', - 'gfx.direct2d.disabled', - 'layers.acceleration.disabled', - 'media.media-capabilities.enabled', /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From 8a22a90804de2a7884af3952791e0e52f4539fa2 Mon Sep 17 00:00:00 2001 From: icpantsparti <35049679+icpantsparti@users.noreply.github.com> Date: Sun, 22 Aug 2021 16:23:51 +0000 Subject: [PATCH 1684/1961] colon insertion (#1238) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f51ede8..3278474 100644 --- a/user.js +++ b/user.js @@ -1399,7 +1399,7 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) -/*** [SECTION 7000] DON'T BOTHER ***/ +/*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality From ab42deb541e2cc947fa5403596417f2afd3a2f9a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 02:55:36 +0000 Subject: [PATCH 1685/1961] Four more items to 7000s, #1235 --- user.js | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index 3278474..ae60170 100644 --- a/user.js +++ b/user.js @@ -598,24 +598,8 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [4] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); -/* 1202: control TLS versions with min and max - * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 - * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint - * [1] https://www.ssllabs.com/ssl-pulse/ ***/ - // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] - // user_pref("security.tls.version.max", 4); /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] -/* 1204: disable SSL session tracking [FF36+] - * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) - * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001) - * and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state) - * [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing - * tracking via this method does not address IPs, nor handle any sanitizing of current identifiers - * [1] https://tools.ietf.org/html/rfc5077 - * [2] https://bugzilla.mozilla.org/967977 - * [3] https://arxiv.org/abs/1810.07304 ***/ - // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ @@ -696,10 +680,6 @@ user_pref("dom.security.https_only_mode", true); // [FF76+] * This is done to avoid waiting for a timeout which takes 90 seconds * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); -/* 1247: treat .onion as a secure context [FF60+] [TOR] - * [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser - * [1] https://bugzilla.mozilla.org/1382359 ***/ - // user_pref("dom.securecontext.whitelist_onions", true); /** UI (User Interface) ***/ /* 1270: display warning on the padlock for "broken security" (if 1201 is false) @@ -779,10 +759,6 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] * [4] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ ***/ // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] -/* 1607: hide (not spoof) referrer when leaving a .onion domain [FF54+] [TOR] - * [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser - * [1] https://bugzilla.mozilla.org/1305144 ***/ - // user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ @@ -1433,6 +1409,18 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES +/* 7004: control TLS versions + * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/ + // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] + // user_pref("security.tls.version.max", 4); +/* 7005: disable SSL session IDs [FF36+] + * [WHY] Passive fingerprinting and perf costs. These are session-only and isolated + * with network partitioning (FF85+) or when using FPI and/or containers ***/ + // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] +/* 7006: onions + * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ + // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 + // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 033977fe1051abb00aa5ca4ccbedc7d34c8a82d5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 03:39:15 +0000 Subject: [PATCH 1686/1961] move personal to last probably more professional to keep it at the end since it isn't strictly project related. It also opens up space for `DON'T TOUCH` and `OPTIONAL OPSEC` --- user.js | 104 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/user.js b/user.js index ae60170..a3d87a3 100644 --- a/user.js +++ b/user.js @@ -64,9 +64,9 @@ 2800: SHUTDOWN 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) - 5000: PERSONAL 7000: DON'T BOTHER 8000: DON'T BOTHER: NON-RFP + 9000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED ******/ @@ -1325,58 +1325,8 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/*** [SECTION 5000]: PERSONAL - Non-project related but useful. If any of these interest you, add them to your overrides - To save some overrides, we've made a few active as they seem to be universally used -***/ -user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); -/* WELCOME & WHAT'S NEW NOTICES ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch - // user_pref("startup.homepage_welcome_url", ""); - // user_pref("startup.homepage_welcome_url.additional", ""); - // user_pref("startup.homepage_override_url", ""); // What's New page after updates -/* WARNINGS ***/ - // user_pref("browser.tabs.warnOnClose", false); - // user_pref("browser.tabs.warnOnCloseOtherTabs", false); - // user_pref("browser.tabs.warnOnOpen", false); - // user_pref("full-screen-api.warning.delay", 0); - // user_pref("full-screen-api.warning.timeout", 0); -/* APPEARANCE ***/ - // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] - // 0=light, 1=dark: with RFP this only affects chrome - // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent - // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] - // 0=no-preference, 1=reduce: with RFP this only affects chrome -/* CONTENT BEHAVIOR ***/ - // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" - // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] - // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line -/* UX BEHAVIOR ***/ - // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing - // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] - // user_pref("browser.tabs.closeWindowWithLastTab", false); - // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] - // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] - // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] - // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] -/* UX FEATURES: disable and hide the icons and menus ***/ -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] - // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] - // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] - // user_pref("reader.parse-on-load.enabled", false); // Reader View -/* OTHER ***/ - // user_pref("browser.bookmarks.max_backups", 2); -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend extensions as you browse -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend features as you browse - // user_pref("network.manage-offline-status", false); // see bugzilla 620472 - // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) - /*** [SECTION 7000]: DON'T BOTHER ***/ -user_pref("_user.js.parrot", "8000 syntax error: the parrot's pushing up daisies!"); +user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002). @@ -1454,6 +1404,56 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan // user_pref("general.useragent.override", ""); // [HIDDEN PREF] // user_pref("ui.use_standins_for_native_colors", true); +/*** [SECTION 9000]: PERSONAL + Non-project related but useful. If any interest you, add them to your overrides + To save some overrides, we've made a few active as they seem to be universally used +***/ +user_pref("_user.js.parrot", "9000 syntax error: this is an ex-parrot!"); +/* WELCOME & WHAT'S NEW NOTICES ***/ +user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch + // user_pref("startup.homepage_welcome_url", ""); + // user_pref("startup.homepage_welcome_url.additional", ""); + // user_pref("startup.homepage_override_url", ""); // What's New page after updates +/* WARNINGS ***/ + // user_pref("browser.tabs.warnOnClose", false); + // user_pref("browser.tabs.warnOnCloseOtherTabs", false); + // user_pref("browser.tabs.warnOnOpen", false); + // user_pref("full-screen-api.warning.delay", 0); + // user_pref("full-screen-api.warning.timeout", 0); +/* APPEARANCE ***/ + // user_pref("browser.download.autohideButton", false); // [FF57+] + // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] + // 0=light, 1=dark: with RFP this only affects chrome + // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent + // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] + // 0=no-preference, 1=reduce: with RFP this only affects chrome +/* CONTENT BEHAVIOR ***/ + // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" + // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] + // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line +/* UX BEHAVIOR ***/ + // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing + // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] + // user_pref("browser.tabs.closeWindowWithLastTab", false); + // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] + // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] + // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] + // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] + // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] +/* UX FEATURES: disable and hide the icons and menus ***/ +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] + // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] + // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] + // user_pref("reader.parse-on-load.enabled", false); // Reader View +/* OTHER ***/ + // user_pref("browser.bookmarks.max_backups", 2); +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] + // [SETTING] General>Browsing>Recommend extensions as you browse +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] + // [SETTING] General>Browsing>Recommend features as you browse + // user_pref("network.manage-offline-status", false); // see bugzilla 620472 + // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) + /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 From 47be7ba42fc48c2cca79675cd9b608084b558e6e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 04:08:49 +0000 Subject: [PATCH 1687/1961] 1203 is a reset not enforce --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a3d87a3..0dcf02d 100644 --- a/user.js +++ b/user.js @@ -44,7 +44,7 @@ 0100: STARTUP 0200: GEOLOCATION / LANGUAGE / LOCALE 0300: QUIET FOX - 0400: BLOCKLISTS / SAFE BROWSING + 0400: SAFE BROWSING 0500: SYSTEM ADD-ONS / EXPERIMENTS 0600: BLOCK IMPLICIT OUTBOUND 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc @@ -64,6 +64,8 @@ 2800: SHUTDOWN 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) + 5000: OPTIONAL OPSEC + 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: NON-RFP 9000: PERSONAL @@ -598,7 +600,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [4] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); -/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only ***/ +/* 1203: reset TLS 1.0 and 1.1 downgrades i.e. session only ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * [1] https://github.com/tlswg/tls13-spec/issues/1001 From e31a6876e6ff45f2ece15c218be6c3256d0de1b7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 04:40:29 +0000 Subject: [PATCH 1688/1961] section 6000 --- user.js | 57 ++++++++++++++++++++++++++------------------------------- 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/user.js b/user.js index 0dcf02d..2a7d2af 100644 --- a/user.js +++ b/user.js @@ -231,15 +231,7 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); -/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) ***/ -user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/** BLOCKLISTS ***/ -/* 0401: enforce Firefox blocklist - * [NOTE] It includes updates for "revoked certificates" - * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ ***/ -user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] - -/** SAFE BROWSING (SB) +/*** [SECTION 0400]: SAFE BROWSING (SB) Safe Browsing has taken many steps to preserve privacy. If required, a full url is never sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. @@ -250,6 +242,7 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] [2] https://wiki.mozilla.org/Security/Safe_Browsing [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work ***/ +user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /* 0410: disable SB (Safe Browsing) * [WARNING] Do this at your own risk! These are the master switches * [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content ***/ @@ -661,9 +654,6 @@ user_pref("security.remote_settings.crlite_filters.enabled", true); user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ -/* 1240: enforce no insecure active content on https pages - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21323 ***/ -user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ user_pref("security.mixed_content.block_display_content", true); /* 1244: enable HTTPS-Only mode in all windows [FF76+] @@ -725,13 +715,10 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /*** [SECTION 1600]: HEADERS / REFERERS - Only **cross domain** referers need controlling: leave 1601, 1602, 1605 and 1606 alone - Expect some breakage: Use an extension if you need precise control - --- + Expect some breakage e.g. banks: use an extension if you need precise control full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 - --- [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); @@ -741,17 +728,13 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1602: ALL: control the amount of information to send * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ // user_pref("network.http.referer.trimmingPolicy", 0); -/* 1603: CROSS ORIGIN: control when to send a referer +/* 1603: control when to send a cross origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ user_pref("network.http.referer.XOriginPolicy", 2); -/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] +/* 1604: control the amount of cross origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); -/* 1605: ALL: enforce no spoofing of referer - * Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) - * protections that some sites may rely on ***/ -user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] /* 1606: ALL: set the default Referrer Policy [FF59+] * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy @@ -1059,15 +1042,6 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -/** SECURITY ***/ -/* 2680: enforce CSP (Content Security Policy) - * [NOTE] CSP is a very important and widespread security feature. Don't disable it! - * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ -user_pref("security.csp.enable", true); // [DEFAULT: true] -/* 2684: enforce a security delay on some confirmation dialogs such as install, open/save - * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ -user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] - /*** [SECTION 2700]: PERSISTENT STORAGE Data SET by websites including cookies : profile\cookies.sqlite @@ -1327,6 +1301,27 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); +/*** [SECTION 5000]: OPTIONAL OPSEC ***/ +user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow"); + +/*** [SECTION 6000]: DON'T TOUCH ***/ +user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); +/* 6001: enforce Firefox blocklist + * [WHY] It includes updates for "revoked certificates" + * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ ***/ +user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] +/* 6002: enforce no referer spoofing + * [WHY] Spoofing can affect CSRF (Cross-Site Request Forgery) protections ***/ +user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] +/* 6003: enforce CSP (Content Security Policy) + * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/ +user_pref("security.csp.enable", true); // [DEFAULT: true] +/* 6004: enforce a security delay on some confirmation dialogs such as install, open/save + * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ +user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] +/* 6005: enforce no insecure active content on https pages ***/ +user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] + /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs From 05b7d61735c85a1b02e61ff4f4bc48a60a637570 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 04:54:49 +0000 Subject: [PATCH 1689/1961] 7000s: non cross origin referers --- user.js | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 2a7d2af..1c4bf51 100644 --- a/user.js +++ b/user.js @@ -722,12 +722,6 @@ user_pref("gfx.font_rendering.graphite.enabled", false); [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: ALL: control when images/links send a referer - * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ - // user_pref("network.http.sendRefererHeader", 2); -/* 1602: ALL: control the amount of information to send - * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ - // user_pref("network.http.referer.trimmingPolicy", 0); /* 1603: control when to send a cross origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ @@ -1368,6 +1362,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 +/* 7007: referers + * [WHY] Only cross origin referers (1600s) need control ***/ + // user_pref("network.http.sendRefererHeader", 2); + // user_pref("network.http.referer.trimmingPolicy", 0); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 9f08c7c0f4b79bbd8b37b5ad3321760d44866265 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 06:04:19 +0000 Subject: [PATCH 1690/1961] 7000s: referer policy #1235 and re-number 1600s --- user.js | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/user.js b/user.js index 1c4bf51..be73125 100644 --- a/user.js +++ b/user.js @@ -18,7 +18,7 @@ * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on close (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags - e.g. third party images/videos not loading on some sites? check 1603 + e.g. third party images/videos not loading on some sites? check 1601 * Take the wiki link in step 2 and read the Troubleshooting entry 5. Some tag info [SETUP-SECURITY] it's one item, read it @@ -722,23 +722,14 @@ user_pref("gfx.font_rendering.graphite.enabled", false); [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1603: control when to send a cross origin referer +/* 1601: control when to send a cross origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ user_pref("network.http.referer.XOriginPolicy", 2); -/* 1604: control the amount of cross origin information to send [FF52+] +/* 1602: control the amount of cross origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); -/* 1606: ALL: set the default Referrer Policy [FF59+] - * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade - * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy - * [1] https://www.w3.org/TR/referrer-policy/ - * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy - * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ - * [4] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ ***/ - // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] - // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] -/* 1610: ALL: enable the DNT (Do Not Track) HTTP header +/* 1603: enable the DNT (Do Not Track) HTTP header * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ user_pref("privacy.donottrackheader.enabled", true); @@ -1366,6 +1357,11 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Only cross origin referers (1600s) need control ***/ // user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.referer.trimmingPolicy", 0); +/* 7008: set the default Referrer Policy [FF59+] + * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade + * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/ + // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] + // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 3697bd8d3a3a011ecfc82e2b345dd7d6bf1880fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 06:26:45 +0000 Subject: [PATCH 1691/1961] 1603 -> inactive Yes it's pretty much useless. Yes it's fingerprintable, and what that entropy is, who knows. Since it's sent regardless with ETP, which we enable in all windows, then who cares. And if you don't use ETP in all windows, then I don't care either - just saying --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index be73125..7bbfc9a 100644 --- a/user.js +++ b/user.js @@ -730,9 +730,9 @@ user_pref("network.http.referer.XOriginPolicy", 2); * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); /* 1603: enable the DNT (Do Not Track) HTTP header - * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref + * [NOTE] DNT is enforced with Enhanced Tracking Protection (2710) * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ -user_pref("privacy.donottrackheader.enabled", true); + // user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS If you want to really leverage containers, we recommend Temporary Containers [2]. From 613e55ae8c28337eb0183c6887cc3f3bd1172d3a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 09:42:21 +0000 Subject: [PATCH 1692/1961] 7000s: add MOAR; renumber 0700s, #1235 --- user.js | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 7bbfc9a..a823c21 100644 --- a/user.js +++ b/user.js @@ -343,38 +343,16 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * [TEST] https://ipleak.org/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ user_pref("network.dns.disableIPv6", true); -/* 0702: disable HTTP2 - * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to - * enhance privacy, and opens up a number of server-side fingerprinting opportunities - * [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites - * [STATS] ~46% of sites (July 2021) [5] - * [1] https://http2.github.io/faq/ - * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html - * [3] https://datatracker.ietf.org/doc/html/rfc7540#section-10.8 - * [4] https://queue.acm.org/detail.cfm?id=2716278 - * [5] https://w3techs.com/technologies/details/ce-http2/all/all ***/ - // user_pref("network.http.spdy.enabled", false); - // user_pref("network.http.spdy.enabled.deps", false); - // user_pref("network.http.spdy.enabled.http2", false); - // user_pref("network.http.spdy.websockets", false); // [FF65+] -/* 0703: disable HTTP Alternative Services [FF37+] - * [SETUP-PERF] Relax this if you have FPI enabled (4001) and you understand the - * consequences. FPI isolates these, but it was designed with the Tor protocol in mind, - * and the Tor Browser has extra protection, including enhanced sanitizing per Identity. - * [1] https://tools.ietf.org/html/rfc7838#section-9 - * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/ -user_pref("network.http.altsvc.enabled", false); -user_pref("network.http.altsvc.oe", false); -/* 0704: set the proxy server to do any DNS lookups when using SOCKS +/* 0702: set the proxy server to do any DNS lookups when using SOCKS * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ user_pref("network.proxy.socks_remote_dns", true); -/* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] +/* 0703: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] -/* 0710: disable GIO as a potential proxy bypass vector +/* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) * [1] https://bugzilla.mozilla.org/1433507 @@ -1362,6 +1340,17 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/ // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] +/* 7009: disable HTTP2 + * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] + * [1] https://w3techs.com/technologies/details/ce-http2/all/all ***/ + // user_pref("network.http.spdy.enabled", false); + // user_pref("network.http.spdy.enabled.deps", false); + // user_pref("network.http.spdy.enabled.http2", false); + // user_pref("network.http.spdy.websockets", false); // [FF65+] +/* 7010: disable HTTP Alternative Services [FF37+] + * [WHY] Already isolated by network partitioning (FF85+) and FPI ***/ + // user_pref("network.http.altsvc.enabled", false); + // user_pref("network.http.altsvc.oe", false); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From b177c73f0d185954a480e5632a4a1c242b307dab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 09:47:34 +0000 Subject: [PATCH 1693/1961] typo technically it's "or" - FPI overrides network partitioning --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index a823c21..ebba09a 100644 --- a/user.js +++ b/user.js @@ -1348,7 +1348,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 7010: disable HTTP Alternative Services [FF37+] - * [WHY] Already isolated by network partitioning (FF85+) and FPI ***/ + * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ // user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.oe", false); From 269cf965bd51022ca69823f8f66a8e402280d856 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 23 Aug 2021 10:03:13 +0000 Subject: [PATCH 1694/1961] renumber 1700s --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index ebba09a..d944193 100644 --- a/user.js +++ b/user.js @@ -713,19 +713,18 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); // user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS - If you want to really leverage containers, we recommend Temporary Containers [2]. - Read the article by the extension author [3], and check out the github wiki/repo [4]. + Check out Temporary Containers [2], read the article [3], and visit the wiki/repo [4] [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers [2] https://addons.mozilla.org/firefox/addon/temporary-containers/ [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 [4] https://github.com/stoically/temporary-containers/wiki ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); -/* 1702: enable Container Tabs and it's UI setting [FF50+] +/* 1701: enable Container Tabs and it's UI setting [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); user_pref("privacy.userContext.ui.enabled", true); -/* 1703: set behaviour on "+ Tab" button to display container menu on left click [FF74+] +/* 1702: set behaviour on "+ Tab" button to display container menu on left click [FF74+] * [NOTE] The menu is always shown on long press and right click * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); From 51748ea25a33295fe7cd6d2f4d8867bf9fa176f3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 24 Aug 2021 03:09:33 +0000 Subject: [PATCH 1695/1961] leverage cve keyword --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d944193..daf5555 100644 --- a/user.js +++ b/user.js @@ -677,7 +677,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1402: disable graphite * Graphite has had many critical security issues in the past [1] - * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1403: limit font visibility (Windows, Mac, some Linux) [FF79+] @@ -852,7 +852,7 @@ user_pref("javascript.options.asmjs", false); * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new * hidden pref is enabled, then Ion can still be used by extensions (1599226) * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Firefox+JIT ***/ + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] From 69132b588f7975fcc40bdcb95f2769bc04212d95 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 24 Aug 2021 05:43:38 +0000 Subject: [PATCH 1696/1961] 7000s: mathml, svg, #1235 --- user.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user.js b/user.js index daf5555..7c92f58 100644 --- a/user.js +++ b/user.js @@ -387,7 +387,7 @@ user_pref("keyword.enabled", false); user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0805: disable coloring of visited links - CSS history leak +/* 0805: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] @@ -917,14 +917,6 @@ user_pref("devtools.chrome.enabled", false); /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] -/* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] - * [TEST] https://arkenfox.github.io/TZP/tzp.html#misc - * [1] https://bugzilla.mozilla.org/1173199 ***/ - // user_pref("mathml.disabled", true); -/* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+] - * [WARNING] Expect breakage including youtube player controls - * [1] https://bugzilla.mozilla.org/1216893 ***/ - // user_pref("svg.disabled", true); /* 2611: disable middle mouse click opening links from clipboard * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ user_pref("middlemouse.contentLoadURL", false); @@ -1350,6 +1342,14 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ // user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.oe", false); +/* 7011: disable MathML (Mathematical Markup Language) [FF51+] + * [WHY] Fingerprintable, breakage, threat model + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml ***/ + // user_pref("mathml.disabled", true); // 1173199 +/* 7012: disable in-content SVG (Scalable Vector Graphics) [FF53+] + * [WHY] Fingerprintable, breakage, threat model + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg ***/ + // user_pref("svg.disabled", true); // 1216893 /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 35ccaff58e5aae76299a6ce41a81cdc3fb871099 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 24 Aug 2021 08:52:12 +0000 Subject: [PATCH 1697/1961] calrify password prompt, #1241 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7c92f58..9b7c775 100644 --- a/user.js +++ b/user.js @@ -457,10 +457,10 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * There are no preferences for this. It is all handled internally * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ -/* 0903: set how often Firefox should ask for the primary password +/* 0903: set when Firefox should prompt for the primary password * 0=the first time (default), 1=every time it's needed, 2=every n minutes (0904) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how often in minutes Firefox should ask for the primary password (0903) ***/ +/* 0904: set how long in minutes Firefox should remember the primary password (0903) ***/ user_pref("security.password_lifetime", 5); // [DEFAULT: 30] /* 0905: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed From 778421cad40d1436ca0fa2833df76bc8fd45473d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 24 Aug 2021 08:59:11 +0000 Subject: [PATCH 1698/1961] #1241 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 9b7c775..11ae8cc 100644 --- a/user.js +++ b/user.js @@ -458,7 +458,7 @@ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ /* 0903: set when Firefox should prompt for the primary password - * 0=the first time (default), 1=every time it's needed, 2=every n minutes (0904) ***/ + * 0=once per session (default), 1=every time it's needed, 2=every n minutes (0904) ***/ user_pref("security.ask_for_password", 2); /* 0904: set how long in minutes Firefox should remember the primary password (0903) ***/ user_pref("security.password_lifetime", 5); // [DEFAULT: 30] From 7144f8b7f86a72462636fc1d86bd3d0993a642c8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 24 Aug 2021 22:51:48 +0000 Subject: [PATCH 1699/1961] cleanup continued, #1239 More minor tweaks to come. This isn't final - 0102: ambiguous that the clearing was related to PB mode - 0900s: - get rid of 0901, it has no pref, stick link in header - 0905: values on multi-lines use spaces = more readable - 1000s: - rename as disk avoidance and remove sub-section headers - remove the outdated section header - 4001: it will never be perfected, it's doing it's job - 5500s: optional hardening - legit security measures, but commonality in caveats, so I made them a separate section - this flips graphite, asm.js and wasm from active to inactive: these are overkill: exhibit A: hundreds of millions of Firefox users - e.g. graphite and wasm are enabled on Tor Browser - new CVE keyword links - 7000s: don't bother - two more items added - 5000s: optional opsec and cleanout 0800s header - re-number - 0900s, 1000s, 1400s, 2400s PS: I need a new parrot: "9000 syntax error: I ran out of parrots" --- user.js | 360 ++++++++++++++++++++++++++------------------------------ 1 file changed, 166 insertions(+), 194 deletions(-) diff --git a/user.js b/user.js index 11ae8cc..dd9fd25 100644 --- a/user.js +++ b/user.js @@ -50,14 +50,14 @@ 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS - 1000: CACHE / SESSION (RE)STORE / FAVICONS + 1000: DISK AVOIDANCE 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1400: FONTS 1600: HEADERS / REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC 2300: WEB WORKERS - 2400: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT + 2400: DOM (DOCUMENT OBJECT MODEL) 2500: FINGERPRINTING 2600: MISCELLANEOUS 2700: PERSISTENT STORAGE @@ -65,6 +65,7 @@ 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) 5000: OPTIONAL OPSEC + 5500: OPTIONAL HARDENING 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: NON-RFP @@ -90,7 +91,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is not used in PB mode (0110) and is cleared with history (2803, 2804) + * [NOTE] Session Restore is cleared with history (2803, 2804), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -116,17 +117,6 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // /* 0106: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); -/* 0110: start Firefox in PB (Private Browsing) mode - * [NOTE] In this mode all windows are "private windows" and the PB mode icon is not displayed - * [WARNING] The P in PB mode can be misleading: it means no "persistent" disk state such as history, - * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). - * In fact, PB mode limits or removes the ability to control some of these, and you need to quit - * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide - * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. - * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode - * [1] https://wiki.mozilla.org/Private_Browsing - * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ - // user_pref("browser.privatebrowsing.autostart", true); /*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); @@ -232,11 +222,11 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] user_pref("network.connectivity-service.enabled", false); /*** [SECTION 0400]: SAFE BROWSING (SB) - Safe Browsing has taken many steps to preserve privacy. If required, a full url is never - sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real - PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. - Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) + SB has taken many steps to preserve privacy. If required, a full url is never sent + to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes. + Firefox takes measures such as striping out identifying parameters and since SBv4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) + FWIW, Google also swear it is anonymized and only used to flag malicious sites. [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [2] https://wiki.mozilla.org/Security/Safe_Browsing @@ -361,13 +351,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] -/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS - Change 0850 and above to suit for privacy vs convenience and functionality. - Consider your environment (no unwanted eyeballs), your device (restricted access), - your device's unattended state (locked, encrypted, forensic hardened). Likewise, - you may want to check the items cleared on shutdown in section 2800. - [1] https://xkcd.com/538/ -***/ +/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search * Don't leak URL typos to a search engine, give an error message instead @@ -412,22 +396,10 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions * [1] https://bugzilla.mozilla.org/1642623 ***/ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -/* 0850a: disable location bar suggestion types - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ - // user_pref("browser.urlbar.suggest.history", false); - // user_pref("browser.urlbar.suggest.bookmark", false); - // user_pref("browser.urlbar.suggest.openpage", false); - // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] /* 0850b: disable tab-to-search [FF85+] * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ // user_pref("browser.urlbar.suggest.engines", false); -/* 0850c: disable location bar dropdown - * This value controls the total number of entries to appear in the location bar dropdown ***/ - // user_pref("browser.urlbar.maxRichResults", 0); -/* 0850d: disable location bar autofill - * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ - // user_pref("browser.urlbar.autoFill", false); /* 0860: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2803) @@ -435,120 +407,66 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); -/* 0862: disable browsing and download history - * [NOTE] We also clear history and downloads on exit (2803) - * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ - // user_pref("places.history.enabled", false); -/* 0870: disable Windows jumplist [WINDOWS] ***/ -user_pref("browser.taskbar.lists.enabled", false); -user_pref("browser.taskbar.lists.frequent.enabled", false); -user_pref("browser.taskbar.lists.recent.enabled", false); -user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 0871: disable Windows taskbar preview [WINDOWS] ***/ - // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] -/*** [SECTION 0900]: PASSWORDS ***/ +/*** [SECTION 0900]: PASSWORDS + [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas +***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); -/* 0901: disable saving passwords - * [NOTE] This does not clear any passwords already saved - * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/ - // user_pref("signon.rememberSignons", false); -/* 0902: use a primary password - * There are no preferences for this. It is all handled internally - * [SETTING] Privacy & Security>Logins and Passwords>Use a Primary Password - * [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ -/* 0903: set when Firefox should prompt for the primary password - * 0=once per session (default), 1=every time it's needed, 2=every n minutes (0904) ***/ +/* 0901: set when Firefox should prompt for the primary password + * 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) ***/ user_pref("security.ask_for_password", 2); -/* 0904: set how long in minutes Firefox should remember the primary password (0903) ***/ +/* 0902: set how long in minutes Firefox should remember the primary password (0901) ***/ user_pref("security.password_lifetime", 5); // [DEFAULT: 30] -/* 0905: disable auto-filling username & password form fields +/* 0903: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed * [NOTE] Username & password is still available when you enter the field * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/ user_pref("signon.autofillForms", false); -/* 0909: disable formless login capture for Password Manager [FF51+] ***/ +/* 0904: disable formless login capture for Password Manager [FF51+] ***/ user_pref("signon.formlessCapture.enabled", false); -/* 0912: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+] +/* 0905: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+] * hardens against potential credentials phishing - * 0=don't allow sub-resources to open HTTP authentication credentials dialogs - * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs - * 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ + * 0 = don't allow sub-resources to open HTTP authentication credentials dialogs + * 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs + * 2 = allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); -/* 0913: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] +/* 0906: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... * [1] https://support.mozilla.org/kb/windows-sso ***/ user_pref("network.http.windows-sso.enabled", false); -/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS - Cache tracking/fingerprinting techniques [1][2][3] require a cache. Disabling disk (1001) - *and* memory (1003) caches is one solution; but that's extreme and fingerprintable. A hardened - Temporary Containers configuration can effectively do the same thing, by isolating every tab [4] - - We consider avoiding disk cache (1001) so cache is session/memory only (like Private Browsing - mode), and isolating cache to first party (4001) is sufficient and a good balance between - risk and performance. ETAGs can also be neutralized by modifying response headers [5], and - you can clear the cache manually or on a regular basis with an extension - - [1] https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags - [2] https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/ - [3] https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache - [4] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21 - [5] https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor +/*** [SECTION 1000]: DISK AVOIDANCE + [NOTE] Cache is isolated with network partitioning (FF85+) or when using FPI ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); -/** CACHE ***/ /* 1001: disable disk cache - * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), - * or you use a hardened Temporary Containers, then feel free to override this + * [SETUP-PERF] If you think disk cache helps, then feel free to override this * [NOTE] We also clear cache on exit (2803) ***/ user_pref("browser.cache.disk.enable", false); -/* 1003: disable memory cache - * capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/ - // user_pref("browser.cache.memory.enable", false); - // user_pref("browser.cache.memory.capacity", 0); -/* 1006: disable permissions manager from writing to disk [RESTART] - * [NOTE] This means any permission changes are session only - * [1] https://bugzilla.mozilla.org/967812 ***/ - // user_pref("permissions.memory_only", true); // [HIDDEN PREF] -/* 1007: disable media cache from writing to disk in Private Browsing +/* 1002: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); - -/** SESSIONS & SESSION RESTORE ***/ -/* 1020: exclude "Undo Closed Tabs" in Session Restore ***/ - // user_pref("browser.sessionstore.max_tabs_undo", 0); -/* 1021: disable storing extra session data [SETUP-CHROME] +/* 1003: disable storing extra session data [SETUP-CHROME] * define on which sites to save extra session data such as form content, cookies and POST data * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); -/* 1022: disable resuming session from crash ***/ - // user_pref("browser.sessionstore.resume_from_crash", false); -/* 1023: set the minimum interval between session save operations +/* 1004: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes [1] * [SETUP-CHROME] This can affect entries in "Recently Closed Tabs": i.e. the * longer the interval the more chance a quick tab open/close won't be captured * [1] https://bugzilla.mozilla.org/1304389 ***/ user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000] -/* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] +/* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); - -/** FAVICONS ***/ -/* 1030: disable favicons in shortcuts +/* 1006: disable favicons in shortcuts * URL shortcuts use a cached randomly named .ico file which is stored in your * profile/shortcutCache directory. The .ico remains after the shortcut is deleted * If set to false then the shortcuts use a generic Firefox icon ***/ user_pref("browser.shell.shortcutFavicons", false); -/* 1031: disable favicons in history and bookmarks - * Stored as data blobs in favicons.sqlite, these don't reveal anything that your - * actual history (and bookmarks) already do. Your history is more detailed, so - * control that instead; e.g. disable history, clear history on close, use PB mode - * [NOTE] favicons.sqlite is sanitized on Firefox close, not in-session ***/ - // user_pref("browser.chrome.site_icons", false); /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) Your cipher and other settings can be used in server side fingerprinting @@ -613,11 +531,6 @@ user_pref("security.pki.sha1_enforcement_level", 1); * 2=detect Family Safety mode and import the root * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [FF41+] [RESTART] - * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. - * Saved logins and passwords are not available. Reset the pref and restart to return them. - * [1] https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/ - // user_pref("security.nocertdb", true); // [HIDDEN PREF] /* 1223: enable strict pinning * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing @@ -672,25 +585,14 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1401: disable rendering of SVG OpenType fonts - * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ +/* 1401: disable rendering of SVG OpenType fonts ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1402: disable graphite - * Graphite has had many critical security issues in the past [1] - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite - * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ -user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1403: limit font visibility (Windows, Mac, some Linux) [FF79+] +/* 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] * [NOTE] In FF80+ RFP ignores the pref and uses value 1 * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ // user_pref("layout.css.font-visibility.level", 1); -/* 1404: disable icon fonts (glyphs) and local fallback rendering - * [1] https://bugzilla.mozilla.org/789788 - * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ - // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] - // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /*** [SECTION 1600]: HEADERS / REFERERS Expect some breakage e.g. banks: use an extension if you need precise control @@ -813,58 +715,30 @@ user_pref("dom.serviceWorkers.enabled", false); user_pref("dom.push.enabled", false); // user_pref("dom.push.userAgentID", ""); -/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ +/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -/* 2401: disable website control over browser right-click context menu - * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ - // user_pref("dom.event.contextmenu.enabled", false); -/* 2402: disable website access to clipboard events/content [SETUP-HARDEN] - * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress - * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website - * [WARNING] In FF88 or lower, with clipboardevents enabled, if both "middlemouse.paste" and - * "general.autoScroll" are true (at least one is default false) then the clipboard can leak [1] - * [1] https://bugzilla.mozilla.org/1528289 ***/ - // user_pref("dom.event.clipboardevents.enabled", false); -/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] - * this disables document.execCommand("cut"/"copy") to protect your clipboard - * [1] https://bugzilla.mozilla.org/1170911 ***/ -user_pref("dom.allow_cut_copy", false); -/* 2404: disable "Confirm you want to leave" dialog on page close +/* 2401: disable "Confirm you want to leave" dialog on page close * Does not prevent JS leaks of the page close event * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/ user_pref("dom.disable_beforeunload", true); -/* 2405: prevent scripts from moving and resizing open windows ***/ +/* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2406: block popup windows +/* 2403: block popup windows * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ user_pref("dom.disable_open_during_load", true); -/* 2407: limit events that can cause a popup [SETUP-WEB] ***/ +/* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 2408: enable (limited but sufficient) window.opener protection [FF65+] +/* 2405: enable (limited but sufficient) window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] -/* 2420: disable asm.js [FF22+] [SETUP-PERF] - * [1] http://asmjs.org/ - * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js - * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ -user_pref("javascript.options.asmjs", false); -/* 2421: disable Ion and baseline JIT to harden against JS exploits [SETUP-HARDEN] - * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new - * hidden pref is enabled, then Ion can still be used by extensions (1599226) - * [WARNING] Disabling Ion/JIT can cause some site issues and performance loss - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/ - // user_pref("javascript.options.ion", false); - // user_pref("javascript.options.baselinejit", false); - // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] -/* 2422: disable WebAssembly [FF52+] - * Vulnerabilities have increasingly been found, including those known and fixed - * in native programs years ago [2]. WASM has powerful low-level access, making - * certain attacks (brute-force) and vulnerabilities more possible - * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3] - * [1] https://developer.mozilla.org/docs/WebAssembly - * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly - * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ -user_pref("javascript.options.wasm", false); +/* 2406: disable website access to clipboard events/content + * Requires user interaction. Applies to onCut/onCopy/onPaste events + * [SETUP-HARDEN] Will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress ***/ + // user_pref("dom.event.clipboardevents.enabled", false); +/* 2407: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] + * this disables document.execCommand("cut"/"copy") to protect your clipboard + * [1] https://bugzilla.mozilla.org/1170911 ***/ +user_pref("dom.allow_cut_copy", false); /*** [SECTION 2500]: FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); @@ -967,22 +841,12 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] user_pref("extensions.postDownloadThirdPartyPrompt", false); /** DOWNLOADS ***/ -/* 2650: discourage downloading to desktop - * 0=desktop, 1=downloads (default), 2=last used - * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ - // user_pref("browser.download.folderList", 2); /* 2651: enable user interaction for security by always asking where to download * [SETUP-CHROME] On Android this blocks longtapping and saving images * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); /* 2652: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); -/* 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN] - * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) - * in such a way that it is forbidden to run external applications. - * [WARNING] This may interfere with some users' workflow or methods - * [1] https://bugzilla.mozilla.org/1281959 ***/ - // user_pref("browser.download.forbid_open_with", true); /** EXTENSIONS ***/ /* 2660: lock down allowed extension directories @@ -1137,7 +1001,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] - * [SETUP-WEB] May break cross-domain logins and site functionality until perfected + * [SETUP-WEB] Will break most cross-domain logins * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] @@ -1255,8 +1119,115 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/*** [SECTION 5000]: OPTIONAL OPSEC ***/ +/*** [SECTION 5000]: OPTIONAL OPSEC + Disk avoidance, application data isolation, eyeballs... +***/ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow"); +/* 5001: start Firefox in PB (Private Browsing) mode + * [NOTE] In this mode all windows are "private windows" and the PB mode icon is not displayed + * [NOTE] The P in PB mode can be misleading: it means no "persistent" disk state such as history, + * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). + * In fact, PB mode limits or removes the ability to control some of these, and you need to quit + * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide + * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. + * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode + * [1] https://wiki.mozilla.org/Private_Browsing + * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ + // user_pref("browser.privatebrowsing.autostart", true); +/* 5002: disable memory cache + * capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/ + // user_pref("browser.cache.memory.enable", false); + // user_pref("browser.cache.memory.capacity", 0); +/* 5003: disable saving passwords + * [NOTE] This does not clear any passwords already saved + * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/ + // user_pref("signon.rememberSignons", false); +/* 5004: disable permissions manager from writing to disk [FF41+] [RESTART] + * [NOTE] This means any permission changes are session only + * [1] https://bugzilla.mozilla.org/967812 ***/ + // user_pref("permissions.memory_only", true); // [HIDDEN PREF] +/* 5005: disable intermediate certificate caching [FF41+] [RESTART] + * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. + * Saved logins and passwords are not available. Reset the pref and restart to return them ***/ + // user_pref("security.nocertdb", true); // [HIDDEN PREF] +/* 5006: disable favicons in history and bookmarks + * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your + * actual history (and bookmarks) already do. Your history is more detailed, so + * control that instead; e.g. disable history, clear history on close, use PB mode + * [NOTE] favicons.sqlite is sanitized on Firefox close ***/ + // user_pref("browser.chrome.site_icons", false); +/* 5007: exclude "Undo Closed Tabs" in Session Restore ***/ + // user_pref("browser.sessionstore.max_tabs_undo", 0); +/* 5008: disable resuming session from crash ***/ + // user_pref("browser.sessionstore.resume_from_crash", false); +/* 5009: disable "open with" in download dialog [FF50+] + * Application data isolation [1] + * [1] https://bugzilla.mozilla.org/1281959 ***/ + // user_pref("browser.download.forbid_open_with", true); +/* 5010: disable location bar suggestion types + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ + // user_pref("browser.urlbar.suggest.history", false); + // user_pref("browser.urlbar.suggest.bookmark", false); + // user_pref("browser.urlbar.suggest.openpage", false); + // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] +/* 5011: disable location bar dropdown + * This value controls the total number of entries to appear in the location bar dropdown ***/ + // user_pref("browser.urlbar.maxRichResults", 0); +/* 5012: disable location bar autofill + * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ + // user_pref("browser.urlbar.autoFill", false); +/* 5013: disable browsing and download history + * [NOTE] We also clear history and downloads on exit (2803) + * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ + // user_pref("places.history.enabled", false); +/* 5014: disable Windows jumplist [WINDOWS] ***/ + // user_pref("browser.taskbar.lists.enabled", false); + // user_pref("browser.taskbar.lists.frequent.enabled", false); + // user_pref("browser.taskbar.lists.recent.enabled", false); + // user_pref("browser.taskbar.lists.tasks.enabled", false); +/* 5015: disable Windows taskbar preview [WINDOWS] ***/ + // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] +/* 5016: discourage downloading to desktop + * 0=desktop, 1=downloads (default), 2=last used + * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ + // user_pref("browser.download.folderList", 2); + +/*** [SECTION 5500]: OPTIONAL HARDENING + Not recommended. Keep in mind that these can cause breakage, performance + issues, are mostly fingerpintable, and the threat model is practically zero +***/ +user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); +/* 5501: disable MathML (Mathematical Markup Language) [FF51+] + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml ***/ + // user_pref("mathml.disabled", true); // 1173199 +/* 5502: disable in-content SVG (Scalable Vector Graphics) [FF53+] + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg ***/ + // user_pref("svg.disabled", true); // 1216893 +/* 5503: disable graphite + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite + * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ + // user_pref("gfx.font_rendering.graphite.enabled", false); +/* 5504: disable asm.js [FF22+] + * [1] http://asmjs.org/ + * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js + * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ + // user_pref("javascript.options.asmjs", false); +/* 5505: disable Ion and baseline JIT to harden against JS exploits + * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new + * hidden pref is enabled, then Ion can still be used by extensions (1599226) + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/ + // user_pref("javascript.options.ion", false); + // user_pref("javascript.options.baselinejit", false); + // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] +/* 5506: disable WebAssembly [FF52+] + * Vulnerabilities [1] have increasingly been found, including those known and fixed + * in native programs years ago [2]. WASM has powerful low-level access, making + * certain attacks (brute-force) and vulnerabilities more possible + * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3] + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm + * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly + * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ + // user_pref("javascript.options.wasm", false); /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1342,14 +1313,15 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ // user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.oe", false); -/* 7011: disable MathML (Mathematical Markup Language) [FF51+] - * [WHY] Fingerprintable, breakage, threat model - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml ***/ - // user_pref("mathml.disabled", true); // 1173199 -/* 7012: disable in-content SVG (Scalable Vector Graphics) [FF53+] - * [WHY] Fingerprintable, breakage, threat model - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg ***/ - // user_pref("svg.disabled", true); // 1216893 +/* 7011: disable website control over browser right-click context menu + * [WHY] Just use Shift-Right-Click ***/ + // user_pref("dom.event.contextmenu.enabled", false); +/* 7012: disable icon fonts (glyphs) and local fallback rendering + * [WHY] Breakage, font fallback is equivalency, also RFP + * [1] https://bugzilla.mozilla.org/789788 + * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ + // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] + // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good @@ -1387,7 +1359,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan Non-project related but useful. If any interest you, add them to your overrides To save some overrides, we've made a few active as they seem to be universally used ***/ -user_pref("_user.js.parrot", "9000 syntax error: this is an ex-parrot!"); +user_pref("_user.js.parrot", "9000 syntax error: I ran out of parrots"); /* WELCOME & WHAT'S NEW NOTICES ***/ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch // user_pref("startup.homepage_welcome_url", ""); @@ -1468,7 +1440,7 @@ user_pref("browser.download.hide_plugins_without_extensions", false); // 0105d: disable Activity Stream recent Highlights in the Library [FF57+] // [-] https://bugzilla.mozilla.org/1689405 // user_pref("browser.library.activity-stream.enabled", false); -// 4616: disable PointerEvents +// 8002: disable PointerEvents // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent // [-] https://bugzilla.mozilla.org/1688105 // user_pref("dom.w3c_pointer_events.enabled", false); From 6077d09b9fc1ef613f674074e3cfece3fde85a92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 14:04:50 +0000 Subject: [PATCH 1700/1961] window.name -> don't touch Also FPI FF65+ patch is not part of FPI, it is part of 4002 which is a separate pref --- user.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index dd9fd25..06a76a1 100644 --- a/user.js +++ b/user.js @@ -831,11 +831,6 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ user_pref("permissions.delegation.enabled", false); -/* 2624: enable "window.name" protection [FF82+] - * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original - * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks - * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ -user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 2625: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); @@ -992,7 +987,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1344170 - blob: URI (FF55+) 1300671 - data:, about: URLs (FF55+) 1473247 - IP addresses (FF63+) - 1492607 - postMessage with targetOrigin "*" (requires 4002) (FF65+) 1542309 - top-level domain URLs when host is in the public suffix list (FF68+) 1506693 - pdfjs range-based requests (FF68+) 1330467 - site permissions (FF69+) @@ -1246,6 +1240,11 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /* 6005: enforce no insecure active content on https pages ***/ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] +/* 6006: enforce "window.name" protection [FF82+] + * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original + * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks + * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ +user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 9f43d48a3222ac6f8980c4f3b1b23b7e45b0bce0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 14:09:39 +0000 Subject: [PATCH 1701/1961] targetBlankNoOpener -> don't touch --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 06a76a1..d69ab34 100644 --- a/user.js +++ b/user.js @@ -728,14 +728,11 @@ user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 2405: enable (limited but sufficient) window.opener protection [FF65+] - * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] -/* 2406: disable website access to clipboard events/content +/* 2405: disable website access to clipboard events/content * Requires user interaction. Applies to onCut/onCopy/onPaste events * [SETUP-HARDEN] Will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress ***/ // user_pref("dom.event.clipboardevents.enabled", false); -/* 2407: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] +/* 2406: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] * this disables document.execCommand("cut"/"copy") to protect your clipboard * [1] https://bugzilla.mozilla.org/1170911 ***/ user_pref("dom.allow_cut_copy", false); @@ -1245,6 +1242,9 @@ user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: tru * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] +/* 6007: enforce window.opener protection [FF65+] + * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 677b81765f652432ef0f150d794c0aaf4b06cb53 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 15:36:15 +0000 Subject: [PATCH 1702/1961] tidy webgl --- user.js | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index d69ab34..a895298 100644 --- a/user.js +++ b/user.js @@ -755,11 +755,8 @@ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); -/* 2504: disable/limit WebGL (Web Graphics Library) - * [SETUP-WEB] When disabled, will break some websites. When enabled, provides high entropy, - * especially with readPixels(). Some of the other entropy is lessened with RFP (4501) - * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ - * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/ +/* 2504: disable WebGL (Web Graphics Library) + * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ user_pref("webgl.disabled", true); // user_pref("webgl.enable-webgl2", false); // user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] From 76c8ecd10d19a6f61ead3e7525c13b0087f898d6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 15:56:57 +0000 Subject: [PATCH 1703/1961] tidy --- user.js | 73 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/user.js b/user.js index a895298..57b9bb0 100644 --- a/user.js +++ b/user.js @@ -233,27 +233,27 @@ user_pref("network.connectivity-service.enabled", false); [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/* 0410: disable SB (Safe Browsing) +/* 0401: disable SB (Safe Browsing) * [WARNING] Do this at your own risk! These are the master switches * [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content ***/ // user_pref("browser.safebrowsing.malware.enabled", false); // user_pref("browser.safebrowsing.phishing.enabled", false); -/* 0411: disable SB checks for downloads (both local lookups + remote) - * This is the master switch for the safebrowsing.downloads* prefs (0412, 0413) +/* 0402: disable SB checks for downloads (both local lookups + remote) + * This is the master switch for the safebrowsing.downloads* prefs (0403, 0404) * [SETTING] Privacy & Security>Security>... "Block dangerous downloads" ***/ // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable SB checks for downloads (remote) +/* 0403: disable SB checks for downloads (remote) * To verify the safety of certain executable files, Firefox may submit some information about the * file, including the name, origin, size and a cryptographic hash of the contents, to the Google * Safe Browsing service which helps Firefox determine whether or not the file should be blocked * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); -/* 0413: disable SB checks for unwanted software +/* 0404: disable SB checks for unwanted software * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -/* 0419: disable "ignore this warning" on SB warnings [FF45+] +/* 0405: disable "ignore this warning" on SB warnings [FF45+] * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ @@ -267,7 +267,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" - [NOTE] On Mac you can right-click on the application and select "Show Package Contents" + [NOTE] On Mac you can right-click on the application and select "Show Package Contents" * Linux: "/usr/lib/firefox/browser/features" (or similar) [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html @@ -313,10 +313,10 @@ user_pref("network.dns.disablePrefetch", true); /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); // user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] -/* 0605: disable link-mouseover opening connection to linked server +/* 0604: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); -/* 0606: enforce no "Hyperlink Auditing" (click tracking) +/* 0605: enforce no "Hyperlink Auditing" (click tracking) * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] @@ -371,7 +371,32 @@ user_pref("keyword.enabled", false); user_pref("browser.fixup.alternate.enabled", false); /* 0803: display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0805: disable coloring of visited links +/* 0804: disable live search suggestions + * [NOTE] Both must be true for the location bar to work + * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine + * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ +user_pref("browser.search.suggest.enabled", false); +user_pref("browser.urlbar.suggest.searches", false); +/* 0805: disable location bar making speculative connections [FF56+] + * [1] https://bugzilla.mozilla.org/1348275 ***/ +user_pref("browser.urlbar.speculativeConnect.enabled", false); +/* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+] + * 0=never resolve single words, 1=heuristic (default), 2=always resolve + * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions + * [1] https://bugzilla.mozilla.org/1642623 ***/ +user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +/* 0807: disable tab-to-search [FF85+] + * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + // user_pref("browser.urlbar.suggest.engines", false); +/* 0808: disable search and form history + * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] + * [NOTE] We also clear formdata on exit (2803) + * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history + * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html + * [2] https://bugzilla.mozilla.org/381681 ***/ +user_pref("browser.formfill.enable", false); +/* 0808: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] @@ -382,31 +407,6 @@ user_pref("browser.urlbar.trimURLs", false); * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ // user_pref("layout.css.visited_links_enabled", false); -/* 0807: disable live search suggestions - * [NOTE] Both must be true for the location bar to work - * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine - * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ -user_pref("browser.search.suggest.enabled", false); -user_pref("browser.urlbar.suggest.searches", false); -/* 0810: disable location bar making speculative connections [FF56+] - * [1] https://bugzilla.mozilla.org/1348275 ***/ -user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0811: disable location bar leaking single words to a DNS provider **after searching** [FF78+] - * 0=never resolve single words, 1=heuristic (default), 2=always resolve - * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions - * [1] https://bugzilla.mozilla.org/1642623 ***/ -user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -/* 0850b: disable tab-to-search [FF85+] - * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ - // user_pref("browser.urlbar.suggest.engines", false); -/* 0860: disable search and form history - * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] - * [NOTE] We also clear formdata on exit (2803) - * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history - * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html - * [2] https://bugzilla.mozilla.org/381681 ***/ -user_pref("browser.formfill.enable", false); /*** [SECTION 0900]: PASSWORDS [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas @@ -437,7 +437,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); user_pref("network.http.windows-sso.enabled", false); /*** [SECTION 1000]: DISK AVOIDANCE - [NOTE] Cache is isolated with network partitioning (FF85+) or when using FPI + [NOTE] Cache is isolated with network partitioning (FF85+) or FPI ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache @@ -1353,7 +1353,6 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan /*** [SECTION 9000]: PERSONAL Non-project related but useful. If any interest you, add them to your overrides - To save some overrides, we've made a few active as they seem to be universally used ***/ user_pref("_user.js.parrot", "9000 syntax error: I ran out of parrots"); /* WELCOME & WHAT'S NEW NOTICES ***/ From 881a2d22eb0f977995e5b360ca06df8644ad2d6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 25 Aug 2021 16:14:59 +0000 Subject: [PATCH 1704/1961] cleanup tags - there was only one perf left - warning is down to 5: two in section headers, 3 on inactive prefs: no need to mention it, people will see them if they read each item/section --- user.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user.js b/user.js index 57b9bb0..7994c4c 100644 --- a/user.js +++ b/user.js @@ -24,8 +24,6 @@ [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) - [SETUP-PERF] may impact performance - [WARNING] used on some commented out items, heed them 6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080 * RELEASES: https://github.com/arkenfox/user.js/releases @@ -441,7 +439,7 @@ user_pref("network.http.windows-sso.enabled", false); ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache - * [SETUP-PERF] If you think disk cache helps, then feel free to override this + * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this * [NOTE] We also clear cache on exit (2803) ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable media cache from writing to disk in Private Browsing From 5ec4fef4ed6dc17db4f3f8d04d6d1d394e9145b2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 05:40:59 +0000 Subject: [PATCH 1705/1961] dedupe 0808 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7994c4c..ffed34b 100644 --- a/user.js +++ b/user.js @@ -394,7 +394,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); -/* 0808: disable coloring of visited links +/* 0809: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] From 64e8dfad0a25806d6af480fb5e9f21f5934da6e9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 05:55:11 +0000 Subject: [PATCH 1706/1961] 1004: remove setup tag IDK if this is true: no one has ever complained, and I'm not interested in maintaining/testing it --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index ffed34b..369b801 100644 --- a/user.js +++ b/user.js @@ -453,8 +453,6 @@ user_pref("media.memory_cache_max_size", 65536); user_pref("browser.sessionstore.privacy_level", 2); /* 1004: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes [1] - * [SETUP-CHROME] This can affect entries in "Recently Closed Tabs": i.e. the - * longer the interval the more chance a quick tab open/close won't be captured * [1] https://bugzilla.mozilla.org/1304389 ***/ user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000] /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] From 498a25c759edc7a28ade958b6bb1d66d75df152e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 06:04:57 +0000 Subject: [PATCH 1707/1961] 0806: remove confusing line --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 369b801..40f63bf 100644 --- a/user.js +++ b/user.js @@ -380,7 +380,6 @@ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+] * 0=never resolve single words, 1=heuristic (default), 2=always resolve - * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions * [1] https://bugzilla.mozilla.org/1642623 ***/ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); /* 0807: disable tab-to-search [FF85+] From 80f69a6f3d1d34f49496064d9199d885a28c6c4f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 06:26:41 +0000 Subject: [PATCH 1708/1961] 2406: remove This doesn't achieve anything. AFAICT, it's an old gecko only API, not used on the web: superseded by the Clipboard API (added in FF21+) --- user.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/user.js b/user.js index 40f63bf..93c1926 100644 --- a/user.js +++ b/user.js @@ -727,10 +727,6 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); * Requires user interaction. Applies to onCut/onCopy/onPaste events * [SETUP-HARDEN] Will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress ***/ // user_pref("dom.event.clipboardevents.enabled", false); -/* 2406: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] - * this disables document.execCommand("cut"/"copy") to protect your clipboard - * [1] https://bugzilla.mozilla.org/1170911 ***/ -user_pref("dom.allow_cut_copy", false); /*** [SECTION 2500]: FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); From 38dc90a947cd07f57992eabf0f56807119a44afe Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 06:27:32 +0000 Subject: [PATCH 1709/1961] dom.allow_cut_copy https://github.com/arkenfox/user.js/commit/80f69a6f3d1d34f49496064d9199d885a28c6c4f --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 5120643..d53e6f5 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 22-August-2021 + Last updated: 26-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -15,6 +15,7 @@ /* removed in arkenfox user.js */ /* 91 */ 'alerts.showFavicons', + 'dom.allow_cut_copy', 'dom.battery.enabled', 'dom.storage.enabled', 'dom.vibrator.enabled', From b5a3b54d3f9555aae97548306a56815b2f7fc9fa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 06:43:28 +0000 Subject: [PATCH 1710/1961] clipboard to don't bother --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 93c1926..b4dc10b 100644 --- a/user.js +++ b/user.js @@ -723,10 +723,6 @@ user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 2405: disable website access to clipboard events/content - * Requires user interaction. Applies to onCut/onCopy/onPaste events - * [SETUP-HARDEN] Will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress ***/ - // user_pref("dom.event.clipboardevents.enabled", false); /*** [SECTION 2500]: FINGERPRINTING ***/ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); @@ -1309,6 +1305,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.fallback_delay", -1); +/* 7013: disable website access to clipboard events/content + * [WHY] Fingerprintable. Breakage. Requires user interaction, and + * paste only fires on focused editable fields. ***/ + // user_pref("dom.event.clipboardevents.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 4ac17eaf787b6145f3e44759a2e0fd13660ee88c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 26 Aug 2021 06:50:46 +0000 Subject: [PATCH 1711/1961] tidy last commit --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index b4dc10b..b94104c 100644 --- a/user.js +++ b/user.js @@ -1305,9 +1305,9 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.fallback_delay", -1); -/* 7013: disable website access to clipboard events/content - * [WHY] Fingerprintable. Breakage. Requires user interaction, and - * paste only fires on focused editable fields. ***/ +/* 7013: disable Clipboard API + * [WHY] Fingerprintable. Breakage. They (cut/copy/paste) require user + * interaction, and paste is limited to focused editable fields ***/ // user_pref("dom.event.clipboardevents.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP From 08395de18871590730ba7139c5de631a0aa82b03 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Aug 2021 10:37:54 +0000 Subject: [PATCH 1712/1961] 1273: remove inactive pref --- user.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.js b/user.js index b94104c..7b88ae2 100644 --- a/user.js +++ b/user.js @@ -574,8 +574,7 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/ - // user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true] +/* 1273: display "Not Secure" text on HTTP sites ***/ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ From 2a9cf32f45d0aabc4a6ac70f3a4a0b8f8e25a1ad Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Aug 2021 10:39:40 +0000 Subject: [PATCH 1713/1961] security.insecure_connection_icon.enabled inactive and default true --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index d53e6f5..ca7b2f4 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 26-August-2021 + Last updated: 27-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -23,6 +23,7 @@ 'gfx.direct2d.disabled', 'layers.acceleration.disabled', 'media.media-capabilities.enabled', + 'security.insecure_connection_icon.enabled', /* 79-90 */ 'browser.newtabpage.activity-stream.asrouter.providers.snippets', 'browser.send_pings.require_same_host', From 3b5255714339cf9726d77853d6166e5a0bc6eb36 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 05:19:13 +0000 Subject: [PATCH 1714/1961] start removal of section 0500s - I am no longer short one parrot - move inactive screenshots to personal - move FORM autofill to `0800... FORMS` - can't find it now, but this is slated to cease being a system addon and instead be "built-in" - the rest will get swallowed into a revamped, split QUIETER FOX --- user.js | 54 ++++++++++++++++++++---------------------------------- 1 file changed, 20 insertions(+), 34 deletions(-) diff --git a/user.js b/user.js index 7b88ae2..904db6c 100644 --- a/user.js +++ b/user.js @@ -41,11 +41,11 @@ 0100: STARTUP 0200: GEOLOCATION / LANGUAGE / LOCALE - 0300: QUIET FOX + 0300: QUIETER FOX 0400: SAFE BROWSING 0500: SYSTEM ADD-ONS / EXPERIMENTS 0600: BLOCK IMPLICIT OUTBOUND - 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc + 0700: DNS / PROXY / SOCKS / IPv6 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: DISK AVOIDANCE @@ -141,7 +141,7 @@ user_pref("intl.accept_languages", "en-US, en"); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -/*** [SECTION 0300]: QUIET FOX ***/ +/*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS] * [NOTE] You will still get prompts to update, and should do so in a timely manner @@ -257,21 +257,8 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS - System Add-ons are a method for shipping extensions, considered to be - built-in features to Firefox, that are hidden from the about:addons UI. - To view your System Add-ons go to about:support, they are listed under "Firefox Features" - - * Portable: "...\App\Firefox64\browser\features\" (or "App\Firefox\etc" for 32bit) - * Windows: "...\Program Files\Mozilla\browser\features" (or "Program Files (X86)\etc" for 32bit) - * Mac: "...\Applications\Firefox\Contents\Resources\browser\features\" - [NOTE] On Mac you can right-click on the application and select "Show Package Contents" - * Linux: "/usr/lib/firefox/browser/features" (or similar) - - [1] https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html - [2] https://searchfox.org/mozilla-central/source/browser/extensions -***/ -user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!"); +/*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS ***/ +user_pref("_user.js.parrot", "0500 syntax error: section is going to be removed"); /* 0503: disable Normandy/Shield [FF60+] * Shield is a telemetry system that can push and test "recipes" * [1] https://mozilla.github.io/normandy/ ***/ @@ -283,18 +270,6 @@ user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Defense-in-depth: currently covered by 0340 ***/ user_pref("browser.ping-centre.telemetry", false); -/* 0515: disable Screenshots ***/ - // user_pref("extensions.screenshots.disabled", true); // [FF55+] -/* 0517: disable Form Autofill - * [NOTE] Stored data is NOT secure (uses a JSON file) - * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses - * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ -user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] -user_pref("extensions.formautofill.available", "off"); // [FF56+] -user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] -user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] -user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0518: enforce disabling of Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] @@ -318,7 +293,7 @@ user_pref("network.http.speculative-parallel-limit", 0); * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] -/*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ +/*** [SECTION 0700]: DNS / PROXY / SOCKS / IPv6 ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming @@ -392,8 +367,18 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ +/* 0809: disable Form Autofill + * [NOTE] Stored data is NOT secure (uses a JSON file) + * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes + * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses + * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ +user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] +user_pref("extensions.formautofill.available", "off"); // [FF56+] +user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] +user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] +user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] user_pref("browser.formfill.enable", false); -/* 0809: disable coloring of visited links +/* 0810: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] @@ -1344,7 +1329,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan /*** [SECTION 9000]: PERSONAL Non-project related but useful. If any interest you, add them to your overrides ***/ -user_pref("_user.js.parrot", "9000 syntax error: I ran out of parrots"); +user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* WELCOME & WHAT'S NEW NOTICES ***/ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch // user_pref("startup.homepage_welcome_url", ""); @@ -1376,9 +1361,10 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] -/* UX FEATURES: disable and hide the icons and menus ***/ +/* UX FEATURES ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] + // user_pref("extensions.screenshots.disabled", true); // [FF55+] // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] // user_pref("reader.parse-on-load.enabled", false); // Reader View /* OTHER ***/ From 2cf20c56a7d13b7c334b5b6e3f5180444c446bbf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 05:48:54 +0000 Subject: [PATCH 1715/1961] standardize cross origin/domain --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 904db6c..aa407de 100644 --- a/user.js +++ b/user.js @@ -581,11 +581,11 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: control when to send a cross origin referer +/* 1601: control when to send a cross-origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ user_pref("network.http.referer.XOriginPolicy", 2); -/* 1602: control the amount of cross origin information to send [FF52+] +/* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); /* 1603: enable the DNT (Do Not Track) HTTP header @@ -960,7 +960,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); /* 4001: enable First Party Isolation [FF51+] - * [SETUP-WEB] Will break most cross-domain logins + * [SETUP-WEB] Breaks some cross-origin logins * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/ user_pref("privacy.firstparty.isolate", true); /* 4002: enforce FPI restriction for window.opener [FF54+] @@ -1261,7 +1261,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers - * [WHY] Only cross origin referers (1600s) need control ***/ + * [WHY] Only cross-origin referers (1600s) need control ***/ // user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.referer.trimmingPolicy", 0); /* 7008: set the default Referrer Policy [FF59+] From 5ac8fd8f70f3e9ab60b264a572e2ad9974ac7362 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 05:57:19 +0000 Subject: [PATCH 1716/1961] 0906: tweak, #1243 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index aa407de..2b33426 100644 --- a/user.js +++ b/user.js @@ -413,10 +413,10 @@ user_pref("signon.formlessCapture.enabled", false); * 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs * 2 = allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); -/* 0906: disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] +/* 0906: enforce no automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... * [1] https://support.mozilla.org/kb/windows-sso ***/ -user_pref("network.http.windows-sso.enabled", false); +user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] /*** [SECTION 1000]: DISK AVOIDANCE [NOTE] Cache is isolated with network partitioning (FF85+) or FPI From 4043467ad9e726244e2395f319d021b0bcf824c7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 06:03:13 +0000 Subject: [PATCH 1717/1961] tidy --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 2b33426..78a4499 100644 --- a/user.js +++ b/user.js @@ -796,9 +796,6 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ user_pref("permissions.delegation.enabled", false); -/* 2625: disable bypassing 3rd party extension install prompts [FF82+] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ -user_pref("extensions.postDownloadThirdPartyPrompt", false); /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -816,6 +813,9 @@ user_pref("browser.download.manager.addToRecentDocs", false); * [1] archived: https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] +/* 2661: disable bypassing 3rd party extension install prompts [FF82+] + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ +user_pref("extensions.postDownloadThirdPartyPrompt", false); /* 2662: disable webextension restrictions on certain mozilla domains (you also need 4503) [FF60+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); From 4b437771fa3886173182fce273f145a65babfc3f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 07:11:44 +0000 Subject: [PATCH 1718/1961] oophs, thanks @eleius fixup https://github.com/arkenfox/user.js/commit/3b5255714339cf9726d77853d6166e5a0bc6eb36 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 78a4499..61d0fab 100644 --- a/user.js +++ b/user.js @@ -367,6 +367,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ +user_pref("browser.formfill.enable", false); /* 0809: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes @@ -377,7 +378,6 @@ user_pref("extensions.formautofill.available", "off"); // [FF56+] user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -user_pref("browser.formfill.enable", false); /* 0810: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing From 6df03e1a74863e889dc756f3a8a6f90ba78b6126 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 08:30:12 +0000 Subject: [PATCH 1719/1961] add removed from arkenfox section - this helps mitigate the need for scratchpad for those who use prefsCleaner - in future, if anything was active during the ESR cycle, then it goes in here when removed - similar to deprecated items: clean out after ESR EOL --- user.js | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 61d0fab..a4569ef 100644 --- a/user.js +++ b/user.js @@ -729,8 +729,6 @@ user_pref("browser.link.open_newwindow.restriction", 0); /* 2504: disable WebGL (Web Graphics Library) * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ user_pref("webgl.disabled", true); - // user_pref("webgl.enable-webgl2", false); - // user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1213,6 +1211,19 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] /* 6007: enforce window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] +/* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/ + // user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); + // user_pref("browser.send_pings.require_same_host", ""); + // user_pref("dom.allow_cut_copy", ""); + // user_pref("dom.vibrator.enabled", ""); + // user_pref("media.gmp-widevinecdm.visible", ""); + // user_pref("network.http.redirection-limit", ""); + // user_pref("privacy.partition.network_state", ""); + // user_pref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+] + // user_pref("security.ssl.enable_ocsp_stapling", ""); // [DEFAULT: true FF26+] + // user_pref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+] + // user_pref("webgl.enable-webgl2", ""); + // user_pref("webgl.min_capability_mode", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 7e80231ac583f67883c6403e9e3c06a888fd289f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 08:38:31 +0000 Subject: [PATCH 1720/1961] was 6005: remove mixed active --- user.js | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index a4569ef..d14d564 100644 --- a/user.js +++ b/user.js @@ -1201,16 +1201,14 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] /* 6004: enforce a security delay on some confirmation dialogs such as install, open/save * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] -/* 6005: enforce no insecure active content on https pages ***/ -user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] +/* 6005: enforce window.opener protection [FF65+] + * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /* 6006: enforce "window.name" protection [FF82+] * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] -/* 6007: enforce window.opener protection [FF65+] - * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] /* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/ // user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // user_pref("browser.send_pings.require_same_host", ""); @@ -1220,6 +1218,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] // user_pref("network.http.redirection-limit", ""); // user_pref("privacy.partition.network_state", ""); // user_pref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+] + // user_pref("security.mixed_content.block_active_content", ""); // [DEFAULT: true since at least FF60] // user_pref("security.ssl.enable_ocsp_stapling", ""); // [DEFAULT: true FF26+] // user_pref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+] // user_pref("webgl.enable-webgl2", ""); From 908638c9dc8f1d66c373617915220c126ed05147 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 28 Aug 2021 08:39:44 +0000 Subject: [PATCH 1721/1961] security.mixed_content.block_active_content default true since at least FF60 --- scratchpad-scripts/arkenfox-clear-removed.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index ca7b2f4..f202cae 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 27-August-2021 + Last updated: 28-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -24,6 +24,7 @@ 'layers.acceleration.disabled', 'media.media-capabilities.enabled', 'security.insecure_connection_icon.enabled', + 'security.mixed_content.block_active_content', /* 79-90 */ 'browser.newtabpage.activity-stream.asrouter.providers.snippets', 'browser.send_pings.require_same_host', From a264eebcb5ae86b958329514daf590bf5618f6cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Aug 2021 03:27:46 +0000 Subject: [PATCH 1722/1961] screensharing etc --- scratchpad-scripts/arkenfox-clear-removed.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index f202cae..bd99cb5 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,7 @@ /*** This will reset the preferences that have been removed completely from the arkenfox user.js. - Last updated: 28-August-2021 + Last updated: 29-August-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -22,6 +22,9 @@ 'general.warnOnAboutConfig', 'gfx.direct2d.disabled', 'layers.acceleration.disabled', + 'media.getusermedia.audiocapture.enabled', + 'media.getusermedia.browser.enabled', + 'media.getusermedia.screensharing.enabled', 'media.media-capabilities.enabled', 'security.insecure_connection_icon.enabled', 'security.mixed_content.block_active_content', From 453fcd32cb6fdc981684d2587764f23b4689222f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Aug 2021 04:10:48 +0000 Subject: [PATCH 1723/1961] remove 2003, fixes #1245 --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index d14d564..8c42710 100644 --- a/user.js +++ b/user.js @@ -626,10 +626,6 @@ user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.no_host", true); // [FF51+] user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+] -/* 2003: disable screensharing ***/ -user_pref("media.getusermedia.screensharing.enabled", false); -user_pref("media.getusermedia.browser.enabled", false); -user_pref("media.getusermedia.audiocapture.enabled", false); /* 2020: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); @@ -1214,6 +1210,9 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] // user_pref("browser.send_pings.require_same_host", ""); // user_pref("dom.allow_cut_copy", ""); // user_pref("dom.vibrator.enabled", ""); + // user_pref("media.getusermedia.audiocapture.enabled", ""); + // user_pref("media.getusermedia.browser.enabled", ""); + // user_pref("media.getusermedia.screensharing.enabled", ""); // user_pref("media.gmp-widevinecdm.visible", ""); // user_pref("network.http.redirection-limit", ""); // user_pref("privacy.partition.network_state", ""); From a308878b118cf8e78406f38bec188e6535d38118 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Aug 2021 04:50:36 +0000 Subject: [PATCH 1724/1961] finish removal of 500s and cleanup of 300s --- user.js | 86 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 40 deletions(-) diff --git a/user.js b/user.js index 8c42710..50126b1 100644 --- a/user.js +++ b/user.js @@ -43,7 +43,6 @@ 0200: GEOLOCATION / LANGUAGE / LOCALE 0300: QUIETER FOX 0400: SAFE BROWSING - 0500: SYSTEM ADD-ONS / EXPERIMENTS 0600: BLOCK IMPLICIT OUTBOUND 0700: DNS / PROXY / SOCKS / IPv6 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS @@ -143,6 +142,7 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); +/** UPDATES ***/ /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS] * [NOTE] You will still get prompts to update, and should do so in a timely manner * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ @@ -156,23 +156,41 @@ user_pref("app.update.background.scheduling.enabled", false); /* 0304: disable auto-INSTALLING extension and theme updates (after the check in 0303) * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ // user_pref("extensions.update.autoUpdateDefault", false); -/* 0306: disable extension metadata +/* 0305: disable extension metadata * used when installing/updating an extension, and in daily background update checks: * when false, extension detail tabs will have no description ***/ // user_pref("extensions.getAddons.cache.enabled", false); -/* 0308: disable search engine updates (e.g. OpenSearch) +/* 0306: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); -/* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/ +/* 0307: disable System Add-on updates ***/ +user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] +user_pref("extensions.systemAddon.update.url", ""); // [FF44+] + +/** RECOMMENDATIONS ***/ +/* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); -/* 0330: disable telemetry +/* 0322: disable personalized Extension Recommendations in about:addons and AMO [FF65+] + * [NOTE] This pref has no effect when Health Reports (0331) are disabled + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations + * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ +user_pref("browser.discovery.enabled", false); + +/** TELEMETRY ***/ +/* 0330: disable new data submission [FF41+] + * If disabled, no policy is shown or upload takes place, ever + * [1] https://bugzilla.mozilla.org/1195552 ***/ +user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 0331: disable Health Reports + * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ +user_pref("datareporting.healthreport.uploadEnabled", false); +/* 0332: disable telemetry * The "unified" pref affects the behaviour of the "enabled" pref * - If "unified" is false then "enabled" controls the telemetry module * - If "unified" is true then "enabled" only controls whether to record extended data - * [NOTE] FF58+ "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease - * or release builds (true and false respectively) [2] + * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ user_pref("toolkit.telemetry.unified", false); @@ -184,26 +202,26 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] -/* 0331: disable Telemetry Coverage +/* 0333: disable Telemetry Coverage * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] user_pref("toolkit.coverage.endpoint.base", ""); -/* 0340: disable Health Reports - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ -user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0341: disable new data submission, master kill switch [FF41+] - * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/1195552 ***/ -user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0342: disable Studies +/* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] + * Defense-in-depth: currently covered by 0331 ***/ +user_pref("browser.ping-centre.telemetry", false); + +/** STUDIES ***/ +/* 0340: disable Studies * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); -/* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+] - * [NOTE] This pref has no effect when Health Reports (0340) are disabled - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations - * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ -user_pref("browser.discovery.enabled", false); +/* 0341: disable Normandy/Shield [FF60+] + * Shield is a telemetry system that can push and test "recipes" + * [1] https://mozilla.github.io/normandy/ ***/ +user_pref("app.normandy.enabled", false); +user_pref("app.normandy.api_url", ""); + +/** CRASH REPORTS ***/ /* 0350: disable Crash Reports ***/ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] @@ -211,13 +229,18 @@ user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] /* 0351: enforce no submission of backlogged Crash Reports [FF58+] * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] -/* 0390: disable Captive Portal detection + +/** OTHER ***/ +/* 0360: disable Captive Portal detection * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // [FF52+] -/* 0391: disable Network Connectivity checks [FF65+] +/* 0361: disable Network Connectivity checks [FF65+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); +/* 0362: enforce disabling of Web Compatibility Reporter [FF56+] + * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ +user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 0400]: SAFE BROWSING (SB) SB has taken many steps to preserve privacy. If required, a full url is never sent @@ -257,23 +280,6 @@ user_pref("browser.safebrowsing.downloads.remote.url", ""); * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS ***/ -user_pref("_user.js.parrot", "0500 syntax error: section is going to be removed"); -/* 0503: disable Normandy/Shield [FF60+] - * Shield is a telemetry system that can push and test "recipes" - * [1] https://mozilla.github.io/normandy/ ***/ -user_pref("app.normandy.enabled", false); -user_pref("app.normandy.api_url", ""); -/* 0505: disable System Add-on updates ***/ -user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] -user_pref("extensions.systemAddon.update.url", ""); // [FF44+] -/* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Defense-in-depth: currently covered by 0340 ***/ -user_pref("browser.ping-centre.telemetry", false); -/* 0518: enforce disabling of Web Compatibility Reporter [FF56+] - * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ -user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] - /*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!"); /* 0601: disable link prefetching From a1b4aa6000b691930df59bc214d40d2f89c6ca90 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Aug 2021 07:42:24 +0000 Subject: [PATCH 1725/1961] add DoH rollout pref, closes #1027 --- user.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 50126b1..64dd2ba 100644 --- a/user.js +++ b/user.js @@ -44,7 +44,7 @@ 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND - 0700: DNS / PROXY / SOCKS / IPv6 + 0700: DNS / DoH / PROXY / SOCKS / IPv6 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: DISK AVOIDANCE @@ -299,7 +299,7 @@ user_pref("network.http.speculative-parallel-limit", 0); * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] -/*** [SECTION 0700]: DNS / PROXY / SOCKS / IPv6 ***/ +/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming @@ -329,6 +329,14 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [3] https://en.wikipedia.org/wiki/GVfs * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] +/* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+] + * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off + * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] + * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ + * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy + * [3] https://blog.mozilla.org/en/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ + * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ + // user_pref("network.trr.mode", 5); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); From 283bfd744ac1d7cb102e542b92b12f98d1a095b8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 29 Aug 2021 14:32:37 +0000 Subject: [PATCH 1726/1961] fixup missing 1022 reference --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 64dd2ba..cc7eb7b 100644 --- a/user.js +++ b/user.js @@ -935,7 +935,7 @@ user_pref("privacy.cpd.sessions", true); // Active Logins user_pref("privacy.cpd.siteSettings", false); // Site Preferences /* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803) - * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (1022) + * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); From 524823fd0524277d59aceedc3b7b051baf4e3b13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 7 Sep 2021 13:35:32 +0000 Subject: [PATCH 1727/1961] proxy direct failover (#1247) --- user.js | 73 ++++++++++++++++++++++++++------------------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/user.js b/user.js index cc7eb7b..8c27326 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 30 July 2021 -* version 91-alpha +* date: 7 September 2021 +* version 91 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -337,6 +337,8 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [3] https://blog.mozilla.org/en/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 5); +/* 0706: disable proxy direct failover for system requests [FF91+] ***/ +user_pref("network.proxy.failover_direct", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); @@ -432,9 +434,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); * [1] https://support.mozilla.org/kb/windows-sso ***/ user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] -/*** [SECTION 1000]: DISK AVOIDANCE - [NOTE] Cache is isolated with network partitioning (FF85+) or FPI -***/ +/*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this @@ -992,17 +992,14 @@ user_pref("privacy.firstparty.isolate", true); [WARNING] DO NOT USE extensions to alter RFP protected metrics - FF41+ - 418986 - limit window.screen & CSS media queries leaking identifiable info + 418986 - limit window.screen & CSS media queries (FF41) [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - FF50+ - 1281949 - spoof screen orientation - 1281963 - hide contents of navigator.plugins and navigator.mimeTypes - FF55+ - 1330890 - spoof timezone as UTC0 - 1360039 - spoof navigator.hardwareConcurrency as 2 - 1217238 - reduce precision of time exposed by javascript - FF56+ + 1281949 - spoof screen orientation (FF50) + 1281963 - hide contents of navigator.plugins and navigator.mimeTypes (FF50-88) + 1330890 - spoof timezone as UTC0 (FF55) + 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) + 1217238 - reduce precision of time exposed by javascript (FF55) + FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux @@ -1012,7 +1009,7 @@ user_pref("privacy.firstparty.isolate", true); 1337161 - hide gamepads from content 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true 1333641 - reduce fingerprinting in WebSpeech API - FF57+ + FF57 1369309 - spoof media statistics 1382499 - reduce screen co-ordinate fingerprinting in Touch API 1217290 & 1409677 - enable some fingerprinting resistance for WebGL @@ -1020,34 +1017,30 @@ user_pref("privacy.firstparty.isolate", true); 1354633 - limit MediaError.message to a whitelist 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) Blocks exposure of local IP Addresses via mDNS (Multicast DNS) - FF58+ - 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction - FF59+ - 1372073 - spoof/block fingerprinting in MediaDevices API + FF58-90 + 967895 - spoof canvas and enable site permission prompt (FF58) + 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" Block: suppresses the ondevicechange event - 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) - 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events + 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) (FF59) + 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59) Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. - FF60-67 - 1337157 - disable WebGL debug renderer info (FF60+) - 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - 1479239 - return "no-preference" with prefers-reduced-motion (FF63+) - 1363508 - spoof/suppress Pointer Events (FF64+) - 1492766 - spoof pointerEvent.pointerid (FF65+) - 1485266 - disable exposure of system colors to CSS or canvas (FF67+) - 1494034 - return "light" with prefers-color-scheme (FF67+) - FF68-77 - 1564422 - spoof audioContext outputLatency (FF70+) - 1595823 - return audioContext sampleRate as 44100 (FF72+) - 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) - FF78-90 - 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80+) - 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) + 1337157 - disable WebGL debug renderer info (FF60) + 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62) + 1479239 - return "no-preference" with prefers-reduced-motion (FF63) + 1363508 - spoof/suppress Pointer Events (FF64) + 1492766 - spoof pointerEvent.pointerid (FF65) + 1485266 - disable exposure of system colors to CSS or canvas (FF67) + 1494034 - return "light" with prefers-color-scheme (FF67) + 1564422 - spoof audioContext outputLatency (FF70) + 1595823 - return audioContext sampleRate as 44100 (FF72) + 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74) + 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78) + 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) + 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) FF91+ - 531915 - use fdlibm's sin, cos and tan in jsmath (FF93+, ESR91.1+) + 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1160,7 +1153,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.download.folderList", 2); /*** [SECTION 5500]: OPTIONAL HARDENING - Not recommended. Keep in mind that these can cause breakage, performance + Not recommended. Keep in mind that these can cause breakage and performance issues, are mostly fingerpintable, and the threat model is practically zero ***/ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); From c9956d85b198ed400cf3b15a3254e1184d6722af Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 10 Sep 2021 04:32:09 +0000 Subject: [PATCH 1728/1961] 92-alpha --- user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 8c27326..1711cc3 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 September 2021 -* version 91 +* date: 10 September 2021 +* version 92-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -781,7 +781,7 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) * [1] https://wiki.mozilla.org/IDN_Display_Algorithm * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack - * [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ + * [3] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=punycode+firefox * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); /* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] @@ -818,7 +818,7 @@ user_pref("browser.download.manager.addToRecentDocs", false); * [SETUP-CHROME] This will break extensions, language packs, themes and any other * XPI files which are installed outside of profile and application directories * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] archived: https://archive.is/DYjAM ***/ + * [1] https://archive.is/DYjAM (archived) ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] From e5c128804cd4c89b2a624eb911edbc6de1b4ebb9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 10 Sep 2021 05:09:05 +0000 Subject: [PATCH 1729/1961] remove locale in link --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1711cc3..89dcba1 100644 --- a/user.js +++ b/user.js @@ -334,7 +334,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy - * [3] https://blog.mozilla.org/en/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ + * [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 5); /* 0706: disable proxy direct failover for system requests [FF91+] ***/ From 76c1aad4be7b4f7fa462b8d93f3069c2c77c2bbd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 10 Sep 2021 13:07:04 +0000 Subject: [PATCH 1730/1961] grammar --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 89dcba1..81abd79 100644 --- a/user.js +++ b/user.js @@ -615,7 +615,7 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); [4] https://github.com/stoically/temporary-containers/wiki ***/ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); -/* 1701: enable Container Tabs and it's UI setting [FF50+] +/* 1701: enable Container Tabs and its UI setting [FF50+] * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); user_pref("privacy.userContext.ui.enabled", true); @@ -680,7 +680,7 @@ user_pref("media.autoplay.blocking_policy", 2); user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); /* 2302: disable service workers [FF32, FF44-compat] * Service workers essentially act as proxy servers that sit between web apps, and the - * browser and network, are event driven, and can control the web page/site it is associated + * browser and network, are event driven, and can control the web page/site they are associated * with, intercepting and modifying navigation and resource requests, and caching resources. * [NOTE] Service workers require HTTPS, have no DOM access, and are not supported in PB mode [1] * [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for From 278336196c1d72bc83f3abd685d8ec78a8fec7a7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Sep 2021 05:31:21 +0000 Subject: [PATCH 1731/1961] nit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 81abd79..d513b1f 100644 --- a/user.js +++ b/user.js @@ -1306,7 +1306,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.fallback_delay", -1); /* 7013: disable Clipboard API - * [WHY] Fingerprintable. Breakage. They (cut/copy/paste) require user + * [WHY] Fingerprintable. Breakage. Cut/copy/paste require user * interaction, and paste is limited to focused editable fields ***/ // user_pref("dom.event.clipboardevents.enabled", false); From 1c6d63314411d2a0496f5547f4a1b46705dbc06a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Sep 2021 05:35:39 +0000 Subject: [PATCH 1732/1961] more nits --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d513b1f..e5710f9 100644 --- a/user.js +++ b/user.js @@ -245,7 +245,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 0400]: SAFE BROWSING (SB) SB has taken many steps to preserve privacy. If required, a full url is never sent to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes. - Firefox takes measures such as striping out identifying parameters and since SBv4 (FF57+) + Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) FWIW, Google also swear it is anonymized and only used to flag malicious sites. @@ -787,7 +787,7 @@ user_pref("network.IDN_show_punycode", true); /* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * PROS: pdfjs is lightweight, open source, and as secure/vetted more than most + * PROS: pdfjs is lightweight, open source, and more secure/vetted than most * Exploits are rare (one serious case in seven years), treated seriously and patched quickly. * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. From 044e3e76e8690934c5c89ce7969257b44bf38a6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Sep 2021 01:47:54 +0000 Subject: [PATCH 1733/1961] make 0706 more cromulent --- user.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e5710f9..02221bc 100644 --- a/user.js +++ b/user.js @@ -337,8 +337,10 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 5); -/* 0706: disable proxy direct failover for system requests [FF91+] ***/ -user_pref("network.proxy.failover_direct", false); +/* 0706: disable proxy direct failover for system requests [FF91+] + * [WARNING] Default true is a security feature against malicious extensions + * [SETUP-CHROME] If you use a proxy and you trust your extensions ***/ + // user_pref("network.proxy.failover_direct", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); From b37df0bcfe77ffb6521ec393a4087223fe9c4c3a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 25 Sep 2021 02:32:48 +0000 Subject: [PATCH 1734/1961] embiggen 4500, #1218 --- user.js | 48 ++++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/user.js b/user.js index 02221bc..ccbb827 100644 --- a/user.js +++ b/user.js @@ -34,7 +34,7 @@ ESR78 - If you are not using arkenfox v78... (not a definitive list) - 1244: HTTPS-Only mode is enabled - - 2502: non-native widget theme is enforced + - 4511: non-native widget theme is enforced - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -55,7 +55,6 @@ 2000: PLUGINS / MEDIA / WEBRTC 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) - 2500: FINGERPRINTING 2600: MISCELLANEOUS 2700: PERSISTENT STORAGE 2800: SHUTDOWN @@ -720,28 +719,6 @@ user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/*** [SECTION 2500]: FINGERPRINTING ***/ -user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* 2501: enforce no system colors - * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] -/* 2502: enforce non-native widget theme - * Security: removes/reduces system API calls, e.g. win32k API [1] - * Fingerprinting: provides a uniform look and feel across platforms [2] - * [1] https://bugzilla.mozilla.org/1381938 - * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] -/* 2503: open links targeting new windows in a new tab instead - * Stops malicious window sizes and some screen resolution leaks. - * You can still right-click a link and open in a new window - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab -user_pref("browser.link.open_newwindow.restriction", 0); -/* 2504: disable WebGL (Web Graphics Library) - * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ -user_pref("webgl.disabled", true); - /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: prevent accessibility services from accessing your browser [RESTART] @@ -1076,10 +1053,29 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); -/* 4510: disable showing about:blank as soon as possible during startup [FF60+] +/* 4506: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); +/* 4510: enforce no system colors + * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ +user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] +/* 4511: enforce non-native widget theme + * Security: removes/reduces system API calls, e.g. win32k API [1] + * Fingerprinting: provides a uniform look and feel across platforms [2] + * [1] https://bugzilla.mozilla.org/1381938 + * [2] https://bugzilla.mozilla.org/1411425 ***/ +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] +/* 4512: open links targeting new windows in a new tab instead + * Stops malicious window sizes and some screen resolution leaks. + * You can still right-click a link and open in a new window + * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen + * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ +user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab +user_pref("browser.link.open_newwindow.restriction", 0); +/* 4513: disable WebGL (Web Graphics Library) + * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ +user_pref("webgl.disabled", true); /*** [SECTION 5000]: OPTIONAL OPSEC Disk avoidance, application data isolation, eyeballs... @@ -1398,7 +1394,7 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 ***/ -user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); +user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); /* ESR78.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF79 From 5cdea955e779ef17df66187c6b0b4eb7f4aeb5cf Mon Sep 17 00:00:00 2001 From: a1346054 <36859588+a1346054@users.noreply.github.com> Date: Mon, 27 Sep 2021 15:23:12 +0000 Subject: [PATCH 1735/1961] Simple maintenance improvements (#1255) * Use direct check for existence of file * Fix shellcheck warnings * Unify codestyle in scripts * Trim excess whitespace --- README.md | 4 +- prefsCleaner.sh | 6 +- .../arkenfox-clear-RFP-alternatives.js | 3 +- scratchpad-scripts/troubleshooter.js | 3 +- updater.sh | 62 +++++++++---------- 5 files changed, 37 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 39ddaa1..1522a3e 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ The `arkenfox user.js` is a **template** which aims to provide as much privacy a Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. -Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. +Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. @@ -23,5 +23,3 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef ### 🟥 acknowledgments Literally thousands of sources, references and suggestions. Many thanks, and much appreciated. - - diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 60cf70e..497ebde 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -20,7 +20,7 @@ cd "$(dirname "${sfp}")" fQuit() { ## change directory back to the original working directory cd "${currdir}" - [ $1 -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2 + [ "$1" -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2 exit $1 } @@ -36,7 +36,7 @@ fFF_check() { # this isn't elegant and might not be future-proof but should at least be compatible with any environment while [ -e lock ]; do echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n" >&2 - read -p "Press any key to continue." + read -r -p "Press any key to continue." done } @@ -48,7 +48,7 @@ fClean() { if [[ "$line" =~ $prefexp && $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then prefs="${prefs}${BASH_REMATCH[1]}@@" fi - done <<< "`grep -E \"$prefexp\" user.js`" + done <<< "$(grep -E \"$prefexp\" user.js)" while IFS='' read -r line || [[ -n "$line" ]]; do if [[ "$line" =~ ^$prefexp ]]; then diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js index 9d251d4..4821fc3 100644 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js @@ -7,7 +7,7 @@ As of v91, section 4600 is no longer recommended, and is all inactive. This now includes the old 4700 section. You can reset them using prefsCleaner. - + For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] ***/ @@ -69,4 +69,3 @@ return 'all done'; })(); - diff --git a/scratchpad-scripts/troubleshooter.js b/scratchpad-scripts/troubleshooter.js index be64708..bd86786 100644 --- a/scratchpad-scripts/troubleshooter.js +++ b/scratchpad-scripts/troubleshooter.js @@ -1,4 +1,3 @@ - /*** arkenfox user.js troubleshooter.js v1.6.3 ***/ (function() { @@ -194,7 +193,7 @@ const aBAK = getMyList(aPREFS); //console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); - + const sMsg = "all detected prefs reset.\n\n" + "!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" + "IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" + diff --git a/updater.sh b/updater.sh index 6f761c9..a1f7070 100755 --- a/updater.sh +++ b/updater.sh @@ -41,9 +41,9 @@ ESR=false # Download method priority: curl -> wget DOWNLOAD_METHOD='' -if [[ $(command -v 'curl') ]]; then +if command -v curl >/dev/null; then DOWNLOAD_METHOD='curl --max-redirs 3 -so' -elif [[ $(command -v 'wget') ]]; then +elif command -v wget >/dev/null; then DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' else echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}" @@ -51,7 +51,7 @@ else fi -show_banner () { +show_banner() { echo -e "${BBLUE} ############################################################################ #### #### @@ -103,13 +103,13 @@ Optional Arguments: # File Handling # ######################### -download_file () { # expects URL as argument ($1) +download_file() { # expects URL as argument ($1) declare -r tf=$(mktemp) $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error } -open_file () { # expects one argument: file_path +open_file() { # expects one argument: file_path if [ "$(uname)" == 'Darwin' ]; then open "$1" elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then @@ -119,11 +119,11 @@ open_file () { # expects one argument: file_path fi } -readIniFile () { # expects one argument: absolute path of profiles.ini +readIniFile() { # expects one argument: absolute path of profiles.ini declare -r inifile="$1" # tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile - if [ $(grep -c '^\[Profile' "${inifile}") -eq "1" ]; then ### only 1 profile found + if [ "$(grep -c '^\[Profile' "${inifile}")" -eq "1" ]; then ### only 1 profile found tempIni="$(grep '^\[Profile' -A 4 "${inifile}")" else echo -e "Profiles found:\n––––––––––––––––––––––––––––––" @@ -150,7 +150,7 @@ readIniFile () { # expects one argument: absolute path of profiles.ini [[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}" } -getProfilePath () { +getProfilePath() { declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini declare -r f2=~/.mozilla/firefox/profiles.ini @@ -175,8 +175,8 @@ getProfilePath () { ######################### # Returns the version number of a updater.sh file -get_updater_version () { - echo $(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1") +get_updater_version() { + echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")" } # Update updater.sh @@ -184,14 +184,14 @@ get_updater_version () { # Args: # -d: New version will not be looked for and update will not occur # -u: Check for update, if available, execute without asking -update_updater () { - [ $UPDATE = 'no' ] && return 0 # User signified not to check for updates +update_updater() { + [ "$UPDATE" = 'no' ] && return 0 # User signified not to check for updates declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then - if [ $UPDATE = 'check' ]; then + if [ "$UPDATE" = 'check' ]; then echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" @@ -211,11 +211,11 @@ update_updater () { ######################### # Returns version number of a user.js file -get_userjs_version () { - [ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected." +get_userjs_version() { + [ -e "$1" ] && echo "$(sed -n '4p' "$1")" || echo "Not detected." } -add_override () { +add_override() { input=$1 if [ -f "$input" ]; then echo "" >> user.js @@ -235,27 +235,27 @@ add_override () { fi } -remove_comments () { # expects 2 arguments: from-file and to-file +remove_comments() { # expects 2 arguments: from-file and to-file sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2" } # Applies latest version of user.js and any custom overrides -update_userjs () { +update_userjs() { declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed echo -e "Please observe the following information: Firefox profile: ${ORANGE}$(pwd)${NC} - Available online: ${ORANGE}$(get_userjs_version $newfile)${NC} + Available online: ${ORANGE}$(get_userjs_version "$newfile")${NC} Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n" - if [ $CONFIRM = 'yes' ]; then + if [ "$CONFIRM" = 'yes' ]; then echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" read -p "" -n 1 -r echo -e "\n" if [[ $REPLY =~ ^[Nn]$ ]]; then echo -e "${RED}Process aborted${NC}" - rm $newfile + rm "$newfile" return 1 fi fi @@ -269,7 +269,7 @@ update_userjs () { # backup user.js mkdir -p userjs_backups local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" - [ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup' + [ "$BACKUP" = 'single' ] && bakname='userjs_backups/user.js.backup' cp user.js "$bakname" &>/dev/null mv "${newfile}" user.js @@ -295,19 +295,19 @@ update_userjs () { past_nocomments='userjs_diffs/past_userjs.txt' current_nocomments='userjs_diffs/current_userjs.txt' - remove_comments $pastuserjs $past_nocomments - remove_comments user.js $current_nocomments + remove_comments "$pastuserjs" "$past_nocomments" + remove_comments user.js "$current_nocomments" diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt" - diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments) - if [ ! -z "$diff" ]; then + diff=$(diff -w -B -U 0 "$past_nocomments" "$current_nocomments") + if [ -n "$diff" ]; then echo "$diff" > "$diffname" echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" else echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" - [ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null + [ "$BACKUP" = 'multiple' ] && rm "$bakname" &>/dev/null fi - rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null + rm "$past_nocomments" "$current_nocomments" "$pastuserjs" &>/dev/null fi [ "$VIEW" = true ] && open_file "${PWD}/user.js" @@ -319,7 +319,7 @@ update_userjs () { if [ $# != 0 ]; then # Display usage if first argument is -help or --help - if [ $1 = '--help' ] || [ $1 = '-help' ]; then + if [ "$1" = '--help' ] || [ "$1" = '-help' ]; then usage else while getopts ":hp:ludsno:bcvre" opt; do @@ -363,7 +363,7 @@ if [ $# != 0 ]; then r) tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed - mv $tfile "${tfile}.js" + mv "$tfile" "${tfile}.js" echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" open_file "${tfile}.js" exit 0 @@ -382,7 +382,7 @@ if [ $# != 0 ]; then fi show_banner -update_updater $@ +update_updater "$@" getProfilePath # updates PROFILE_PATH or exits on error cd "$PROFILE_PATH" && update_userjs From 6381b1aeb9e7e4e485f4f6e7faa37d7f00b7970f Mon Sep 17 00:00:00 2001 From: a1346054 <36859588+a1346054@users.noreply.github.com> Date: Tue, 28 Sep 2021 19:24:54 +0000 Subject: [PATCH 1736/1961] prefsCleaner.sh: Fix invalid regular expression (#1258) --- prefsCleaner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 497ebde..7db9ef0 100644 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -48,7 +48,7 @@ fClean() { if [[ "$line" =~ $prefexp && $prefs != *"@@${BASH_REMATCH[1]}@@"* ]]; then prefs="${prefs}${BASH_REMATCH[1]}@@" fi - done <<< "$(grep -E \"$prefexp\" user.js)" + done <<< "$(grep -E "$prefexp" user.js)" while IFS='' read -r line || [[ -n "$line" ]]; do if [[ "$line" =~ ^$prefexp ]]; then From 8404e8a59c6c54142594f6a856bb50b46227b130 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Oct 2021 03:04:14 +0000 Subject: [PATCH 1737/1961] tidy, closes #1260 --- user.js | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index ccbb827..f64d4a4 100644 --- a/user.js +++ b/user.js @@ -131,7 +131,8 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] /* 0204: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] -/* 0210: set preferred language for displaying web pages +/* 0210: set preferred language for displaying pages + * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0211: use US English locale regardless of the system locale @@ -495,13 +496,14 @@ user_pref("security.tls.enable_0rtt_data", false); [1] https://scotthelme.co.uk/revocation-is-broken/ [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ -/* 1211: control when to use OCSP fetching (to confirm current validity of certificates) +/* 1211: enforce OCSP fetching to confirm current validity of certificates * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) * It's a trade-off between security (checking) and privacy (leaking info to the CA) * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling + * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... * [1] https://en.wikipedia.org/wiki/Ocsp ***/ -user_pref("security.OCSP.enabled", 1); +user_pref("security.OCSP.enabled", 1); // [DEFAULT: true] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) @@ -527,7 +529,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ user_pref("security.family_safety.mode", 0); /* 1223: enable strict pinning - * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ @@ -566,7 +568,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) + * 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default) * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages @@ -1066,14 +1068,18 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * [1] https://bugzilla.mozilla.org/1381938 * [2] https://bugzilla.mozilla.org/1411425 ***/ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] -/* 4512: open links targeting new windows in a new tab instead +/* 4512: enforce links targeting new windows to open in a new tab instead + * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window + * [SETTING] General>Tabs>Open links in tabs instead of new windows * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab +user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] +/* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) + * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 4513: disable WebGL (Web Graphics Library) +/* 4520: disable WebGL (Web Graphics Library) * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ user_pref("webgl.disabled", true); From 380a88ee57a3af1fd3accf023b31e7e46f9ea855 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 5 Oct 2021 11:14:16 +0000 Subject: [PATCH 1738/1961] oophs --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f64d4a4..7fcd110 100644 --- a/user.js +++ b/user.js @@ -503,7 +503,7 @@ user_pref("security.tls.enable_0rtt_data", false); * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... * [1] https://en.wikipedia.org/wiki/Ocsp ***/ -user_pref("security.OCSP.enabled", 1); // [DEFAULT: true] +user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) From 412c8f9f94fcc058b9bf5f7dfbd824a1255a51a9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 9 Oct 2021 07:14:20 +0000 Subject: [PATCH 1739/1961] 0807 urlbar contextual suggestions, #1257 --- user.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 7fcd110..2d470a5 100644 --- a/user.js +++ b/user.js @@ -375,18 +375,23 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * 0=never resolve single words, 1=heuristic (default), 2=always resolve * [1] https://bugzilla.mozilla.org/1642623 ***/ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -/* 0807: disable tab-to-search [FF85+] +/* 0807: disable location bar contextual suggestions [FF92+] + * [SETTING] Privacy & Security>Address Bar>Contextual Suggestions + * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ +user_pref("browser.urlbar.suggest.quicksuggest", false); +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +/* 0808: disable tab-to-search [FF85+] * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ // user_pref("browser.urlbar.suggest.engines", false); -/* 0808: disable search and form history +/* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2803) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); -/* 0809: disable Form Autofill +/* 0811: disable Form Autofill * [NOTE] Stored data is NOT secure (uses a JSON file) * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses @@ -396,7 +401,7 @@ user_pref("extensions.formautofill.available", "off"); // [FF56+] user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -/* 0810: disable coloring of visited links +/* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] From 535346df87879d5526d7f6325db3f84baf6d7b33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 10 Oct 2021 23:55:39 +0000 Subject: [PATCH 1740/1961] Delete arkenfox-clear-RFP-alternatives.js --- .../arkenfox-clear-RFP-alternatives.js | 71 ------------------- 1 file changed, 71 deletions(-) delete mode 100644 scratchpad-scripts/arkenfox-clear-RFP-alternatives.js diff --git a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js deleted file mode 100644 index 4821fc3..0000000 --- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js +++ /dev/null @@ -1,71 +0,0 @@ -/*** - This will reset the preferences that are under sections 4600 & 4700 in the - arkenfox user.js. These are the prefs that are no longer necessary, or they - conflict with, privacy.resistFingerprinting if you have that enabled. - - Final update: 10-August-2021 - - As of v91, section 4600 is no longer recommended, and is all inactive. This - now includes the old 4700 section. You can reset them using prefsCleaner. - - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(() => { - - if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); - - const aPREFS = [ - /* section 4600 */ - 'dom.maxHardwareConcurrency', - 'dom.enable_resource_timing', - 'dom.enable_performance', - 'device.sensors.enabled', - 'browser.zoom.siteSpecific', - 'dom.gamepad.enabled', - 'dom.netinfo.enabled', - 'media.webspeech.synth.enabled', - 'media.video_stats.enabled', - 'dom.w3c_touch_events.enabled', - 'media.navigator.enabled', - 'media.ondevicechange.enabled', - 'webgl.enable-debug-renderer-info', - 'ui.prefersReducedMotion', - 'dom.w3c_pointer_events.enabled', // deprecated FF87 - 'ui.use_standins_for_native_colors', - 'ui.systemUsesDarkTheme', - 'dom.webaudio.enabled', - 'layout.css.font-visibility.level', - /* section 4700 */ - 'general.appname.override', - 'general.appversion.override', - 'general.buildID.override', - 'general.oscpu.override', - 'general.platform.override', - 'general.useragent.override', - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ]; - - console.clear(); - - let c = 0; - for (const sPname of aPREFS) { - if (Services.prefs.prefHasUserValue(sPname)) { - Services.prefs.clearUserPref(sPname); - if (!Services.prefs.prefHasUserValue(sPname)) { - console.info('reset', sPname); - c++; - } else console.warn('failed to reset', sPname); - } - } - - focus(); - - const d = (c==1) ? ' pref' : ' prefs'; - alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); - - return 'all done'; - -})(); From a764149520fdd2082b3efa5b74f1d5250d4b9ac0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 11 Oct 2021 13:56:38 +0000 Subject: [PATCH 1741/1961] v92 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 2d470a5..6e436be 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 10 September 2021 -* version 92-alpha +* date: 11 October 2021 +* version 92 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 85438d00e457bff692303af519da618c6372476b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 12 Oct 2021 08:23:46 +0000 Subject: [PATCH 1742/1961] v93 deprecated --- user.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 6e436be..4e297a5 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 11 October 2021 -* version 92 +* date: 12 October 2021 +* version 93 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1272,7 +1272,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS - // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES /* 7004: control TLS versions * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] @@ -1406,6 +1405,14 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); +/* ESR91.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF93 +// 7003: disable non-modern cipher suites + // [-] https://bugzilla.mozilla.org/1724072 + // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES +// ***/ + /* ESR78.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF79 From 7d68a3297147d7878a14defe0d10a560252d7fd3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 25 Oct 2021 17:41:16 +0000 Subject: [PATCH 1743/1961] start 94-alpha - and remove obsolete ESR78 notations - note: we leave the deprecated ESR78.x section and item 6050 until v95 so users upgrading to ESR91 can easily reset those prefs with prefsCleaner --- user.js | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index 4e297a5..7aa3002 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 October 2021 -* version 93 +* date: 25 October 2021 +* version 94-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -31,10 +31,8 @@ * It is best to use the arkenfox release that is optimized for and matches your Firefox version * EVERYONE: each release - run prefsCleaner to reset prefs made inactive, including deprecated (9999s) - ESR78 - - If you are not using arkenfox v78... (not a definitive list) - - 1244: HTTPS-Only mode is enabled - - 4511: non-native widget theme is enforced + ESR91 + - If you are not using arkenfox v91... (not a definitive list) - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -104,7 +102,7 @@ user_pref("browser.newtab.preload", false); * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+] +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false] user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); @@ -127,7 +125,7 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] /* 0203: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ user_pref("browser.region.network.url", ""); // [FF78+] -user_pref("browser.region.update.enabled", false); // [[FF79+] +user_pref("browser.region.update.enabled", false); // [FF79+] /* 0204: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] @@ -321,13 +319,12 @@ user_pref("network.proxy.socks_remote_dns", true); * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] -/* 0704: disable GIO as a potential proxy bypass vector +/* 0704: disable GIO as a potential proxy bypass vector [FF60+] * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) * [1] https://bugzilla.mozilla.org/1433507 - * [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044 - * [3] https://en.wikipedia.org/wiki/GVfs - * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ + * [2] https://en.wikipedia.org/wiki/GVfs + * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+] * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off @@ -729,7 +726,6 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); /* 2601: prevent accessibility services from accessing your browser [RESTART] - * [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser (FF80 or lower) * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); /* 2602: disable sending additional analytics to web servers @@ -981,14 +977,13 @@ user_pref("privacy.firstparty.isolate", true); 418986 - limit window.screen & CSS media queries (FF41) [TEST] https://arkenfox.github.io/TZP/tzp.html#screen 1281949 - spoof screen orientation (FF50) - 1281963 - hide contents of navigator.plugins and navigator.mimeTypes (FF50-88) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) 1217238 - reduce precision of time exposed by javascript (FF55) FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API - JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux + JS: the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux HTTP Headers: spoofed as Windows or Android 1369319 - disable device sensor API 1369357 - disable site specific zoom @@ -1001,8 +996,6 @@ user_pref("privacy.firstparty.isolate", true); 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist - 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) - Blocks exposure of local IP Addresses via mDNS (Multicast DNS) FF58-90 967895 - spoof canvas and enable site permission prompt (FF58) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) @@ -1072,7 +1065,7 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * Fingerprinting: provides a uniform look and feel across platforms [2] * [1] https://bugzilla.mozilla.org/1381938 * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] /* 4512: enforce links targeting new windows to open in a new tab instead * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. @@ -1215,12 +1208,12 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /* 6005: enforce window.opener protection [FF65+] * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ -user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] +user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] /* 6006: enforce "window.name" protection [FF82+] * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ -user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+] +user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] /* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/ // user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // user_pref("browser.send_pings.require_same_host", ""); @@ -1291,7 +1284,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7008: set the default Referrer Policy [FF59+] * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/ - // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+] + // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] /* 7009: disable HTTP2 * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] From 094356e0739bfeae95775384d45cb01f7132c9f1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 25 Oct 2021 20:56:18 +0000 Subject: [PATCH 1744/1961] 0706: add reference --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7aa3002..553bea9 100644 --- a/user.js +++ b/user.js @@ -335,8 +335,9 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 5); /* 0706: disable proxy direct failover for system requests [FF91+] - * [WARNING] Default true is a security feature against malicious extensions - * [SETUP-CHROME] If you use a proxy and you trust your extensions ***/ + * [WARNING] Default true is a security feature against malicious extensions [1] + * [SETUP-CHROME] If you use a proxy and you trust your extensions + * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/ // user_pref("network.proxy.failover_direct", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ From ba92918d38757e858ed0dd98e2f6367dfe87b51a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 26 Oct 2021 10:16:42 +0000 Subject: [PATCH 1745/1961] don't disable system addon updates, closes #1251 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 553bea9..e1476e7 100644 --- a/user.js +++ b/user.js @@ -161,9 +161,6 @@ user_pref("app.update.background.scheduling.enabled", false); /* 0306: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); -/* 0307: disable System Add-on updates ***/ -user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] -user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /** RECOMMENDATIONS ***/ /* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/ @@ -1311,6 +1308,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Fingerprintable. Breakage. Cut/copy/paste require user * interaction, and paste is limited to focused editable fields ***/ // user_pref("dom.event.clipboardevents.enabled", false); +/* 7014: disable System Add-on updates + * [WHY] It can compromise security. System addons ship with prefs, use those ***/ + // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] + // user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 15158974496806e8ee9564d0b36fe0cbbb0f869f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 2 Nov 2021 16:07:42 +0000 Subject: [PATCH 1746/1961] default changes --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index e1476e7..7133ca4 100644 --- a/user.js +++ b/user.js @@ -1294,7 +1294,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7010: disable HTTP Alternative Services [FF37+] * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ // user_pref("network.http.altsvc.enabled", false); - // user_pref("network.http.altsvc.oe", false); + // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] /* 7011: disable website control over browser right-click context menu * [WHY] Just use Shift-Right-Click ***/ // user_pref("dom.event.contextmenu.enabled", false); @@ -1355,7 +1355,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("startup.homepage_welcome_url.additional", ""); // user_pref("startup.homepage_override_url", ""); // What's New page after updates /* WARNINGS ***/ - // user_pref("browser.tabs.warnOnClose", false); + // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+] // user_pref("browser.tabs.warnOnCloseOtherTabs", false); // user_pref("browser.tabs.warnOnOpen", false); // user_pref("full-screen-api.warning.delay", 0); From 0f8217ad60c7284b8b0539246260088e982edf98 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 Nov 2021 16:18:35 +0000 Subject: [PATCH 1747/1961] cleanup sanitizing-on-close prefs --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 7133ca4..dc5a65c 100644 --- a/user.js +++ b/user.js @@ -898,7 +898,7 @@ user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins -user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences + // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox @@ -910,9 +910,9 @@ user_pref("privacy.cpd.cookies", true); user_pref("privacy.cpd.formdata", true); // Form & Search History user_pref("privacy.cpd.history", true); // Browsing & Download History user_pref("privacy.cpd.offlineApps", true); // Offline Website Data -user_pref("privacy.cpd.passwords", false); // this is not listed + // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] this is not listed user_pref("privacy.cpd.sessions", true); // Active Logins -user_pref("privacy.cpd.siteSettings", false); // Site Preferences + // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803) * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) From bd59131d3e56b9fdafe7aa7b5889106bb9f484a9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 Nov 2021 22:38:16 +0000 Subject: [PATCH 1748/1961] default changes, missed one --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index dc5a65c..f2b2ff4 100644 --- a/user.js +++ b/user.js @@ -1055,9 +1055,9 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); -/* 4510: enforce no system colors +/* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] +user_pref("browser.display.use_system_colors", false); /* 4511: enforce non-native widget theme * Security: removes/reduces system API calls, e.g. win32k API [1] * Fingerprinting: provides a uniform look and feel across platforms [2] From 17beb468f1ce5acf1438e17f7ed9490a5377f45c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 Nov 2021 22:44:23 +0000 Subject: [PATCH 1749/1961] tweak 1510 default info --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index f2b2ff4..bc2d1d5 100644 --- a/user.js +++ b/user.js @@ -1057,7 +1057,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] user_pref("browser.startup.blankWindow", false); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); +user_pref("browser.display.use_system_colors", false); // [DEFAULT false NON-WINDOWS] /* 4511: enforce non-native widget theme * Security: removes/reduces system API calls, e.g. win32k API [1] * Fingerprinting: provides a uniform look and feel across platforms [2] From f8932dced142ec5ea633bfb163bfc7579ac38a07 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 7 Nov 2021 06:48:45 +0000 Subject: [PATCH 1750/1961] remove ambiguous line The point was that google have said (stated in policy, but fuck knows where that is located these days) that it is anonymized and not used for tracking. It's an API used by **_4 billion devices_** - the API has privacy policies for use. If a whistleblower or someone else found out that google was using this to enhance their user profiling, then all hell would break loose. And they don't even need this to fuel their ad revenue. It is provided, gratis, to the web to help ensure security - they wouldn't dare taint it and get it caught up in a privacy scandal involving **+4 billion devices_**. And in all this time (since 2007), there has been no such whistleblower or proof it is used to track or announcements by google of changes to the contrary. Anyway, a quick search brings up - Here is their policy - https://www.google.com/intl/en_us/privacy/browsing.html - it's empty and points to - https://www.google.com/intl/en/chrome/privacy/ - and if you scroll down to "Safe Browsing practices" it doesn't say anything about privacy policies for the API itself (or the owner of the API) - it just spells out what happens in chrome - I'm not going to bother to look any further and find a history of policy changes Anyway, this is Firefox and hashes are part hashes bundled with other real hashes - and we turned off real time binary checks. So this line can fuck the fuck off. It was meant to reassure those who want the security of real-time binary checks, that privacy "shouldn't" be an issue, but I'm not going to expand on it --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index bc2d1d5..68d5560 100644 --- a/user.js +++ b/user.js @@ -242,7 +242,6 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes. Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - FWIW, Google also swear it is anonymized and only used to flag malicious sites. [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [2] https://wiki.mozilla.org/Security/Safe_Browsing From e2e7f9c64704ab75a22a5efd911af3845a0fefdf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 16 Nov 2021 11:56:20 +0000 Subject: [PATCH 1751/1961] font vis changes (#1275) --- user.js | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 68d5560..ec57b4a 100644 --- a/user.js +++ b/user.js @@ -582,12 +582,15 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable rendering of SVG OpenType fonts ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); -/* 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - * [NOTE] In FF80+ RFP ignores the pref and uses value 1 +/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed + * In normal windows: uses the first applicable: RFP (4506) over TP over Standard + * In Private Browsing windows: uses the most restrictive between normal and private * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ - // user_pref("layout.css.font-visibility.level", 1); + // user_pref("layout.css.font-visibility.private", 1); + // user_pref("layout.css.font-visibility.standard", 1); + // user_pref("layout.css.font-visibility.trackingprotection", 1); /*** [SECTION 1600]: HEADERS / REFERERS Expect some breakage e.g. banks: use an extension if you need precise control @@ -1050,7 +1053,9 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); -/* 4506: disable showing about:blank as soon as possible during startup [FF60+] +/* 4506: set RFP's font visibility level (1402) [FF94+] ***/ + // user_pref("layout.css.font-visibility.resistFingerprinting", 1); +/* 4507: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ user_pref("browser.startup.blankWindow", false); @@ -1405,6 +1410,10 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m // 7003: disable non-modern cipher suites // [-] https://bugzilla.mozilla.org/1724072 // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES +// FF94 +// 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 + // [-] https://bugzilla.mozilla.org/1715507 + // user_pref("layout.css.font-visibility.level", 1); // ***/ /* ESR78.x still uses all the following prefs From 2f88ca2e40351211d95e21a52aec0eae364a26f8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Nov 2021 01:28:21 +0000 Subject: [PATCH 1752/1961] misc - move DoH so it has room to grow - tidy privacy.clearOnShutdown, privacy.cpd --- user.js | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index ec57b4a..048cc8d 100644 --- a/user.js +++ b/user.js @@ -322,7 +322,12 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] -/* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+] +/* 0705: disable proxy direct failover for system requests [FF91+] + * [WARNING] Default true is a security feature against malicious extensions [1] + * [SETUP-CHROME] If you use a proxy and you trust your extensions + * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/ + // user_pref("network.proxy.failover_direct", false); +/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ @@ -330,11 +335,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 5); -/* 0706: disable proxy direct failover for system requests [FF91+] - * [WARNING] Default true is a security feature against malicious extensions [1] - * [SETUP-CHROME] If you use a proxy and you trust your extensions - * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/ - // user_pref("network.proxy.failover_direct", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); @@ -887,33 +887,33 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /* 2802: enable Firefox to clear items on shutdown (2803) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] +/* 2803: set/enforce what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] * [NOTE] If "history" is true, downloads will also be cleared - * [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication [1] - * [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) + * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies + * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ -user_pref("privacy.clearOnShutdown.cache", true); -user_pref("privacy.clearOnShutdown.cookies", true); -user_pref("privacy.clearOnShutdown.downloads", true); // see note above -user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History -user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History -user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data -user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins +user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.cookies", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.offlineApps", true); // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ -user_pref("privacy.cpd.cache", true); -user_pref("privacy.cpd.cookies", true); +user_pref("privacy.cpd.cache", true); // [DEFAULT: true] +user_pref("privacy.cpd.cookies", true); // [DEFAULT: true] +user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] +user_pref("privacy.cpd.history", true); // [DEFAULT: true] +user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] +user_pref("privacy.cpd.offlineApps", true); // user_pref("privacy.cpd.downloads", true); // not used, see note above -user_pref("privacy.cpd.formdata", true); // Form & Search History -user_pref("privacy.cpd.history", true); // Browsing & Download History -user_pref("privacy.cpd.offlineApps", true); // Offline Website Data // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] this is not listed -user_pref("privacy.cpd.sessions", true); // Active Logins // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803) From 34bd3c5a0409bc21f339794e602aa343afdd50e7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Nov 2021 05:40:49 +0000 Subject: [PATCH 1753/1961] consolidate/simplify sanitizing, fixes #1256 move all sanitizing on exit prefs into 2800 switch to cookie lifetime as session - now users can utilize exceptions (as allow) - session cookies still block service workers (which we disable anyway) - we still block 3rd party cookies (until we move to dFPI) - we still have defense in depth for 3rd party cookies with 2803 - we still bulk sanitize offlineApps on exit: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) - i.e you get to keep the cookies only IF you add an exception add `privacy.clearsitedata.cache.enabled` --- user.js | 74 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 35 deletions(-) diff --git a/user.js b/user.js index 048cc8d..3176eaa 100644 --- a/user.js +++ b/user.js @@ -16,7 +16,7 @@ * There are often trade-offs and conflicts between security vs privacy vs anti-fingerprinting and these need to be balanced against functionality & convenience & breakage * Some site breakage and unintended consequences will happen. Everyone's experience will differ - e.g. some user data is erased on close (section 2800), change this to suit your needs + e.g. some user data is erased on exit (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags e.g. third party images/videos not loading on some sites? check 1601 * Take the wiki link in step 2 and read the Troubleshooting entry @@ -55,7 +55,7 @@ 2400: DOM (DOCUMENT OBJECT MODEL) 2600: MISCELLANEOUS 2700: PERSISTENT STORAGE - 2800: SHUTDOWN + 2800: SHUTDOWN & SANITIZING 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) 5000: OPTIONAL OPSEC @@ -85,7 +85,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is cleared with history (2803, 2804), and not used in Private Browsing mode + * [NOTE] Session Restore is cleared with history (2811, 2812), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -380,7 +380,7 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // user_pref("browser.urlbar.suggest.engines", false); /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] - * [NOTE] We also clear formdata on exit (2803) + * [NOTE] We also clear formdata on exit (2811) * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ @@ -398,7 +398,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing - * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5] + * attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5] * and advanced targeted timing attacks could still produce usable results * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector * [2] https://dbaron.org/mozilla/visited-privacy @@ -439,7 +439,7 @@ user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this - * [NOTE] We also clear cache on exit (2803) ***/ + * [NOTE] We also clear cache on exit (2811) ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB @@ -838,17 +838,6 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/ user_pref("network.cookie.cookieBehavior", 1); user_pref("browser.contentblocking.category", "custom"); -/* 2702: set third-party cookies (if enabled, see 2701) to session-only - * [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and - * .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones - * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ -user_pref("network.cookie.thirdparty.sessionOnly", true); -user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] -/* 2703: delete cookies and site data on close - * 0=keep until they expire (default), 2=keep until you close Firefox - * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2) - * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ - // user_pref("network.cookie.lifetimePolicy", 2); /* 2710: enable Enhanced Tracking Protection (ETP) in all windows * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content * [SETTING] to add site exceptions: Urlbar>ETP Shield @@ -859,7 +848,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 2740: disable service worker cache and cache storage - * [NOTE] We clear service worker cache on exit (2803) + * [NOTE] We clear service worker cache on exit (2811) * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ // user_pref("dom.caches.enabled", false); /* 2750: disable Storage API [FF51+] @@ -876,52 +865,67 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true); /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] -/*** [SECTION 2800]: SHUTDOWN - * Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under - Privacy & Security>Delete cookies and site data when Firefox is closed (1681701) - * If you want to keep some sites' cookies (exception as "Allow") and optionally other site - data but clear all the rest on close, then you need to set the "cookie" and optionally the - "offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703) -***/ +/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/* 2802: enable Firefox to clear items on shutdown (2803) +/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ +/* 2801: delete cookies and site data on exit + * 0=keep until they expire (default), 2=keep until you close Firefox + * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow + * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("network.cookie.lifetimePolicy", 2); +/* 2802: delete cache on exit [FF96+] + * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + * [1] https://bugzilla.mozilla.org/1671182 ***/ + // user_pref("privacy.clearsitedata.cache.enabled", true); +/* 2803: set third-party cookies to session-only + * [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and + * .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones + * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/ +user_pref("network.cookie.thirdparty.sessionOnly", true); +user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] + +/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/ +/* 2810: enable Firefox to clear items on shutdown (2811) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/* 2803: set/enforce what items to clear on shutdown (if 2802 is true) [SETUP-CHROME] +/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] + * sanitizingOnShutdown is all or nothing, it does not allow exceptions (1681701) * [NOTE] If "history" is true, downloads will also be cleared * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.cookies", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.cookies", false); user_pref("privacy.clearOnShutdown.offlineApps", true); // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] Site Preferences -/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME] +/* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ user_pref("privacy.cpd.cache", true); // [DEFAULT: true] -user_pref("privacy.cpd.cookies", true); // [DEFAULT: true] user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] user_pref("privacy.cpd.history", true); // [DEFAULT: true] user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] +user_pref("privacy.cpd.cookies", false); user_pref("privacy.cpd.offlineApps", true); // user_pref("privacy.cpd.downloads", true); // not used, see note above // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] this is not listed // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] Site Preferences -/* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+] - * [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803) +/* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+] + * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); -/* 2806: reset default "Time range to clear" for "Clear Recent History" (2804) +/* 2814: reset default "Time range to clear" for "Clear Recent History" (2812) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -1117,7 +1121,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5006: disable favicons in history and bookmarks * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your * actual history (and bookmarks) already do. Your history is more detailed, so - * control that instead; e.g. disable history, clear history on close, use PB mode + * control that instead; e.g. disable history, clear history on exit, use PB mode * [NOTE] favicons.sqlite is sanitized on Firefox close ***/ // user_pref("browser.chrome.site_icons", false); /* 5007: exclude "Undo Closed Tabs" in Session Restore ***/ @@ -1141,7 +1145,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 5013: disable browsing and download history - * [NOTE] We also clear history and downloads on exit (2803) + * [NOTE] We also clear history and downloads on exit (2811) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 5014: disable Windows jumplist [WINDOWS] ***/ From c9e4cac618acc2ed935676f73b0933378d923596 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Nov 2021 18:08:07 +0000 Subject: [PATCH 1754/1961] tweak webRTC webRTC will be overhauled... but not today... in the meantime - remove dead link before @dngray has a hernia - correctly refer to the type of IP leak --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 3176eaa..84de010 100644 --- a/user.js +++ b/user.js @@ -632,11 +632,10 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not - * in your threat model, and you want Real-Time Communication, this is the pref for you - * [1] https://www.privacytools.io/#webrtc ***/ + * [SETUP-WEB] WebRTC can leak your private network address from behind your VPN, but if this + * is not your threat model, and you want Real-Time Communication, this is the pref for you ***/ user_pref("media.peerconnection.enabled", false); -/* 2002: limit WebRTC IP leaks if using WebRTC +/* 2002: limit WebRTC private network address leaks * In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3] * [TEST] https://browserleaks.com/webrtc * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 From 6b351a9458a307bfa37d0e61c7434a616f4de006 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Nov 2021 18:15:53 +0000 Subject: [PATCH 1755/1961] fixup trade-offs anti-fingerprinting doesn't fit here: it's not a major component or priority of this user.js, and only a few prefs outside RFP (as a robust built-in browser solution that defeats naive scripts) have anything to do with it --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 84de010..10f9857 100644 --- a/user.js +++ b/user.js @@ -13,7 +13,7 @@ * https://github.com/arkenfox/user.js/wiki 3. If you skipped step 2, return to step 2 4. Make changes - * There are often trade-offs and conflicts between security vs privacy vs anti-fingerprinting + * There are often trade-offs and conflicts between security vs privacy vs anti-tracking and these need to be balanced against functionality & convenience & breakage * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on exit (section 2800), change this to suit your needs From 58d0161b67540dbf418e9bac39e2eaa2becfc169 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Nov 2021 07:05:01 +0000 Subject: [PATCH 1756/1961] add warnOnQuitShortcut, closes #1270 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 10f9857..80d0bf1 100644 --- a/user.js +++ b/user.js @@ -1365,6 +1365,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+] // user_pref("browser.tabs.warnOnCloseOtherTabs", false); // user_pref("browser.tabs.warnOnOpen", false); + // user_pref("browser.tabs.warnOnQuitShortcut", false); // [FF94+] // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ From cbfb8abf1544c3e87f412f64a9747bd1dea4a705 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Nov 2021 07:11:43 +0000 Subject: [PATCH 1757/1961] 94 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 80d0bf1..c8f88fe 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 25 October 2021 -* version 94-alpha +* date: 23 November 2021 +* version 94 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 6027aaa45ddaf3072d7675364a58bea9bb08440a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Nov 2021 12:02:50 +0000 Subject: [PATCH 1758/1961] fixup warnOnQuitShortcut --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index c8f88fe..2be91c2 100644 --- a/user.js +++ b/user.js @@ -1365,7 +1365,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+] // user_pref("browser.tabs.warnOnCloseOtherTabs", false); // user_pref("browser.tabs.warnOnOpen", false); - // user_pref("browser.tabs.warnOnQuitShortcut", false); // [FF94+] + // user_pref("browser.warnOnQuitShortcut", false); // [FF94+] // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ From 4b393b9b1220481bf544153893995ba2e4bff7d8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Nov 2021 01:09:10 +0000 Subject: [PATCH 1759/1961] start 95-alpha --- user.js | 88 ++++----------------------------------------------------- 1 file changed, 6 insertions(+), 82 deletions(-) diff --git a/user.js b/user.js index 2be91c2..639e164 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 23 November 2021 -* version 94 +* date: 24 November 2021 +* version 95-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -442,8 +442,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * [NOTE] We also clear cache on exit (2811) ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB - * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/ + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); /* 1003: disable storing extra session data [SETUP-CHROME] @@ -1219,23 +1218,8 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/ - // user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); - // user_pref("browser.send_pings.require_same_host", ""); - // user_pref("dom.allow_cut_copy", ""); - // user_pref("dom.vibrator.enabled", ""); - // user_pref("media.getusermedia.audiocapture.enabled", ""); - // user_pref("media.getusermedia.browser.enabled", ""); - // user_pref("media.getusermedia.screensharing.enabled", ""); - // user_pref("media.gmp-widevinecdm.visible", ""); - // user_pref("network.http.redirection-limit", ""); - // user_pref("privacy.partition.network_state", ""); - // user_pref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+] - // user_pref("security.mixed_content.block_active_content", ""); // [DEFAULT: true since at least FF60] - // user_pref("security.ssl.enable_ocsp_stapling", ""); // [DEFAULT: true FF26+] - // user_pref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+] - // user_pref("webgl.enable-webgl2", ""); - // user_pref("webgl.min_capability_mode", ""); +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF91+ ***/ + // placeholder /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1404,7 +1388,7 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1] + Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); @@ -1420,65 +1404,5 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m // user_pref("layout.css.font-visibility.level", 1); // ***/ -/* ESR78.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF79 -// 0212: enforce fallback text encoding to match en-US - // When the content or server doesn't declare a charset the browser will - // fallback to the "Current locale" based on your application language - // [TEST] https://hsivonen.com/test/moz/check-charset.htm - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 - // [-] https://bugzilla.mozilla.org/1603712 -user_pref("intl.charset.fallback.override", "windows-1252"); -// FF82 -// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" - // i.e. ignore all of Mozilla's various search engines in multiple locales - // [-] https://bugzilla.mozilla.org/1619926 -user_pref("browser.search.geoSpecificDefaults", false); -user_pref("browser.search.geoSpecificDefaults.url", ""); -// FF86 -// 1205: disable SSL Error Reporting - // [1] https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html - // [-] https://bugzilla.mozilla.org/1681839 -user_pref("security.ssl.errorReporting.automatic", false); -user_pref("security.ssl.errorReporting.enabled", false); -user_pref("security.ssl.errorReporting.url", ""); -// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin - // [-] https://bugzilla.mozilla.org/1581678 -user_pref("browser.download.hide_plugins_without_extensions", false); -// FF87 -// 0105d: disable Activity Stream recent Highlights in the Library [FF57+] - // [-] https://bugzilla.mozilla.org/1689405 - // user_pref("browser.library.activity-stream.enabled", false); -// 8002: disable PointerEvents - // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent - // [-] https://bugzilla.mozilla.org/1688105 - // user_pref("dom.w3c_pointer_events.enabled", false); -// FF89 -// 0309: disable sending Flash crash reports - // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] -user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -// 0310: disable sending the URL of the website where a plugin crashed - // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] -user_pref("dom.ipc.plugins.reportCrashURL", false); -// 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] - // [1] https://bugzilla.mozilla.org/1190623 - // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] -user_pref("security.mixed_content.block_object_subrequest", true); -// 1803: disable Flash plugin - // 0=deactivated, 1=ask, 2=enabled - // ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash - // [NOTE] You can still override individual sites via site permissions - // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] -user_pref("plugin.state.flash", 0); // [DEFAULT: 1] -// FF90 -// 0708: disable FTP [FF60+] - // [-] https://bugzilla.mozilla.org/1574475 - // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] -// 7001: enforce no offline cache storage (appCache) [FF71+] - // [-] https://bugzilla.mozilla.org/1694662 -user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] -// ***/ - /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 27977a16ad4a65c5e54e212c1d89dd111df039c6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 25 Nov 2021 06:49:38 +0000 Subject: [PATCH 1760/1961] 2652: browser.download.alwaysOpenPanel FYI: https://bugzilla.mozilla.org/1738372 There is a small privacy issue with shoulder surfers, but in reality, this just needs to happen IMO - we already prompt where to save, but even if we didn't, we also know we clicked or initiated a download - unless it's a drive by or user-gesture trickery - which is why we prompt - the download icon is shown (if hidden) and the throbber/accent color go to work - users can always click the icon to show entries (and open folder etc) - this maintains the current behavior in FF94 --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 639e164..8c3b0ae 100644 --- a/user.js +++ b/user.js @@ -790,7 +790,9 @@ user_pref("permissions.delegation.enabled", false); * [SETUP-CHROME] On Android this blocks longtapping and saving images * [SETTING] General>Downloads>Always ask you where to save files ***/ user_pref("browser.download.useDownloadDir", false); -/* 2652: disable adding downloads to the system's "recent documents" list ***/ +/* 2652: disable downloads panel opening on every download [FF96+] ***/ +user_pref("browser.download.alwaysOpenPanel", false); +/* 2653: disable adding downloads to the system's "recent documents" list ***/ user_pref("browser.download.manager.addToRecentDocs", false); /** EXTENSIONS ***/ From 47de4f520bdc7ec80f440f66731df15338e74a29 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Nov 2021 09:01:39 +0000 Subject: [PATCH 1761/1961] tidy 5505 --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 8c3b0ae..2a7387e 100644 --- a/user.js +++ b/user.js @@ -1181,9 +1181,10 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ // user_pref("javascript.options.asmjs", false); /* 5505: disable Ion and baseline JIT to harden against JS exploits - * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new - * hidden pref is enabled, then Ion can still be used by extensions (1599226) - * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/ + * [NOTE] When both Ion and JIT are disabled, and trustedprincipals + * is enabled, then Ion can still be used by extensions (1599226) + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit + * [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ ***/ // user_pref("javascript.options.ion", false); // user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] From c2ddfd60bfb486b5a7791bc899e2646c027a92d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Nov 2021 13:22:46 +0000 Subject: [PATCH 1762/1961] tidy 79-91 removed items --- scratchpad-scripts/arkenfox-clear-removed.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index bd99cb5..cc8d330 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -13,30 +13,29 @@ const aPREFS = [ /* removed in arkenfox user.js */ - /* 91 */ + /* 79-91 */ 'alerts.showFavicons', + 'browser.newtabpage.activity-stream.asrouter.providers.snippets', + 'browser.send_pings.require_same_host', + 'browser.urlbar.usepreloadedtopurls.enabled', 'dom.allow_cut_copy', 'dom.battery.enabled', + 'dom.IntersectionObserver.enabled', 'dom.storage.enabled', 'dom.vibrator.enabled', + 'extensions.screenshots.upload-disabled', 'general.warnOnAboutConfig', 'gfx.direct2d.disabled', 'layers.acceleration.disabled', 'media.getusermedia.audiocapture.enabled', 'media.getusermedia.browser.enabled', 'media.getusermedia.screensharing.enabled', - 'media.media-capabilities.enabled', - 'security.insecure_connection_icon.enabled', - 'security.mixed_content.block_active_content', - /* 79-90 */ - 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - 'browser.send_pings.require_same_host', - 'browser.urlbar.usepreloadedtopurls.enabled', - 'dom.IntersectionObserver.enabled', - 'extensions.screenshots.upload-disabled', 'media.gmp-widevinecdm.visible', + 'media.media-capabilities.enabled', 'network.http.redirection-limit', 'privacy.partition.network_state', + 'security.insecure_connection_icon.enabled', + 'security.mixed_content.block_active_content', 'security.ssl.enable_ocsp_stapling', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', From 4dc53722573a2bcf0052acdebe41951e94f217a1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 30 Nov 2021 13:29:19 +0000 Subject: [PATCH 1763/1961] 0603: network.predictor.enable-prefetch make active for Nighty users - see https://bugzilla.mozilla.org/show_bug.cgi?id=1506194 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 2a7387e..5ca13db 100644 --- a/user.js +++ b/user.js @@ -285,7 +285,7 @@ user_pref("network.dns.disablePrefetch", true); // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); - // user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] +user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] /* 0604: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); From cf0102f71ebe3db5287d913db818d6a814c4c96b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 Dec 2021 09:34:34 +0000 Subject: [PATCH 1764/1961] fixup: from being flogged to death by overseers thanks @dngray, also save some precious bytes .. polar bears know about scarce resources --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 5ca13db..af8b477 100644 --- a/user.js +++ b/user.js @@ -891,7 +891,7 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * sanitizingOnShutdown is all or nothing, it does not allow exceptions (1681701) + * These items do not use exceptions, it is all or nothing (1681701) * [NOTE] If "history" is true, downloads will also be cleared * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) From d1d20b897a1c648dfdb5c34e86264f10cc84bc38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 4 Dec 2021 09:36:09 +0000 Subject: [PATCH 1765/1961] wiki cleanup (#1289) --- wikipiki/concurrent01.png | Bin 32476 -> 0 bytes wikipiki/concurrent02.png | Bin 106194 -> 0 bytes wikipiki/concurrent03.png | Bin 28466 -> 0 bytes wikipiki/concurrent04.png | Bin 28727 -> 0 bytes wikipiki/profiles01.png | Bin 33003 -> 0 bytes wikipiki/profiles02.png | Bin 26989 -> 0 bytes 6 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/concurrent01.png delete mode 100644 wikipiki/concurrent02.png delete mode 100644 wikipiki/concurrent03.png delete mode 100644 wikipiki/concurrent04.png delete mode 100644 wikipiki/profiles01.png delete mode 100644 wikipiki/profiles02.png diff --git a/wikipiki/concurrent01.png b/wikipiki/concurrent01.png deleted file mode 100644 index 60e0c4a33c9f493409c4bc1018d7066529936223..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32476 zcmW(61y~%-ZVx^Da46El-K|jMkmBxI+>6tqg~Q$5T?@sbxE3!CMOr9coZ`;ofBAO4 z+1;6yNis<$$wa6s%V43uLI(fg?)dW&6Pr06dp-G^{l>_J~BTS1%+K!r{pZ zPU?hUsJcWHoFIXonFHY1Vr(otnox}uGZK9fb&IMnHmE2( za`b-Pr^tSx<9g@EQ`1k;-Kz7PhDp>OFlMSOj~X8wvqFLr_fOE!z~K58J1hX5))|0+ z8!V{Y9%(?pji0bE3v~}_*UNxrF~C5NQdSQqdDt_~zC?y02p$aTaZh-o0EQC)Fz;B2 zQUE3mg6E{uYXJF3fXSG-*(RXM2ADAT@5}=5oSO_E5MYo@MF`4I0HFAm;ZlIjTcB!E zJMtZ%%Lx!zDGUe#i);X=oQ{<&P}>6ZOh7Q|0Wc=OsTLl>1R(hUCc`u|o-4y*~t-&@u>cm5AI?+W5umzK7-wie|FBn(VPbv{2?_Zj!-Jbt+K z6Mne9{L{5T8^CQ8AcJ)Cr*Hg1v4ngw5iQv4*G`VK*9@n z*Mr87-VTtMadU;~%Cgcd z;Kku{Kzza_2Lx#GA|$yPTH_Jq>WVdI@MffE9Mx&|SSzx4Wna-GjVxQ(*P{w1vqD*h zL$-3Z`nPzt$hN4?4A67TU@pZs8XJu2qjvJ7+mLPEZ4}FNZgH)mO!eR81)8{garzR~ z1S(P(kv2G5^GWqlA3hIQqtKd(jiSw0j`7e-3*)zCoNs(W@cZ)gi-Vq`4svT zGG-3ViptW;)k+MlbFDGWxQh20pTA0L@n~#Tpv|Rz(W=Z*JtQeMSYE=xoE%G9(}-7m6V z)V|0Zbn<^aD$6PDeAljbAAl`BB+p>TAY&ajft<6ev83_4484pQSq*L!%bqEp$bSLf~>`Dczt%}0m3vP&6EU6ck)T9g&c2@>J&d@fGH6dXe< z|I{Rn`eBkKrYWXr>%j@F)51mb(lOFF(YAwzo3xt_gARj5^eFUH^a@J*O2?V%O0A_# zrEeAADh~Y^|55m3A%ibVgzG2wZq{zr&#bi;6Mav8*5>l&Z&>{bTL}@p1I7)YRKw4DqpEN z=0CPQ4*Qii&YQ=StHZA*zq z<+bSvvFMekYu={lrm(;&_o|-pxIj z2N)pS-+22{b;pVctyo^wFCB?T=eLRzipK?32X6OPQ`rn3##d8a@1{>AOxR+FsQUd~ zm_jw(F^%f?!(<2v3(*M`i**jyeKpOM#^*8pOVVvk>P{+EYBkH6OGU7TO`eZgw36LU zcv+y0w@qx2-AZqKUN=Wq?t=okAUpF{e#Z}8YY#`~VH-Ic7@I!C=^VpG&Rzu*eHS5R zL>26KtU{?U#c<^}$*1BF=5nHFx-)zax>$6tK8ikTYL03C>F`BKLuN|lGg)RO@5IA| z4n8m1?>r@}+pWP274aR4Sc<>1gmQ^8KS3S1MT9!Jf)W$rT_h^0l#-gQ_pNuVK8;mb zhSWcOcZ_P`piDs>v2Td4Le^tLZ7;%2 z>!kNqvJZIQI~v&A1hPNC&_dr1`F!x}=aG?$E{EP)lj&V(4w)!nMC4b372-5P|3$`M zp4(($PNUr!zmgj(z6`WlOj^xY?d`0x>s{H?>XY-HlcTQSXI%?r&tP5$GV-%X}JZycwO$$UDlcn{}S3_7kKMMt_; zv_M))^H%eg_j30Q*J58ID)(+u?;VV)l^tA;h7e~EA5m$rn}4>>%~Q;XXsX98upG!> z554Ys$~p01!{W!%ipd__pmCP++S^MvoX>vjx4%qQ3Y&d) z%_r9EaGXxsAnxlk@1CP}-*&v6Fg*L_epbJ-jj!`fC$mP#*kRv&U-&6$R%NI?yFK%3 ztD$}Cv3F;akJa@aS+2mu?~6{ae?-p<^SOc|zdO&povy!MU#=1T_H$);oEU3g@?bcw z?ojD4zJMKxFG>Cmn-?>9`n7oS%ipfYBmaE*m&`RvNYLa{!etzeBywCv+*l}9=t1rq zQ9;2CG1tevhcd}Yi%I%i;-|u=v9H8L9DX)9ehh3_j?XVYgPvP z1}VEnJbAd@UufSS^?LmBpg1X7!%^Ath59o-+uYV&YD|^gCy^#4JtHBepFf!Mu&un< zn^1FEbtM4srUL+Y5CGghztnpG@R1V$_DujlC>;QZof3_|O9OyAs+^R#rswkEXCD*7 z`KD`qpB>r`G*D9{7*9^EP9FE@sG3@$$gE<4dS2Uc9!B^LyzfBRDvDd%B+5wWfZX)X z;oa%GIt1c^nwl0ZOuI_WH?SsAM=A)l*|1>4!u62fc&^({cD68->Nt-}(dz1Oslocn zX+huTsLA=1cw+6RYIoUFlFDozO0VDICA(CBbAE5kYx8yyL+27hXR_M-E9XtDiE=`N zDSr}wIuyX_4M~rcaGkVM_Vyl$BhND5P0r zK_8M5j{SJ#o80m+}PHM4=2R z35|IuPpmY1+Q+HYp%2~oSK147<_14vI)2vcK-{{(HZgWa%x?MS?tnQ8oypFd@aW<6 zB5lz4VlyL-`Jl|IK(<@wdHVeX*=wQ2j`bA$&vzGH`&q;fX4}j*s5i&AyAKZ;gx9MA z&kPuT_18HnW1-QZ$18DXV4`&Z@{yA|J4r57woIq3R8HK}u-aS=n^Z@&I|-IBu@7 zP;UIX54?~OksepXa4oOGTGMe%_&6=96$B|fzj7AK!pcknCMDHM3?d096@Q=01T~|k zZxxGo&~PxDC7`FKM!`lvKq!R=Ahv4oQwGTW#?ecOFW@=|sD0{xn8>HUJd!{%nOoy& zMFffG15yMCAY^nY5P%7W0!X!}fD|P)H%;JFQ$f5)fCTu<;3)zCKZ8KQNCDx2xT>CT zcrHT;B9$-!0wi4=jA<~&dSF3Mg~Un2@=qR$&;Z0MNgx44tSZyv8KSRs)q1#;K+QX;Ewx*V~PXu&iot<_a7J)XQgK8NfqKLt zlKN*kqJ~9x{Po>oN!pEgBn!O}LI@`nA|8$RA6!l-__7m<0yP1_#Q&gy;Abi*CJ0h6 z6$p>K91cje4o?18F&Kdqq6;8GL0~`{0<)9C=i$bfJIS0erHyM)??ptv=H!9b@(NkZ zrF>D}=}h^>AV30uBIrKmwgg-o5;FjjCie4uuT#)4Tl3Yca6`piMb-u(d3s|S{(O@X2B2TP--yMIKw-OsIfCdik}+D z<-FwfS`n6{CG+N`tme&|181snJcuEZqYWr=-&4Uo1U9K4t9sF6MG#eBf_?Z!4=tVQ zaGm@B7zQgJ$T($7a1Evfk0`k={#7xfzXb8%^0>fky#f=QlX;7!IIVWvA>~%MB{P&f z$ROlBfJ=!nJP3{mp*EpMPqwiXBH$Y{m{eKS3C#>ZKqn6AP(S*CbjB70#j$5QIu=ndrbKfC|!s81I@5 zmV+QE1Ws+S=P}Ar(+K*h#R%X@lymD#@|}T`gwUl^6WDMgL+0TGB&H59BeF4+fqg@& zvaQwTkJ6>Q#j|^%C@SaRm-!daGtAm9;ZLdB&{5(YT1u)u8iluj@aSTlT91jc?~s5) z5P+bbh;0VpEW?GU0cP`qE#3T9?kzsYkAGe}-8_tZwQU*yRa>VIrV^$Kh5;&I0tsEI zAc=Agt>~($aymY{1x(|GaHx6SxC;vIfa>{XC07G}TI1KZIq^rV|Yb zeF@V-vkftxKn#f*v4qr@fVG4~JurscE;t$*4}!v|km|^T8PgH8U*X7pO^DM)8pkaD z7Crx${*fy!krIjmNPy+i)D;knbR7$yywQ-b5vVR%-_b?OU)5hwc%{aVCWmJt#S?fy z(Je~ID^Lth_+OF6_fz#KZDf9^jtqq6C~HWH0C3gFM3^ih0LOs<=tgzI@?hZfLG0?` z_W5cA@%fWfniKiT!IDFh|5LZhMebK(N(1@CVhEbVSMh3TxmFZX@PF@tz|}wELIgA) zk23dWcgH(di1+T!2eY61oPOSP?Rw=xB*5!l^3~eZ%EJOS7#~T|EtK^J@qD>Q^Iz>} zn|CqJ2BKZr45wTFiQj0bmR0;PEsrwIY0szmRMhn@lJ7#`eG*vB1SOX;F_NP=_TBz0 zvSL+aSzjzsA9X|l3S|<(M4(15P9!J}YCJ&|7m_WT zW#ULtMt!ee3`GV*kbnUYnv}FS0TAR+Q#U?VMVN6qBAvYCEQTVLNSOle30JQ)p;eVk zi{I+>O4Nvf4h*YvgOEa@P%0!E9%Kn@wURir_>CanGkFUWC?pq5qFSjSU#Nzcr70K! z!`8J&WaQIh)8V4#)_;u(Pz7iHp-o-J1Dj4`(Rhy+u+x$uhJUbEfvdyOGLYF;x~9@eCtWT3)A9f27D{1?PxiW_V_{-HlKa#`b3wtw#dLg z9B;2ze7ZhqS_7K;c(DBLAdt=KbQ>X}tB_Jfa%vU?@^o2~>Ga-nJzMbH7kE>s;zT99 z?$xzUs)8mU0j8S5M~D$hDPiNYEM;;#4y`Z7iRSTenJdPC(D7Mi8FF$Xhf>ki-FeGM zu{d;(WPjt*N7AqnE{u<0Om^S$P+1Ni8CKM$+o3KV)bS+V=}XAaZ~R(rNoPr&s7b@2 zvYx}mREjpU=gv&=GSS_Ia^&x+=~Q|10ayq0Di`!6zA`ddBR)M|)#2~5ZU!%j?kJ1C4GgSX zsSQVxsHMe~`U5o)Oc7TEayKxm?LkHHc9;tDa(c~8C5B)x-NcY&ft2c$LsJgAH>s~( zq3@_iKhdD_GF=ihAQNfx4nWGJx7Ue%-r6kYEgN?~Z+4!oiXaiFyPAR+0b$#wcc*hA zjPtghD&*JIUuYXxU#MVZP(OZ(m+)j!(>R8-%q~^MC|!>OK}oa(BCmgAi4aAem z`&>#P8H?htoeNLm@28!Hls(~>7n5tMD|OjgjGxT*@zZ@*!gQPHW)-Kml3t@G9Cxn; z?`D~mhJwa}qgKo4GUGwfqL%Cm7Mir$5@8wg)I})jHr>-f6ZQXGhxuHzKWZaRmRk=j zyj#+B$WY9BQM(jK;><^78hedv@$zU1cwjiADxBAW8w$uta*-0_n5k0hN-3zH>2>^$ zN#5_j+oX|!q6dt#N@Re-WubT|`POJ6Fn|_nK@hGuo~WP9^$ttF`V6260^*k=U$tXO z9E=S>b<6#xE@ewi=&e9AiZn_y@@$EPVkq3rV0VwEMFu_pEhx!un`Aybpq)Q zU%6P_>~KhCF=i{0U*Up*c$DNFQ?rsZE;Q~LC5S47B$uljm`Woi$c?W|q9t#Q2+u7g zQ{q`nXM3|?)8C4e6^(Wlo)g8!9{vi|Rq#}*6rD=}ubz+T56QdO7-;Vw(wwNn2w zE@cu*+mr=sm#XrvRlrsQ>kG@#CgHm1Hy`9YB{G7!pbLTi$pb(`E4@PF^w~#zCH~RF zJUdSO8Ae&zgNS6y;7k&Uk=E3N^$y430FoExC3=34arM}~_H(vt`O|T%h!vn6l?;<2 znr7TH!pA~Xg*xyOjs4BN*yc&9Of2&chDaP%JdF&ze%4#F*;YyOU;p7U>;LIiMaTbf zaqwgD(PW<6(IhFo$i*S@5I^@if%$R7w-hgF?4`$1k+sgtXAq!x_wSq-6Bu;hh|cO2 z^Ly$8wf;Kd%(8rQRi7=`@C6(qLN$3aH0r{0D-##D$1ygi{afJ3gJ#Fr&2`e57Y}gG zXA_Qu2+vW+iepwkVO|hm0O@TB6te&C&C90Anyr?didZBUW7++tT*n?7+`& zhfU>|aFtGI3h@tC?ydR&JsC-VJ(Sg}LxHl#!!<{rjV05Pj-w@~_oq!`{`Ia^4~Ap5 zs{JUdTr*o<9t zE`b*WkcIYDXdHL#4^TclEq~dW@VzY!lfF*rhm)vH^fO0DPK4p{Y}|K0|Klty*FzR?}EE(T(>R|iMYqecK zWQMhy*{!hN#>B=eUPB=F*un~m87#yeeP*}wc^-)z5nOQSf(hM1m;2MiA!S!GqDl3WRNwFZv}Sd1f?Ot?!B{ zhI}d0_5SWrSbhzR53pz`i6$+QX2S3Y6%EnDh7u$abD`tP^I~Cz>lcDxR5_(!r1(!C z#ibB<+R=d1`+k+GQ zO4@hx$fw@35lwC0fWK%B7ve&wMP<8eG|aNmuV_3d*V;8(b@Uwv*YkGt!Fpn;3<=sy zEl)d{d7p2a8D1tn6T+XmHBYPWPThX2W&`5*KQ1^2=f@x}F#^@~6e74W=4GnqmHWO6 zX3&G#Z3d-It3e8aqFJ|@$gj$Hl{|uD;d9q>w#LC*$09T82yn(nt(e1zotH=>fGF?H zXe;bKt9s?_@LeiEVsu2pi#eZ@w>Yo)x1?h6XZvIkEwtBEgrq;Sh6lQqbJjP@c2@O9 zsML{Zr8g6lBJ(fR%#J?G(i$1S(-BMIdR?vTHIeCykT)4F8)&qv4TXqpglI%U>a5EWFtA+asd1sX;PZQudN%j|8X=5G;1^Ags|r^YW9)O#ySfg;sW|5PbKLHz zSfXB`Y4<{l?ZMw3zi(P75&iscBI-$OmL%u#7Y;|psL%;=uW|xeSuk#-l`&D#bd?uo zdJXvNu4=^YuJ+Zs+qN}*x5LspE^fb=Oi%g={OfHZ?mMeXA|5r+@mKyF4=T;Op3<@6 z=v@ECCf0FLDmJ=5k$xVfSC-~z^mNJO-+mjBrE=71-~Y?$x9E*Ehp)LwsFZo5?B(RK zk^e4_48>0w?~fr;v=Cs`({DUFj1>54cslbl4jKNt=J9mq?NdIx*ExsNof#8w`1NkO z#rh!U`7tV^Up~O}U=-u&92W&%^Ki{!g?)g$^8RM|W7J&r!%Zv39b&*sfE5f#5J=da zQoH+C`fM_+-B0I%fG(bspS$FeKK$(IpRS(~fF4_(o#$OSk!#K8!%Q*k4g$Z&FFG8p zo7To6`rxgpT3S_(Ls)R9|NU*u^U0!9-|U!xq40UHTCL+~N14`Z-_24~nTyBWlP9-T zH_X$1+ew_9vqz4{li&WLj|(iy1d(&WkdGrJ4SD4#0DLm8+f}if`Y{J4S>w$t1-=LY z_dvo6Nqih+Ec)IW2s8<2@DS114q4*OP!=hw&cq-Kx(iz-;!DE|^n-@=uM)7^U`V;D z8)a0oj}_JfIn*|o_1EPwaO2_3tM)d zT<6(J+MnhPM2Rs%Jkg0}#bLzNL16MT zv~{!letc5f(0%&h3uW7mhk^gn$;gV=1PA-8@M+2|#gq5Jzn>rQ$^Bg_F0&;c9&mMU z9!3LJa>bkmHEOa2-8_%Z*SdnN#oAmwIbPUpqH{wmxAR$G4ZhpWlXc>0@x7uGuoL+8 z@w-P}yVLjZ%-2u5rCDjhZgv$NzmBmyjIOV$qw>U>h)zaW_ zF2g5Xp7U`ikAEZf9#dW)iM?;zIo`Aq6Rm#jc65MYCH!yjv&J1_&zJ61*B_tb-p@-a z@AE8=GW6woJU5yyrg7|p1^}|$)w?{gyS?JvkMlTd7Z=~ih+~D&;m@s~27iU&u@E8dJe#Gy!w}f|9oVGxl`NL|#7#P5uQWy;>u>#(B_n1U zyRxbMAl0TKAQ%e82_V^y;jEP7>I_DUK(J*%K_c+}4ma$`4-u%NW^XLAG^6&CHGLHbT$kA)so^!O4wc46_E=6~| zzPOyXS8g}MmHy91J9KNW{n80yP2xm)WPb7AUZ}%=8)!d*{I0_kWHKJ#di(>5J~{pV z7S1sF`u$7xNl8C@Mzls{vk~vaa|$`kzy%0Rb3_~ z%?2)4O1>vg7^vJma1LJ_|EKqCXa-3Cc?OQew=4aA!PY0!F6@N+;r`JW7glxY4RV#V(I?yFT(SC10C+uz$K3T zsMlQ{?rV5HZHnmFb_?0#)JV2!Sc@IVB+5k0dkXhsB(KL^qLe9W=qV&dMkZ~UGn1&5NXRretsqQ zb`DVv%Fu=z2q-qB!DJf@l|pTqjzHY7Oc($^iTY|Jtd@-X2kuZ<02eXMh7dR$?CD8B z#$^k-4c+;QG{X;d99u+WOn+!OmnziY#?9Bg@Ap4lnHS^C#U9LX>>>U-z@+djw1FDg zV761e=o(%}%NTt9bKp70M$NeQAv18(lI8F6So?n6Ufk}L!Ti7L zoc6&B7Ldt~$jLM5X!kUJdU~AbNiWZi@#iI+^%b|gH@W|*r8>7*eipp+>%)aFjh7t> z|E|dRZ^PE!7PRY+kk+~nV1!5X=<`ol`59&~6hFcny$gRZA_0U+);I@AFILx{ds_ij zihLP@I`)K}OXUXROa6jgwJ@v|iNK2O0(a4GV7} zGzVm=dcT`w@~(Ii$Jj#ZKZLRjs42T9z(73&wWtzg#)8lnlRQ2=1OmdZq+;V>M-WMm zhyX=Y)3vJ)^uUoLrM7+goOZZm!P!}H)g3b3d5Nz*) ztvWamiHaL81EZa~%l6D^SKFl&Y44OkTwS8cHP zr(d3T9~OfzE{@?zH3MO#VhthT;dbvIFN1{lwm?z_d7a+V1E{atDULl)IoiV`5YR6w z0(f`0aKAWE@0fSH9%T5p9j#0{S+>qt|73B?RjI@n30&6l=!rHTUJerL|s$FD;6SM7bxN4=+wD1; zcI4#LDDaD8*DM}`Jt82;-Fbj(cVi#*`JzDokd5M0Z#5d5NZd+`2w7Z+g3~}bB12<- zxQcwA%kZ0JRp$q=jJH(7HqVH*FeU|dP#^N9)n~wsmOQ}sNzsKxbo8^C4Xc748`=kKp#l!vc!>^-2C zBkz6pyY1utLiIP9mW^YP$hND~_Kzy=2dRHo8_Iofx?c{1mJP?>c)#0jjoRtjJ}S8% zWd2=Xn{F~FG-#1(ar|!7PWbUadrs+5Z>~CPt=gbaX0q^Dh?GmrV+1K)_h)3ms@N1^%r^Cdz0!I9|ePNf=7^uhIA19*oRNDNv z>*$>2wjDIs{XeZY5M%QmU`l#rA6}*#avu&_`*YtE+U|-JUSzHi{qE`bp-nk=u>5?` zo!w;H_tAWw&dK|*?+Np?$@tgBmH)#}l?{ zcAI5KYt-npBqOTSzm7Ovm*;Wt;UctKrPI4Z*n8QZEqggG;^uc6d;2yT3h?IW&ZmrA z>DTp+LSDya>R4Xl_TXBZv!;h!!19K1)QXrOyM zJvv<0i^2eV)LTw^fNu~R!SZw2{GH5pOAl;@7VnjPAKVDDhki?W@Q%qcDrHk+(9Z-v zPe!hAhD`VCvIRJ>XS@cZL2CReQ=(TEN^H$dBOhkeYM3Qn6QTM3LTDe4Ch5HrJF<)c zKU%n@4Ow%i8AE+f1XTwB9`#% zdLIBSQ$Xg&yD0cak~ICsS8$`vGJR-++;@|v_xoV$xH}NbN)cRsRw{NBzpjI@K1ZWA zAlt7EN4B>FBx&tZ(b!G1gNk?ta9g&@;yC1rD!UM6j!7m_3bFw5PIv1y~2dStkOwE_! zvz6)1U>~G1Dh!Ux=$ndl*r#odj!u3%zG`{uy6k^mv5o8f@|9fd?|D#)6h2b%3d98B zNBRbfb@7};4N_l=@Oug50=2dw4Si$Rr+5|aK{z<>TBpD!N#lP=&D{JGWL1UM7(shs zwEdSWawfK}|J3ARZ` zi6HD~rT`Uj#}|&)_rcW*;qvx1$&RvYE_eVOfi(=KiIHOAjz*85;*C}g@D&W1z(yrw z!&NDt}sb;QN zi*UxA-Nv7a1OMoVYC5i3aKtJDFd1GUB@dcd$(GDY2TYwHwqnYZ z@zIRMm~RRV41L=mKj>^gF04}JAJimeX|O;(-NIao7d&72Ks2^=9-HcHo=TWtsNis4 zObS8;Fzw-~#>1+KY@Ng6B@^8BI7w$D&D3+XN8>5;IW{3pAX%1PTG^7BJ!p=d?2CKD z9m31Y%h+c7f3`+wYBWISD*h_ z|8z6oZ5i?*@DyhtCmMBgGLv&5diNZouGNb8&NPvZ)CUw@-Hpxd?bW##kW^L*Xxq|90tKQ^# z&9Ik6DZ<9v7k_AjrGkwSBHIL`hZ5l_vZ~NbQ2i>`mv=to2@paUf=_PICKbRO z0e!@-xS6MY2C=?qO9S&Gy20#XJo1GJy-UK>llYWse~@!e5jalWd09;{zBU(Ic6}gM zApU21VK%6!+{9x4;%fWTTRwPW>Rk081+#)EoQ zh3rO2ESh-Uq|jV}M7^1+K^E>2FX~oy1MtYD9bX+3Y+Xf_4}`c_TGG-@$@)`oYZsAf zz%i{u6j_Uvht~I%DP$zR2CL)NY6ibA3E$IWAgoen^iuIbNM~}U>VrjDDPig>i>$vw zX3^FEHo{3g>F*QINrkuSN8Bxu=#{}i`NK-DG6&C`_?yJmLBw+_?3cUl3tl9Ei zzq^{lkwVCICI7y~-9rVFLLufpd;cx?J?cyTV*IR=fWq@G8OiR~qBzN0n|TW_OLCR>+a<~ecr zAh8n^43m(to1IgC*&7AJ+C;YtZh1h3=NF< zPN&(C&Wq|gf?(su14W<2ummp*Qku}81#{$u#7pJ(jWAhCmw%&neQY^HP2`SpjR);T zRRskXzK>(?1NYMhenF?Gmc(EYBXii8PGuZUhHMM9Ij5-2%}_Ts8H}V$3{jfl$54#7 zi4lb7dXH=kDPF2sJ*YNsF@;+#Mp&&#uuTKSGqzOm@L&ivY~41Bk8!h!_q)M)CaJh= z{Skjc3KHqM6>h^1;SX;Uts(_KRBhqji-$H8r|iNDHR#FFUa~6&`=t)wV>*g zzegB4W6c09g{G83W%29qi~^^$A|zE9nq+gLo!BM)v;=BCW#LB4sv#g`%}dtzha8om zrrOhUa|J+fJ8>n~%)WnPmT0}&Z!9Y$RWpHB8^#18_| z(a{q5?koRSCf7?4ld*X8Qw$XxDS6bw)<@ZBsimkMgEWUtRjHO}o@Q}N^eoD;g}C9LnCo}K zH5o7@U#ytIX?hgizS5&AG#eT0+M!QUG8>BcA88d82K5;%e!>dr8eP4|%P7bJmD_#%Fvck_q7=GrE^ zUj6cFT8skTS1TlD^tG3+;DU|-OojO9RmT!?UhOdW((IBQNujC4MJ8tFSMBP$KbSO? zbVo2A6f22M(2#))R<%O>a)HIXXe3odnkT0q?bao`hom+ znhTzF@J(DO0-774Gp%OXqY?0Sr({Pn@~_82bgYQ;54vzk_8m?h$>y}6M^?^E7Ti7( z7Hu81xov^6Jaeizc9uvx_8N4H`+l&EL)g_D7NxXY*T`?Lt;b|YFJU(n3xm70cU6jE zHbW9o<8omdUZl62)glELkrW6_7nHoOaysQ1@tnTP0ho>hHEy}kekxnqB z+v0PvcS15kBz&IwU1ewOMQL;rh$uFHk_@`_M0>VIb9tdTua#Z;-^`*6->EYdCU^yI zX|YU*x;?g~z4mz+iM9c_W_Wke>xRgmm5Jk7s1n6+(3$d5X5Xx~wz(igzxH{FX0nzF zWTrX@(|5>jrdX7k%CK-!4-{iN{E~UA<9gO-m3b!GDIJdT0U5n-9*wk2`bPx)M;&P} zZulLZnW8TL#K*Pt=Q@Im%pKw6U5uO*2jM6&*ZI&Td1fol#0UoK!ukO8Y1sl6+kt>S z?}A_$soSz-LB9=^*_>47?#Irp4UEZGg8SG0%kfmPHxRTu(D+of!tM~|^L(m+F(N7| zYFO!?IgS`nr*RUiiK)>`~6C+#G@H6}$qGB1Gfc{MR?a1v4pl z@DCBA(wDN7V3J!HULsC3E9ot){*ML*i%;$JUnBCyLE_cC5Yd{erOl(-8vTVIM_0c^ z|Jo&YE-=0Qth-JkWGz`e&{koo%Ky>m=%q#$j{K)U&sxn^e%Sk3Fy_}gd%iAs7IUK* z&N5(!Q#9l#{r2z+;-hz?y&%2MhW?TbHE#5&$%G>gg)dkvOtS4C_VMK#m|@T-qFEa= zMU3jZCOwgAi>*dm8U^{%YHhRXfyVh-Z~c)QI#oXV^e2)Knf{r5)g76+uZ&ePxv5$z zPgVmD6h6c_!klb#SY%GVgYR@ySV(Vs?6jc4n+8F*ft5&FJDD&EJ zjAhH8%1vbI;j{X13^{EEN)gv2?X;9453`wL5=%`cAL~yFZ7rPlng;Fp2-+%S%^$Mo zYE%01E@;+BqU| zowb^%1@`iC&dWLW^6)PV{yd4(%dTsGO6!_lK!HK?N1H#NChx*cbQA(?zRIh%yt(<) zUNGIJ0(~F#7k&U9iCmASz`&Yu4ddP{tr8F&3Mu>%1=Vk0=OAk^#U9Tr54H6D5wE59 zseiO|BD>ZiWG9hOfqpz&U)v^Ri6Z4O-12-;+M>o zyjzND44;U(yS7JAr88aYKCA!9^5u-?t~%oh`Bz~1=2A6vnoA)|p06N={s22H_H7F$ z0BvnuKApay)5-a|QzS7kT{ZCPFzZz(G3KUBm9}Ri6Ly!26%gpk?f5aQk@Y!< z=VebU^Pn<(|HlaZd(DMf8@r53@sk#NjliKBx?9#9L5}1aFD|}=!E|}o1w#_%LAz4D z&O+~r=*UuS8xPH2G!xHf1W$8`Szj)@>MM8{c<+R^_v%VJSC(YX^Rj-QrKM^qrQ4GE zX5P}jrj3xMS9sYG+AH*mWiudWF*pCFIV9QOg})t+sM8k>ak-YGQx_KG-RL$=D<1A} zMAG>f1aw+PEt##xD{^13eB0BpuQ*{-E%QsBLq);3%upn?+lx)mo3V35NLUC#zoL)E zk5^5t>{5;21{_@Pb2v??f1ceU<%g-GLWZMYpVoJi?#GhV=GdQIkdb$C+Sfs; zwaJ&*;o<1FCY@5)$jc8m?T2jGf7QQAY^3ODtg`D{j5Op+!=kJdtNWtEIzL(jggsNOLl0!dtewa3dzVHf) zD%YpLI%KP#v${Oo_Vzo~+nqKbgn$pT14@#iuN-Lmcb2O#zRzI-l3^b*%a8RcO6vI1 zlyU@3BYw3a(8F>=LCG&y79)wZ7#KC2VYhsD;SKL|hb7~j)DM&ND_?Qq4l0FrYCl|j z{uIY|^xN@REen>4J^j73n*EQG<6AK#{-}l@he^|01;H#S7{_~}Pp z^sCEGmLaTHyl>nWXCv|3E>W?6khPpwrXZhBk%V1OR!07Fe_=7wOsDpaZvGD36z_@A z8wc_$*cVM-XNoIwA*7*ba{e!Nf3vX;MzLc`M~~1H>>DhTBaxd3DK-ikf5!}1@?Fr4 zdG^sz^G#zps+CA4{a=R8#r~SZ?iWQ3u?8R^OR3$y)q-`((?68+U(|>V+N_0JxDz(W zHFd4_KLL+VSQg!sL^Pcbq0UZnZA*H&g;6f8D@7x4G`~`wMD-?Ou(!8hDO1B8B=EA+ zBjfYCm(2C$Kx9fx8YLdzh-Dd)WJC&`ipK#5p&QPG!an7{Q(SFARj?viDc!=DL>nY( z9usYo$xo;IO*}Fc&I=nojYp8o9@|T65xJSRLhvuA0ix^Nnd`a$`B^q z8~ztfCI1v6Le&`azplPAAdaA0c5x>VAh>HFxVtUx?iSqL-62?TcXtl~f(LikAVGsW z!QYU3-@D&^{cCrmcWlq8uBy``-WZEU6Vh$wdE6haPD`=(_1VpAKx!nm9&;eJ;cyH? znMROz?_G6LSH-b~j$?h)CAiH>zKLF@%j!l*rFu;)CMaY6KZzmYk+biqpBTB<4P#3SKaPSoH=Z{4d?m`PsiP$ZZ)T_f3tJbqL50sNg7SK zde1qdzw5F}-0L5I&LC7w=F_0*K~%np#rH9Wh9GD&m(iAY2o%I=8vN$dkc;T3Ckh4V zxXeL?1BUb`Tm_bQ1gs53CQA*DQCU-)QxnImpfBJgDNXS2X?TUau~v~CiVU|nw@&$< z(8z~q6%@p=EVTsmTg5yOG;Bf+TTKf9Z!(72tO5fOYq1e9wmgFZ1NqUSV=dp7%dth| z?BiZgsb-@o!9!=ic31syd4p&bdm$wEU}ar}r2Zi1 zBejI>o{k3oWKpWr{2eh$^9WOSeASA9Lgw$>fDQzvJw(z#yV9-+q@%tYaAvsdnr$fU zFK=iL7W(t|Bq{vQKDgXuTaN)Gzk>Mp8}bv~fq0;UXr@rkEtjBpJv5m5xp? zj+={%E!{i-CMe!wN|McK^o~E-PE6jOH|H%3#0rT*PTz&5t0R`Spif=#nJv(!INWc) zotzlkCyb%`0-UA=9@4)#g9&;#Xz_&80N!K^x0HOCCK&-cj<_m#!g}Wneu<@+<|^TC zx=4g0cFx|M(*ACCxeJp*K?RMOqu4X-ng!qCr30U$-vf$}jI}`ZUGv#?A=AGbkWd@W zX!HHJNQxR-D3SVe7)nMW+ouSP>#^ou4&4GCov*bD0lld*dJ-9)hED;3ZA`x450fUa zpN>G;<3jr2EpJuj5lVRP#d@rQde?1F8>axC>qxwudN#CI=hSc6w8cna1&Mq`zMY5? z<2+g|RbhM1e;tL^T-7lv>=EAKT_zZj<79 z(!A(*^AjW2=fN^pKqAX;rH*xiuTdh7sHT>HWvazJ)y!fIxrofIKst;>#TE$`1pQXk zL)}lvc{Jy!q@(i~eCGd}y_4db>(gexkt6tYaVL}V6cnL5$<>5dl&>K&7+0wN9o zE`5mFMC*~Orp?;-dNX(1xSH$dpg_PWS;u+{3v2&aB`XfZ%=7gB%&R7dU@d&^$~@)w%oWRsbur8_-u4NRs12IJAN**n~WvoeYt-Td@eWz zdEA6tIrGj1C@&#hzcxMBP0F$+bvsCW_!uW zwfe7p*pymHuZJ`4Y3ZJnYhGt&0oc?j2L6}QW_#3I8c|5L+Aoz{1n(hHB;5`3Q&gon zj0jmZ<#_5oEmFz(9M=yDJe~JFKi;*MCd2jj_e&6Y?(C)-tVcUr-yVBiw+d=#ba<=Q zzh0bXgTg(Z#iQ}OjUY;Mye1PDQ6K}DvDJEysG|v?tsWQTGL4XJya@I6bYmAs8UE~jIV#Z3%h1ozsroSsI?|w$1wZbuJ7c`nX4B_!3jT?-iU;uh?{&iyM-`R z(EAl-tq-ftbysOl{B(O#QC|M^awj7#eS5OHpQBEcl#-(F^{3cb z=bZ|I)n3oz6^k2HUe7U$`u^JnylzBK3xH}gGcyC&&+qas3p+bIo0`~?tupNYUYct- zv=p|vo$0Dle8C`tKsob-iWN8=^**w?Ee(pXKeNy(9Qfq5PxQTWjRh`FtEs{1;yxl` zBTR;_G3`&=>b#NQ`mKRAC_Qj)_m_j_IBiwxQqn^Jot2r+m#Th>oVQ1xf0dK{*nX)c7pedjaVAS1PzyH<9%mhI?AJU;{af{& zEa;6OKoJOlH;CpddQdZ1l)}HIT6T*f11dyIFs=T@z3cV)^>JHpV=a;F)8)na3_bg*Ob{H}nqdoI&kI_pwo zKE-h@){Z;MxXP0fU8x-Rkz);_FsZ&&|EuI?71)~e^~ajY7JVHge>=H+KSyD-9ku zpYisYH>XTe?sF^N$rEX={FsG8jDQc2;@!R1{xWUHW?Rv@({Z~HnrKIKd6az@w@@6L z&3C_K_U)TctK0`(x67E+Up|ZWiHS(YF)AZ)1FGv(3BSt{<8*-p*QMPx4@2#4@m|*9 zau1o|GZid_2quXswr!!285Jb|%^Xpr*^$ho&C>)*VMEl@WOSb&{6-*k4%dYS?5j?hI_Iad@h7|F&{8W6@c)9E9;U!a*pE5Q4_FeeE<|Rtz21cZ z1-S6&X{37RxZ3+VD8Kd@OCQVh475Df%2B}y{X$Yv@b?;9*|~%O9hvKUY~Yuwp>mzX znp~oSGzA-NPJJ~5+$EeGD~?~b7X&o8L5GL>Y3XX~6&z(7IvN^qtJssizl-XvALr)h zO?8h_F8haf%^_?Ie74FO&vY`CJezBJRGS6vb~6HM^z`Z+!*54eL3vr`Xy}1br!hFe zkr9EbXVmvvjcpSVF#hRK??H_Fn^UA*w!7lg{VY%QJt^dFFxctpcR1%HyO_mMK@{!%)_CS*&`F%G3n3lLxSoIw zh&hYRd7M=PweFosRwc)7;MhptdoQR<-P6q;Q(*_LIyQ3ZufingfzsttK@N28XTCeX0L(4TYv83Y>*UII(NrO2XD;xY#D1k5@W_G z&F|6F>zA^h;ZVa$HEK2J(_gRqvB+5_SXRBrADvc-?!$iMAIGd&NWE+S1dj^mgN&hw zM#C~)YyBNsSYASkRW7rc=@s99;8?B_HkP;ahwcmaPMF$g(hs4-IaagUHlsCetlcXR z$Z&0v;}`cu*!{k0(qu5{_5ezJ{{#-d-HaNrdf?e+Hk-U*B(4sIa>PdIw%NouY^}~} z85fNC(eT^2xcU`U{Ch7h>q2yA9oDS|5-x(jfwExaAROq!P*}e(n(1{t%Ljvcn^~-B zJ@V5vHZq04B@B*V>7~8jt&rN)n*x@gVhXARvKo z|C&~{PA+tN{;h0{8f#0#iiL{7{AxjopoM4yd{YD+kRIjZQi1IRwrcXmWBzv$=` zI$y#Wd!sNW!;@=uIm_k~D7l*aPo!$9z_y|B9C+~9Jk7RqbkuT$iu2`^T4)T(+z1@z zlzc;ImJ_Kij)(jSp6UX@9)7#hL>S(7tck$h&IQx2!=KzTU!S4D|E3>?LRl|V$@=KqeH*q59{Lc#&{aKB! z5|H4;E3a^_( zcGHn0s%%qpVKjtzNzNbpD1Q&Tg=?!G`(6?XIqiO3R4c(Ou$fKs-XSwCJ}B%;V|*qU zSaX=H-re=!&(hZNtVnRs@7m86W3rgyZ%KLAbq73Cqde|o1fP~CngFZ>q-4j@rfx;HJ$#Y~0awZsnr-jha zSQE2coJ8cpga5574@(OQ=m-dEiq_AIfK?i2AJ)t{c&O<6*QF*~;R23ir9HSHepZg+ z)smcd+>^b}O9tbfas7zk-j3fkEJMh@7$O$!QS_^(56YEfR81$V}J}!$_e~HdBuK z4OZ&$xOd*JSU+C>+0IcVI$mqNDhJ^0d44#Rfp0S~Aaj#s%@dtLg8>I-!{ndzO&$LS zRCJb#xXf>Ax}K3??07tF*VEu?(g+;L&?m#n($(yh2bb~;0ZyOd;^Lc|n^W#x3144d zOUrU+YZr@Jp<<$V1p8uJwyHjGT5_^&>2fP>Z4l3hYmlfnwv`DLx57Bf@Ywe}tuWAv z6HE)f2pq)Qe>2bwSI7{U+RO~P(F-4hF85%&FEJbVFU}y>kb;CrT5Dz`*+8_){;TvA zF7L;C0{>md0cH$l536a6Fwg9!P_Q|vRpx@2Xl+%-0^QFhHCr6$0lVR$TszC(p5*>* zrlSfH6&Ml;t}U`KzD#6HXD`P5*rI9HX;;;@<2%nslon@7~< zMv~)-<(nSwR|griy;#%mT$P3T`Jb1tn#sAMiR znI~9GaPS_#7AP!LAg)FX-yi8(ls$7E-mbeynKgN~F3CJfs{qnm0J>ab0|_wmWsPCu zv{3;r%I`!<@C?3*nXrc=8EV&^zM4`QdaDUSIMZ-Q7|trHaj6ceX|W}_vjb0dO_ZSl zBFDPZgHbr4+mg{_PPXn#wty?p7-jjN|1eu84x6yFa!q~nZ}6zCi8BOti1f44uyppLn}6R7Cr zeAq~oU3b)e12kR5K8`HuvQ&%f*8|1o8+QXhZ`g6+iFVp__;yxI_?`@lz|kg zDK?rf#`)Jf-GsTfV?Gj}t+$@dK8KnMf8QTIf`#Z#i=y4Sk;}A=-}ABF(HVX(-?0yy zxGp3`nW-PHQOl@7-SMzsrq=k$+-id1gHEO>ZC(b7%n$>vjjX>N&RK9N)0JVw;3}PX*u0ixX5}%~q?VO>WahjZa_KCSp%G(Pp z=QWb}*k5b#V7pstyYlS!;4Jx^o!evkXzz|l-UeeM(SBPlmkG~!fF?lm1g9|Ls2%XD zk1`aSJFLR9FT0_)R=#2_BImfDkgujaz9T?ZnDjT%v8i|PeoWyECs@o)Z|V5)TP}H% z6gWCU73X8h-)^_WTsS%U9XaXgE&MF6f1>EbciKLmj@o+f;0N1j6Sq%)#*Y~bQuG3A zb@jFT*GLrnZIUWg(00+^rGJh+0E_kM|J{y~t6|Q#BEblT&8@;BOFpWtW}gNnj`+$DK(pKCQe7e@4ORLfBm)okX=g8Ae&!AnWV;j18$z;~-eG!sZ zs*6CCxk8t-hWMIN<9@WC-iF8iiC(|ya0OP^58s9(&2Y`JPU{!;L`KFshx`4wTvqdm z6ZbJWOxMfjkaLX5PtUv9U0h==k!9n39xHBN06u}Vy<5k=W0%NB6nHnGUm+eUkY=uAi>-p;SQ;)X@jruzrEdmm>(?mfeQ=o*0p|aWr%Nw}c z{VyF`$cp}ihX57Ljv#5mP{Tn(Z*sU6IHKR8em&gTbYNnqR#$}zY7&CV2V=zBfZlzR z;)<6%UhinP-{`da{Za7Y=BNc2vV+OC+IsV|Sz_YxzD9fJ)P4_LVbf(20_qx484dg{ z`mu@K*Bno^c6)O8y;B$s*4y3f-*UTl6)72-2(&UJXU}k8dNbE7EPeaKVI?+$E|>p{ z5B5fv(sZpxt-eZ$EHIPil%1=0lr=?W$n2_@5@l05_W}wLTzISqdvpYd1&uqPqfB{( zW$d7&g%Gd#;Xv9N;gZoH7&Ed2~qM@{09Df5?@9@vKtM5c5mPAvO zLV+C!GTwpJ|ER;$*F=7*2;p#r_5KfzE&M+@wo~9l`DNH3<0C@OSt4N3R})PCe*)~| z|3`qW+=PkpVp)TB8Mia`%@G7_jgi;YR8;Pt&j2;@c(rAczm$)Lp1uP>BxjwEcK@zS z8H709*POcIYz`ZB+GJXK`s&(RcLf^3!=ob^8JTRILQ!69OA%=!nF7mqN7riwBfY!; z3hB$gsd->F2{{P+3Y;Tdue;vn=B9&?3-ytLpy(INtEBIz=-gZ`d=avER_!or%YW1h zG})^)BH{&qCA65VZ^!g?s;g8a?8iL)Nud`cESI!touS{C@ux$Aer*MqMt}w1E=P3#IzL}jQ z1)gR*|FvO3AtNEnK=UGNg#Jdk;UKUCBfjyv$Sd#p#A%JksP#Ah@8?1J&WnbaQUA=H z-U*&!AH%DfCFt*WOZgp9tXe@)78>da0}^S=0=HRF@}54SCK)@u)4miXwZk;H+)ZX) zxiUoIF)djoNM^Y>-t^5Kz>?|N(m3_dKIh#HquoMmD$}jdVZIng@b;8Z{Bz1f%z-8x zI#AJ8!=OOb==%}=@GgVQ`v^+%q_VP7NAT*pbg)W}ff!Whw-kmWluZG75aS4^Bha~(`K*E%EE)Ty~J zb-ov&g%h3jC(iC*+SOjj>H){=bd#hOz!H;X$blmWCDU5H|uy|0my&NGfspl{S0 zVVtS4w3&2wF@n^5Is1xFO5QtN-2Y7!Y!%fP!X7vePI4iEK(MM4ID+o;w+GA17CTO; zsD$EjXaI%-~hr%{P*OpRUTJgBGFnU3?Ye zHjUOIkL6y5c@2Rfao$0zkxs-e@vVNNTr2)|f+n|%YMT=JHB%ps&EH~Q{9vtAP5)Vq zeH1^B33#(pK?f#2{?~Y0X38sqFM@d9)mi&B`jca0t3>}Z>~FjPfwTd75W1H;Dnb(`@IHv1-mchJ zD?2&HsJ0%)qZyodV*$2Kq;}sL7TttF@yh31({IikVNwYE%lH#<16xxIIa6bf<`wek zJnHRz5xktXZLGJFuXHK4ZN2M``z7eDsA5*bJXXng(?b(!&L@y&-r&=LXw7fK$8mOC zz#&4$RO66BuE?PECjYV(=kOf+@E@aeUAS;Jvx4C)wM!HP+yP5Ex){}LC&KEQ8arA} zS5+=xNS$phA3-K6>{R(LHfgwuh_Z?QurvT~oB0qDp!!yS)S>Tn1GCwkE|klo5(Zl} zf&0XLFJtO3JcHl0rBnUCh21z418~TLy`6; zbI*Q1a?(EB9L`&hBz=6_lzMnbOgH`Njl*r);l6-f3kxcH6R2-h#gMpAcCC4vy%Bf;3~99`>zP8z!vk zCwgpujXdFxAR=1VX5gc(OPC_#rg-vp|uE zCl41_lSHIAJaJkYf)Y-oIL{?1ljNnN?lvGi`V^qkgbW@dQSAvyv!oECNSouA^1Z2! z7$QI&FJEqY8ozMPT5bn)kJ6jsc~vgHVxj3VMueo0VahfgQa`-x7y~SKR-*=kF+0yA z(w7P&z{Vda9g;i<+KRxw~iyfB(2o`yQs9Mw^m_1SMGdCvcfi<+gEgZxQ*?e#(ka@&Y|1|A`L##X}8Tgby<8 zA|&1-XmuyJRpmokfp3ZH(~P7&Uf?H14<0%Z99X(6Z>L|oz!{Q7idQH`un>g|f9aml zB!6`m$9ubqU)bWA(50==aqD>r`vGCJ>8mB?FU^&Bhl&K?e2xNpB3ROr%im{znsvMw zDvbM}d^|!|k}4DVnBILyB{yQQx&Kb^*lRd{J`Gmw6F+(9f$o}!*npFj zszm>xtN+Mft;Uzv>epF=m#0M(ZiRGp7Tf0M#UZ$ai@{4>4yO;8ZsJmrJRjEhN9!Znvz#?;XU^r1jYt2@kEeP^^A6^l5v%XGc!48q#w2P; z_wNF5sk~VB7mR+f$dI$$Pud(F7B^-e`6&#vIZP%9mP}rP9QRWQ(_m2vbw9M9I7CRY z(zbH2GBxUUjQ8G*nMZyGa0@mzC6Bwb3xm81tvn{>Q$fL+<&V(`Lby?Vz-x)?bDBpg zqh19IlC-P9W06!Ax(tk`MAS~z{=Y^(vXS{iOG?W074^MVz4khCHUWb3FiyNTTFQFI>yezxf9uYGrQKkAsS6ObpO3wIgk5u`x4A)mHwfzQ1 ze5-#8dil&pEuk`un%xrM10tZx=@GsrD)lyua$(3xfa57LCdBl3u-_UM7Ula$Fxhmu zN-3YYT6A`uNxzk5$LHa%!loe8V54Q3;hjCJ;u#7~jo<k3hb18o`@G8d}pr>7PQ-)z`vQl}! zxtXTZbib58?h%$ANn=Qc2w4}?W0CNi$FZbPnhl|gX6vz&QA_-N3>w+iK6QrkU{BRW zqY$p?C@hK=i**X~R1yjv6PvbIue zW5`0n-LhcIy(VN)@&d%f!gSOq`F=58x8t>DYxk2Jeph1uA9slg0?RFDi3+!#`hKP3 z4bFoo&20H!>M=kf@@1NJZ*Iwix5jltquTSq2B+myUyaT|tDNwgWliXh`~<<8x~yn7 z7!wU0CJ^~oq`qTmjGCH3u0yd>rd_Mw01D??-Tin>%`6Wrk>~Za2w(88_t4=f+etAw5N?WcZB+3UIT^D1py_vS=`u1j@8i(}Ouhh?uZ&Tr-thQ+d7I9Uo@v7Ju`0KS}JDIbVn znqXZ5>{+hGxI*G}bL6OM)SRs+z&cvlVECajpDWD8h_Cug;yXZycd$Uku?emvMrhxc ze6w^Fx2dGPs9Vbqh;RSa1EO|Q7zH^i$48NA-9mL+q~tIdQr@b64zXD_Dl-zr0wBFM zfrH_@Gpw^*-l9K2j*)S8eKkw3g?!meJq`OP;6Tn_Rz^7>$;s;lr^zPEJHFXgJ`RI5 z2kIgfXV=THXm0*(Kej%v4ak z8oY=jvKfscDr$`6d3@cE3(M8s5Qi;0y@r4!dl-F6U}8KCb(x0IaFkVo*KvdF=}U{8 zA3nq92^Y$uv8(kn89L^a#5mlx&Fiysu`!iQ3TpJGcnhQNkWavrc%`h|m{isqwX9u# zD3<@LXC5f&e>U6hB>PZ(%3DPsx|wO51bvB4F-d*bxJ(~pD)aeNtHq~}AdQ`wPC@_0 z#KZIgQ6_d(skI4Yc=P2j->qV*fy&Ls#;yz5L}T6wKZXM5+cHJlg4F#9_sKA6SFz#w z6y-wZYDkl<=>De+ZP?IaAG#;nI{mlBYeZ?3fyx!!ZO;ZK6!-THN9D z%Z=~S@Y?)#C9=|M77bTRv9?BjoqH-VTDzF`g-QeX5-g}&bh*qNCcPu&M^@I@JzyEC z+&q)G6*C_k=d9JHO15T*aXSYmXIE=i`x^YzkCPg;Wkl|F{jJ-EDh*0GmI~r{=|jUf zmJJjc4!>8K<-&W(;{>#a6h2KO<0+eBhRy@F$cBa=z|CthnwSE-x*v*dt&i7&Y7%_Q zj@KMToi*@P{HD;VodDk#b|sG#miUNtdh2OMJTl`(OlmeSYKmNz2LI_A3k|Qk?#-7+ zPWE*3-4{nFsBP@91hBNLvQgXiFClCXzN1TLH?lkl8mL9%Zn>!3sWdrkE6$Xj z%K@yJ*s4qPksrGZ|AZu5P|AS9Cem3UQcRDiL^eJoGtr~7>-VwTJND~Y((UUwHx zkLn5)IN}Cp=UE6lCY($Z9CYRCV^(*%{+c%D{z{~lBchya{?Rq1Y@5kb#--~mq5Cf;W z0$n<%hp07IuZv68b*RezcqXs==`XM)BIMpR>*Oc?-6Rzs`rbUszg#Y|Z-{}u>v#R& zb;n)2DSLBnR)_Dtl0*_mc~0~XM~3#qVEPfJQ3JG69?KQ!&IVrgJ~O83PfTL667v&zj{%r-F?4jfdMj9_i1P zP7aqdYHvUd+T$rj_m;K|Jqj)PDp$g+Y4N3}Y;R|%q;M;u@A3E-oWIXa$0VWtLs#vy zvBWs_bL`cx2G~1qLs5*C^BTfIDVRCuJ?97iKdev`7P)Ex|d5lPqg0tIK=pltN`5W z4s85I*7!Z?60A|Ski6#+cg~->r7nN}mYV*;PUYBu2oK?YDfmwzl7C|@2(&dE8z}Jh zG$RM{`+D!dCpCoI6OX;i1`PPm$-?ITo>PO~cYc?{0+ZGV(SL0eU0_7_$8cG!wZaViubuK8Ht;CelV(vtS4pkBXI*ATqvw*zZm> zS!PS(x*_~xtboO`fGh@iyhxU5+E5jc?rnb8nQn9ZMA0Xd8HpW866{nR*!?{&#B4jH z(>GNTq8WkWusa2f5tHn}%QnkpTnE&}N)>-|>m$I0prgW3!|I+|z>Qx{jiSyt=3uK2 z>(!q1f~XNt;VZ=8WnN85BLHvz#DjZ-nh8cvi9me(677N&Ej@x1wLl+w0VB7+6UUgm z?bNz7U?s|GHG~C8Yac)t4yj5#l|P)!iLy_M2jm`*BC|2-7@oSaGK=Hv*Zgmvm04^S z(0Ix00Wh(hfG&s_^zm1&Y%|5k7Dv$t1Q~-5&sVrzySyuxla^Qhvmcx`U0DuRVLq-z+ z(T+M705S+@ECJK3O^Kr;8NmK&<1SYuB7N8b$g=J?n|aR`33?31o5NN+*@DHkC)VWc zBbJealN93wCQ!fR&>cZVJI<9pkT1k{w<2iZ^BnxnO7KJy81PH&GgA}0ZehnU)II%= zvf0&lE#&BU5f3=^?srp(X@KLQA(;H}u+GSF!tgTk=U1EiAIUql$BRyh*GnFB0~f0< zaU{Y2rF703c^U3cWGevPo8Wi+Z1;zinO+P>TsaoiQ*Hp2%_mM~T-G7+n8Yc#h*&KUk(vOMZ!Urz= zy${6}8QclKbp`)g)C)hs)@y&-$axS!Ed6gM+e7Re6d;ZQ5^1?=#WK5zVq~r-lW|{9 zK1gZ#MriOTBxOU%rbIfnA<7sJPJ*olLmP?aH`b@Of&U(@-10dkej&OQ!8n)CUUQh4 zB#nGQ9Ft zRr4vmw-?99Jv-;HHhwih>Br_q|PGP79PmWREo_$mnB(Eu46r7|`i#VJd&sXYH7zjO!cF zkw2O>f55wM>Ahxe>pu81D{=Q{wp5|X1l|}C@ra;<$ugH0P(J|~6txnymM%*Bty=7B z`D7;*XE3HVR=jkh4&CeU@%loCpEEsMM1-Lq2x3}eO%7S)u9h4>JSbki6p$6G2upv( z>$d;xoqg91Gr%Z6!F$xi`@g764fhqo;T=MN?lfCod#vHBcIy5gCbRn?U0q6V3s~@D z_qxvx0`%4OR7O~_tEHx9f~Vy)w7gW1-^|wO9u#oH%J}2#e4lL5*J$rgOA@0zgCLUO z<8LI1Y~PKQecDvU8iw}$(6g+@!d_qECgH;Q7oB(tjLcq$53`LtOqi*+R%xXxFO1zr* zLZmC$SmpE)1j=$rTycHVBrnxHX5_4ME29|;CV%Dl;IHfQRM^z4@xNqAmY)o_7(GQd zsvem|=eAq%b_X=>(dz?hC%2#DW!3Fc46ggH2_0+TP6C`2sShb1bYMVdF%KzD0$3jXlC(yDuokE%&jVc$}!Ye8vn&){Dm z{TvWQyw10XEK+bYU1&u3^Y-PKj$?3dW-hWq{3zr7-G){pdNF3IA5OUyS^*! zd?hw$KXZTKobW4~eIz_vsHr*2^t;{N(B&td)CH*Lhnq}x>jgj} zTqtUc72MisKW#gzA%6a;fa$F-;vuH+^!a6q5%nq_LKrU?1`-OREuA{NB!cavpKogA zZoY&gLljHIL&U?cAn`mZMA9RY3z=4ZM( zIcNtTg_u>!)9_6)ij#(%D|skIicfq+hhq7j438>@UZ z#vJ|}iN`@d@!@=utk=*&BF~c(_i#dgxqV~a zxftKJTm$dNCq@D_$>smeP4mdYy}f4Y{&Kg&`_7JKIsgQ`V<=RylFqhZS_FkOkQJ5} zGa^d<1e>YrZ4B!GGz5mTjj+e1Yl0 znvF|9vW6A;z@r*Mju#%}aB*(TK;$=O{sSX}m4uf@@mWMsod`8jJha4!WC|%e3;Z_r zx2a&B0{>oxGmUUE!KUp6Xaq{b0QjiCVV`kuu==5 z&GP_IL6AW{1HypeVJwqun*cVY-_JmPABh(XARq#5aTZXwEGSQ1l?4=#i{%QLE%}cfuVL2ruEOny z?nJbN&3C&yjVG7Larhkx>W&B)iU@#2(}EX*5ILx7GyE-QqSt?pW&VMtsGPoQ`BTUi zW17-rRlb{ns_;tBC$9eBj|YxV8w7GoqOxFFSr&0ziG4Jk*DEv~LbF@M!*Xd{43H8@ zo={)_e2x&Q(7|^Ir&2}A8#>i)HEv@h(l{EsjzpZ*ovM~^0e+ifW@%Z{U;;D@VIf%v zxSzrx2g zk>vA|tZIb{PxdzjkLMW9&g){vZ1;7~u`e+=Y`@@#S;#VacyqKe*kIAfDAKkqu6W1m zkZF%FO&sOSOx&V7K5;nF$>ASev{YjJ2zHcEWa}G~{VDtN=g5p%Te>qxfU)*Ot3gE? z#0SPJydVe=bf6ap1WN0W{d+{{{PMv%S%P%uTlR5VqZ+qNOJs}dKUjaCHwl7c$Uhav zWRDR*%ToA@=6QxoX7>?L@-LH<+`}l&)U8a-k&ou(7uDtJK-&B!UW2DBoX>UwMt+0# z>h|iEJ0MVe1X}kU-&rWOJ`S73)Sf%XXrjLFZnDP9g9a>#8LSB@PJF20B$QxJ&O1Ly zK81wXF>EYO5zY43&>(P4X=E!bF;towx)vkO-rwHCD^<@q1w7LNI9QVp$U_0qLBb%C zJor}eXO1&0Gk-|@D@Ym|JlE6D)2%(eY(cy&A(3qXO$8e$M zYA74kmL#oNJx5pUZ=hHji6|l>NT9tS`QItRZ}f%4ArNB_c?nSQUHhKHASxhmU4lW~ z2gR%pDO@7%INErPM10!1!M77-$R?*Gc0*+1Ufq7-Ts|%Hxw4n(Am(D_xhbJXd<%c5 zV&%2330>S%xVXF6_|rolS<-68aOgtzJrR;DD}WiR;tqxb(jsyQ3@Q?Z*_1FxFSfdo z|DYOE@QX3q+*Wg2O27Bo zz$;|#d#^gcBA8f4WTfvqB`Lu1jPC^=h!EfLWe)eflN4|HsYsFe4o!3kE5M>U&1lp* zm>wad?-Z3Yn$6-BM_G}v$*piPl=K>9dN48_A+5Nr=$eX*L@(fEnp#mM^89^{!A@oF zXN6~m5BiXlaDhVCz0{~_I^uNEMw%TC1g}_ZzIjPbyr?V^ls3yB3V9AWRXcG-;&3Rd z^q6j|?yvUU50%M$Hfk#?SKC~VV6b)382N^~(Yr0aQ&A9pgEyFoAxhukO)s7qJbKa$ z$T5kJ>y-UV*hn|cgC6wW=qm`9q8}cT;#^Z%_HUsr8*Vk$*VT6TtCt-t6EcwydI`-- z1ZR&$kaU4KW&}wHW(#ZQmZ#0fL(34% z(8M}5cA^TPseI0TuYIri&J`<^q8~!d=`9W+h!(@EY|U-n!9^u-71WtK$2&&c^&9r#<{k?lO^`@4Ju4ST8o8{66A1WL^IsoOj{ylzB(0ze^}h~MjYsUBdn)>@rQ$8!i`@v4~-ixa~+x)eJ_ zWH_3|w4x(g1435}m}ETX-hs9yynoIGRsHQBVv&rn8G>m5r*WxaWty^$5KR&oo4^Y) zCUB$~N0XPSaz9tIhvB;tHBw4y&nN`OOgNZp1%Wz$?*8SdmNI$Nx*qc=C}fD8L^ zKhLCWx@62klt#`5?%(Of? zjvXX$mK7E41IhyLPF5ESCE_e+OJeXj8Dv}+iJ|BRt@|PKrgl>3v(UC6ZFIBr))1Q} zzWrEF`x^ph#!yv%$aVKY$6)4@jHZCKGhNGyAAa-q3h41M!9GT)4@<*qJRPx~s16ud zaab4ieXYc&So`@kqe2qTK3Ll*44S?|rk#0*kLM)VQ|{S~fHj(Q?-C#) n3mCH7Z*MWOp9>~l{Xx~eULyRQpI?BNM}VZnC4DRl(!7U-UyA#~q-2;K(t|55v-~oc$&v&2iLv^3k z-K(nlSXJ$_BUO}S&{2p{002Ojg-WRb04(8K6G4J~dvY6|*8g@xc82P@0RSq_e+>r6 z%zpap8hD=7(fc6G9{b+7~g@0A>NYYp{7e39FYe-iQ$0V(oM zYIsOsHHqi|+(bGiN@S2+1ZBZ8o@yVKv@|@)NPYxdTwFj5o+=Ak6v{8eUCP3^;G&4A zvBxc+BKx1+xBHVXElZ*Y)mJ%9(}>@Z(9)pXs=NVc6%yoFzk`PdhPHOu!~;=ioBPb`S5_rxVhO5pu!56(EIPt0|7aA89p$8ehMWXOnxE&#<7f$0&IkU z>S?VgX+Vbqz_pSefB?T(0S;MhD=1Lk27I3ap*8|YXaI+5L?|Nw?*o{OP*ZyYAsGPf zhf8hY3+7tT0n?kNG8%#|{_c1G#6N`+(&;4R5VN)Yc$ud*)Ym7nd8z?fvko05+#OYH zmpG}+m@BRlsz`|>#zES-SBvdUmPa_zOEsr*2u`u8ON`UqLRBarsJ zTkAu8GT{r6pc&|w07;-&1dzI#FjfaiFoaFklQEgFFNl-zd{?yzOLoR!>(^|@5OKzQ zFh$DkW9SYftr9&NuM351BN7)C3$Bw1}k4E6CQpqRsLOIo$R%kx+1U5ryIQB zu>+;QBlE#~Nq|ks-$Qj2bd-KU%fX~HJXkBp{K#-2s{Qm-$>s9Rbe&lD1B7N=oZ&i9 z7V4ka@i^=tp9skTej4mZNiO=11X$UIVvRZMxes%WYSf1;6A+1WYGDqcDokZQbLa02v(z@J9 zL#)_O_c;6 z%8CMrB)1&5c9Yswij^4RPP)row!0GY0Yll>E5E1>+;hflMv_t&G$4|Y>IZ$6#UoS%`!&ej$ysl-dv@ank z=#uj4bu2qe&+Rb^$W?GE+xYbD;DOYa{aNGr<3riC44Mu?6B-S|D%upG@F1^?lQ0?k z@al!Cq~Q;7$r964)2~}0i5;`TMT;L|KVZh#4jJsw?0g*hI8;Q3Ku1X@uXv<*mZ_%L zQOZ~qp(dw>_Ged3R~c4Whf=aqRqjvgAN3clqpcNfMD=^W5LRnjKeqasTALAA zw++_*I7|MP?Az%Z`z(Tp9=?oGMW#pQ=hp0sE2t&7kvWxpCgwZ%FYS=sT4x$G{fm32 z6=$4rz&1xcYhK2hz`DaN_$negQa)&$?W-tT7Rk{1$hTcN_iGo!t!&5EJsrE=JBR{JSSDhFD(98j~HvnOiTEY-J_ zcvaq-o)d`Ph`Q$Oi0%mUZ*Xns8c*HC=cj`w))Mjsj;svRa4=NzF!Jj?l&*K2l7(rr`fK`KpZBg>jo8B)h8$IB#I z$z~_K!r#f$DK^Arr8}{xlcOW+AWsTmW2)tIbm-Z9I=u?t&e=xY@gYcOA2D?PR4~>5 zFSHE5f(@HRFil(`LP;Ry?|TqaIerZ7C5{(u9LlGDvVLnS_F2B!h+mQhOyo+JP$tFC zNhgWjyq{qAp~tYqgxF|pscqFe894??tIB1bJe_D7 zTTS54KF@nS#qP)6N@^_$lh&;k8X|AXm=&+c!nzK6G-(bzv$4IOEy8ji!5q){38GTc$`SkimdX@d_ zB*SV~aI0iTQLk`&w`JMr)TEG@MzO{}jRy_Bv$^#a)1^Dd*)tNK?i-$y#Z~?8+h@_y zo>fg4O~pm4MaxIo$EI7c+Q`boyR^rThBZnbT~3GL=HQ+YsWDoYIu;hm=0r5q;(sz9 z%U}#s^t|Mpd$FSPp=-uw4{cLBOMTisyhYx;B}W%r@r?1Q-a?$G@FcS)W4DvYyv+QN zrJnhyZ>Ha=JRv&!^JwGqlgugwW;Tzo?kBk`jZxc`!=U+O>&xkwoYWj&Keqcdlhwjj zp9Ax$O*>4d^G=Za)|~Wf^np;f(3HVtyZdG1>K=}EyLM)spz+5e_aot#{`*eZ-`g1WCBC`JN>a)}B;O+G${<@zl{qxj#*RmJ= zSxvWcxA8ym)A!4g>*0%H`Y&t0&e#0yzI)|g&92GZB7_D{za(DAV@ke@&xjunLk~O7 z6%d6$w#8hZ51+~;r!A)GatU4vU&d<*@Y((D7LS*vX47X2zFvM!?)~_s zQ2!8l&!{&yr_n#H$J0KqH7~OBqD@TY-7jE&hF6>WhHLeivd3hiThXCNg0RTrP03etS00d4+#)BUKnB-?!srMS*D<{5Q z0i=Vew^c`Hqe5B9{dRcop%U1t79b)E5X5}y7t)TK09q@D2?+^BBTQC&6X(c2#*X+9 z*DMVY$9u3iEHVvzlGdkWK84(~+RvL5i|g~;^EiBr;$rcG4vND^N4HhCJ_Se?s3rf7 zjb8=Zx1*SSTAwcB{oRF3^ZOxQLZ&oQQ(uzzhK7dTq2f;nKN++c8@O0vel_6`aN6j0 z7tDFZp|s%W6i@rgZtVAORz{|1RzgN{An6o>D11`?L#<-L@tiGw*lpAIHkO$8sIB+8 zruO*kjtC2U;Vs;@<|@yEuixRiCs`+BcSPT1xbrrCql4ehMQv?uDzi2URUekTD`*hQ zqk1eq!duC=Xg6*Ij_7n05|U@(!m++^L>(vst~ z@hLVoR_uOMSwqt!e1-!B4<}sTv7_XzgFyo0wMNV6RmR%(#)D`>YPTsjD9Hsg)e8Uk zebcUK^a&IR>tQ{P!811R>L5UgKjNbtig|Tcm(TUlqLAlF`(B#9g|6pYpKzlukLMK8 zgBxG26x)Q}6m#C6L?vMQoZ-Zbt34n3m#$YeUz)OKd^VlIY%RsVOfr#w^9wh2Bo7~7 z=Z-a@G(y1r)d4EpGM=`=vZEq&NUmKYF~Ft8pSTDFBtO(wq%=P_1}nq@XLrVgaJF&9i!pR(T>&vroItyZTHJL>AY-q^pBHK3)e_E`lykq_|kU81g({nSUVAoLxB&rhdbfKjBF+ z8rB1~)1nxwbY^xvl76**|UmqpE5GY{7{M)gRCllW2p=k9MgN!KaI z=;pMTA0=k@B3pm+S?872F|OD8r>onZSGRGU2IE{*v@QxLLrJale}PtExcw*L&*>@I z%)r_#NggI)8@t}0Uq%+0P6wNpaGfYQ4YdWd2Fu=$g`wMbOY8f&;37)m!{#Z%!*kG0_@Wxa(~^hZi4~YpJI6X;OJr?fwT-GGHd^cre_>(l@QW-G zD3rg~kzhoJhh=4Dz3}et>|7z^qo$!gqJDqn9}xgR*YL&+7=vry7l;P{Sg)`F_6!Gd zlhx;}{-e;0p3nLbF|PkCczAdwvLW+{B@8{;vXm8db({XL&t#@1 z`7saRpInKS8KAk<)yKDVk>|N$%dA!HEHh;UPh$l}R`00gEahB)fl2II$Y7=o$DqVT zf=Z>)guWdighNy$B2eieTrcT)4tf_^npIkyL!`WZqFx$E2-WOAQF``RqW13Wr_yfU zhRc_c7)|49D6XuOvxAtgcPa}C3a*(pX#fJ$OUve0rZ%85%I@=NQ}IjZP};&q>;y}Sf~2?6)r1~odNlxdyV=%a zZtXA`=GYc(NR;3lmt9m^bwTs*A3Y41w6gtZ8%IoU^=3i-+)eT7ff=dbw;jB;0n4)6 zzWEvpnPM9NHg}c6`Z8OQ|AA zzw>@HBr2|S6*9F5v|yP2FpnK^6lzVLs*t<^ojcXl4%7ZjJt{@aCVa&pr8$pXE9g8p zn8c2s0EXpKjLi|f1?S8*S9Yx*jX|M$mV!lBN&--I^8hphkKb=GPM3gI+wL!j_p!33 zvaUvrSIdUGl)mVc;-8Z*>MWEtveh4C{~A!?a?9DSR$5M6RaI+eTPa^gb=EzHr`^MV zk4$xtSvrIvVq!<7If4Jaw85RCF(vot9Z))?)2Xa{>%zJvil9CARZ33G`6sSotXplz zhe+ny6J)N1Y7F>=#oh8D!QM^nZH0~cV)*p52(KDg@j%lMrp8`(((c6Ues@E4EC{7W z8lJ4ygm6nxKV&C6QUzU(R&L!)$QWMLV!C{&^K66Wnz{Hy<@an)E0ZNX@XxkoRjtO6 zzw<3r;b=xYSUEl2^VjRNd;UB8&5fk)QlH>v_2SmFjVs!agg%hI2okCcSGj__C<{fq&89Q=jUyui>Fa z|7E*Qf4bj~MK{b}ZIoEY{?9qePTkLu+M9Yc$4s4;JvUGyvC@akXw2)!7)b0iv$5Mn z!On0>c^yG*xrE6`Itk**o5@KN&_)6yBRX>{Yic!ig93`_eE`+i^Lmv59Adok^=TYp zOLA#t89qwwmf|Zj-k8H={o~CqUe}v>pF%-@A7H0@{@wH>>p%E(na^&xGZmC3S6HxQ zM3g3R^5!Ve6#}5>8+R`U`2p&f!`3QI^-&$FjXVV@Ue?Ks+T+S!(qDLZ2i+By7TuXl zn{900$90%nhU_jBl>y)Vvwib7=^wiyb}Up;3iegZ9wK|9#M)y^+K%)w323ZM zWPuGDmgNOhzge4Q>n{S_Et2v1E7$Ir=$yw0_uod=xv$@DU$Qd9Doo&{@mB2l5tYLG%S)cI&}&ny5M8_z zLNMp!*J+B*t;~5?KTM#zX}hV+=!F4{4~bNz47ICXY=`D zc3vsn?eM*o^f-QY{@7q~R<*b%o(DFp(+0fShg1yA%V(DF8 z(|5x{WgSytROcm?CrE|)?l}Y`n`9}SNTZu%DKXMYw%%C^^W9wDNP*V;)%$F*W>tvf zm`Qz908o*=@%F_|1;9BK4)udUs~^4E=()}pE&KHSq)WPqL3mpN7L$@Ag| zz;QeByvq0Sqhoo;i#|cII`WV^|9AI+aB!*}$6+i%+G$*@+tJn;TKlA332tL59z*td7#G3 zbYIk-z8l|pHR~KA%Hpo#CHyP$xSjRWio8w?x3;3P8UV0{cCH_S@D_W-kpKbi#(WP& zba>{V0z0gplFARf9C>1dXqqU$ABLOiUfd45#O|h}bG`rG__OP`><;3YK_E+Da>nR^ zG6Rg(F;E&!$PSbDjzr_cI!-5m+d}VIt9bpfex=1*rh5mj3=X7wQ*G3B zpZ>$TOg+-3xU9GCIK{lw|I(I(%3Ih75OBWXkvp`dCnZLCAP~E2uJ#7RlN!@(j4s!z zfWI|$d6)n_na}s~(iJh`yJi|yAi-jgq8cf*>YcM{7Wr_ z-n}dBCCzuyiX?F8pBtBO?385MBEPfpwi?EMY@-gPSE-|0vGk9HivdwF=l1sgg)x5! zzFngsHuit~;q!VfnGXo2f`&0_>Fp#=@K=)d@aR?G;Lnekk`L28C!H$~s@Ywl zNmwc2U%UObo{IeMyXb>bCnFf1Xfatok>$f%>JeSuKT+1$hYt^rPt&>V$usv)o;^Ts z7{Kpg%a1EED>JEbJ%PVV3hw~9ij%rnFF&O8nv_UfyI;mPn)l1a63hzFBvK?z(fjFJ z3h%p64X!CjS;_+(-d3evUvY2yzZw~Ge?CH#$KcdH70dd<%hpX%qWBxmQXk=$s@g78 zh}I%c_jO-biPMW9`LVUat#@}p6tOY*?v#YU-foNn?eR%-wI?KW0GOT6&46;lRu z;32r6ewsoJx3249aAfo*XC>arzr5g6cDWD;iU0ZTCcM&)_{$5ncp-zDqUGMf!v|QT z07spiw^iR#JSZYF4ddY(uV%rvzM7o^9<6dZCreoc5QoT5@YkQ8 z@lsoos%dakOYM`2?}G6HO+srcU~QiQRirfyEj10ngg5t+q#4r$Gaiab7810PYO-48 zG`5G$?4UVb%?t0~0=f9%X~?{XW)kk;j%K%C9eY5wo0Rm$!xPNl4yvX`WQw;}bxgwD zQ$gu0ai3mY?6PSjt;#=q!i+IAuhB$N|S5#AWf4C@Tz z+^Q5D+(|7Di7;{k65&7+NChb%31mw@e5BA&Me5Ngn$Z!6j1n?!%4dOtmwY5#a|IbG z*`xuhv)`-SB~*V%78mMmAC;spzVbj@OY{umBi>ZXDIOFMQ&BOpdw~f5B$pwiN(=r} z1&CjU0OB`qi?56YdqGLOI1;5);lf`#3#+=uFQ=^jasyPFys>y&#QtFQPqIm581l4` z10?Z}i%q>LpQnNL6?t?itI+yPePZE2ZroX)nE2P zs9#>5s!{^BtMa8>A#B=FKO!G<-v^-%zJefJBB_5=7yk?%WdBlG0!5arpE09R zB7qwTX9v?0)0)SIVjR0oUR>fuo-<_>@17Q=l8_7F2P(DM%G+Th)?Q#;y;LKyV3XGT z4$xo%xra1{G(>V1I`}GDUjFSU?=#%Ws5@@r1%Xh-22dCxBG@*$`sWB_7nT;D5Adu- zAM3pM95>i-q;DQ*MyX}V^RZzh)&@CyPn;OrdMjf(bcd*sX~OV#g~?Af76kx?C~GzQ zE5Br`7$U=_;u2_S6uIO!KcuDjTqJuR#$0d*T(~Lw|Z28R=KIYADTVmL@X;8b&skusWWxMCu zh0a#TwsDk#2pF<#RO-xVcG7p8Hb029KghYG|EzV=#ues~+VqXsObkpBQU`a~>F%eX-@C=kx z2B{zkM&2GQ2_#x6TxRMNH3?)a;{o=4?J5B6?M=ae4c;n_9M>z>E3dNE5D%6FFcVcL z!@=g_R4y0tQ*3`T{k7{9xxL6!TNs2Wdv+Afk#2S2zk4$C%mfibfZ$~J2{A8C2t7(n z4VpOtg{umNKtq>)p5A!o{eUf4OJ zz^+s2zZ-cp7dy&=Ce|~-ssc>UN z-{QHTN=#b71R`W%W9Hmb%X+7laF(8hl2b{0#ChEnzfH~ljkL+EJYKn(JpTFR?S$K^ck#BhvLy@N zRGNP-N5QHrlESDr%Nzm;!#fw6Rbnp=&!2|~tsTZveA8HT=jP{|%m$;fd)mxpryRQO zj_8um*;c;gAGkn3#Q9t0TUk|pBI?%Wnb~tl$8GuZpL_J9j28dpQioy|_y&S8k)i(b(|IxEpFN+W6lN@j9_SZQU~4 z4?F&9h65}jgDl#_WA1rjv5TPrLG^?zW8*iMAoav%zW)1slH;?xGM-*(>q zWi&8DR0!9Sy&gU&GfsGXc4qYLvxk$@IqO>i;A)azNaiD68uXic1Z#m^gBqRs;K1OX&onLoE+4ukii)tLZu*NhGkru#UfrRKO~YIf#L%oJ|>=c zZ3jo0UMEFr&7WQqUr$N`*R&|maIB_Acg6Oh5^_O9B^>9LJV~9l4ah}YvuAEpvgBBq z6n)~=NzY^YLHK>U8h4)@`Klg<%oGWA#y>Rm<@fSP;8rZ;eENyGf8*+V2%&rJX#_4= z2eCv*|vj%~q3e9xfM$J!**u^56w=A|U+Uc0>j7are^dCdIGLD)#8PIL#VpaA zwx*^ zaa-AJCon+ehevWeI?d}M-5xhX>1Q^x#+0pk23+A-4F(Qz)znOC84P$;4)?HdBnFTj zJZ;1b91IP-ye`i2biFY9yL}=oxDNUWF(@T$4F@W}dozQ?3*M~KT8sz3TZK59yFHjh zoq*;hj@G7-X|%)8yot;(>sG|&Us;_K`cH2RALcObVMS1_;Bsaea|A};$ zqYxc0*VAMDrJf!}vZb<|pN$V4t(@pPf#7`Ga}X*62&kxsGGK#we3k_ZqRDt&r zu*jH5ln}}N0>d*FY?}{s?I{d{Pz2y(YS~dGFRw*h@;joaY*ep`!0=o7eP)0JO1fai z!4Ir=3C>f1F^gO^BRE5|Ci6Pm@-W7)%SHi{Kr( za-lNL*>_OaUHo@PeT#Q^?8dG$^QLWvQrWmkRV>H)Detp)sF(U-ur#Y}PGWBkZsFr) z!B7tip4FSjQI!;|38I7_b^vt@6SN#IQM8%cC4J&uxsgQ=UYG9mX@ zoKc$%p>Ff0mDI*EL$JU~zI0LP9XK1Jktk6~7UsM2=Xu&kxC8^Vah1a6L-{6iGtR@S z8&)*nzy^-Smb|8CQz2r;v!BeOo*Z8}=?7CtRv1`aa-c{uG(Rl}7-8fBRr2YwLBNHR zX{vG81&XLI_ zsUbhXV$uyB&Z>9$WEq7Lo_f8ZG_u7kuBxJQxD5O~g?dPj#Lianf|y6VSO`N4po*%{ zr*l9J0OxNB6>ESx@4wslhhA+BybSgu%NQPwxT8}mYfhcbLJv9!SU@8eZ@Sgpd>17} zog=vr;^E=pD(WB+IF}w<&>p9TVwbP6HIaJWON^$awBhAhfUc&3BYWcg`izH2F5tsn z))w+(9VAgc5a;W>sy z*KJLMH2N65c{`yMs11rp!`J(+Ai;bacYk`kz%POtO_xBq@pXdlL*u9iO++>bIWgMV z3Sr=1UMA&y&`J_gqC&J3A#Db=8F{pmo(mwJErHHC%*><08(Y#>`1`*8OOs7Vb+SRx zTsebG0v0@gK$<}1D#t?WD2$YB&@#cq`S--FfHZ4{5Tq9c^Zl*p*0G&ukMmr?`N(T@ zmz>N@!UW{^GT+>>8*TjCY85YW+LwLI{ydqer$=uSZZHvQY+9s-3__O9w6<8j?xCKv z^vc*>WiIaKVKF8BMZ2j+gwJw#w#K4lZ5l}?Jy0j;vsnN$}x8fGo(cC(%Gi>UvZ7Gy4+LSPVB?xEThu04bc2KJTVQQf;q!KlBMuQ`PGVfX zBXbWs8gAgsZu^p`$-g##dAS~j`F`wwpYNtfb5e(_iKt%||Ka<~6d^2sQQwUBl$K2+ zA#RFVBrG)BZ6pk41a)Sttb=8W#rkoZ4M+ar@p16$w3zR(U3T+yftC-Jrump@kr9M{N8eEOf2zZI z>f%`AzK1iHw;Lk+e~O|F3s)#sF57|nhHShUz` zH@TXBeG?WjaDbjHiFjlNuNfh6gm?%YyyPM^B}4X(Rwfk)43$>E!j?z`whSixXE@A| zXd{BA8y_K)4Q%byb}k>SvcI33H{TIjWYUx?$zy>Cn{sgSyB>Puej|J($j<_3Xr z2I+8ve($!||3i}Qhfw0OUXA^$wRXVDgun|L5OBJAO{iNt<|Y{QV(O`aFvz6FK236q z)(IPZ1deh9r2Ww2nurr@rDs0ug0bNx62a1r3X`W=&3H4Wd69&eLFuMM@D3Fk5rB%O z>eaozKBkDz(C&{RB~b^5LiU+`WK^tOy+W(XQwr(c)S_qX4Lmu z9ClDpAedHzOA8+y0*VeERSgbFXxJ&ehufm^O;C_({iv%Rf$z54jzWuvFUv=YFTnUI zs?XBcDu8Afl1$N}d8pk+e}v5H&Hen%uuALc(VigBOkyr;7V}bHn0S| z-L0nR!0ayWv_xW1;qb-WsPO*Z-LL4PVPAC~1pe2W*5k~(_UPovvUA7__Awq!sn{yo z@mPpd=4433A+efjV_twoQd>6c`#?yTD6gb0dO8Tntdd*`V=Wz~=;D&nb$*BHWg3Xk zJsyXpQ9@H2&Ws~6@|K&B6>M8*sX&vHzT2gWEGcVBRw5N1+$T$~4mV{oiF-ea(nv(+K<~D1H=t4^Vi>TCWkk0NV7{#aM1>!u7$yIKR`Y%|S8eFYs}M*fan}9Vlbh=q2ah`BmDsE#X7GIYGEY`X&C|`vE_jiZ z7`choEJkAA0kuihc*d%DpzbzwTBz>q>wV71LELD1M8l@m5 zNe4+(FgQ{*mza73d+Cf{`=#q#sIiStlv&1dK|CWc&2;rP!n|h6*ZaT#l06q&znmGp zRt=t6C~dILhd34Ur!27aL;}Y|?rYNa*szP066rHKozhCSoUV?UB%%*hZ@qd*7(I|} z5hMDekTWXQ@)FcA)3{DEJjPKr$EWlIr5(;kA@eYqGq6VB`l~tLFU(NBsfq6(pIjBA z8Td3H0ERKQ4^W}QR?SDyn_Wx+(S+dOw&1m6&253I#Zl<+tX`^X%l(hy{Ec0#Eq(1< z7CRqWuCYth=qUiKQJhabs(uveF0ECIxk2(C{rPmzy1Zf|ZdrZ|llY*lTp zRtZ>H;5nol6%b7M7kHaP-l!SI%_^j?524Wm6>s9-H^H^uBEK}Uot-E<*|PDa8pGzf zvKK^(g4=O9$NhHXANlCDc6AW`>bHAwfSlEkpgLFg@SGzAlgAINbVV((T$q+{!b#zv;)`>wwHO54pTasO7Q5r52kYLI&h?W%NGlPVm<%xXUlkOfh(gBVkDCP=Dpc??c@X( zplh7*WnvGJxv}|S@tXbhf{eYc+{vbS?IdGCxjDj092}xnkRm`IGBY7`pwY&e2u)GG z#O=eDAJf&Uir}MQNc+z~|8ZyLNE|z<=QdrQ`=#5~Ka&A#p2r^iYwj`_32586Q;Ys? zEZFe_*p=aMUQ&t5S}#Hr(&S(MT#OwJwN7id`1Xu(*xM18o%wrDoiTZ9@aAHwrqYEV zRTz89x^FLvq_*j@Hn80a=pH<_4OS?or}7i8gI3py7|xFd(@~Ab~jz1P82; zep#O`%PxOPRX;(p=Gt36&m_t;=^m!TvBsR?MP@Oz%J8t9(BAwE`(dH(xzeFTo#lY9 zVXv{sjj2c6iyLX8UPhrMPgMZ2OcADfsB>MU66W((D8{xoixQuBT8w!G#SXGH zTpeCXRxi`iS2qO)wR$QYtwV~Y8_6NcFaTgh$JrhoVeU14IazlCfm2^9ZEFz0+eZgt zeqN))NPkkFi;nevyi}4VaEAv%u&~UvEy{!Pb)j)>q*#o+GqmK#_h&6)%yaya-t41p zO9zDfHz&z2JvStdOr_Qjk1O)nig0TG5??TmW8N+>BwF$Xe>Y)r`iY>fmy5JfF<8Tm zbg+wI1+*s=zUphKI(uigAm(d1qIXI2J!QbQOeF$YYx#}Bpva8?I`LmjD+@bb{r?rw+ zLy!j=Hd1=xtqsZYu1_q7v2Z zYZE@>ib&g}L_2~zF)q0&N_un$k{Nq2;xdr{(Jg$#J6L_adDqSScZ^D; z3FanD=cnVS1&kgvNJ-WIx3eMu6Qy9Mn_Qc$KGG=woj zdzu_2upk9}uVQ3%tG^7u*swg`E2!xMf2*O^VjSg!0PI&xENlDSS-`<5Xw);Yn_No; z!i?cqM;oU;TKC269r<5-`>7Wh-of%wu=wq9*DV}uD2Y88A9gs|XxA=GeVV(@%5;o7UE`6^{xZzMerd~9D9h!)m#Y^z%GDijDq@zOV9!wRpP3}2!~S;M0kvB z&M5)y`9ljm#VUmZL8`5h8iV+lY3d*I5#1mADTU-oW2J<7o`DZYE<@b~bc+e9Kf`WX zH0(332gaSZ%+gS2Uxsx2t=G+_aAzjwc}AU7?W5hS`XY!_SeE6A6BHm8Bc5)neUs#t z4yf?0H4cHT{?Y61v;A!;YI2b>s!v8v;NMrDeN*0uk7+ol)r2iEeVJuR;fo|(CgPm) z{!;t&go9NA?&BdQS8v73 zI9=#D=DHw1Z)|0OH&Y?wwwB4;h4&ywqfUK>W6C zH%uhm`}gm=jL$vN7Nc3lp(RT&z@b5ElgRQ@rQaPo@ZH)^(daYTasz1==011bzo*i$ z>F!1rr!F1NM7M@ZHiG?-(P|J%2n;lY14EpFiZTS|odlBf%%BY%UG{a%;C3Wbn36H~ zxm1B%$kD;Wvb~UMR~1(}tuOVPE|1|7j|g$>?Xa1CtK(+B!o?o%`<;}t_&%;Q+h)7#hw88l zmorAu%`5ljg5B$BtMs0p0JH`Q5Ltg-9F!Lik&vkYgOxP0W{Kf9}m$0 zqVcYeg9LAM&)&_oTZV&^iTU_8(rdA9+u8Z)-V_pu%6hs#JaRhA`291HljtNYHUM2D zpY58)eA9lEDwdHyJK#)9>LiMOH3q`7Yj`a-GWn6!ZG6?+lv#lru&6L;J8jkK04KPL z%V)4u_|qngiL$h`zB1Rj3Cid?RWz!>gI!TwDe89SvZJpLV&GpN6AY^Dun#&rrBc!rvhCCMcFYRyKM#eDLU}3Nl+3RJV^=-h zu_YLti#29+#a{ND{NGY$l~&Cda>baL`_iElaqbx>GTY`9zr9!w=Y~5mpyAlA?Y-jRA5EOg znVzBBF0FS}ZuH%Gi*-24_%Qr6dJ8}J{9(!C@ci2Qyi#`hNpJLaOoz|#t{4=U^$wx{ zDhL5lsoLoWB*=w;VVL9usfIUtp#D65W25v6t4_wT1!JBfm}g_PCSe23!7#81s*^=i zSz@0jtw~<5hlEC*I}3V@U=wJNqbn~0H9IIcog$&BlXvUfTR&S95R(YD5dlD`^Dz^{ zk(}E)=J!>3>VgfX@`R_Q=}=1=o`kK}&~n;}gm~NtOh>8hs*o499Ke`vx$iNQRI%W{ z-p#NXD-0IV|B}TLGU6O$GHrr|SZ}%FR*zT6`E?#=0I^NN<@?_<*KxkxY<+n{=cxfB z(oa?mP)E&iDaTOiOdc0LU;8h-V^@^jw=X`PxPedQtiyQNLJx<c$K2DYVS{U5{Kzh%nAvKptCfz~ z{J!XhP#1e-3pcb>6zo$>ch9XaY8r2fBWE5vCvFSlFzRLag$%Ipqi6iJE854TEIk@U zMjGxGhYy-*;kMI~f@?}bZ$K2aSXZ~wg**!C-JHhGmEZ9FetO*~15C4j9OoPLUHP`|-ninO3dkSsq1AZ1;4@vCA zFL8%a2*D;+BIkOg5VJ`*VZB8mZd3w3+xGFySVHT%mDWPqyI=@2P3!Iap*gP?|ZkU z*Pb2rsxZ4vCTid_S+xA}@81u0ZDn~WvjZdAxcR5@er>L~v>tRux&3!e`1G*wk6+p7$F-TMXLgSY0DAUBcz-NoMBi;J2` zG&Gg0>8$kBDiAlc(mG@XmbEgS59PX31s4Zg!Dm6fdgCy70D)b zIq6hcx$^QB1x7r|oQx<}n?B$aHWhiu2rz46L^AlB- zyFaQn)BM)qGfwSKIM%L=!%=+Y7XN77k_#np3bcyK6Cq`13F zvEo|X-KDs@I}~?!D{jTzDemrCytoezXTRU!SD0(|OeV6DwX$+QLXOB}!Rxpp6B~+! z1w!J1xDd^_tZ)$x!+9$j?R6USjaBnzJvQ@IQa0RTZFZRRr3#ZI*gqvj?J&qBiUxkT zl+7%M)C+|s9FCz}uzpfaSHnWOqX16 z;V?8mJ`h-A*9abi1FN!(45iv+&a1aX6w<4~6dbYA!VH$#0R(=|mwQ>wHVPEGA1{B& zU(Wnx^P4 z=ilJ;u1-TK(4v1_F)kZp=N-HA;O&!&oec^Pj#T?u<~Ye7M2WTUpkyYJeDJMrTTb)q z_?TlNv4b5Wlbj?Ke}svKcLNM3eh30Qms%9<{-Yz)S~>~^UD!RLiwjqGd5h*7xP9n4 ze=L+b*B29>|86C!(kcs)@k5}5PF;zg2LtKv7WZ}YgjLE5+I(NP84v4_T8_@2_yTQa zjtT_axFucwDW{Z3&rcd0RmSF*p5~KK$~MnW3zW?E+Rc+SkNow^_;*mks&z+u|H#b+ zH@#NUYhDjLG!Xq+f>E7jAm;Nto(D54tnQv@iVv7x5WfacDuu%Hlziq)R+hO?_UK*ecA&$$GWaf7UDV<$Y#M4CcWcH>h^Ozg4^KLl*fN zmf>obDUMt7^9Cw9@OVSAE(wf^QXeTQVxfn4v8CPwZ z&1kd*lTJ4?hC_Lvj_kpoPjjj`P8rcU<4~DfjYry#ym!7M;Hng=dF-b1+rZwHUk&J- zJfcYuhQ*F~*uNKXl(3{qTGkceDU@9orOH}e7ZE9(To+-<03|F1ON48CX$6WVQDvE; zJ5lK<%6Y=gE=ERU%t4hEEYD(pYyVzshDPCD{FCjCkGtX;jK{Z-%it98J?EKSInN&Z zcJFHAm-qocFrD zvDu`|K8=CCE>k#8q1og|Ba<^Ux%dfLZ=?&qy(mkz78u4DQlTg_BzHv`nhC~`8Z>f* zcO8@y?yap!n@>qY1Xk0|U#+jZq6bmJ8L1|3G!=~;yud~VxYTfUR#3uBis`O=Y;aJ< zRT0tT6b<@~N-C?NY;NB0WAw?&`^!${jHH&IYpO$yODnTFJk9yI!m$fUaqKJRa`l%U zO4HukTas2RM8{dC*h`9=TnIQyEcx&hOmTE7f72dLsLyC~YB2mvSD$~I-A|u2j(imR z*4?BPv;bbgiq*}JG(ZUEGX#Z~Clsa5w2C7jd(tJ^Q+24{FHM)Z@k~tQ)p%W2IMzPp z27T^+yinPCl~=b7aNO3ydzunL-5olv-0HB>9c7G3>MQ9unrd~j+<$NDey|zyy3bn#|<3C!TG+d${brseE{Un|Gh`+f63Z*mjy^ zX43T76Xf(QMZ&=mFYcLk@wmE``|3{MgK%)5@qrBT_dXkqn&#E+vYb#FZ$=@%_cqL{1IE}foIsF+2+a7-Ck0wIxUpOvn_#qS=?8^)D58XgZl0}7(MP`W-Ch-UZi z6y?;1n+}bdSv-mdyk~P6+dhx4_5wcdhG|occt@KKF3JjbHql4}wOs#rHHa5*x}9h{ zuX3)0qd1!w1^R}ByIf57(A@1|HNBcf74_aAdl9!0roEvBIz2-lRTO27g6Pw*cot>i z1e~s!tMSsDm0!AtJk#`T^#WQck_OwKVFH>5C000_zj^HN?gU|NI~PA%Uhvy~yO3$z zc+1(8{;B7+rPYhZ^?sf}{SF@avio9sl&9xY<3OXRh88=p+degBo-LBENQ1%p&JIiK zBx>gS>FgiP;5SrJ+(;k6shN?M!zD=mK|xUp4-hu%H!&Ht8=c;yg(W^H~ zr`>Rrx2%qN?v=Gc5uS6GNO+lhk1u7(HkE`l<46C*nmcTC)Sv)_%Tz(#qd*cBjnkh` z$k*MikBMgr+ny&uIvTDM*)7wY#5^b-@gXF4Ws zqV<)hpY_q<{yooiWBt=rA37*tsnXBObMFiDhVSkusP--bj`^{C33A4%X34SUj|F4* zPFDx{v{2}p*A6cmQKv(S+agy$T6MO!!up1_wypWg)gkWKBnXryh{3&T)hPd*gS(yg z9^8B<`p1{B(PPnDBggqkY!_1B%jF(P^UY>mZMo6T4=lX$;plOE#5wIzvNxHOV|Uu0 zCHO2RvG3<`JT~O)*L|1ya)l6$R z4WCq84cY3r0$zs}MU?-?$M4G+IXRHSHovohd;T)!etdAb~TQBQ|pr~YogZTFU&-_M2{1h<`d z%$HW~^h-pOL+Sbm2vs)3QTWUp!GhDNH}8(ET3<`PAcqahVf*`!@&wSbl~z5wuw}nK zeIeF=oF6BCKUT@A;oi&h4?+A``t;R#ZToO?^P{17xsiv<*p6$p)vxs$Fnrhodi;A+ zaPkwio*mvZAg9;?JR#F_wQbcjALc>!9Hq8!acj%T-}+24?4>Y{AhbVRMoLebC!aza zg#558CmH@pthcgFNtVm0Ex#R44Y!3t zXXj!vJh65g9}my1eI_JJ~Enx|pQ>bXTepOW?jzEKYme z^6`uY()5Sy9V->QAL;&~_N&)WHb-AXzT0j#Mq^|C8-ks#@8}-mPZAzDqDTwpeA{cZ zBc5}or|*YM^L5A%HUK)Z0;suX;`UYrFS!K;HZ7t=!dD-S=KD(BstH zi2Ju~XGP=3e#G3F3jxO(T$TvYn`sn&B+!KHyziAgik{nSNT71mv#Oe^mkDKx{Agrp zc-Hd%7sEV8BLn+K(<(89k|RkdqT*@iX?}DpO_XI@&CL=*&7(sPQ(QuL}FvnYHhE{nuj9 zeSanR+uK;BUXalbnHF<#um8Kxtd4vS!Ta+q?>o;e70b23!_F|9nLK2GoC1F*ox$ZL z8zE8WqLU0pwjj7`H|{Umx1oY8&q;@)Xe@7aMVN%VU9-DvK5QHJUDgc3XQ66O6q zKap2GG-y$6N0iS{d@=RCNR6?|D#Wiz*_2R#AOLDjFk@G%|BW*M{=cTmBm(8R*`(Gi33l`}RS76rnms4F8P-gWkbuKMut(yGd2f=edOQ-Fo7@ zC+mU6`Zl_XK(N_~&-(V&ZmaNv;}BeG?^RfARWNm5XwPj@W@W#Di`^F#H^H_2l~um; z>FDY$s9$<-kXW9x!Zerf!)Scf?`E^|A~+<;cI#1Bpo--;`;^C(2%Pu7{SJ-Iwr2us zsQ%xU+;2{rFhAd|xZiFT{a#HN%9RG0X%wkl_?p@;u+E@5FTE;c^T>w29rc)#q<2yS?4z-h|jG1n~W|hI@Nr>;m=G>Sdm7DFn;r_u2k8WroFI-5cInl5hJo;Q<0mCuat4?TiNAoCp8K(-uJ zdCaY@G7mIb7yNWuafW}8e*?s&+@S54Rs!2-RC2!d! zgKx7TZ^Q{bZV}C8mtEO=Sd_$bS=OfKICJ$S4FIn=W1KtAF`BLq(eCeWEA#YUFwvY#)Kq zmncf7zNma$5MId8b^by;-ReAdk^4REfMz5KxMI}>Ub@j_K>JK@W?{jS;eQxHlDfgL zM*-7$HSmW+K#@{->>|p^jn=Eo2$6P8dU}1KX_N>9Ch@lz;rL_u3|@O`7DdM$P8~jp zn;t{`$BhMwbqKxu8E34x7vHoENPSVvh+CAk=Ped-bA(=RQ7iBzdZ4Z>4em*0OU;2S-@@5ft~@RbC!32T|0DqG_Cl zTNnbf=#F+^K$W7A*p4rm+1>QF`dpz>lf^89N{og<0%h#ivOK4Cvw1X{w+j~DewJ;H z=+`Bh#thYs8+TGX7s5KOgx|%^v(czu7Srn|*%=g<1(|~gCl3Y*9vsT6cG5(eZ7)m^ z(6}$pFYO3<4}U>D;Lp&Wn5*X94~*Jr_?Mf^4b*+1ZnW8Kw%u59)Z(7(=kbWDG16>q zQmhYh7}HBYwlK?a-K zlp~p?gZc;QTKV8eNE--Pum^*k6>?np)kSf&aS=_Gb=39Wg^VLjBbHR3=|%M8$RGkL z>MR(#8U#nX_vr^xKl#*^h+cd6vl4v_`M*hg{p*ZbOg}hydY$cfQ|JEnKJ91ltGipj zU@l;OV=Q|$tvA|GtI$2Yw5o01+(-vPGxz}S3=4|Q4V~5RjDc7xAEPgy!9%U=YZ?jt zS7ZJaEhhSz`Cf#EXCz2G`b(!NWY$QXwQblq+`Dh;A)IeV(DiMM#&VA~-(bcI+X%|4 zAf$|K%Xk z#MTal-f-<|Bg+Ku=tmp{6>ex1Dw@Wec5;-aj#yD!cb~$GyAOCYJr!Yb$MIc=BqO{f zdi!WwChz!iZDob0qpjOXLgP**mhy*=9D_BXa<$mYOTp+rly3K@ov?{rrqX}Xt4&}s9E$9~^(%9cbhilI~u;#X0Kv(+bN zQJ^x5+8)q+hg%z)ML>bkVGYzt^$rTin3q3Ohd!bj4#6GoPmQFKjx+xWGouYlW!$P+ zE6!SGnV{=-$zz5kv%f(yb90=u`>Jm@JLEKEWNbU4@Uq8mOP%8@~7vwq4^c}S8!6X7tijMoa#}v&_7w&U5TZwgMu6*g7r5^u}p@ABGc6%3R za%ZK1lt6fibbjAF$7SEWx>6wRrr{oq|_L9eQgck^j}F7m`4P}#t) zD5q|8H-DMBm{Mhh5K6c`ej)BW+`}w<;C3@7UTk=y9Ep2cCs)yF`OWwD#D8S#*Kg=> z3aA@ryXQFT(thuU&E~%u4aELlC2Cf7dorAP-Vbfy)R8a+!k0qKM5p~OfByGg5+R%Z z^CNK1%k-Pu`%bKN?!9C#h;;blJmH%6F5J{;ZD zb}%kU>hfjI`oO1GK%jrk_>F)PHku0lG8QWE4CbGM0)ZqfxR~=Ar~J)#AnVFsO(+5 z@XcX)P%Dr=Ye64`*W#$Vp=mfxQio#Z~oy)HClU{Yj-hmk>| zD(b>cLP8xp0_`&vUtYB)?eB6l#Ii>lFUwOE&o5Cb9q*5~g5o`XpB-{9)K!F;Q{cs* z_q7#xa>XS@E5Nia)vBG}0C-elnB`v{N%x1?JYDzI=<=j^RC=fcN6AyB&{kFo!i*&r zRCw7OKD)JKb!TLac*=^l`6T9ci_8+5F*|Nod;k68(!7`R%^t9fSb0^V5Wq9I*l0DL z__xa2Tzz?Ye0H&7B!R{fx7uymFIAfN@jPcFt&2Psgp%V6UhR3B%n`^ufXjy}Zsv%PGcl1I`c> zr655fCWH7lAt%1me$C(3IzN!{jFCVA>B8~464e=KOCa4Zm>2CtTI&CFM{su~#pra{ zEyTF^UYk@l<6ayE4VF-hZ8&pt#+Qgd}{Memtr!jsTx&=6avqg1t%atWohV;sM*e&WcT zUQbOz`)=bJ=kZ+RE0Ul=1SJCFgi4~*UI>Th=$d`Y*6)g{^%NdR9!z)B4>QGK^heus zMp>Kd$oDNll$CK@8Sq{neS=YJ3P3{I^QcNHP4AK}<_ZSAmsJ%=^JuZ!ZvQdvWM`j< zuoZ<#?WHPrdC$%i)H&sglIBr0GBnEnHVO$H zPci!Oe9}W6mfMZu(|!g~BE?E66fly3jFGpGAXz^=11@7@tSXlGyc*483%M4NpweYFolNCQ7pkx}mgma&huxzou+ zzed-`+Tnd=DWL-r=pThHPvoTWHUWV~zf)R0N>)RG!u=j6lmz!dK$YKaOP3*qb~ig}+Fn_hMydI)CJeto zQ0cqwX%OqV>=nnwcwTf8chx;gfKcD=u&LjKm0#->2NET2Xkw38zu-$?$VzKcWZzC* z5J?rt#kkf}q%{73C*6ruB>8)Je7Zfmx~ZtKmq}IKdUH@OxnkEWN$^QUS(?}rICrz} zT9h6$mn%)yC3T!@U9+;cxsUX3kxf@$=Tcu@s3y!>aA_t5$-RSuets#% zL|^WDZRvSG{vh()q-b(DZN5kOxMW5o6j5uM%HiKptgRE$SfS)Jw5_>K;S?IP$N$9!q2Qydp(cUa%00PqsI$)af zJo{_&VQt%yo$kZz35vb~HIM`MGk;7|nfEGue%)<=(`NNpwpdB)T1~P(O*um{G8&1S zT(v+o6+>`Y4J2eT@x{ao4@5D@JgPtXB_2bNQ`@JWnub}wFOhN+l^^682R zU$cTtj&)iq>)FjhCH*aaVciPu@RSp;`GY_RzwlX;N%Tq2U=%dhSSTa^IuF_2uxu{3 zqxwt@i3nf0+rz-NZX0>k3Cul1iU}ns(m=Hxy%b~ILuvolW6bGwC|gQXICSuem93O2 zK+g!L8P!)Jo+ukWK!_yMPL>WH3s$^M2dXIwQEm7gjrn7OuhqDzVNcmeaIj!==w|?hp)(~Y8_>pG(qGTR{yKYIwwvvXzQ4UoTH}UN_$BHqK0f((&{~3|+p78+y2>SWtR}T7qrGYjv>FLz6K%As0IlA& z%cR>TPqGxe`3=Pzi#(s#>m^2=@0gh3kE`Z+a@kyU;gZ^4ZfY9ZeX@lHQy zv|WZ-FV#FgHUOKn?l2Rei2)QQJZ#V~vA>Us$`?>$OAE7JyUSoCCNeT|wH_-4KN~d4 z=o7a7)linbQaSsqdQoI$Kz{vcMMa5n zxh4aEzjb{>Zt>t(Rx6%9ITIprUkwl?JGk|dUL#v?w!MW5s%JQD-&*6TE-o(KX9Iik z`zpba>|`JP8Yz*>0tt0)0l2iYl{#P;B7}$>IP2QVU~P5C`s6s@7d%z<&lCdxS7&qZ zg{=|pdOUT!R=kb`#`5JR$UIS`G$Yz z=|qLnK1KI4kc=%-LEznF9c&vYB&m+E@AKN~Xgm~68|HXNC(XB`$XVRd(o$bPXBV}9 z@$WuVBp+B4*VfjY>>BJ>^&a{bqp*PMW$X2(YW;KWzUQ`ba>Ez$Rf4Z+Ju;WH3h3o` zh&A0wvXv@S(K&41+G<=FF_gKlN7iq%kAJEAVPq2lG_xX&Nq%@dFe?;k78V!p#fas- ztEKwT+yb|GTPzAsNpK51`0EQKF-e)z1<>;h91EKHC>1Gi5;0LAghT{%di)ko7G;-X z)V`xt(9y^7JX=unU7h`NDoezT8iZc|A@z<_*WTXV)zzg-VriepHm=xL<$Q>gMrCK8 zqt;}dI}dM>(e0M*Y@@~<(;>U%by?`a+BO}WsuIhs+UV1I*s%3JB9yW+(=>tY!*z~M zgS+9Z<#T!Yas4pNohsQb4*KM9xO$}Tde1rDNnypR~@Q(TUjYpN(S6_rA;X^{u4^m*0-b zB~OSApX~&@uXTVtWJEpj?fMR)0Q$og<}re$4U^eEQ!W3j4h*jP{`38BQ|@a{-KG$F z{5`H|=#2Pl&5lEHTps?{M?KqmZ9WH?XgnGKoEdz+&dbAdCN2dS5C$xK4y%P+&g^c6 zn_a}|xU8?Mr?)B4i7s?aF2~~sP!TZHQwR}EI7ng?5z^?_o~*(761YMpjK&kE_oMYj zPjv94$;$DVFR${;3#9tyPw6|ahtp46i|2^gj5eJ2{!f?9Y+|L`_l3Tu)9Lkk7?I)l-#?Fo6b;ai zzF-9J6^Cc^(YB-97MmyUM2duhZwQcdMANTN=E%>YPO&g2Mx*fo!OGHQWac-grnH0`oNhy zrBDKIO}1o!?56v6leOS^oVckLl@Ql%@X}If=<{zw)gJ_aKXaxCO^fkKj4a{#`I$^( zYkeL66LKx2<7wS(7LmnePzAU-yJhJj$U>)W;&E$vYssV)$tee;Iqz3Zm+cfo$K2$a z=BwfMR<~B{%|D$Eq(j}=Oy@Bq--||>K=PwadHKRtlVR~;;|s_PF1x!I;;N_RtjiqV zHC^uxfcn6IA{3KC4Xk<&z$`dftP~U3EmJC_l1;w?NJz!X<>tAbW?P+}gLNip$faGF zvalf(9Yd?1Q{x5(6AdBJjpCKuNJg>Z$V%0!9H76hx^Md~`8``wpeLE)f|h^l6;_=5 zn=O>d<*%|LE$vs=(6C>rB_;T*BQ6ztogiOoT&F4Zsc%0nwb$p5c8%WB7EjM7&@bOr zVEk&`_JF|x0dy8RPM7t-gs-f}Y_)~5hP8Y*X~4dTh4mdL(wyV*S5n(Xm(Z}fFkP9p z;O=f{lCRT?+?JQ$t5d9XoCJS^2ewhuDk)!)1L2x!2QDZAVm{b6AZ{a+i__bTUYNe z8ut?=MPF~!w{~TC`LoUR`F#Dn7D04m4d^I>A9=pur@MLA1Pj?jiordd1~*2?SR($C zM^EDjQR9Z7?tB1Yf8f6tJjP?NKb!eYYEHUbP?6J&2T{UNhX zqs0z-R8(0eoBvdwH#QSgI-9?rip~WR;V-Kx%-c)!Fw4xID{r~xyql(KTjRZCTba~@ zY1YacCUSGCb*uBa?tvfsw{CR?Mdu^`8}EB8?ty^UXFkpQK3l4<`|>o@lxIH?Eflv) zKj!@T=NcUa2M5RP;UxV}$__s+-}17m;+jrA%e*%qKYu9_DaxdpuJ;=Haj3*sE!Ovw9VgGF);o)2GdnI~7>Pr=~XNn~Y& z!I(V1b|$ z=`0ufKTwiciRJt$n$LpbmRf9&;|73pcwk%T(fh8#h~neuc~|@Z$UB+I@9|#xd%Q=$ zA^%hM_VR*GC2$%cZ7`d3%G(T}_@H$;TiMdw>Qj&7znO_d(V&w)_6({hK}qL0?L=gv zJF0b#<16Y@uiq=lvU9qX6vwh5SQW{eUMG%F(@@9Q_8m(eJzer$B94J1t*Y9K63ls* z{GHFLXcFYW#ZdoweSQ6044+yy{V$g7E2NAmm&;9E7>XC@D6U=D0>Lm1=ycP=iHwUc zxX&s=G#VOt{(nNS^*xj_sCUCV&%#c18TO?D=BK&iQ!`=AQrtYy*;T z*$h_C+f>HnnO$cEJ@ac1pS1<_TNPQIxc+i)<`i#55Vze@!pVZPN05D1whU_9U5N${h`I;Batn5ISRYk*M+>v;t|zY33=80+G? zS(a4-S?fToLGkk(c0^!q?$+90a49{Y7;sw4h%e)mb6zdRs;ieBxDUxMjZjrteQ~xm z%1x|$;b`w~vR7iu-{o5=VC&qmnPP~Yx11#CMN8`McgWb{>~^HG!e-Myhp5xW+G%D< zdi~s4D8bR>?p8dfttY2OyX`IRlH>YtcPyL7Z*0JMIF^!t-_B5DG4u!SOhIqUs6`-T zGnPDf<#1GeR^0p809!t^IBon=T>7}IWT^XnWQmY4Wk<1!GKiNjI%28nDVDGqLPqRY`&wV~E@5x5UDAv^zO6OHz1{3e4|;rkPs{ax9#Hu+i2mOf#-UHO zrJM-;*>4M{wSzmCR#J)J)b~EvxMjY3h617{RI=F{8+_7SnGx4f)!FKr`T8$E{K1tO!obOM8FM#)C_ouC* zf}fv1KQc1qvWuKI4M?OrImxQOe?IG@$6ved>ZqAp&(7+n{BM}IJB&}rv%h1ozbGOTm+W#`JWRMzfOnVQlx$ zI;C4al?br5D6g;m_%(tx8}t@WW2^J;uV-`hfQ-PA6ENVqe`$&k`a7F0<5DI!U#?8K z5Q1=w0V=1anwqPc8V8wtM*SrO9I>*M>3otxPcL-Pq=FzqTHcJ&$9=_CHA3!lTjl=u2Fn@B24^KKR_%IQSkR*c`aPy25^ z9I#4c-%9G@wri3)QYvMTH_NBD?!Fx~m=S+3y$Y}f7AAT z%dDP?EuS~TXpqtFcKVk6aHH(ubWiy3IxSS~dONS+$9LP#kiKeu!u|q#y3{){uM@iW z|4oi415c{8kZK(pt;meMEqnC!wD&traizesgZYCzv`|3%^APRJ+1|AWC_p(=mO@pH z|L1Os`|<5W0tmf_(ql%TYeA|DAo8OMjnb?tT{3fdKuzU$4<| z{^Kcu(*OVMm+aRtol@?Le*U~3R+%;)X0nRUb-dtt?DCw`vd!)Wm)`wxHa1pKadJ{; ztTSizoIF1r-xY`sm+3tpGtbmvCv3fi0&Et?@anYfGM{t95$wGGwzB0yLkY&d=PB3+ zpT=5W$=hA&w>`)DzfF&t=8Xd;=ZW=%M}+omKJUHJVMpXNZ0wE6^0VFgsoinN@JC~m zx8gE@1yECyD^{-4{9RdjdeL#I-|68fAraQJD)@1~bbO?%{HjQlVe@P=={)_q7tbB0 zkj+P#BJ101C#T@VY%=ZpH5Twg0GgK2rGRBJ1%z`61FJ$%*c4x0a2Q_E0zGHogQHX%SM z=Q~Ce5dmsJ84|)hq1)ZH1fe%%F$kVO_^9lpj14&91jZ%*XP_U|PqM5N&R9@jNve$T zbXOeyJ3zo=7_E9g9s8>7^B1Y_@HLZUicLkTE!ZY(ZRjyp}^VfDd?II*M`DVN(6 zLZK-&L)8aDjG%G>4KOU{7=p`)gw3L09T|4y-rg1~iO!{Mga(IrNl`@aXX z;ZZ#Vip&xqmZ_#Tf6Q*okRu<(oLPOEnJQm88}rX~Fl94}6xL6Z3Lc$g2`QtsWb_xt zueT1QABuWQ_SyIhf_Mw+T3(9Fjgg915tJVuR|%AbnRtMUh{}Q(K z;{T`u+^%jbS6Xh&=74~suG6%^eklCaz%D0KIv*hlgf0KI6UB%d1IN>{^Qv<5N!MJE z&SC$d$-kwf!O%emppvA+P*+>BN|KDaHm{TaY|C9@SM!KE7y1b=Hi0B3_i%Sd;Pe+_ zGA5>;!QI`x=jvweLGU$wZbBfs4&XotIuG5k6lU2!zqg3TSY2FPEG^vCa<#X2bhvkk zkp+mVEt;^dZg1CA9Ov-5gYUqsL+l(?$6gFr2fy0-rvRFLhp7nC#IIcg2a^7I1dht3{xAWAUQ*aOb(#< z3ys7E)158E3UB`6*Kp)PYRkc--6#pG)0tFJK~Pk&uy(mw>!38qHp*iT-C@lo@XLv=06NTXWbqtY#!+7(#`^MwEP(j*0zuWHJ5z)(F*A(-StKSYU zxD6q!)N7QwQed1UOl}ju;k2{OM0g19m+S5dCcR*|TWMO)o8cBL1!6(uUef9ukK;rn zCb6jd$tB}U8P2LI`hIB81is`$Z%xV{qcf*GpJXh~An}^wtKEmt894tDvS3&LK-JV}?);ddo9RN9YvL(F z1uk@p1G_>k8dl%uJInc!|Khq0=F{)~AD15oKcwu$XwaI9Ew#xKxBwP6r;UyC;wBSn z+OiX=TNzCsOPHY$TRMjX)E7u@rul3^#7w?JD(Mskm`KcnJ%o~n24M}{Q53jh%-~0) z8s-wNI3qh58wYzrh=BXNX5YPvn(gPLbxeSljW!bvCC=$40~-Bri~Ig`q>#Z{3>;=$ zKD_vJFY9}sryIxCO^Y}wZjX@XC-PY>lr84{h9PUSFQ@m0ANYAnLR-*{#)xSndbM5$ zZL9Q>y#IAAq?SU4I~`B$)5!k>;!52B9_O#Tln@26b98I_-NGf@>8>9TFuC)Pb$`^O zNQxS|UgG=BNm-N+!VQ16ZJ~X~F-GCL3h4J3Z#H#CM=x&@`~DrOU_IqO~kPOIQc<+xL#?5kI!UAi8xdnXLvL`iN&LB zBJB^K<3Le0HKnJ~ijN}8%*|~(Vo6}fJXL_6W&xn@`Sls#h5MOEQ!ODu@RA6w**EKQ zNd#=g;SupHF!cb!(Xm-3lA7(vcBFs?f)`M@+kNDw=_{1S*6>?Cc#jyUmC!9T5$Z=d zkDy|==4;yo)+q1kbsJ_o6I>keeDeJ#DyeSsj>kmqRM)xf|Nc-w<>$1g#`e?8tl#T! zPy@x#R9-g_vF@@GL&&}sSyU60IrE@MVb|+GLj1fls%8TqbE{dlu0{WbN|mM-!WJWaqzmvpj9&a87Kk;8f+O@ zi%gONnOzh@NrFCqJz$H_bt(6)E*M7&HN0e+9{_EIqAA@hVKLeeeQofopgdp@)Q0{F z8%epqya}MSc8dVG7Mwyopjg*_zH|!u3&_=V?3D15j735e(nBQ!A!NC%Z|56r^IPc# zjdj4vI#(nG9Dj^*$^o1QUkspO(i{-s2P$-o(y7AB1{W{&UmD0>>WkDR-^^efG6nxR zzJ+F8(75#m+iiCRSpL*1Gd-a*m!Tj1&2~d!j0Qc@h=KIsT4z#Q4@_xp=fj1Cg_S&G zx|Cgl0WUH#s@57HR`fg#9lzqquuS&fuTvFu6z}8ulF$u12{Y3}X|-U%{)x*h#gY9z zI9dgoMJC@IZ8P}4yFu1nUSQp(m5uqaSkZ>(@H#)$Zarn8`v&;>@Z4?X_L0IQKnzcs z*7f)|*&MJ1QG`ar-6P<3lBG}vEG7567HdkhXaV4^gJZ$j++jF$|M|aTTh#RwGOQ_> zQp>KNH~P>;0#FkpZmGE=qAfn?c}M8hss8HHzz;9VG%RrN7)u#`{}f6O(Y@l<9D^ZN zf}TL3v7FNAIN7K^#eGy!aoj$|Wy~W(rIKxWGJ3>3ARpry>07cx)&dOMRb|}jleoKB zqV+SBM|jF;w%bkEsRmZYucrooH`LKrZlX0yB9hE#6HSf$oYiGRZrJKSb6vThzA$18 z6G)c}{xlT}{q7Nm(C`pt z94w=}m++VnuVk3tgS+;5!aSJKSyF{5;i2PO=d*0M&F^ph&jd}@q5*TMHO?|DYEJbM#9PP#35lhy~Ty&Bm!62geKWBH02?p zdNMW>e*R5j-^P;#6$Q-kmR44V_@wWuWAe-owOtK;u?HYY%p!DhkSL^($iJCI)2H>b z`Y*_KS^OtPkv0wV%&_q)B+wbre|KbeGT{Qk*Bq)rpkB`A&KHkXaFUv}YxTMs9n7ax z35xIhIFFF4{}TFr-!9)!xTlnsA=xPTLo5W6VH@*Smi63-AdCeyi%Uk9#ZCgog_kp+4TlrWS% zQX#&-M<5Lg!#ckHd1Id&-ahq0fpC#iNgCann#v_SUthM@eb}kcESjEnA)coY9%+Yk zxEP)e>gZL#U4C-=wI-H;h7Pgg6sX}TIS7RcpGHANJIS~wpW%KYFb|FrBddFVcOjc? zc4M4(ox-72SdI^*p<-QOe29;ExI)}YSr(#<7^^?K1>&!<+va1}*tsp&NeWwj&re&E zS&*`~EL3gxjJmjgG1ibj6Co5*WUbY&c6>i`fG!v(+C|Lu-Dzt;Nnflp9Us2zIy#)_ zU?tg!b{x8M;o00KwzY>7p|iGP>ICyz3uw08?F=`Wbp9+yZw(s5#FlX@B~5HH12jN! z*(0H?ta@C}{bMbyG&`J3x2JN#FZO3s@+$%!r*hWSs|hw29A+PS%%%eduYH0 zQdT47asT)H5T0<71h$G5M}!4`?;s^gELYyZd9IYmj*1zWhe~N%dkWV}!yY93L@#J9Zi>cIl@KQZT5A%UM?ygW z-J>?9grH7t14_}U#>o{97ANR=Zcd6sC(3}2;tNI(^ox(4XaePw?r*FFNBWzi*(5n` z;Plw{>#Xp^*Q#<7+i>wYm8NEhC;{VB+j3A_ho;-V)1;2*Lj~Tt@CYBxj)%4 z?-QSLYN2%Md#SFoFaKo$<>xf;XJ(l!O}Dx$Wx40arf+d=a@n;G)?Z7VCvJ#PiQGU} z?zDsTb!<&)2`tAr3~1B9{7_<6B;_~n5|PP%WIj|eNhAKeeI(4|_sPu1VQGfXPkVo0 zeYKGH{-j9Rd^&n?|JH=L#95hf+~p0_wZq0COe{9X$dGax8Wtkxn8xKq~04 za)k(Y%_;Z3jyY|O<(Lb1f*ge?i7~hFUO(5FW;WXi%H&p=VBZa^%WN@y* zO;g^-AdnT9C}M48t(17dkEt#t@1~2z6q4FFiR9dz1%f019U|#uN~oZzt80N%;!g1c zylp4letgc43=0Y%LBTfs5Ge&FJ5N=_cdd1t?V|Lja4%Q?Gg3(l4Hm+;nt`))yX`U&cD-<^CsnHQEp;d2;khUCGV{`P$V5Xr)z>S<&F?l zMUg00A)gSDBcmm}6?=nr5`PbO#E%l;JO;_DBSwUN{fwjq>pgMY54mN!>;;?QJ4$C^ zXg_JFs>^l08%xXe*wfeZI(_c>dKAF-Yb^jK;PaX2vZQitCxsmPUZ=UDQF46OozivP zUK^#dbpoHP0Py~Q_i5W> z+(mQCR_Zcq6uPtNfkH`rSBd;q_q`T|mT%Naw1q>bct>Eu_ z0dC{y`vG|_G7ZJs$)Y%|EKgLjgJ*SB_25&`J8G%f<9knDK(8$CEY`hu7g3)4OBCxC zXU@z%OeTJ28NS!a5JhgQ-CW^_p8w|*hW^J0!B_A7vXi4J<`52S&f7l0hW62x(}Z)& zX5r92nOm}{K4CFg5%ZnUjF@JN9WXv|{SEIL>afdshX$7M0ldjmYjT62%EEm};DVYJ z74YxDeZ*O(DNCD4MBN&c+3=yRb^36jj|!X%R|ut5)_C;Tf~m!EsSE;7$;v9SQDjL8 z9v_QQ^lv7IQs9WVE5Cl@iNSDPcHRs9yCJx06;35JOjspJ{JxzP1~^RhhXNe-*39Fq zEMNEW+{58WrNH#;LwD>otdgl4KC%ctEgqo=R903fR8`F0q(}Ul=+dnS_}Vn$M2aGX$C7~l*Pw*=6ZN(U zEMOC80g?<@Qu(cdJl*xlmso1Vt3@dzU&y+9&-d5k_Iuk^T}o9nvwi2h1{&N%3S@Vv zEYI&n-XHeO$FGj#7t%bb`mEQmE(MZ~k>g7?%?{-&r|NY9j6vKZQ z6_Bm(IO6Oo(y*~9AjAhbMLDl>F3}(+C zJ$b`V9z9%!O{7B8^n6rwpS^jxjU#D)`|yjVA}N~76sjbc#?ii`ih79fHe9Hp#?k)% z@Jm3xj?F?!3>aB38u%G8pLz!DH}MTVKCAre`=gW z8x%_(z5p_}vDW2P)ird_$@mNkFaV#ft>n|mebp)}MYZ&5iFP&ANNB(dFMb>?lrO(` z4INVcVZ!0K!JpcO24cjU(FPGJV&JVHQi+961RRUvpAP0HIL=n0R;E@QM*^91AQ)qQ z_7J%aC)Q;yY0zAlz+?5!f3da_<5+Bdc7vENN!x|%e6!kJQs06CUc~{UD9phCU3G*- z!e4}wIN7XrE{r@5jhOh1ImOBV!3=l+YYuTcybRQ|)U|XtBW>~pDO<$+b&k6paY`j@ zs1VTB@w{Y^vF_kv62ZtWPdIJX<{-JDeo>X%yVZk+nmh)l(QW^Tn@w`7;STr^^&2s$ zYZO};w;hF_J;vE%DJyF$f1xQ%cYg9c{kVH{fxn$fBcnQaj`Bf@D{S>Tkfv;YY~H76 za;b^oC`GYbE(hMkQXSxsUHCAdbEXX7m9gATu}b53-1EeWXZIdLe*Uw^Njjis6I`N+ zha?CBr0C^mXwpp16NSZ-6#-J~al*Wp&r-`@_Ylnt~x{1TazFU+C4H5B-fe)WV;9e0CJ*r}XM>87GzN z%%!gv(lh#ZH%S#9{x#TXAmOi$1kY(-p_8aZuF}OO?vnu!Hbhzm4C@*vC5+uj<1oJ@ zk3`HG%+I1v?~igO6C=8>?4FsDXQ_x^Q5wcIj6ql!^>-4O{nkx!uE(u0H$jZIwtxy^ zbzk?ssF|)N%f}Hv-N&LU({?CDA-PFL*pUJF+aEs--IWXOCPTkdF7`~(xMo@5u3nZ0-%}c3&Y&V*n4~9I*-9%K*HVJ#`UgW({gt@in@Fk zj%HS>t+jg;*+?eFW@~*yuH2vXmI$BL=`eU(zp9s;BdmhJoTh6eS**(P9GAt1$w*IyGkqkrw0-&(LP@6=UUF(-tJ7jnwf)75G3qpT8o8FdE~YL(^5Is9(|fjL{t-=^vG(wEPMk^LXPX)-h2 zYV`$ZHGTxQrzJw+&Q98d=Lm$yK=~pPOOCGAUe8!C%kI^)$cUtI@kP-kyL@sfmP}v}GLcG%nPj-#ndP6L_ z;CD+w9E|qq0$dXVoGkR5(MWL-^7(zPtaWEF+KS{iL(yAOGgAp za>E@lMO3;R{L>L#hkQ4;asc-P>a+y;9(lY&Jr^kQ{(T8pq6KTFTv^c^B>*}~giwkX zza>CqfmKzNETVY60{EYClVv7(*1D{Qd$x0N2#FM^xxwflJ^VscU@+ehBEsH_GSR|H zg8+DS)Y9%y&nEt@ft@TgmLegRUZG`+25HAFxQIUgJvluS&qmjNUGVzZ3}JqlQ0LqX!=pyf`2IMi@s0$}XAfesJHO&})3q^|(^SvnpT78wRPbe(3hrmhGAsIW*r zZ_kt&=H@BN$r<3RUoZLy#KQa~A~M`I-A2hnAWv?5`T&*1jwRiLcur^}i&?b}01*-~ z#h4>jlVs{q5(-eD?gk@DRuHOqQMCD0J|_eN(I|@C5kV>|L`g2-8Q&+Jp*NF+3t|P?eu(~z36HOQ()qgmUY5g`=X_vMJ_wXEC{4bKat4G1Vilp?EZvD+IwI$bEj!^5*) zVV1=ayQ(6+W+l9{66{1DBX33&ywU6jpTpeP-st$-SXEeg=PmHk7ubl9pS+GB9?rBq zr|?@MfDl9^zZ6OVyoUr7(a2965R_g*3-@V>ABnh&8vyFyj6v*2){6vf@)xCw!B{Pj znr2mI_jgJ5kj<2&w88cddDzd8U^RJDj?__P!q5qwEN%-%_0ZtXo_=4h$+zgAhQijw zfn*4W2OkrBsi!okzv0wX`TZ|Pk}@d}CbkNc-Lb!s_jevI^9Y#c5=px{KDLVD_^I)w13vAdV#bxAe4cX#;01JKt3r7I_fUzl z(u8c}u^~$Fq>@jgk%g4_Yb4SQ;;Cq&YNXDv)|IFSr5XLKvLa5F;ViZFpQv+K8_OH-j_%J0==8X{>Me~$`=2X%!qY%#Hz*8|iiJN@3%c45 zBQsTTAr>-r7$(G#mn2y4;Rd1r>{EAeL|N~F%y2>wBW$7J*XjY{LQZa?w#c82VO-eJ zo3jS_llqs?8FeJg_xiU2BF6k7qn^1WQjF-O5Rf4XiM}9%em&{m=tnLRM~SfZFkG!! zw?zq^-V}1&0lNWx<_>~;<@@19l@n{oQ?+Py0U95&A#Kh`dQt4CLQ;2eQrKF<7PlVU z$W(>OP-Rm{aPr(OL$6K&CcO1#k7apvJN-yp1Cq+a0^f^0N=R>G;^zQ3t0=R;@FZQm z2O}+tSl#-&;8i)>*A0TB50M}0JCshN%P_|L8n3^q#r^Hq#KCfsHSXo4!f7WGWymt# zz_ugDBgZQhOjUt%pc;x;(5fmbDv-Q-2#CUEjMJi>skP@3BFw;$fl{wQtEa7;BvUHK z`7Z=GH=u3TR?^j_JDnLFVLFyTGM|VZQBA1~Tzlz~b%8I;#xAPqd#^zi_m=ey99%Z5 zc|~zsk8?W1%;+#kZ zCglO>6D!vloKKVYKv074bfDq^E+?pYdQymWTtG`QN=bSg@mgAg>+$mN_%N$7k2i~? z&Er2WO(nMnyO!FpR`h z;+|>=EH<4rwDvjc?(9|Pk##Il1+&oe8@6UVx{ zyP>}B(iY@-=&+*R!G3KJ)qJr^QsC5?#&}v;T4hZ{nIQcD&;AlAxTzS5!o<;>LrW)` ziDn`S+W=XyKH)wlRw>(OK4aWyuT z8t?1F>errm&b)W$jiq_qRLeOU&+A9>`qt7T&7X1v-($`=Bg@SJ34i2f`PIn<5vdTV zU8vX~c}+OaqSx6*u*aBW8!i%=QG0wbsANh6>zm;{66>MivE{0rGfL4UfW7c3mePb` znEMl7()AUBt@)j8)Vds1u4d9DO$!U3Zof~C?pru6@7_pMXhk~072GQTG=e6 zt}e0>&xBMLd;90%m^zYa;KKY;=pp05`VEN;wz@URjp{+%skqT%$7iryU4z5^5(Lu0 z+;>4?8e>234KyAMvNcPtM}`JPz7J)g!zNBHv0%bI4#P)PgVJ&fvphG6CNg}=x5Qk- zgBX;X+vuDn%_DOsB^u8XKbE^7Qr9%TA_Br~7TEfSTr^f7e#}5j8Fj0Oq*l->OOgZg zQV1#0UG1wtxEyI_^lZ-&4Ng)Ry!EkO#D32S+FfE(LJ5#WDCv>%ghboo0DFv@+Zn8) zWG7uHsRTqJOk~3Ba43_!o_xuCZ1KWHE1@j;SWIDLrFQPm2gwotcf@xH83D^gjuX?$ z?rX<=kY1bzTsO}p!?bGzKn{*utXAOJ3_%Bx!{0OM;o`Z;w|Q>h2qE#EvIM?aD?FWHgDkwI;bEYZ1$8!?M;|Dh=6 zYUu|Uvn-^Rt4BDi`Vn{11yD`^ec;ig1?!}o42S`X6*OvTHG(0 zi?=Q<*l9`GZ6fqrHVY4qeRbXp+?irHXaV$Kc|jCZ(~%Rk`qX219-~h$-JCtSh#-nI z@@Sc?5#cl2EJTNZaq3PEi4Zpd6b!sL8&DR)OpP=R0#Xibg+d-KQZ7PSqJrM-jv~$| zorZi)K(hFQF^$H(I7gzpu4GZ6(FapwTY@AQ7M8rk(F~9-o1)h5!897#E(UCA& zK}2o{9M*Yr5i1TjPH6=LLMU-j%sZFJ4d`^Z&Z7BhBVWtI?$Y0f5a26m=mrJ6br{QU zzU>{QXn&@3XHdxV9cC6ipt4Lk3YwcE6og16GmB7bn7S~c{26QySdY9JoHGth9Lp~i4u`16^fcnoo~(_JDi8fAuK`Md-0e0;Rhq;1 z!buaYTWr4Hmeh4UUQ5C;%ga69B6vxwKhOE!|I0Kzgx8mJd;);h#vS)WU;q(EGlB*UfuSf3p@^ z>RYxf;tK4pr3A&eLd+61at;9?ONEP6P}0lWq(*Hq5>2zJ$4-FX8Ouny+V^Ne(07p( zNq0@*SNUSfYC78TLZYq$16Hg5ZJo$_iuz}M|2cu`M)GAcgFT_?1v1$AA@9rhM~1xZ zQXJmY?&-b0l=WYE_W8rUl5PGbk`%)YecZpPW*nha_Ey{-(MQfu<6n;|a3Pl^W0DP5LKL`a8=nSL+G8LmzK?uQ=2vRB;x)wQa^PsI^gGJn&=Qk_9xF<-Die`H?0muYa;Np^EQ-Eok$V)cr@e>+ABshDtdC{JlN$T;=JVMc z-$BrCht1Ey)8s;(#FzoWr3cxXUz+zq<&mi3OxUOEdb#@jTJU&+=efi7nR~-F<8W>6 zWOR;lpf{aM1qL<=T=WE5BAJ*FgF72KW&CGcy{%B-GAGB~O2la(6e#W#Op*hm7LlPE z0STcK;;W{`{VfSbERrBR78u1qoTgzNDUD%Czy{a%=h(E7bM(X?H63AaR#zTm8u3B7 z;Y1nsvWmI{a~VVsYKiiaL!=w`zohKPLT^2&&T_7)RsO~--jEiIvsCaVmS z!sOx-qh!y}W80yGV|PyoQS3yX2!)fs^lZEhJrRQh!9xHAf-nw2$$&_ITcjVuxZAV8 zB)~7Nif6SlVQdX6R14N;)M_-J-8Pa3v_N|G5ATC#xO?`LlgWqPoImemHv}$nnZ5Ko zVhpuNGcwQ$LKLV!ey6JTabdtjB%1;B?oys&jx)(i5VaOqCtw|I2;3MGsG)D?{tsc) z$6H>!l^gsoXWpd3m^2@`SPhvmzBxyF6sRP7v#NmG#WbC^(UqhGdaw6qU?+*lw{y)~} zvi%mX_qrdvuW2_SmNNhT(zpU4v1&eM{DFdYw*uw-Tp!nrKmVMG)z(uigeT=)FPJ~< zyKh#9H@iEIbcZ_RhjPPyE3_at@|+8w0AWvm2;uc)z3(F0sN7l=4M&@%2gKdnPVjB1v$`Wd+0EjQ7oWlGoXV3 z2cQDrKg21?B;o-?*@OZ4;mlV@wD;^N!R*kN!VM=D!Rv&>x|y_TmMTazLl89%bVi!e zW>if1ghpI2WZ+Ye{78eWYXB@OvsJ_Dc!;Agq*w3kWN9xz;}4*@g^noL)UnpFmJUwS4U1_di6ifA z_6>GrL}G}`_-%~+-$XhWamn95#uIy!PoAX65l#xE+V4e*$YYYXJhf`t;2B{jffRnH zK(QnWMHf&mNgAWm<1lC2q6Y;4QcJhsIJOc>&Z3chG}+|vD2PQC144NTB>CShzm;!2 zTx2JpkU{_0X}_y}drl3h>)7pliF43>%*krTzt4@Q?7Y4$z2c_TTE_C>oOlg=na>o5 zCZyJxZN&kn1of{w82R71d=H6ivQzqA>*}aR5Q#Q+mV53HSKV-%UWtW(20zrUIgZ94 zCL;0WhHivp$&3+*#F2Me$^dFpCvNC}K#k*ct0^#*fnm%?CJJGM3?XFX@iQ1!mlt_z zKSdG!XEHX+Xy(IIVs!9l@@I&WQOO?8Z$WKOG}<+=!#9u`SoF23WiGScD3vjppG^s4 zW*UkX8aCiCzcO`kqY&-Lt&z12ahkG}-S7pp84ebMo6aWIedWNS)~T0O#pV^*+c-z# zYlw4waAWrkQqz`uA@?<*yJ_|mI zDIC^i^4qaHecd|eb-q8Vg3pq?YgrA4f~8>1G9Hl(*Az~5g(U+@z~}6KYJ(i~JE1i) z@>Tdgujip^of!Yo2$D3*NhqhRV4jtccJ{>^ z+c(5>C72RnHrv|~S)B#YCOYWqa-&ZimoD3FISzA~>n6q!$2NRdYi`Y@*PgR>*f(iZ z7uMFco<*=t#j#DzWQchdT7zeEf}5^uCBHu}0GEb+Qsrs~K^zY z1iv8PrQhZ+0Eo})4#)d4&h{#JtO_8rNT=fSCsX;`FkoM5|B3syv0CwbjHnr&u_qKX zG|yI~Lk^Szwhd!~6yh``8!AeK$qLynl1%JXWA5X6sx^U=gdhXEUW(;NAe2lGg{m$; z2q`EgvK5MKDZ`(!Fj4d@2ATztYT8xIIMYsT859JF(q{TPv1)~>3F>j#-8huh7Rj}) zB4x0%QaGVAN?f94+@#aiK#?dTGa3v-!@r0$DUBw!>buI>OUyF7N=1$Qn4b5-*S_wn zErJ4>YsB(UGKW}xB4F`&;0(j)&_*Imfs>=!Q3nZ9DoidqJ9L8x1(@AQ*Z>*F8%-~N z@&!8eCv2>%p`q@Q6&Ij6DF`)xi+FRw0D{Vcr2`3@OVvb@N%o$ckf9NGa!E-ujH?cl z9Vg+>2R;IK6k2LYC&Bvv5yd(Yz5k)F&H{d}P1;s*Dt@!!Yp8_-*Q)s0=ut>}7 z${aw^Rz3eoqu&`0c9RgEMz%AOYetI+o63c*sw=)B^XG-;Uqnswf8@;ODHPqTN^Z;) z#wB7WCmetSmwN@+;c3**pPU~fK4+m%1)(W5pkN2bbtb>R)8)Gq{0>CsUklt0DbTmW z^ z2yR*aHCAq6;L25jRX|jpP>GiI{dhN=g!J*v{W0_-80?^{Lo(_)o!KjbL3>Q(* zJ#L?7)m?-`O_zf%Xb>`$OhhZ%OwGS;{KP%6=`=q~HaOa1C%J`9&SfYoDre*ap)42% zWimR%szP@TGnt?bX73aV3*Z1}cI--J6T6^ddwQ{?Fny#(ZYiyvN8O}%IJ2FsXh!{0>cGYR^=Z_Gcnl(hIk0*c>Js&@of z$RG(fcFdrBa1dX+F(m9ie{!oC4ao3662E?ZzAQ#DcEIayyQ~+#aUD;}D4G033M_)Q zD;PzD24&jwl(i1fP^2mSIux^DI?iT!`M&UV55O~Bdghv$ymY@_wqdtzEKU#<0#yo9 z0)wVD0t5yG7=S$ZLhxIE07QWm(RYw;;zH;`B?wUBa6!ReKlz9PLsD(tN^QG3S|%r* zy9IKoW}39wv%nAd^#-=u7LGISc^=&b7anwgGA0XA;o}fUju7ify`2IVm+>vpE$+sx zUlL}$JM7P6m3&RTqK0aOVuhZ`bOzPaQL0w-+DPQr$aOnN5ZDb3@JFi9hYwsgtYHj+9tcECexhggF>f z@?-L~^k7bJVH;AZ>koiqu>wYm;wW-U5+o#xu(^24lgn#-jsn~JVcWI>(Bo`Pm_4(g zup0O_JeR-ElJG{5ECdnL-=IThnBJ zwxrL15o75U(T=a4v>(jWz7idOEXwDZ*}uos`JNX*5!_X0M~r~3XA@HYYT8~?99a_t z1-ym{w^R6W?Rb>0R{9NG_TysVy6U8xDrjvu{fn^|zU#2YE?xZw^{6((Kmn6Dm25y| z)W>yLiYsg?&8UE2cO`UU=A;l_feO0=3l^ru-fF*JJldQ`gOWz3OSbtxIB+(N#-_(BN6P7wqdBA!AnFvO-{EFIfh?yH4-{ z4FFH2jJ#{K_D>A2loxnitne)gwvQCp?_&6S zB7kL+3k7)0`Wk)kGmJ%5diUC4@_)_y}Pj`R7N$+!#O_E<%kfk;WfyJ7ghny+J-}&yY18IuJg~Y zEjTqEna<*@&k1l;{sEOExKd7@yptzvSUEq7YHeee+ay0y-@9VJ{?Y$q;;)OXwS`T& zbP1NSj*a+IRSu_Zb(~IP|&5*~@7V)L;&e_c{W0Ou#k&8q7v|(N=2r zb}y{BKLt8flL=r1a@%h`y`I1d=$b!JN;1#J2X*sE;QO7Lw|O%h*}~dInIudyiVKza zWAwPl*)*F3(0lFYp0yJMg;Av8I&-tUvjy2P|ArlEIvo#e4<W66^m-}T0ebKi|# zTCYIrStt|Bh27p;`%xN?J^OzQ(7=7g^$75LZ=MJW|FYTUwp4OfR^CpQ=Cl z0J70X1|6k#y%ln+%F60b0uX@$fj8B_Io@V z;J<}2n7rOXE}}{~5D|F)LNK9yokr;S{@26b?+bJ{7ga=le1yXHamY8-lDX_S4cLkC zyO-LacjVQ5gt|`us4?-TSeirQ~2w`PEcoc3H#`#qhRC z!wZ`*v0VQJ(dZsaJl@QC99am60CY$;j$Ry~(@Z6$t0v188l*ev!~X0`Aw0CW3?B{fsIaZU zj=i$of|pN&ApILRs{Coi&WbVxYJ=)%3==_XA_y-Ljtf4;$ep5S7euAI02Qf8V64WN zJ7vOh{0!;eeBuE>fN$7;=JA;E+mR+|FY7hS94#K~nSU^qLguh*%eDK2}CANBFY(>GHIej zY$%*%&LqUt-h~0~fk*)hg%DeQ$ZdG#Wq*nD)w_1oRqwt!DqM5ee_3E*L(7n!GeQQ* zAO||Xia=vB#)gcJ5wjSDZ$5;OATu|;FwE6riu73JvT-@B?(IQ(uj#9^D9|Iq60EiJI z6w?{bHjsvzPt73 zR}9*2JfI75=4n5Wg~7n+!#rKo!@R7N=OXHpa%4kLDR1Urf2}j4fhZvIrANCf*;0AA z2ZFp;S6g<1NrRN;O5PlfO*3zBq<=GwDMJ)za$sP=phRg_Z&}!Z{_G1SD21T-a1SR< zw;KHiNle3f&RWVkb^xIaZXkg|Tm`9!sF$#YUfn*d*4EdzlILwV{|luC*n3jt>z zIAF5rdTtBtv74@#;X(TcA0M!ez)e{}S<&7O`_A-pfWMr2#D7&SYI}p`+$gNpd0-Y6 zBB^pt%2HG)IOBo!h{e!JUf4PJ4Dxz?E=OufK9jkbHPS}=@BJD<=W17}f4Ms%67pk3 zsqb0r%d}xlW0uw4%V#VZ-uuP<+c-zZUt64ob=b;w8r@&+G^w0oFdQbS);G$K$u3TT zOARZc{CJoJ4isNOA`9fAD^n8Qh+r`t)$Eim_z!TwB_L|Ftl8{N-~b`6KUOd{*kGgw z(D13Nlgw_;DuiJc(7CFOl9g+Ot4EA1Sh`%qP6zBXNlW4yg*J>>v$#e)4X5CnR4=s~ zCYDfz9j1)&tE~IK@R0RA_aa__4Dxi#1@;;(H0&opIN{aCrolQ&7*gwWIu?u8a175u zyf8JwxoRv(2N<1H`crP49_3l48s?+)TS-S+hO4>RZ-t}?aZt>k_tu^!O}gupX;_(yW+lLGwKNWB1hlr< z`vczGVlPwmZ&4~~QbO7wRl%qw^XYl=IdVG`C!t~F4(*1~AB2LS@D|I&S(t;p7tGgE z%Ip#Nlki?aop6`z0?arSn%SdMH_@7uw!`am^UzF~jaW*eg%vZzL>08Ov(02*zAr~v z7(Vw|uYrMh=PT;xR1N-CcJ_HLv%d)VFaA_+N;Ump@i%$CUK>w}SED_6G;%Dj+li>q z6p0BLorEk_iVtDJk@#7d;|m6N>T;jXL=^f8dtxuc)<%XfTomEKT7NiX>rU`J zswwZ&NglhiQq;0<^ zPB5@OJV2SO>abk-%I~75Coevb*QEv0khA$(rkR9jdK7Fg} zot!MWUGpF>OgSzpe67tB1IO0Gm^8iTdr2C5=NC7)CQeCD^oIZUEsOc~cZa~{$3UJj zL_^0Q{J=8Sw%u=c5yv=)oCvwj(HJ9L9UAmT->$0+lSe=c)j@Sj^qL?LZrtsv{Y*rV zixWZCZ<|2z&i+KUfBFY4vEF6pt-B}t-6UN1ZnY#M>6*P~rrT^t8bj9QyZb84v(Zj} zSHD|Yn4dD+HP3AThJ@P1eS+)y5J{0lnf&^`U%HNUu?(p&#s1}z-~#~g^Epge(jrmG zi50`|*c|6|)hb32!s1X`1<4*}@-yphzVke{>1Pu-dQ#bchCrCR+pM?M(_*HpeQ)04imqr6H`IE5F{+LcAw z2gw#?p|cCkae*@$;k=+bR>Cb%c8t>qYgDJF%HauIHz2Y6%nLMVf5*#or1i* zb$CwZolLOGmlRp>7sp#;@IDWDC|{cGgj=nzT^Ho*)EZp2M~EnLf(dsfNPtbfKpC8+ zj`8UHT>EB^(}wy(bmkIf6Ap^N@{Y$1(eb9kd=I^Cnt!&(Y2uf3)vs_GGd0pax>+sv zflkdl{dxb1P9)U!rJQ>`%$#!$-q(jl^E^i@W+bS90-djEZvxJ%bQ11$isV%*n~m1Z zStUAkg*_P~T{@C*q? z3V!6PLhnhz{`foL4{zG&{(WKoJKJSG!93@2`3HlIPIKgYCdIh2yyB80i|{Z)+;UNhbTEz%B%G2TfI0?>IQJNp?AdzQj-x99>cW zcDA|y&0ai{!zKqp?sJK765MUU_Q&1t9i69}EPzA*n6p`4XPrjtfjR^4>q1&?+uQ5H z6;H*W_v+UnL2mO+WKT_pOC0qb%5x4(OHU*G(I=E9g6Rl~yZ{)$ebf7!%RHOBJ3LgM z^E(?^y9E0To4Fz|FtEIGy-nNn(2+VNF$cDT4`)^WN>C2mR0GOQ(JfW+^|RB4@Uh|- z4<^wM&Ig^G1(U^s*uP`yjD(*Yyf9M}U)T3B31Afck&N{s4$+w=I~HuRf1m@Vj;*m7jQ@7 zrs2!=KS(+`HIre>O1WrKNPA*oQmX>Ph=De_}si#?4Ve`436_n+;J(vqr4ez__ z_&!R<@gld;d9!!U_DYE*Q34kJ7HV?{A#V zH-5-}Jt=bemV4X!vxN=yrRh1{oJ=04^%|#{!FPM=9#0WO=)AQ)zVGJ|d?w&5gVDB; zGIOI~1VR>HVvhW`WxA**_kVzqh+^@zFm@#L3pZ>~p-rDg&k1bs5=u-g12Q z-Fx>m&sFoPYM0R!ZnraVn4NWKrBUg4Q@cM^e<#mKMm1UBXC%xp@EVcF% zr1Hd=>bz7V@tN=v`~ng*@VDSb54qYO9M;H1^^W)fT3QfKU&bFi)mu`ZaJ2s{38shW z!*bzD^5&wXQ2`0)bS)7`26+|IFGUC(vfb(&+;92tNTgmKJVyH}yx4o~;+9c^Ux^cD1U;W_fOKB(r(!U8Og>8`+5`(M0epa)&8EiaA@K91 ze*mFQx7+7=jlg@p`S5#hl^6ht1cgXeBG(*ap(QP+gA4~4q!6@$%5D4t`l!i&L zE)wytS|c+azrn8fT|C9m{GI0a++o=Agamw?U3jMnd>p-K7WF)xyhglX0uH<;SlzY# z_tD&ExWCU!P5<~Dg4o-4Revp7`nb+C-3+j|3Xke490w0@?4vj;b;Al{yvf~ z6uI8F=(iVq8#?G{$LVsPKS9tmMUjK@e!Y5fxJ|!1{dQ?ORG*5}fdDvs<$O}C|F{g+ z<36`$xn4-kCiKyV+UeXYiINlews8cF+i7${ul}$;7S+Gf_+Hug7a%aOzoNr-{;%en zo9Uz>RsV4vq2*}@G|u1e;dF)e^^WeoIH#`Xc2^i+cI6mFnk$jrvHKvf=~`z|I~kGJ zvKy_ztLHXQIy~7Pa}HO_VuY`(f&cwp#&dC9w6PA@#qj?~>N@C|;p(t?DN=GCoC?z! z7sSeCA~k;)_x^F_9fv4VZ~ASwjG0O2Ix5#l;chMU{ThZi|H9_wgZQUYlii8S z4W{6;rHt-Z$q{a37}B}ReHYX^e6Cvq{;;HHG!zLr!%Rlwq^*eu0 zpn7H7?=Xdrc5vrMEghD0>m!3Bu!v<*#KKbFZ@DlWe{n`sr7})9j@EosIy}Fb$$2aj5W9;hd9>>;b5Rf9 zel?Zi@RdT54iZN*^SZv*0w|r@_8-bR|2OD~b6Re0$=UU|e~NUEl5l~+*zpWCDm0ZjpN)bL zUQsPI@Gu{Ef-h4nuVkD-Cajz_3{8P~`^Pm>IfRzxPuU4rquU%)?Y2WR9A(1jfJc&I zwJO?WdE&@QB%Jymmd-jZZs&RUhdafJL*a0D*8)Wg6pFi3+^x74cXxMpr?|VjyA^kM z^7%f$yZn*la<6Q5C$l@VJM%`!5iXt_y_6@YlwjdjQa--9c2S6?86Dofwa*JCysMSl zkcffo<1s~q(k)vDaJLUk(a46aas8H7-dv9B>rOu*G1xRrAQ42#2com}{<)HKT90&6 zL?)EW@3-BIzF!~IlTi|TRZ97PTncr-g6^|G)n`mL;`6Shr0SFx+9v6bci&XCYz+^w znho|%-`5xk#fo|}-d6aJ+Mmd>P*?U|`9{U3sWNNz78X@HVSe00Q)bqJ1mBvRUMhjK zPK!3YFqNGL8BVr1>E5eipk_y@kAhPhepg46r=dfi^B@-X_?O-c7YHByY58@p!HmO< z4w97b@f+1Soix}X*oc9@$Tj?)?&AJ@G4cL*8La~S9Yp16PG|4d{tRH$T142N^|ufc zPRmT1;O$+C>n$jSM=q{!S?m0f>^ExCXRy-IwI|pS#7W67WgDrP#@?jNjJ)=Wu1P8E zz2S;Bqb|QwLpPK|!-U1Jfj=I27So-Fj_B-Sd4n%nK)vplY-@B>JVuHpxHBEK3zHVV z4MnwklWQn+N(VeyOC;B033S!$caZ?9pXOxcOZOjdhe_4U=0iI9*R9?zH$akGI{h9w zh)OKhsOrLYs@^aUd$TH^p0Z4IX|O(;61xN~?y*2>4^!H7etAbi)x8+{hU=m(70Ch) z8h;zZzHsg02{rEmad{x&L8&a?wuu&?3FOTFM8*l$d0a&$^#TVju`oKn?WWHXY?AnP z`aDf5A6F*7G_||ALrGeH%w~Y&|1D3_Kc1Ol2VXXQ98c5|nBWuOpPs@xxUn_|m&d=8 z6p1L%VR6*I-S1f^lO6Nr*dd<&q|DX-ve;odEkm_MmZA8l-r|qCP^p!4tSj+4jL_m_ zwx;nXEEHM&IL;8K@Fs}+5lkQqeeab|25wb#P-#>f_}k>?*UHiD(bnP- zeHoUH%`B|gWImi59neNFc)l@@oyAnA4#Cj#qXl-_G|AQPJX7Dp2d?T`^u8+{DVO1N zI40ddegyE6`p}0HZK4{px<$C#p?cKDC|A{z{jW@?D3*qhs zH)C2i(_``j@1w3u>&eo+*C^vu!t-)UJHZ=MULDl5DRBCIc8Ghs)MCrxj}bU;QeDs? z(X3%iXb`nA%e6PuLVsI{2LJM|C}KiP91h1L{l9annbuW$sT}87++S3DY`q)2cU}`* z=()7@qtdo-MX@zVRA=g2w>xhx1qFcazXdcQWMKmu4jG(;+QCV8aR$h$gP6b$Cz{aJ z<2B6`ki;UcauoG|))50uSb+|^VTaLeJLtT9HDTNz`OTIoC*JA|5w;l$sy0Y|V_^iE zv0rOKCoyU-cKuoi%W>0B+qMs8U%)S&Q7?r|Zy_07Jt5Y4z{eP*e%)iU9_`YhSJr1xZ!To`s5PM zQdk^{|Fj78iTuy+duz0pHw;UhPx8MQc!kmRhzuVXbvzb7UZVgvYZ;Mn>5;z4sG(7~ z9SD3hhAsDeBq87NT2`Q24JUNdw}8`>L@f#JlOxi29<5OHdgWS-QYGLBSP7$5gv+#v zh=#da%J6hp&67fRQB+x82Ri7# z7_5=uQ%12ac!q`K4;Q#^x=>~c%x73rpGI{M-I9z&WC~tpkNs5F= z{@H}kUD58P;6;@u!E1=_$&Q=n+XRDL@Yfh504D9nXi z9!3%5`e)CtgK1bE4J!RvMKuYduo$0DoVkPOSv{r~r0pFbBqNb52t-R4YaSvgAD6l@ z2Jy+ja`0nVyo|l#KnBqvKp50@7?_d$he(9w`l8k2qah?KVfj|ggIOV2{k2ehhOJF0 zSYFZ4Auwrl#Gq1Htb3MfW(!qoU+OYn`$P`~TP`*U0Ea8l5Pc{E(1Sa`z5@PCT&7lK_%~=f@#%uJM2IzWDiB6Xg?RiTTgGT%E4YaGKS2 z(YC@KglsejvJz2*7zPt7JR(;@NA(D$NGRP-4M?VA<4~PU$RgGHyIE*3KX|pQ3_o)4snODBAc{x z6zqwtjN^uhsfs<=|EF#Y6ZdhxQekILM%MMx3i5dv8=Ma_j zKQQq^!V;R*%}M_HBb|tENy7IHpNSdtpCdptFMFetm)eDy^pe{eAS>wSTG25Z1wn+f z?D*L)kmKAtQ{F%!3}ab-jsoJS_G=W+4cXty*V4hQaTzcj zd7eEGgDQh>g61l_B@Y>DZDC&mSj?X1hT|wJH*1};Y7BoUqnA-u$Le0Lhf$Dz4#QZ+ ziX3X&jrq0ri7&+jwaUqmI1vp0XF4y?ryq0$6aljYjXrv%T4Zj6yV<2 z-8s;THswjF152zWBpH6jg-`y9d(Sv_bG-M+cMxY7{%Ty;M4Zr=NNy zSi*_5_DhwkEeS~F=hK&~Gaw-B#YCz<_9bMTwDw%(S>3 z)A>3OIF~02!3ke6p*Qgba69?t%J~qgV9IGln};abU#+hsTRt1J@|;xogdKT{V34sK zstnRiOU~5um#=MB{|O+iWGJ1eUZ}6JvXTuR76T_u%Hy&f=rVP33(v87 zwU<(-EmXdd>;}v#jGY*UH}d|XFfwvlN@o-N*wkGz{ZQwyQzxJhKW)A$%5=V7ciAW+ z;apr~DI8j_EUjg$mbNIgkH%fjK;|m7X|WE5PeF_E37;D4i0^|Mtkxl|fLMV1M8bst|pu zT+OXM(Wq?J`@F|BA2HRhZ0?!gL-7#^(s*?{3v_)4Rh2r#XM3vsCTnFbt9Z56Ls zyhMrb^86xA)T~8{3U;wi^zam8ed;KqU4y&(wQowgoS`{pk3q5}rl=jZ+&ndch$dt^ zEjlK>hjHAU`!}UrGPK%dirr$&X`E86F>k!SWr}nIZp$PJDa`W=$q-gtCe;mn(MVd(Q1*|7r;g2dvQ^m%g)6P0H|395c_kRzrM((E&QZ!3@0jkeuP7?*8VQg)q#v$ zbaJx*SA2Ld`nMXi)mC;uuXA$yB4Ju1e8F7PyG z{0&6(*GKb`{CDONOzvUGMf>Ma+fyR3$%@tnP_`!DE7YBq3m(??f)JX3%q>%{X~?@R z9dNjb`4)Gio@*NX{yb;wW?HuWX`;m%H`RL2F;ADR@$fdnE!A;pTj=Aw>Qh;cq?HnP z7(8mS!{45=&P=@3#^2`y90Z&$=S$O@n^|8*%mUkW=>7DO4||_7AI}zMnUR^1SzY>l z31-lF@Y1=do{$dH3Ho^OV4D&(`v!BTmgpz8g1!coX^GO;EOI>zuWz3BrXYpT0{~kU z7Goi*ogm5Qeb~dk3a91>umNV#Q$+>^XpNDhM&toI7!5~uKr6%)65$+KAI;6O(Fk?> zjH_;F$k1-NgSo?rTy4PLJTkGdk?`+hjUilX8_yx1yZfeEn@UW2V{0XlubDh;i<8?#KfcLbQnO&O+J2X`#Tw*>kh?mOUx19we)=hx_q4y`F&gK%g5$>?7$LU1I zo4^11+gm8#t%R6nqm9seFj=PC`_p&BJP^ihOKiYf&SPRamp3YX+jErd-Tn>JY*m+z zpbToZR`cyT(m_-Ua{Vb0w1MrmRFX@($NJhOga_Q-ezqFyB|%u$hRyp=Qytf{H$8t$ zEPoYPv!)`gjjJ^$hbrhtbRV$WKqlQy~Zorn12POmH z$JOJ_7G5@0kwlrmm-f`Bs$6FYvde~vf!+6~1U%oEy4uf%2R}GVN%!ZPq32?3OYHvQr7vX|cJPSoFU z_0=CU!`&oap^f3=iY#k!C;u!#bP)5n#oiPnB z=}2}das@LbSfFqMw!(@Ug+-_8-(4@_z1xclRMTlJiCqOgIaHC zqhrZ`oVHQ^XiL~&Fytw#N{$9<(o>!%szyO^b~|ZP{){}Yzc2AL&sr%O8)OdeaCIy! z#Ry3L9iH^oBqqV&hIRd91ms{#KN58~AoQM7xQXPi6^z3ZFpmdC73ZEUb#{2$GMAS2 zi;({M(lMzWX%&o##)r0g)#y?_%kA<`sMh%C0s;YSWn|R0J(YE(`rjX(JdrK0$DPLx z-UfJRwZ=Xm_zu3rl$Vc({iR6m&!$>5%ZRjEk0GnAs4aUcE)7PPGov+7cDxghl>xks z1%6X)4tRfU75erk%KlgE`{lr>90K<@Li)q@ZYcWL&{N50_unT!X~3zqlY&yp45+Bs zb<0ry0pAQI7_;DfnieXx>x@TFoKEpiPk>8%?(;y@)_*X%E07}1h6o+j@pC!EREcIm zvxo1JwM)x)gYR8MtAc>me*eziYWd!YqMcUh!s_2Y@fpEJ$!92#t7FNzySE9*r0_1) zkV{g@{RA``hoe>NMw+-5v8XdcfjxE7<;Ce{V_uuZY9vZpljTx-0kCJq*V^{-{O39_ z)mN9G;i{W3*X4ZUwj}kd7h~on z_(_Y@0bI-{`@89*lL}4$3_}%5GO)7cRD}c8gP^C=ZcP^l%(Jn}gBI7J$`lhjR|w?m z@lyZc^n6#>*)vi(a|lE>pcPv#l8KtOo7Neb`bQ9<2B}-#!&E0f4xMm}vR%@Y1P$^c z1sr|AYtM(Lk;`@jUW3v{E1#pBDf}HaRu_fh>55BZT@rwy70= z4y%ZWC^4#K%&<1IUO+M248i16t(XbxXC|o`N1xZYzG<0#No44p4|NmUejZG^lS^?g z>rjR!LB!d(VJCFH`+2BQ6WtV|GV^Mcv^&VizDx0|Us44_0C=C*Jo|?31~(oZnbi7& zw)!NGu8J7hKp=e7jz}G<-ysJ!U4%kTq{X0^?Ltds!RP0?w6?~wQeNxtr^yS6t&X(B z5d-DO5o+WZQR1gFB`g&Ty94z=0;3iScU|wsd-Hj5D-T=P%~k9W?K^8K#WLc+6iij& zl0K?ByYW;<%DTnR8pB<2&@VIdm1?(}d=^9Ja_u&|aeQQ-Xe6OX z9DGpe&up*lVb>g3;lPW^Gon{&mcz+TGDKy&(>J+Po3>obIyy^jik`!AEu%nTC(Yg_r zOt}wNogL{AEeO_gX{FVXVA0u}j*VES*H@d2S0fh^3scP$0g?2rmJIK(iiz$k{0_ah zy8>BU-%JEjVbUBx+1*mFTd>+_H$PwTt7IDhJVv1Dv*EbKa;+zTCaB*SOcbFvgJBY) zO{pKgGm&7B*fhcjy`5+p4k1>KqA)_MLLN3)iB*I6X*^F1gq#&)WJ6qm@eR5+@|SP` zbK3n%>1wK3c{>o@Dy$3L$}bt$XX~&`#b5o97v|k_!opHFL7sq)At5%QYg$49P9* zs%vo{=$meEsp1q@)PZJD!YXifxL+X4?$DV(J83!^Ub%j1HaA=nRZuQ0ofhkX#o)ks zy>)+qQwroTnrRc{!e>1OR8rH~5y7mYt~+!?Oj6&c zilJv!#ENK1#6yt!&V>XxT|=!+w2ePEM2s9;hKna+*3ds_bL{lucrt&M_UEXEPgPfq zz4jq52{jgC9F;tRrmV3!Z-UO|Je!%8Lr90+1OU9NUA7bi6uK*ard$yL0fEI;!V3Hp zeF@^9{#K_`m2$Njt5r_WFDt7I4vU4p5KN0EJEJdOjc>_7psvoVq)%%uRbP#N6JVl? za-ZL_F}`1WD|<*+!UrdbZ=lA3{_43#XN&#IF3obbyQ$7{p0(~>AT2q@hMR&=EKy=7 zuCg(!(QPx57fu}2W90I(e2N|*uqj`ww{vJ^6iwgweR?hxN12q2?c`K4uGyFfihX~7 zw_0s1m_2T6Y*eF%1qF)a6cw3{r*c$ORHS^bSiFQYruV#yXo0)n^5gTk0))ZyP8lRw zG}~Hf15haeR3RL(>lW!BLdCXKcVqtRA>BdQH7e||B<;E%LmzKfU8?Zpv9bmRsX+ND zo8f%$vUm?YU3Q6IZZ031JB0!4ajOnJ_RW(AXWBZzK5b&`U{91}uWwvQ6}5lyk@$l< zvY!_NFDh>QWA9FufQ#xsR7^u|d;!eyHE9W=I?Zklj7k|X6nGAaFsbBlg*s#ZU@DXOi~7Is3kV3@ z-QCqP?BD^GL53V)T(NU;soJM>$W*lZLFbh?~7dDFvd5T0d+)jtFoGI|T_1Vl6j21v2DTslnnv%kpMy zSl3X$9m?fD6if9WJQDLr=!OTR<4Rc}yNemHa9~JD3+Ddn(WEp0ks{q$RQ!IslLaye z&6+7kfWV-Rw~ID9UGMcNr!oW(hY_m;p;NuLrV)J+O!bvfo%*%|z`BvQw6r`sIVr`G zY;8T5U`D8t}%Kl zZE}BpE=w?MqeU1Uj(d0$TY3Az+WyD>Mz-tsKVKmS+SL?X+`mO~FSp;4Jj_&m#b_l1 zQcW#XuXr$OP9?`Eri)F9DvH15b-%GLR;stz-5fZ!%0-BYX=Ttz1G5O?dG~x$Vxs=t zzm3`Pr$bY{-2}59lF4cXZ6uc;%{2LbG=xlgQ5kDZKM{n2~Fy7-axJ zFI|+Cmnthk608OH@0ybv4AP>-uyj)#{Bmn8Jl}CsiNx!^{8$@hI@W0ZrJqD0A6NuX znr|!)Un7GG78x{nUAA*uP(T@BRj206C=hC`j>{Bb*yDdD`jM=vU_rNx+AH((4Zr?( z@=~kaR-MU5qB)t)g;B?Kb>=upKFN9CPHnhodU|ypCZmZVjmf#q)#-Arh3E!n;?kq_ z{Q8Ng+myKeaO3Z2iAT<fvD;BP*{6)Uv`9dymyf4$2|ew_4HCJe z|BVHrWdwl(5VP4#{=<^kb9T7A_j7mwQ)fOkVq(1%JT*qdM3(o7WNTxwN@MG2@AgV; zqN{ZoegqbWK(vY7_1|szmQ}@qdqpiG|dOb}l;wT)%KnxZP z5YQuCxwc=^ohNtwnojRW!eQ(*ntqL(FqY9jo(YsOuJE!OqzDUOTxzj28%%#HoXxR% z7a{$d^gnSxUH*bzDKJ9kGM2L1P>!>bu034lCI|H!kPhAhUA>CM=>-s|qbx~e6-GbJ z5%&D)*axVCZDJstiGLxB=TurOv*(CZHSm|NVsmx`}y!Y0R7D=NkvupNWqXM_ zGi?NfvL0OQOV7b=_#8fOQ%Q_F6p95&ab1B+x9klaV0#OjQTyq`*V=tReC8|8Yz|`kEGSw(P=_8MqS7)f=ZOLZoHU-mV-E@+^=woMoaykqiq@&LUoD(8Extc(Q$?n_|FDpmO|0O{^n9PM z;B)r6P3|p{#eZ6f{O^N`qt@8aAn^LHm!jIJ>U;jDp~v$oo8Lz{aG>mR3nY*n&;A^f zmWR~78aOZD1O~5dU)k!+1TCuH;0+4O$>|uwdHmM1sO#wD=QlM=u)DZhq-}Bf#t~nfDILt?B4xa z5Qfd5W$8|ie=w2N_OCEd1_IdGTsWSeg1|q}VgBH)No#yUVzP`3O>}lVQy6b%%-}uW+r4l*x-8pNZ+p&Y zm{y~hI$*)1mqDSdXODeh z5k}^(14~U^Z|A2rkNsbOHG~!)n@q{Mxw)m%dlBCJ9B%R)riPf>_pq;V9>7S5ag(hbd zFca{w3&x9*P|xMXsf%r?%Nv7N^rnnoS2V5D*TC^yHNWD9`Vf7M?VCF~de;^ZKf) zN#9qv0ey;Zw(GrDJee=gf6&{;>LkO%QCb67CQHoj_h&1Z%l#6n@YT~fis6?BS818|w(>YsMxmgW?4q&8z z>?|L(W)cyu*@)vYB(N;3t!e4c>jSQX;BcUYS-bC7aF4qY9gq+^HLCT>8@(qLaz5 zvsFTxH5CH<1XI3enBW5bMyy)DH*~@~3YDYd)2I?=Yo!VS1FP`%`e>nsn#C{OIv-1z zU)6}m$R2|OZp!Y@oU0hXQPT|LZ%{x8AXJ-ub7v<6bA1X?MFSt;#Ze$|hg=bv^{zl{ z!jC+wO#8x)TdN=|yXt&q^u0ue>QBwC@7WZe#lpk=U6oo#qjQ>tA+!WP_T8jr(Bq#! zS!L_#0&Kt}j(e4Hn@cl|qR$ljcXO6lfgr$Wsc|iDaGHzESoaqd&C^JY53MUgo@lx} zT5#O;d3%Tm{2{y`4vfug!9rF8IbTw>ErvR%_Jg{QJA%k|po7!&wyi9U)hRgAj3!Ts zV(bjXA8zk#mgW+M^G{D_3by;U+HHW4;jD@>nWo4Qkk5pLd&+ z5-6r)k9(sD-y#5aD*kVKNdH#*;2U7n)`voF^!6jQwUg64@4xMSBUo$$^Rr>&r%@F0 zLhYV!VgFWUOaJd*(rEn<7|@U;K|^R*<^7WX{~zXgc!k(hL`82br{EyX=^a}oQ|2>8)(-2#fngbA} z^dq{gxa@n#ypIu6j^rUwwSV|G}8c-Zhf9NDiLdpR29EBs!i zFJ(0+Zq+W4kMEmuS|$xI+Jha!8cfrGJG}8VX1}W4b;FeD?D$-JvE`uuFv)&`%W4fC zbOlUWNPO7$3}y#W{I7;HtEGne(7`+wVUk}J{|2*?4TP^m;G@Hrq+1pyfBAj?Mc(Uq z45mh`)@lssz>6aB*i;naEuDQ>0Phl+1mWE+rZ?Rltbe1|nP$bGwZ_i5SZ^;1&O5rO z7S&+c2Ek1YjOu^!x-LOguS-oDZ+uu1$m%?LP5-;K;AiXF;5vo()j#Bt7k;TpBGiwn8Mc?S36r){z7g^!&>x=B8( z{RHc3o~_U%L>n8rcF#q(2d2j!ApxW&0ruTePm1E|Bpff+Ni9~xeHv^?H}StCq-_=d zlb{mWok~j_4K_&9Xg@3k;qKH2qbSs%=7WqT@hEF|!~M{~kNZW5FFJ$~;sO!kDpkMV z=4L0<7F&Xp<@M^WrdRd56Li%<4?_4xC}VuP>}s7R9j3=2LT<;0Y!{smS=&GY@zSiS z)&m@ZGQOni|GOz~uq%18W;(hkctX9R)^ie7?CA1T`)=U$!{d3lNu_Eh9SI9Pk?fE^ zQYK?W!d-r#4i6Pq;0D{$|?L~>B)9c7jo}C*8Otx<8^n{b97b6ZROqj@ig`y zk^IxhqN&&0=zMGG$VKCSufs;KKPH-88d*OQxv*F|n#EhieUL(r+G65(P$iU)K5n{0 zFEc(qum%o4owETD5cT6l@-_MHLxr6I+@X%rn_I(0Y z)EMmS?1=C@?|D>S2kn!Y4i`_d;m7T}t$s zW<3pJdVAmIz+J4HUSsKKHzf~x+09#&Rj#P2(GKd|;k)YPz0q;$)V&`1UX2D;c28gfgKmK0{DlcSMliJH_KBL?1fc{!kRtWGpqB;mVQX5+KTa3C~EYWy` zG31HMuexjkh(S?uK)j4(jolSfKO_{3?~i}GZh2tgvFdapKZhr##6A}XkBR{v9a z^0F9M^FXF$ZAc8dp-83Em}VDog`$w3CR(q$L`?La7ge7aF3vYfip_uiWMg*T2-G!- z5rYo}^d+#JEr0FfAx$RSFFoWU*~;aw;S|5lRQ(=rfL8msEkWe6$1=zUyJL5h9?E+x zj`HolPGYx1FPg;gm$En+{33P=1V(jnPPD76Nd(9qc~Vpo1e1Z-z^wegl2O5lLK{Jf zX+=~FJrDL_m8+AJA<$;-Wc**R)gar0h91+L0z-&qiNo+@-eeAaj-kp`^M5~cg)@)7 zg0?#qwL|M@UN#2RHQnFGXnuh}0C^TwEM4+n#$0tiP#gg&OpA@AZD|2$w&aVEmD(Qx zc5=|a5clng!f|o&Z3Z)y45o<&vIt`bT}eau?^SGcH4JS}3l_m5%6cs<< z2LAmRGbs1|7?Q=a`*ZVc_>RmV2`j8$;1fBdNN9ga00e+MwCBnXxYa!Y*P6Qf0+or`0m z=`lz1-Bn)V<*~7m6MS-c`5?Iw6a))$-Jjp*dVO|b7?0Q;h};h9euA$z9y`2oN0MZh z9X-71HvmHAaf4zeaqLBTw$Ew*i<-|g$LsiCy^31WehMR#p3{n}6G4$HMgL7{zT}@K z3@MyiXgA?R3D$3WT3EGM*Y z2=~QttG*--i1oISPiEF%ZL|uiBnWLhRZSi@dEk$RcS$TX3l!1+_1{Nww*Ks|FehL3 zaghE|U~b~%KD;?fxCJmS@|%kjhJopVYuU;-Nkx|V7sDss!vp81C0Inz9^8lKLq=8k z8L5%zr#`(j9X5dC#xqQ5y^SQ|18rrvEI3*(eeWBLuqO3mSatc|SYmEk5CVh|(g$1t zT-;!wFV>^IlkL6%Mi*A3$98DZ($&?iQCq43l03LXS>v`=e&!J1=3-~uXI~|^*_wj6ceU)2|>YO*{%C4GfqT4wNU;~ex249?|bqYupl6MXUq`rrIQi2 zU2nbJ*L)Cil@f!1(NKlUrkjk8)y0{o#2%te*W3L=PedlK)5_aJo7(&?{7sjwnib*# zV4d)JH8ne9mJ%uCeeEar_4NTkXU|E({1FH+9aSo@BAG^cud}EknrA)H+ZArgqo4X$e$h z<->@6v6i zYSXiCe^G$^D2BPP6GF3AU5V5}N)Xv)Wpo+R0H;^E6p~<}>g9NcLfkWn5$grk7e;^*u<8f}j-iXm7j0%d?W>z^IjuT3}2w%@ia5#EB z%Ojw>;Z7uaSkU6Z(Q9U18r!trtAsR(>d2|^lOW67r_8*c)T;h=+0%VoWSx{n-SFPR zO7OzqJ6qLp-PWxN5@^=0+9>`g1RhTf#-XKZOddn!We3Y-v|>gG zQdAT?^)&n{MUN`0Sln6>1`wtq&a?X0C&KfcAnGp}W1k>N*mNcBD-H=qJ+r57;1IEu zi&YVj&4=DtdNOU4PuWC3-$bk(92Cn#NJ#}CK|f1larXSBXfu3(^|!$jZ^A*9R1wsp zn^SH>e%USg$;i-|Q={~5PY{%l=xXkw!C1|n0N-US# za<8|HjZ9#&tMlZf%qtsLp)M;3p+<>K+6YSl%XlChFHa(>^C&mWy7S3IDA6|NS;oi~ zRhSlCHm#A#Zg*Z)C$c#7*B&u#H7;ydE9t2Nt2daX?)(_{1j0aBop|1yJqMvVGigfW z2!rsKj9U_kv+PdvjfA+)_@cuB#ci9mu=K#($t^dkGK4q+40!LIZ4^;qPc-x{gdQmX z6J#5I5OO$SOKXfrA`*Q-;5u)liX}Ozs)Gr2I8gb7s9n%$Anx{kMw;Gq9 zcwtjz{9P|ohhZtqXZqeoL>_q&opmqiE?8@!Ow$FhWbPn5gr0SXP;6h~aQMV` z7@TysgOu4qSqn?c@8lR)uCM=j!KNj?oP$D$OsIas7au#CpDnR4bv^Qzi5WI%p>!iU z{k1$4M2{-)R94oYRc>vkg%LTu1(LEesY}xZhS=xjkAkM(QlGLd@)5j)OQ8>{Uof3N zYFh7Ln2HNL*@Uh6G@;5-hWGcNl4E}hPl?1@ef?zbk7-Nsa6@(ZwJa<~i3kcoIk`A| z!|%$zuBPL24V{lfv!T zl80q9K<{|s%I1A!JohA$BuwsoEb8Md>k|?-VT0u#kR<)mT?+ImaBlXoV9HB}A+AGJ}z+FTMn!Y)w zNfUL^6A_RPh7(4yrjEv>akM$M0V0$djgQB5jMzh0hi%?g-Z<2`#$g58ZAy&!bNr># zzbDA$GgEoMK4Jl)kS&erAz$^H)WJa90TCt~2u$&db4ia($A%{%B(Qynvh%T@1?gWR z82kxgMzNu8mMnYv-V^S7+YdN8Fg3isjmcCQ@kn6-?~K&F1lcEt@s|EF*#*n^u}RXZ zqO`daWCVCAw%lk-3X=f-2WBX71m|7omyK?sx)O4wZX#UUbyK5zRISNWWj~Kdo*ogu zk9=Eo1W|WERdxl6Wz{SGBIc`e7FiF@8c)I(#vDEbqJp9J&Fg>kcJ!YK(gf7}I>Y-& z=5Cu?0=h{JL&CvNM1k50i~>pG!fK*1CpO^2bP%^4mH5uQG#0zxt%VUieMD{h!H$=_ zR%yn5I(haFVOk_yVu-Ob2!iFsQm_FEP!V*6aE8+a}gD z`sx`jXX4{4nG#eq?Pn+J54z+X1J=DG#s9sF z#7R$?TJRpq3yw}ozuI+4@5ici?^@D2Z8m>|#LW{BOb23?u+UH_(2h-vZxX11mR#o>`5xQ2;2hklUOpvThJ z%1e!eApQy4p0kQ(8itF3A;4=_YE<0+?f6SYdFknoF$4lmmK5V4A(Ix**E6@O(gqN> zlKSA^(mKf?QkBwKsh$h(Vq=wwT7>qjTKfpjrgC=QigCQekYP8E=bV}>AKZLAHZBxV z1ey2%MNZBOF4d$N5`|Hquo%sqocvlB%Bjo6{~iw)Styj zrQ)(g`Lm{vV(^$iz)L9#A<-C}gQQw|G!a`O^bs*>rK_EdReq*+;=Nql-`*~lZ+wB&n4aSeik=pyc>UQb73=L zsO?+@DGN3@_fx45Ffw6K#k9cqCX9haF<%czTkOdYM(HvGAZo=W?Yi7E&}v5LH-Gp> z!h^=nCmOpk{i^fZNgVjP%WBg_U<|04sZ|Pyc^5=zx(~yEXr4rFYqe*lGDN1H+Vb94 z@^BQ>P8Ep1IqIh6ydIzCOe=y@izkgR1R9o6Afe8k|imNkt@!*h*O$${HVBQQ&o?NX95=ia326Ozc_^)ix`w3L$(#iwXQdyU@UYv5)2l_d1g*0;)ZtL?0+xg5o< zT(imgVy#71R`%KfFvLt=oWRo=RZUHo>n@wbLSF3xRO8$smND>RB(|zHZfO0L5lz}g zSX-cf!Hoh{Skdu#!lb|JkdbphCJ?aC(x#=DQ~HdBirIQXFxFwoKUj|Q)~LyB5~80m z$keXbajPZ*`%B3*>0u(tAeMZjx2pK_{o);oo8?6YtG;nw68`4tOn;yngI?W#{wW3v zKNL-{cA$b*l)BDp)ZvnI!yNn&sAbLQSlfcg*U%%!Fg9>4V=EQmBy$<+sTG)Ea^8w* zzo|ZSNv|YQxWgq2O!$|mQx*&W1~W`3T8zFe5JrxIvX9dH-Q7}Oi>^WStBhvu>- ze9J8r%!ksz=Ykm0cW~JfV^$h5GN`;Jv;UL95T$NrP|2Ky@q~A`p9ej|8=sE5e@xaZ zPlKWSIe{ir11h{094V8hHs`3#1*8iUXG}T_>ZP)&{GJX%ZmUTsh#*M`77-7YskiL- zc7%j^o2;mxHU})X5OkX8(?Qh=DY|g6OI|VxCRf)T6mh$wLPsRB;ePMhQ|) zQ7H>hBi|T+GS(KJFLf)2OiHSk2Q;G{w-Q>lpW~`xRKM~nIsmfKP8G{pGcfi)-{6gn z9z0!@H}o{L(S2CDveM+V8b3r#cMwC8p+EHXfw1A=iwWVY)k6IhPofv{N{acy2azy< zfk-}fZzrpQ;mb5W{`tNf&#=bTajbd4*HZVVA)5h%ks_=NH9hXg-x7Py1kLwKHFlL<`bAl^k+^wT1aDa|wN1 zeH}sMb}Ieulju`$C8j~LE7_+qM1v(Ocv&P=Hy!ciC7%R!s-UjAh{3xi3u2lql4_a{ zWGE2nEA}w8NFiJqK4wV!)Mqp{LpfG`id)Xl>L%AOfok`SPljglm#emaZ>r9?9J**` zsle1=Mk}|KADl#JMx9o}7gs-ZNgBh=*K8K%^hQPz>$!!%>`m+!To&g4OcKtfFRSji z)kE$8{v~^Bn@cCqg+zIu8PX+nsEdZ7a~XW!^bG`?{9C>@&z2}x6U+_uFYEIKIciS_ zBl`o1)jU71O6=~o!Ge(OWQ(PP#qnUt%by*UpDLUc3*eywRhLF}8IFmMH!8;3(2*sj zgZr^Hq;#xYH4~Fn4u}orSuXYM3wb;(a7jsja-*xFW6g^?4F4UjYEXclGPtr|y%ybv=?!PN zx87f^fgg;T{)6qu>`X}C*O!Yro0rFhpy%lbln^!cTyc?6X`1#m_W1A+4<-p31o^Lg zdD`WfNbXm~J*N6eA<$GzGylrE%^orPmSscm_2Mf6L#+*4_(9+)M*&r8%hU7ah1I6( z^}DJHZLZ|epX4IwFt~`p-+G7rqU9q?#|n||{)RMxJV^#!as<8x=M5P92e}1{CJG5K zKt&@gc{kLQF=K!QSu01cogg#ms#b0kD1|btE=zKTE_^U-h!A)-Wc*I*tkd_?g%{No z(w5ddMkEd<($}W5M(Q!o^3!FhY4~Df-0Qy*XcH3z zg$QoH2s7q%Ud#*veY$0kYOf~?jH&@+fk#m!hu1uJD*68b`9KE06R$d!7Rr|z?33lg zw7iMe>JUfVuSJ~fMj@(fizkSE!PZya^iI^abA)kE{N}FGzve8eR<+5=g@LlkH534I0DVJktdV00g zbXDU^N#=zr09C1MieQ=j&~O{;f$cS|Vadp#i03U(C5cC5w-)Ez+r$YmyiJlR{aK;V zphhk|=Tr@7*}C-(jf98a)YTS{$p2;{FWJ93sP9k-rN7Aov}A;mvPLI!e6Jt~b-9t4*A+J7IVy0(VWQaP&r(R9dF{CYko+~ zj1>TOB^tUvoylSh3SL_Y%R;0P0TQehFQB^nP!WoNCk45h^JF!Cls)a$lCrpD*Ot`M zhY&Fm37aS;-iWuIa};_jan$q}u`kU3cuy`jq!rQEpTIeU!&BssYly!Tj|NOWQRYAb zw+g93vp_Vq1TIA{za|DIfpE zy$|Izjbf@lB_T}UGQcuo#iLAMB?_**pAbPGDbbp@3KtMk$P}tFB!pE1Om!}9483t7 zo(vuakVc*Y#_+sbWYTS^z83|N2&xKN5|Lp*A^+*)kINfI zPSZ^76RkWjs@R`Pp}y=eNr^$^>OPrYQWBu|27ug&)uP__oCbOI?Mh!ZmoKFPiwBX} zc?G7gDJa+xR@p`#hBTi>=GU`J)5c(k%*AkJ93`mm@5R-Dib}bCa>XJ1=Ssd!6;4TtC9)2Ip_e!yT z=AL9Q*^5OIungmV1{9!SnF~Y{i+KQ`QsCodL0F=-G&D{fJ@)PGT@;UdR>4s49vPPu zLY1VDyPHm*S6$at<;)zJRW@;5{Tg%uEmbX={CU7wPSq0Bp{dhL;NnhVKp zaiN27u4?+Rhs?fUdik$;#5z#SPoCuot`3~fAhaWKG-M?<&stSs-i%r6-0szA53O`4R zC@{<|v)jEiBV?I{0&TUHT$S|E1OfJPEk-h;h6%{&zv!9!VLoNA#wVrdsbVJjLI3g-)gsBQ5D?KZ?!3EVZG6ZCb zG!ZduwmBlwuE(?7TtQNUDsow%cXr#6^zySB0X;o1xS+`oJPD$J^8$(L*!E{31xSsu zZWAx}ZIJegeuy=-0%t33M}|DUGVU=I19r+H>iE&E>w0_1&Go`d)-fENP^U!{0C-C? z{*lx7fFK^Jx|3Zjv)F|TpxwK391baG0GoJu7h(-OcE5}oEekDqg< zY3*aju)vu|00u`QiYRJ6kGf&M)o4M4S}YpzxNs(52samTe%=v>AGQB}V##aozWc*F z?}?}DqKP;vsxR$|8@eHa0UteJ=9wR!d*?r%`P-|@)mRK|0xMZSN!ErHagib*=uio} zTu|Y!K^SwFwXqAA>;jI^SJuiV02F7#tsRxk2x7tKAZPAUAQNY)R}aIAUIM{Y>N{W& zC!ilcLR?!Ond_{tD(XJ%<2UTs&LQeb9|)Vb1_8jdi1O=S{~7=;zW8DRBqOJ|ho$F^ zkVYSNPpXW;RDIkkS*yeAb%HFa63p&Y3Q%j&^7kN|s6i8?Bz2nGeF2eE}3T93;Iw^J*An!kZ+-HwI;(LEyJebb|Kq?mh?iurc|Mau3Z`$NK zjN7Y`tV^n(6p38Iy5jyTa_V511rxL%r5d>xUWPG3Ko#mSLL89;htu*`2LLV(w-Bl! zza>;j9F9<$%23v?TpJ^)Jjs!D)qShcTV5V$TG}&!b7mMVO$`w>g5<~})0NBtfFk)E z62u0x_D*u?lpaf{g>js>&3FbK>0K zh9L?-6jc>|SVPx{a{yE#s-mih3^9m3(EVaKy;;a#neQr^u&X4XT#Y)}g(>KwRPm~F zHe<09W+325R*I$L+M*y=nD3ESr1nuIge+DPhr52r{`s><9{~X0{q+3r{dqAEeD{p` z0Pxvkj`-%E?sogQT-U28N^@iVmcap1m~-u6K;k3uEbS5*sTRLHgzOU4>Ix@4?HHtH#dw&jQGWmuE04S!CTv1bfePVer7RzTcawVW8cK8Vg%&bc$ ze){|0vxu5*YKo`QkG`_(%oC13^{6BN^4#TnB(53%#!$a5pv zzcEW|Lr6{?1;Tp8YFIL|_~E<(j-SiU2<2o{sEH6K%~0dfSVRG!z?a8}MhEK~Z6GP6 z)Amn=x;h(3vMr-5j$aQgDRR#H2M4)f#M9|yLqj5+QKMM^m^fxkVQ3HlJ~Va8G3S47 z!6!a;$ysN7bk3|3F8;5_fBnn<`ORxoN>Z& zmz;G*=jJVcS^7KxWa9Co&;Q)FzVNw^A9X};SJyW#Jin*E|MahYOVa`D9%KV5OWWW>Z!wf$Y( zRlRa&y6W~*?P>C0mhP}K3~#YqQDeFhuaEJkgV*9KBRGNOn;Fzwy0k!(Kg59>YD_J; z5_*#FDm_oKa?6M^sT2Y-rl?AUDT<=1h`6q+OEloReer{ZT<*@lKDuu6mT@gD#as>m zn4&~tanaIFD-=F{$cF&nM>pN9YsGv1{=~Y?TgEmw4fXW_z{5{HUCifxeDiMs;8RC_ z_}$KR6GpfG_`fgF@_DXnKmeS;>fb^E3@i3kbGOgSN-J;|lT*OpL|pWg@qf%J7IA1! zK!il1(!unRk;FpcZa(79uXJ*?c)#uA9?wePaJ&E*Uvxq7x&$->so}26X(pXOD6C6``>MO z7m3FbnYzaMjA&#H0FhWMURM`QCINtRL(Dcq*J7zuJe@|y5J4~I#et%UWW26Ue82P2 zNAG*;=|x}p@<0D@+uxTy|C`4im)!_~)e$8E;N+(ds*;V^TM6$l&A6Odm`(uTt)g-9 z#TR>Q5qZg5I){pxnmqCdv0QdawU!Mhl(qlTra)lOZlvXf-@WE>WXai&Ro@3HV=j2z zq#>Ov!!5INE7Zma4d%b=7_O1I2PmAH8tc=s1j>r11xDgiw|!eApSO>Z>g!GH+!@IZ zCU)+y{aOGJ9~!FP))kZ;_5d~`pAd1d?DB0KiJcA_R&W!d+RL#P-9U5IQ+ml z$k-Vt9G^+0e*XJE2sac{RHiES3Ela~qX4k*i=PL8(~dd1y>0Z*Z~voEdzq@l(#b@o zPP`3FVQMUT#jk$-%BoeP8XAg2Ij$E8xLZt1YPOWR;0+8o9845su(^!35<`YnM}PHf z$zR*eLSVU*7oDU;avb|L*DYWs-WL00GySPBk^v zGvR&-k*ZJUw43|#HxCqU9w^Am#gdx`i%%EyVF}oZFuU{vtxlkii1RAU5(@u#YEH%Q zOiO2CFc$o&=B}EAe&Hrv8EY@d;sF|QHLEt<9TEcpoGR%J&J8LQqltK1V;unx^NJQz z$;eP4UzdvaXBlw-NMy5+b&|L^vSKn38yeIS2`6TTD3Ycaf*OhZ=I@Vl!}$A+zYsq@ z_V1-Xz3unWcsvq|0YGy@!#{riI{Gtn zG56_@=+>o5=L?lrVC_;+Pk9OjL~V9a9ra%?@jzMw6( z^$kGq)nESVfBx%BH!gnAz0ZK7HmB>Ni3Dul32|*Mcute;nOgG=K;@^>r zk$8D*Y}4EV4^P5j7-H}$Z*OQ!MUXI7d~wX-PpDZWyLYHTPb<9C4&6+AhLLH=#8fqO z1``c5HA531Lp_m5Z{6l8CE& z2pNkdlgWm9#uNbf%aSF(zwiEdDiuqm+3V9>nP`{mG;t=bXAqVBsM}MiNp4^?0FZB zhpxh>2D#dTg|Zq~db_HI>XIn{97h;fYs2qv2munT_!ZHNOd{FXSm%9Ka$x}?TFl_L*12v2_jveb!x4l_g)=y0hb(uu6r>H{|%f<}e(#&|t zTbePlZ&cNQQL+%Pil2rjc8BK^11B^hvbo5eIYt01j1@RMYb&4|P&HC$Z`qW!5p0oo zn87i`Z%nG$bO;R2irSd5Fc)AQi(F6ZtP8yy;AoC84rm^L1dt3yMXuC1!3vqI5` z#lk0vX{SVE2~~~8Q*}ffktvY~Q`6m+rJ;_VWFfL^y`7KaBmotHXbSxZndBBkBQ(jUR%|0Sxh6|vnBMkI@I z?;9<*>$Qq(tP8QeGn+`)lZ;?js!QHF^7UJ>j?k1&k8Nw|-@M6)D1Znd^#o%5r;FOt zMJ>QI@>NS<1#G_Ls+;j>;;f8QCsY8kK>sJYT5d}Cs;Gb*fLjM*01SwQvfg5Ov%0Ls zMnni`v-LSAOyOy`VN;1yFvf&Z)+xi$dTS=hUU6+fiCC5pn4G{MHLp#cG@&jLFZ1Lq z)zXNl#aI*oc`ORVwRqf6R6|ubBG^hahUyWhC`?h*XjC=oVn>2?Q5kyq^vn5|aCUhlsh!f}RM)%2H+K&2>1{(pMDk-e9S#wLSb&0{ z0Bu79eLkW}i$KGupnOf?(RGDV<6al%Fa@>&4o53*fnh-Dh-?2cPcXT>86KK|pz??c zI@OMD%uMc>@K)CrN+qC5nsKmlkURo0lzb2|_+FImzchlw%Nh_^q`|B8#SOn>uRBB$ zo&a1!hX2?h)5!bOv~W`tIAN|BE6~x09ZX92nJ95yzM^j{?<~}yjJM%d{sIbib`51 zKFNV3F*a6m}l5)Rqzyn2)M!Wy3#*% z>c@|ZM3thhhrad{CLJ8ddVpB9#BXKqAPFpyom1c=vX$G52l|)7WMa@;M-FEd`USMp zGYZg8plh3GP?1|$B22~7JoD9v{SxmjmA*N{F zenLnp8LCxTJk>TFD}UxxGF!Sfs+KC~nMG>wQ77BeC`&MqPN(YHqezhzd1@i+|e zj#NrNuqu;H+8hzaFwqW2?v=w5RmUTvVHS10y?x9Dr+xAd5B*KkbR!uBg_(i(k|M?? zleaSk%WzojX6IF4a$T8f65wt_L~x55Wi2Xy6^OrKR9OKX$j%$|J{cj`TP@OtS&B+c zxW6YX60mzFnru)AoSTJ-hJl8GMFTj^>S&*T{Lux2cJvPb8}{2G*&dc_#a%FsRHD|3 zhxt0lEg&lG`GbC|+1+v~RLLQU8inkGqS>SiUCj!SWVwKHXM5o^bk=a*Ybq-WOUgBp zn*tzWh=4+oCq{?@q{$9?mr)C`GB+W*w3rb5CZKZW2$gWXbq@@T8r8V)i|0PDk6-vpLWjhag z+hvCJYvKAX7|hk!h@~f^^-k8P8$EZg+Tq`W3a&^eaUlc^V%Z#OIsil?k*OUMW=@^7 z&zP~}Mm4>$VN*fVc6|oe$_OEO9Tu!q|8pwgF?F~6@C!7jEfj`kyLxg2ygPIX%Y)o3 z{WQgtw& zA`zZW0&(JoeH#sKSbK9m1Oy+*0(f25Ip?~r6Nzq32IpLS@eg}V8Bq{Xwf#v1M4U(= zAo|d_u|NLYc>{%f-%zfo8$-pyKrX+de_-3%wT_A{(yxe0DF6y{^epZM5e!r~8GuuP z0p)yH}>uC0{{Tg`<-?W(#+6StrbL-q~psNWR-*=>hWdLn@?0uNSL|t5T2|oR5I{QRV#{8XU@M`n}IQw|r+Wm#9~{VOUC^10+}j z5+cLkVi*S3bzRqWKahxjiI@!}oO9KQOK>1&N{Ykxn||kW|1PIJRWb$1C2Gr3M5D2L zUPv=^K_ljZ&;#WT*@`6RR_h2Z*Q$;|C9*acNG+omT!_aj@(==Vz zG)>cWy;v*~w+3+{G7Li%^MwOv#7tEhaKNa*At1YnLus+O8+Ghf=d3zSa2SHpLO)jfr31wqx6 z9$1~gtvb&Xhq<3Jx1Bt$s!9hd>rD)3RB7c$41XG9CGVpv=vQ5H#u!7bSg0bcIrO;< zM-$muEC4q+ca&7ESQJU9B$>bH*zq5%EaO6999K~}3IUDs7-LOO0QZg5_mFb&sOP2UYUMSTFF*%w$PUQor^H70Qv z-wjj5u0;@ZE1X0_Dq$a5{i%FjILqzkX);p!MMBx7jaUI-gsR-Z>!4RNC=)!W7D(6# z0ZFygBh><1HP?$69vd*K1h%q35_%oDD>W9Sa`b|vf7L(&RLJE#oJpnPaG{FnaQ%9Q zu1m^sE;nQW372wZ#ODJCBm)Bjg+gIqU;qGwMIsPoaB$ED5>3;J#iF8MzK|an7|=CM z)3~nd!V{)xnkwUnO^#w1MpgPkYeZ>P)dWKou})zCFko<NJrGvNhZ@exzoI@9nZp5Y7!UIM;PU*9=|fy3RQ#gWQ&f<@CmoODL&`OTGnb+8b45 z>3~B?QeHecf$^#Y?nnVi81OS1L6_99EIBL>093t2Qa-^Uc$+|Og=+3|rShD-gl&}p z2{(oY2Lr6?s^8&dNMXTqUJc?!J&YR189l@01?Ar0CCQn86*_8wWzNi%4rt~IhqSZbK z&1Hq4}MO29V-cKrksQndtQ{C;-gkqm3Bi zfNK-xE_e zHr*?R?hLJ{X^D88hz17-zxc&3s-B0$i332WYfJLgPD>>^;?d1TeT7bhit{EI8~_YJ z02pFQHvsCq3E-&4bZ4&k_F%3QkW@XZ%DN_kM9K)Lh~#lOQg%kIH-FN28#Og+<;`xH>%N!3{;m2FD9^A_#0 zWEq(iNp`!sn?sksh^9>D>HmIZ@|dZ+6UF71i`Hy==g6P!zhh^wDAuZP%k zR3Tpoy6;%kof4a?s`A2%FC2CBQQ3h(-%Jcpgs|KJR8@KYh360d@Zp7gaoDOhA_z4U z5fzoGkw`SEMxtsYqN)+|UuJ6Cb{`DWJx^qqIl-I*(6vAR`Pi{zZ@caHoEwEgL6wwv z&WH(DD-UyhkZFi~xS=l3`Rhe)Fr}=DLV!D%+Ee6XRdz&U-E-ajdO6LqVi!ahZFO+< zdxb8Y3Y^y5=hQMd=Z2;mn%1*%L*J^E-}=VaTiZLf_4NGfwH2J?Ok$L2+wErX;shCr zln0Ym9+8pNPuCLcPLp1;)11-vZrHoCXBIPyKTVB1Aig5<+0aToBJ{b@LVO)moiHl- zpsUCdb~0|r%!?xe;6w%|PMmXc+A)b9#E6VB1<_@e1XXmGoW>!i6aq)(Nyfr2ceg+Y zRvv;34PSWMhq!f6OVKxT7KJe&`+o!X+0oXT%jXA%a-OrnD)GYCUeTu3ma<)lfM{rN z==GJW-+6aEH;6c&y6@yiA6$~_#g)rf+ie!qKmY8j z6$|}RO@k&)X@6ze%e~w3&;RSy5(Y}QAJf$MPhJW54EDsZUl&fC zb3@k)`NBZIwtnsZ{nj^I#!uL=wF>|e(FnMEfmm&t2+1OaXBLOLjVfr9oSU%}8xEw( zc=tcT+yUFfarnT{=?sNVQ6rhiLTE`{w=GiI5##}bDw1C-!5AtjZtVni({;g#$lx52 z3=(|~#Jv!G0Z?J6AY;N2Xx?Jxn1y8sbG%};grVds60Mjut5Ua7N%2pW@MV>6Lx3U5 zcrZhYqfRk{$N+;A0vA|fvF}JMdSuN}Pl~%!1Y5m&62#a{K9dC8smsWa5t=7M-u9-5 z=#|caj54L#nuXv^2-8Fbgf!)DiXV#5VLHHFc`LmSo%3uqyK%z?K)m9LE53itHEO^l z=EOr1!RUH`@(_V5p+W~e>*R^6XpU)2r z^mo4d?)^Kqc1)etxp_+>8bjN7u8FhvpGVJn9~b|-qJtoT2fJ-^Ur3k8~G!z13HUBuoHLAL9y04uUzthNM1z&Y0q zgCXji10r$`gur<)05aP)Ml;CmC+?CCwt2_;Q4M1XdSOS;7W=-nWJak|yw;X=`9cpW-t?GiTt+8FoA?)cs2E~b&eqjFQki9>O&>w2M3Sn~Me=YRIIL%E?;JZ2q}d4R-}=4jdg z44kIIB!dNl+2hgCB0VlUt4oy2-*4F>Bnl+SrG^qpR*7kaknKLRx|ld+?ck!8*%h}- z5bp|w_^o_Uen4J)UfB*_I1r?Psl_`puoM8S$UVaeAibG#F zFsc|FZJL0}y>`R19m;nh!{JW#%5cbR+DSw}1|kF0zz~;?D8vGCPZ$7Q-7isaKobd~ z4D_A=0l=2+8)h6oe)TgOQcbZBpS1tJM~<%_onH0Kx+j12s=@g&pF7}yk4+xfF|_)h z8&>^uU13n0`LT&BAMG61+F`zScAOCH%4kAl3>h#$Acko35CH|7cLE7)vde05T1JsX zODvj+l~}phU&!q!3|kfOpI*E<7Ojhl@A{xd1B7YJ#k5?Zd+V0&)_mj4`e6sCaNW9f zU--foRIds{1QeY9J2O+4Gx!$5AlPs%S@X)P@l<;3zM&_#1(noL?!}j1KKMf)+C9!; z91*}MjXPv{Uxhdmp2V%&cN}=|ht_V~l!!!~7!gA|p~Y_6Yf5v*Y%9bpB(`D|++i+3 z0%E4bH#vuq&=&J{FdpRwicSY)6qrIb!@hWDEj&ZBcPh$VVf^pFi1)iD2y#F8LK4nP z?%R}eG8p6BupI~@4TqabD2kjnMPZ7EZ19%Qmw!PyyQ1OO=J1R!!G zWX${}+#-R%mdw6iOBg8j-lCbEbg+;-8sEzUDQ6}r_Z{WGXrCa zyku97wPWYbIdcwF11u*(zt<|t*tAUgrNKOf^2Y%H4EFSPzPkM5#~i5}#^0CxW8WhV zSEJFuD_yHo%Z}~Yp`mm#343f*={leaUd@k`Z9Li)y);W-aB9?#J;<^V$4vwHZcw%)O7J3;Hy22zhvIrln zq&xIoZdbXT8Q_Ts+394A7>NKMM~2AJ3`8NJX_26nOl>AX3yXwV^31ITTmM6J{q15j z3oJ{biiEDcCi?FIRw%uP+cV34>NFg<2#te*nf!-D#1uvb5kt<98Ayms(IY5+cvpbs190DkH#YaFzqAl_I|a37KxdaBK8{u#Ei*nF~Z3 zJ-W#3?QnwiB_N(bQUe>TIAvpG^{~tcZ%f4=+I_IH6It&NSlcrFbM z^{Q;RIUWJuIH)PpIg~GkC0P>zz+i9hx>sNO^0^B>d+Mi%s4kxP^WUG`@7SaKt1~n- zf;EFf{Dl{eJ?7{V=g5kEnGN@5*54EBT?qiWmJesgp430#OdhQ-C*OwaP^cV`tP)NV z+%(+aoHIlQs3^=Ni6a7JHczHqBVs~}9qO?BS|GJFH$%pR1RP8$Z?4XO5jZa#negMZ z;We|3NeZEp-0YS~Ji-=-82t?{PgnY~jG z36KFpB!(OTtxR}vJ;=m|toj;p$zFmil)?^H6h%4|SvP_Lj43AXprk)3&`C(-52*U~ zMk6PHM#dNs_a2Y|apDRxj$8rcCRH_(d7p`s)aY4qADQxoynb8Hi6Wqu(*fYooBs9c z-&POx<;U;Wy5PGf*0*K=pl|!Yy+3@sbNQxZeSFSGr+@s*M`{HF10|KIG!X(aWC~-% z37I$b)(sD4)vzB+*jfk;>)fJW;N_kTSl;)xk2a;1vPWeKcG{2I(%wfz&SLaMq>36GlcIz-C*3DMd>k^Nh9RaO04{M%Snii5h`<1@cx~H9B9()@f%<2 z?$@)uYw}Be|I++#918&d_~R?vR`u5>n$nG_j+x^LsBhZ<0e3nxpk?M-K1>2YhNv(= z0#0_%I@`5n=Bqd-Kr%w0yuReoa#8}zVM$+KpZR4?zrC=2QpR4s3vQHPH`S{ zTy*{a4)k;rkiRNL_|Ax6K+|7-ZRJ6;X8POfPWacSdnSFcXVMqaU4QFqKSSJ(p_apk zS`JU{c&>HDchj36-SVO9Li`HVkq=^NPjo0hh$-(x?vNe2MFJAMm=ent7tN~>7$Q?t zLCh{@tCdp%96%xS)(H3!4PuB)+h4qw90@t&M7H0BtZZW9ma~T2sq-RYKxDT1usvQ3 z7y$=DW`R)!EePXU3fo|yi=Txh2#R32vY{Y7440Ux^T#S!>$P1Oc~Ae*$1g{HPsLoOWykThWd1qJ1N-x#md_vAdVu~P9E2mt(oQKSilSqGL!ZKyEIh_PXSTe1Sp;j)r>s)-PZ2 zmGjQI;I#Sn!tek5x?AtMXZq1c8oB`hUZcc%OE%;S(H-0T?-MKb0YKxL- z3-$Y(M{N19qV;Ds+&eJlB(GgE9G5=QuDcDSiO7KrL-1pAgL7dJi2s^yFT=1)8bll% znOP~KF%(kYJSD;AV6}TP-%V!f(w6)~+sY%`?Tlu(7&Fz6q5 z6#VKoxAYOKzlxPG;cCch-*(%#UdA2a*HB0b2cg}06RVA2j4WtW+9{IcEJMi@v0RZ> z=Be#Bce@}gaw`Hk9O0gNjp>%RSG@7ozdNTL-T?r~hIkUQM_vn&!uuCykBcX71;CC;G|I3q}8q8`u6;{&U<5pX-_Qg{`x` zXD{iUcxKD$|B3a#J}~A)d)C+ezj5{o#o3?D&-+p4|BdVaKby+Ehm^Q)fx7+~vB|Dj zFx;wZ&^1lx1~(bcI9UM|iyDg|V+s@T6yZx2UVSF`M@^y6xnS|KF#s52hzuF|{PL#j zhb*_0*a6sSDq?3=AOe6ma-pt+0T!eQ<(Ucaj$XG-gIU z^z&yfxVC;&hZ7lI`Hy!PQ}#P@AA8C6b=~*<=;=(lxvY;)kR6cQXXTuv+ob5}=^2JM z$#Kg1utZ4npDkJ#1~8?oyQ&SDBwAw8y4cSaEfo9z#==G7&_7$W@EZ#kt>3zNR>Ktk z9jg3d%?^qFDdYi?C}Ty=1DRDfEMIZy`R81C`h0oecfN7?cfN7CyyVq4R(=rLI$< zZ??Mrne2jx_?Qn><<=+n7pspICr+BK>AIooIyZE#8-|ob&yXn!15{Loz?jGYMpJna zfj{J&3pa{D5<@gt6!MVS_#;#-CIE<}qFw7{M7tXbnVKU>FR!U>Gr_wBC|nF+2W|)v zkxPDGFxw+ySzx6~qRr%ZtR*)b+94uOQj|^0Y9pF;+fniZp&fd12N)OtGnrn|iV^$d zrX$2HMVYKBY{?mCWdX@niQTH$Q$9=;P9}%6O(O6IN1FLhc+Vk9MJ`QA{L2nTVQX{K zWRs0Ga_1G0Q;16ve}iqAH)mRgwhsK}zaKdEa|h2lW=bxbf9%))e)r#-0N}t+PCNR% zLn0Bj;^}uE|LxK^uN&3cY7@+%$8BTzQ;{*o6td!$6ipv|O z>s9To@}Fd_!$y>7UF^p{__{dgx3By;&l%rXxah|}_&Nam_y=GA_LV;mf2O5%XJ@Gz zs8<`B>pENFv20I36lnb`%RYV5@fV(cYT27|;C?guySD0@hHf8M7N8{_D;>+|n{Y<& z_%l4~#QNR<07dKbzp=6ms=sc0_N<4DF$dLOH(qZ)lJ#~DeD2?3IRNPGM-HBLr}&<} z>y+HFKPt{X-~JT9bTmQYRRock`d?32Rp=N0VhhyUG`LKZ=ICQ z^*{Nm7azId833$LH0`!;RndQv&qRzWr&Pf6fSm* zAMI&mql-3FyzHyrFBKyh((E97iMn@thsFLvi0rn!Dg6ZqGK@UCsysccIN%)7EJ#GK zm$WuE+TCOC^+wWxjqE3{x@9Ti6VpRWBqRoHO=MG zdRFX<3~c}aBjQa0PTzfs_+q1i?cCuF`wX6TCjg}GKU@4-_q)TDEid<7zM=lQ3E49r zG{zhRM5+7FDIRcs?${qjU%Nf|$bSud?%x7za>xEKy8QQjmv1bcaxA#1O%xGuB3iQv z_Ygy33K|Au%;1W}`ozS40J%fXL4cx9ug&?(k&sLum@lv;?kWNk(GuIpwS=A7SH!Yo z93mAFU^feQ0gwn8Ltv(vZ|aBO^lG=Y6{^hM4htr^oJAsMP3j~`E)XHxyCt-KOJZ}= z&x9bcV#-y7!U{1tGfApjmNJRRDY~&Q%vWL}frZoTn|vy#M-MI+CJ&-ABrn^t#qmK{ zm4x4OJ}_Y~n@LaNBjrFa3uz=OX_74x(|u~mOewp|d)28#X213W&3R%Or&Gty45!yY z51d#}kc3Xg7}}8x0WJn{iK~$TK;MR}oQow3cRwFj5N)EDTP3%nklRtH+|($+dg7P< zfx|u`LsTQGswkADI7J#7>M~7r^$qE;lMmEd?2L*~AR!_o0z|`ocH48gIKrUMx79X# z*6;qjc>Ji=(?5P<=@WQi*>VEl_H|qFmK4M7xt!nn>m7ea!^V5X_jupy`#v@k0P>mr zy7s?%sO9jwt&c@=8v#H|j`zIC17|+S#~$Q)PsQ(r>8FcT)%DM)>z_$H^?w0?ZCk0g z9VGjy)D6!J9R76zC>(Hp;;Adx=9i5z2Ne%Ezy7-M#RJaw6n(p!Jezh22NJwPIv4H6 zxFB{%1Q3x4OC%vf0_2PUP$2-|3>g>F&k)J?NSrJ_C5}j%VW45oeuEo8B9MW$N5>)~ zG{q=K!C`1k1Iu1Pi_p+CU#!5W<&!Y`pE!v)5R}L?Jh!_~87GTo10*tie-ahCBL617 z8eEXha>L*{H*~|$4Q}SVS<->43TKL;FoiMaG95n^xk4lIYl=>7m6H&_$!(Dib0|z9 zDMOYq24=;*gn?Gv*{Y&@FZC@E+K4sx(L7<0zc2(&cKwE=;##o?af1zR=-f~h)p2Wq zo$V1|)SBuMT1^wopj`;BCCRimWRPxfL!29#%&4fS3R77ms_I(76)pGGtGf*jnH3RA zaBx-5trCVM;V2%uPrr{VAm@Xqf*cFiI*Ouj&LfeCyoKt&DL`JXt-Nj^k-@#iB}z1! zX&?W+8-LBYamL9Xw*&Q;Uvc#Vk3Q-R_%t*ac8rAEeUcTXsD8C-V9ZBtAOV1(=DFLZ zeRZhiaPeo;np*&XM>73wCkByqmwyEYg#8h=rJOTF1VnoCzEJ?Zd0#okN)}DF#mgZz z#;`*Z!uQMULUD8oKHO~xxT(9DQF4;p?_?M{alNSJ3tFL|X}WF@7~HUOUaa|ThBnPZ zni)WL6_}~pnv%*+fg%x^vEl+~1zqe;SRyXzNZ0E4rph@=>~J@^F~nzdxoggyhht_~ zb25mFqEN%&Hr*luAVY;Ql?nD=<_07;n)y{ecd`sgj~;yNTUE2xA~2>f2GK|~5sM{~ z@pwEAz?h<#xwPOa>whoyzCtH5ZmKbikQfq~g`gbF)DW^gjuK}9Gs#JfI;~I`RN`rd z3YeVO-hy~=_opOsxDYTfI_&X!n`glbg+U`-M8=q+kkxX$p}w)NuY271w#^&2<%SA^ z^waA8;}n_%Ij`h~*#Y#xek>^^`VmVzJBAT5fwK9*6-Z1pvj$is5=o^}Teo(#wzkT% zT@5%D0uTFdU%rrGthX2tAj-6k22S6<={Eo%utZ_(x*uL0O(!3FZfX0WCOwYHX2ZR~ z_Kd1RBFhW6sD^GeH4QG<_gD*f)?}zj5>04V$^KqdwD6SC>*1m8l9t2Jh{5edILz zkp4p?C!nB1HsW#onc9nC7-LRs?YetYYvY)>8fOagNYp^hTF!DHg5cIL_EE%t4W8HY z+k3W*J*~ws3|mRa=L#2o{VUgAarOTD?>BYEL?A`i4WIdoa%Q)?iUR%KSh2jNwQ0Wt zrXmCpc9nBW1;Rt~sK)&cm^SPvm$1DQ#uSCc;;~d+B3+kEr4z|?GL?=eQi)_b5sj#J zJ0s3P$LBW>Wx&Jo+sB8zS+}vrzw383zQa|#EXFPvTJ2hJHd^$w3?%k|w#J7tV1iUI(P%<4-f(xMd67nj*CBcbpx zGuCKT1tJos!Q4=Pf3`kT|A~(s)zLnIfN|?p)d_TsYU23)JQSuX4UMtJrlv_96ORSH ze$$rcUw&=#maPp<4RxtBswUUVd%F=Yy24X#avDU((Ggf5g8*B5`o!)`{B? zNpbHiM9Kyj9%Wt!P8=Kggww~2J-BVtmhH?;K_pGrX^6h@qwoKA(G72`d{fhkp2k1{ z9-p9-bFGC40KdECHn+FOCH~6xGV!nTyIXFB;kL#S6>ExUr=Vao7EPw&$y7X%iYF5B zL@FLn#1qL_B%(;k*kl+c|C6p8MNNxFqK%CWCx7yj8`f{=?sl@GF`Z7|efK@Ty6GlF z28=PLJiM)c(tcjz-me`x=fQQGjc}RWzjbT>hK*N$>0*H;0FcWUW}S5M!LZtzh~|@NZtN%&3x&d9 zHrvy^^OhTb_1oXv{PK#GhOTqNY}seC(IGIa0vH%m9GY1(H3t}D#K|De4cgJ&)7wAz z(Rs(t*ms&{5U-)efBIku5d~Mhz4obRpU-5{qeitT3RBEPM;tM+KawU1IULxW>zo?~ zH!R{ggPW~lY&W2rI0hy7fwty`sH)l#Eani7c%54|=Z{Hr=U(W&R?7os2U2uh-@3gA z2+WS|R^3u08c8JLLiwxwrpeY)`NmT|tHoheH3=}yeGs?GVeQN(57m)fYHZyD^9#4! z>fCxV+#+b^Hj5k~qN1wtSR|f^#^cdwJeG*7u|zBuk47RYknn(`MJ1>k1{vJYi<+is zMNNBm&AU6cZ5tdK%;j=JLqlhtafUlaVtqG!q$Y3f?CD6w-*WdKcG)GPMsd!+d*iPO z=*&-k0swBl{ZF}`UW4;6IX$^9l~>ggdPF|6-MOeXfkww;M> zOl;e>ZB3j^Y}>Z&y#8MGpI&uW-*vj`RGq4Wz1O#xD=<_Wx^Bq!qj3$W<6n;sob}5) zN@Zv-F(=f-h^^OGspfdAY?)lXnc^I~Z3LLXlE{-o9Y;Cq@4H1C(VBXY0VrUmY-;ul zB0tZ-2CcDe_1lCZ>IShLmy0h%!*?W{8^~aoIOBDb==C)p9x=TI+wvj~vz&l2`i&Wc zbNPN`y-Qz&KyVyl6jG6bcw^d}DRN*DDs8qz30k=`vubMCASr;jpdc&Jz4E?9>zcl`L5dQnC^y5nsB`@AoaZpYPK;IT8}(cNw|igKYiTCb~Jr~73H!fXCU zt?&1+;`{WD|70ujUeu(8MUMN(zhbHul=5pFU$N;I7O@T7?MK%!y*TqHN)Tpnby%Z4 zQ|<{Yb4VF@uAs;OU{+Ns@s#I#<0qJ~S=LjzbNjy?Hjwv!xR9YLwD;kON1Gilc2eYX zGb_kdls)2o3K|Wq=Dp!5o=zL8*3OdAWG5qXH2DN-U0c1Hb;@ z0RTApBki#XWYTfh1;Z1fpd=+nfv+C}AS#EW*I+f+#9re(lb2-Z0P?_{EW&b?2r&%g-fS zuhVOSA_7KCBHjoa=D#?O>%WRWkG)Vfdpt_}gFyTcAoFWbgmT3G44lx!2 z8Rz~84uFJgii-pUYzJCm1RF;42R4(;_;i&cWj1{XU!pGcyYa3|6!@j95ab!pS2-|O}l=ggdKT57|BllU=#ev^`}VWrtE%t%hc8W8%_92 zOLgJ-KynOc))?7gO49J?_OIMf9fLkO3e&m>ji6ZM{A;3df?(SN{{kBIJUN%H7zI@( zo}|JSLCUSgDE_K#f~7k~L*)-a)@GKO;m>5$u zRgu8-=x_;>H#-HG(xxqAO?8I!T|2p)005rDST8!on2-aI{b$Sp19vvN4 z0(V3#$gBB8+&fo;u?uErh4m|*^VB45MGKaHtk2bU_6zAhQ!%_%#N!)9qj?w#W5b-nA$T9x5cpN$@-MqlN9*>A619$)u{2`77+`;%W&buu{R zuI-r{NqrAkuwBG-vl(H2PJ582xIZy7A_ogw7M%mUy%!&=8+q+F4q7 z#12W0xI{}xQZXzsIk&qin!GzT@`R*;%}p^0D5hvn<%yi@zq*gucAWn)6Xdc}ll;U8 ze9LUZGfEIKI7qt5EFHq$*Kw;IaW>!*3sMaq;^e6MLMj35vIEwl+}H&JI_Ls7Kjup^ zS3vDKSt$9BtDG^ov8#N%zJtaF6YA-S?2;$wv&7^{!)c+^?iV@i}QxwAY${ z4I@BDq-h3d*Zb3st{4=Gn-s)<1JlH^Oa&Tnl?ei)vFKM<>K+I;JCL^g#v|R4WkESu z=vre2kOB9i)p-_Ofx--fbCz@Z%)(4V^v=d*e#!HLT-)7+?k~t?@FH z9JU(#aRdOsWYID!K!D|;=11m`yg3IvA|L{_rkC&Qb+&ZdR_MI|2v*QmSWsGb72@7# zt5>&I97(xE{y~U~!p8jPj_=#YT~pVHKxO{nU3~i$5%95n?dzL5S)k;Rk0*732#6u; zn?I{`Ue~X>!LK`5eF4JV(L}bbmH$Yp=;<_0F!B1qY^@LBDt{*JCr8Dd_%;RPO-IX> z;BHarj#ctyt2-T zOccv|Blw0kKOw;&%K`ucVZLt@bBQH#+*WHvSS{ANi}PkL`;SL&_y84S7Thx=0+u(T zbM_CLNi7oJ%B)G%H6j&Dj$$w%FD95fp~4Pgc-Y8}J}TdBKnVsLko0+m$p}IoN|=Yy z1kEP06&etRYuaW0fP^4>m4@zOE1l!^u=!U_K9}kI@~=7;-0v-pYK@O^u;(eh8{yiX z7B4T);bFela(i@5pGnxuf^fi$`@ML{R3NIx-AZvfohj^1n%il@m$X%%_e!DDX9!iU z&(j5qoGj%YfDxEg<9-b`OyDFU{vL#?9c_n~Io+i&VU?ypOXVe7JdcceQAH>&Vx-pYiXV6#;MtbVl@L z?AL1+YT@qJFSposyq%gkX4tBAUfB}E;N^>YA2>R3L5fS9+wjl@Iw8YcVs5Gd8NzMh zkM0{XQEgmAtZbR+tRllNFa^NJ5RR0}4^EC|T6oWwYi9od$wf?_5;UC<@p)|fj%4xF z=sht2u&*C*-(OgO&i5x;KLO&?&eyZ`>2~?Xs)(4#tJbF)&1L%6yC3(K2|gULR5?D7 zfUDN$FCd$gtQQJgkNp=HMa!7++~eb^{{^s)PK}Tfcth{I=QiA`g#D$o#Ssz^m8#1_ zDQRn#I^q&f#^u4wmA7|6l81u_AbY499 zG%J7@U21`h9AA4_y7(DP-tIFGB?jKj;t-&-5%q~?&oY7NH}}J7)donTVdy9T#{t99 z7lCDM2ZMra0yns>=Zyd`jkW!yKXD>i{Ucn$*vlId!2a}j%xYuw-P>Qe{d=o<@f_cT z?BKe3>F=O0AR!-)@S>5;&Ae$Ef*d~#jf(NyFUqT)`jw1;*r3K*&zRb=&5wjEAU{7p zW%h9rA=)6-b1lG0&)wj(Vp%b(h1uFg7Dw6Rvpt>b{{yz`YzxmJs$_URwNagM_o(RDWwaBklD zJa^sU76 z=tXHt(WORbi#q1yBNv zR%W2wwX1>*kr8+YSHE)>AX9Vs^MngD`k~?YLXpjS8rsg2Cv|<6F)Jd5SAOgx93F1U zPBjDkP*Jmx6bDA+NN-9)S+FElN@=gfExGjdP`FoV3sB+woC3?Jx%2Wx>rFTsC=+9s zEFs`z>NRk=5Dwv@C!-Y;bGh_^bwVBo^~37|j=lJyy)S-TP^$uWx5{$TDJN(wR!`{H z1&4IoplQ&6@!EFW-xtek%bSdLOQm*S1JWE1{P65 z!_saDlGi2Hf%2wD`3sgjPg_+=ZuxMfuC2$4pts%BQ47Tpi;3u?IyF>^$qVqo&7zEq5O!+?JYr&ZflpPL{?j7(bgTI-uP@2~_?Zity6PJp7CHroIq$MJDM zm=6ZR@dgW));5~f4_6}&uK`URn3Fjc%n?)FM={dtAo_d7>N)q#gOu$rlNlW90VYeW zOIhBNf91geoVyc^I}xr+|2i!ipL_NX+@VzPr@!TiOe?xA0Qay?NZRXShkCR?P6ler za7Ibb(D^PM)ikqFM(LKah-c^L3^o-8k=-XnEja&_f4@oT73 zM?@BYFNNHwkpkQFcr|5ayf(==hKh(th!aDqN~omSBA2LRfIcrg02!3+jX7Im<4=yc zzu6(CBsC(A!3bJG>+161sfz%**HPAbGqEX5^+*l!d%cc!FPA;()T~q@i+7;u6eq_o zjgies4H#@xfIT^&tBitlmge$3sr8EOy8H7ia+=3wpg|px=Y#CY)$^4_{+Gi{z7z1k zgs?LB-@1NV+Z(n^cMZ6>$nY-4V&vY|1hIc(fC~&yWjO6|{)~o-ouaR8YY7Q)^liOo zh-rs#M8GrYR3_cF{6vUB4;eC2c7qaE2+ z)>k+(>zj%q>YpO>idc6*y{RE&3nz%G=7;S^!KXq@wLN)?i~i75CZdfpzHGqu3qg=C zl}C?VQ>H+s(XMDU5m)3E8jMtKV~Qo^oX@6!WwAZ7rB-z2D5&UrEsLL!2rFdNLoXS! z04)(4GS2OWMrPblg;0VVn!L?+$WD=Dt@Kh$Pr(=k;NVZu+eSK#3d1g9*-C(BEH{b) zGcWZMJrj@F=11`u43YZ{pYB-T%QK6-8PwZ>eg}5tZ@t;JqwL6@yTv?jXC3Fq*FyR4 zj}IRdUEhm2O}#)-JMH+VL)Xvd`+}dY;6X|{H+9!Cbu;Fh2>h-4A9QxKk27mMA9IoR zHxPENeK17k9S2YRn>5`z_FJm}`*or#bhw|dd&g3CD;l{LmLms{PUXh!LT$R#mY!qI zWhzV88L~>E>x`bN@GGIp3!yRBu7(CNO+kv6!&T!v{Bh#P0>I0E<~A`Mp3HM4M% zh%nPfv>X^|gVbca+#~{`DpLvewLc6Q`_t2|IxZBZR@g)9uG3(Z-te#~y_iEqrfZH- z7VPjl7x@#EMA%nZ*Mghz!$^>C4Fx0rQm(BJrEq@J%$r&R`MzK3x@=XAnC~KJ-zu38r7G7ser10WIbSb@4^Mku+)^=cezV-V2?0Yif4@%$ z&|-de7;vXoNq_r3b@TE@kotZrZ~jV5)FCHvrGxgmnOvZ9G$D3%xs`-Rg#GqbAoNqg*;l=7@Vs%3eqF`6~68g^ydRqhnd zqN9e|T+~3q$(ju6a8a2Tx)FAzLvg0jU)bmKXd-^8bfvT-eKL?tl4f?yXefg)GHg=B zA=HfU@QLF$S)Lv9W83&Yv3cEcKrm6Mb3iwf+&2RA5~KP_a7 zpR!EO=IQnw3Iy~v$fQv^4ln)iSml5R02burkfw6*P;uF9l|Zewe_nmbOIPwWx0}pZ znJr~RU_DnakE1uVSY{}hnXt>_{vF%yx5+7kA|(~NznGUk;OJjn6@8sYmCZYzr46iw`iwCgw9K|}8J9XvH8Qr%W6UV#G!x z`PWmuel&q$0lLZ5ayP)rvL1WDQ02VQpw73V_Pmls7&XfyYuQ_+8!P$^F6sJ1JTHUX zU$_C^JmXDZs)Qm4l&P%k{HKBa19w+t<9#bie+IVP=^GemAXmyFSlNPQfO}BfZ##R} zYYbFeNWha$3pFhE4M6Y_W%e6c>bM8?>q-~5*nrJ5f zgmuQ0CMS({lwvPo^b13=jE1XmPSdEoUBe)B{3_%FO3`&RF^L1~A{06}oGE9;t)!rT zYtm8Hk>RrB5Hc51j8O=ZePtRV5i(&dQ&yGP_4RVYB||v-yRf85glJ4=^o`)c17qI- zY4^()2oxfBApPxckh1#vJ&fYX{LA-_=jZ1j`dj<*FK^GYzsDzET<$NmIiw>ZGbiRn z9XJa9{#Cap>d{Wdu(hobbKo3yr1HZ|se;5a>90CvCsLvqGc| zA7IAa;BBls+(CvK#vg4brV)izbnNmn&`>kOvEmG#7zQK zohX$Of@U1DCXjHJ5`{O^5VMCvrN8z=9>3R!@I>3gl)2uV_*7rIL+OwdnSd4;bnx!v z?b_Uc2$l(y(^J$|R#LQxvtCY7qc=EfD)(@d2{mQ4U{w|syD%RO!x&Z8ctbH1+lvql z-65s_7!-3gHk|x1kOum1g__)csC_LY{q{EJDn`xh_U;x21_3O{>+>BTkVe_pKR@2z z-(O7gP1K=qRzls5sgt!(7>XpleP@#k;2+>jgK1rSqnLvcZ~1bT>Ih@5t-S~{sY0qU zMlrn0wL;;r`#}faFcB;SomR6JF2o#vPcDTT&I%W1L5@+35*_>pLzLJAF=+su9)%Rs z@gEvVewwix6|*2o5M!)p7bbItWK=w=1Y)9TkXGlMY?v?lT)HHJap8MyABe!s8>-ZY zrtT@8-ZrD&Ht|n+$MX_Ce)-aQ5Ww*P`oSpDk+4rkaWjv;jCgaa6`#1#|9k z_^EJ`ZGVbu%4E}%7uwGP3u;n9)BGe6xi>mC{aYqf_#ivAD=aQ=+0E>;o4Pnp@mPls zjohv7Sl$)^5(}otR6cpL^{ePFZ#G4g-QeKC{CpBWPAGZ`M08M!>UhyOuwO07bg6|C zK{9AoBt{h4T+Of~u=_y;uLS7OfDF%}M0#b((l`7b9CB(2|mugx$@MV?qDJE>P+ITXY3eLkK%A$g# z1ozdzl33roi1}k(IA}QGoE!!Q1|YbY|8B;7C}M&(hpeuGgmri%cRHzBUPFT+3SdKHV}71Tq(Ybsa6bj$xc)tqJ{?tyY!D zERs^m0F@dIYPvO>mSS~~IQ7yuDT-e&QD0JQvA$y*%cWs};GB^GeFONv1YCGDrgYd8 z6RfJb1c|+HCVrNGL5%QVLqYg+qj6b0*rQxQhd79Aj|!7y>nNbc!yzEh03mPhKo$IU zWv)|yDBJCtGU}fl9=D`JtyM+f|LyJw9Cu*C{qFqReRtYYE~Y^p1K4g|tz~A|`q;M) z2J{ebOhYpWyKsdH6r;41K_cg!Go+>D%02^)#7rWJ)6zMP&>CW#@j7)fM+RK!C7O3C zg;KID80l^{B*FXbY|7zD09ltQM%EK6yTu~jWM0O0qHJoK3=xG~KX)YA?T1NMdZ8S? z9Qgh}tEinZg@-wPE$<{pmJ~E#1&rE;qBIPkV;?6EuM^$pfpg1w9=OWvof*Pl(|El5hh@pn}3$?DW}|a)MN?HFZK@4)xGc4 z2CFmM-#h@syjL9NBa4wekfI{V8=XH)vzec6LZv-R;NyIBx7cWobTRB}f3NxW)ZhBT zFkP4Y=4S0a&}&3%VaikTPr?b%zk3zm{t@I&?apS8zlYNKK|<*1xqAKEJJ-a|fdBoa zV;~~7GgVZFn^ARk*PH3O_&2w?b@_*Twfq>OLb>1|h@qe2frD}kxmcb|dq`1!3K%xT zCi%Z!qaF7U4bNK)!V3*O`JTzM%X-#t%;5IrFu4xmF15} z4~Lu>WbF&YK{K0f;sc68B$Jy_(2Pp3bOx420~9^8(1Pe8u5oYS-MFZsUTX z1KfWli%SLuB#&}*6KZ6W;K?gtn97e3H2!%cToQzP8kV*&bHf?q@4K5P#zv<}g$}4+hVV57dC~c<-MXaV+p!&Ax5OZr3X#WkcaZZh zdwk9gfH(m9_j+I=H_VTnxTl{JymJ+oy+z zgKB$F^z!KF>|$@PNUae+61iVX>~u@?r^bAGDLzL^7%sV@Dw!%X7S@SI{xYd4O|}f# zHF~v_DHGgjqgog^N}Za^?-?_i@KEeWjI`kZouFuL1|e`sa6C2#Qw|c0J_>N~ArL`h z6xaA5}`S5sJ6oKR5PwDe`wWo5KK zl^eqBukHc@U|0w_-B0pdbBS3NMtZn-AnJU&u~U{g9U6qyKaRps`4p9hkI&MtqD32-2fPH z@N`=^wNOHS?kq=LI}!W{AD#IIDC2-}5QB?g4qDJqdTVk-`c`-^??2hy|9XjU&JLL@ z9#%#j96rhVKD|2sKniIF6}0WZxOuvl(r4%?syY?6vYz)1>Nz=D6`f6Of>tNX8QUb{ zn?;8)TSVySsxdcdQy0aD*X8e^;&IdQEZ5otQIvD`qJo@+Mqo$vQ~EoP9>47DogAO;9a00-MI=L6G+pQ{qqKcHgIdc}q8}dzm+#Lj zDxilP%lX@iQW6`TjK4wHJixYBP72gAE8!2L-rxiNhQOD-T^4>L4@ene8~W}0?GKdW z-b3FDDS8M%!?U0j5}y~=ZgE6;?zg?9!f)5GVGB(5J*jVJ-CW|mKf7&ym^jBr^JIi|?Nf~YC@ahhE%mp%`t z$siF)p~FM)gxuhxA;(D2f2c#T;f7^auJ@jd{QE30mL?r$_Go86y_z|Hq)o0+meX}8 zJv+{AL?U=0=`Bsg-vAXzs`wGd=FGm&B67^2qO3?#UcuPU7=-MKgajxnuYiR|ctnJ$ zuBZe9M7h@qk$3GWPw%VvS@FySarhtli2}Oz^mt0h{&$(<^!c5=o6p%>Whbm%s$VjgVaI#0mIM)sEvpykt($Ij-W-L01|&5 z=sugo!E_1+rubS6M0d4dTcO^(ePPi4GX&Sv2>-pSJTx$N&ssNb`b|Ov1P`-5m$C9} z-HqWWoW}hQcwal$f*Vl%q&{#G%u4HdB%w0JT2}{Gs32&PdZWFoY(AsCrc=V-IX;5^ zkb#5%4YT9SzhmcDD)yFt3U#!XUqJlMgzYv1)pDw$@ISbQ!i?f0fcVf*jDco9j}V4V zuu#B3 zV-F|@ia_fJKpTMMwI9GD2f_5UjP?(p;nENcMR6q`_JlEE#2(&W9PW}F|0yDR%O`rX zm<&CBmE+~4vp>C;g)Idyh;uC1tS zGSu!FE%8s&%wcJjjm%SUAa5EMPp~wQzeexG>8fy`I#mB*E*Tt%^cRvxtqeAto-q$I zL5Q_}-tt7Ju$4i;t$4;4Z*;`RH5{$DD$4&L%nwYgL$cf9dBp`7yD}ND9~hH$8lMu6 zxSZk(N!(tp2MR$lL2%sF{xwRYUelCvha{Cse*7n=_&?quYMLfs|Xo$zh#IP8N%|G^wk3&-Eh>5#Q--!?p+`RW&jgol)~9`N_KDW{`jD%Fce~E%AXn?&mYz! z3V@l@$1M;+6AoCn9M|*3%DbiN8^OQ^xQGYHY*C3K1*>e~Dg3hS&y(X9HtFSJFIDgv zy02!q12%x)Snl%E7Z~ITMlR5)G?+rbXOP_Eea|-zS_+yBn}5mUYzg zyYTzO-(+W<-;H{I`*)69CRNygxu@LnO4tS(lgW<$PIkycCYn~_u zBUUMAZj6T}gr|p7V#XbBhmu{Nfe#tyT9z8OZENKW1%HEhx;@mG8t*3n0LcpAJ9p(& z{|HK+zDBCQy*yu4!Zx!!kG8ve9Qyb+Hpg6G_3&^@Gd7KMw*0fFh3{P}$HWVg z=_J29=ft_UAx{k~R{xnqAi`T0U0PnreTMqmOz=x8P>vimfBfu3wGWvIRbpW0fQNL?zPL~-eM5+i$ zj$0=;Y+395d6;VFTQ50hE2wI582>|$<5j2T=+LSbOEd^dG$^?25*EMt5dmV5!u?e= zqb{!-W%uDbBA`G#zq4v#x<{Vsx4>ED_&enL^5XImuq`f9P*9|seB02vsE~%xSEnE$ z5%F3m%`R5DA2$N8F!1Bt9c}UL?cGLuJ~Y%XqM3HT#$pWwF2Ui!!a!0WQULvcBM_sV zMWJYCa?Xnil{_UdJ7g8J-nw2!QYdKAJx)Xoj2lQ|;uaQo{bYM+eR#`2>;MK2fK#ud z*q&m!U@_}niWjR#~9EnA~Q;1?^hST zk8J2yHi)Bl6}La2l6$u+G1feIEB2R;Yclm$qFADc;ojm9w5=(8U4b0DfedyBMfSCd zYVOn<1v7n_UQr2-79#*-JerXCM$BOJ*%Rs2&7-wr)=&-I1|Ca2)&H|#0@t_8vAMg( zA5kv!-{RsSVPmNPH-AzueL$k}RFos41eD@(8Bcbi6L%?2X{t1WmhPQ&dQS2#Zq=V% zftPY>U#revCJEw$8%Thbi?hke@6oqm8>$4HA@Ex!+?r@72_ z-43Q&AuIwSv7gg@jXVyEz@{XV6#6E{Ho;hfbyZD;H#J`hqTDfGa1B6I3NY_MK4VOY zCvJ$XmU%2`%YV{l!6F)(U$;!7a9Uc(*UES6$&y5qd3e8LPG z?trRRB0&-aE$y`~i5Cu2ICB5f)^thHkmF}jgV`-y3hG%VVHkE%6(rJK{R(-o?EHY~ z`J0W&VRQDuY`Ai{#?t1hMtPl7aRYZzkM3f7JNK}Nc+*#PSa{3`uloD_;KuH=$gD4K z#8WA11fe`dM7gRQczG4(_CWkmvo8q155o9S*cz}3*kxkB2^toGrcL5Al_WVF7l3Ah z4 z`}f`VyRm0F?n`l1-In#_!S$VAR!|Tmo9jeCaYJ_}X`UrvOrc;;Y4lTK0R@Fo(G#UO z29Cr~vrjE+5+}Strr~BiMZ9Q2aA;!~01iD&THcpR4UbbvpGn>gO5tg{Yd9D~(LqXK#oGb0F#+scU-P@&?A+L&c7`xV$2p5U6PCXAINkU$FuED$N+AeYJG&W>XRqi#u6;WK`pL4gGGcUWfmNN){d`d2BAPiO24srd zjieO-8;p&t?CeFLjPjaer-x^j>?IT?9KU{Ts8}X{*8lFg>L>EyMFwV7?CohO>wZ2o z%7ZmLy8$0YMk?D1YN~|wBv107>Px`F%ldc1W7jEI!^ec~xKZ zdkY&KwM8!1V6mM&{3g5-^!5@*B8c;*dEThyl0^;Q$4vP6_y9tUwY9a$=J0Y669WKJ zQc{Tcoc326T)w`(w5d&&|JGpPMhhkHV+eVs>SWFQmC98ck0(fCekUBbN6M&b3k{+% zrl6OalVmLdHF<4)b5r66X1I*)W)1w!HG*v8$d}&^G8Wcyd;3}_p_l$r6;!4dW4@qw z#29TAvZN6Op!b#aw)6^dV*+$rgDe}GwsvHoLxf?q5xIEi$fVf3y*GG5A~fHsy{}ng z&qMLFo2(QM_fOySda~+Yx=MzlgWZ;zORwEN2tXRMiBvA1;lLjOf!-tT!8i@zo6L5j9u78*_aAE968|7Xdm?35*)2Rq!bjt=&y4qXwU^kg=k&W) zSZQ}-w~!%7`6YE7yYWn7I;Iqa|?ML7KoFn4%VxyxT z9c=-t9&(Pq-yfHWd|nK^y$Swd0~mq#toQ2o6Qgk>E)4bgyvDiHX86S1{pH>nbUIS$ zT@pq`b0pQCghMNIJJzpCf^_ER6JHjdIy@uu3qJ-Ali}&C+UnYCA{=(zh9MKZvGP{s z#SO`-=6QYPdr1>XNu4T*(~Q>EmbTZi1XS57byxRMt&4!q+c)3qm9J_A(k-8F_}=Ry z-n$2uY4%W=C}yZaudRX}`onlNKLhL#0~LHKU(O*NK}}uV^V411$D7ObmP`IReooe^ z)KIEn2l)Q7#j~w$pWS%HPa{Y~Y)-e{-hZFhI69U_$;YR=zc&v&8hsmP#Ylzi_fSs; z*oBjR#CB;?`p~Q+Yd@%IMX$s}q!bn)c#?BbYCkj3@=y^413O4>HOf}}B3vy%@=VpO zXG4A=N+FYC(mwTMVMZbgQM1d^ow5vI4#s$5;{Ju(hOkk2YJd*Hyi&B@ZbTj|xnw$b znifLuus5h$$*uR@m8d6jFiWgfi@DrUzs+btz6aL7k@QXH%9&(yyQ17{d^PR10hg_% zrKOa#baFIs6J=v#`}&flr|tv=WoBWfo5WBiWo~NNNU&Tg0V?~9CCdQhYh2TWlpygf zYUUg>o#&Zzlil^z&4{_dR^2yDYy_YE&M>9~rI4*)u_auP$AbWyb~OoV5Oz?Kg`!3a z&ZC@jG{P2N*XE{Yy%M2VhyiEv*yN-HFZTZ0*-akfd zgzm<+N2e_G-xKt1zS_PnM;z*YVw<5nn5mz!EB4k@(HWdKSA@S>J%aDHLK>+mD zkzb83gfyVLexKIBl&g-3|z3Mx_JY9khMl&fikda-0j&_)?nxn?h1_>{xao7y_ zrM2JuxN?m(p;y=Y4~=bkrRD&}U^VjK#qR8D9fVsBWBBwBB;GaX{Xzl-FdOo9v6EL_ zonwH}qsvxqFVMkAEc3x^KmObq5@;vJLPmht#{hvDa_mP)@L_4VTUG#|nM#DR<>V>D z2E_p>qB_8uU1EP`YprPor!F(@G*33Nxl`!!klwGT#aqASjkU4r+G1%5(dV?FFK{}i z$N6R@oeOEB)Or~YezJ^b=f;cCa)FwkzemsKRTNqR9u_ttDvHow z`bzLb;KJP2*U90LPigyD?ceA}RKpyd&XdMz{^`Y|j`nsiAtK*~{Pv2s?$N}|i&wcn z$+4wu=h7mi4}_K~_80^qM&lw-)fcQYsu6o(c5o_0VA$8zpB6tfTxT+B&iD%jS3GPR z|9R$z@&hht-cfbbu7SWL8cbCdM2xLj$v@JXnsM+N4e|$k@K~B?XmDptttT+S<3Z}{ ztnYK8=S#uN=auFY)osB2K- zq6uCzq6wH@`UdGzo$k6fU-!El`aiwBBc$yJf4SE@995U!8oi6Qcw2{x70#N=*zyw- z>jMvSF0CS&@gU*hxPY?GEX@MR2T%a@Xr~U28L3=Sk_xDsKf95)seoa{2%(fydut$l zoJ1z=Pcxz3K0=;Fue;f|>+W^Lh$_++6>Y%HjBsNrz4s7PS0q=eeM6XGQ@nzeCr>Sv zmxrfrS4s3-(5jEZM1g1|yRFRh;%`?+m)pCiPq%(ZnU_)Jk~RL>$AUSgK_T3$ZrRL80cunTy@`g^WE{vIs;_friLnr@Ck5j`0*Y?a&In)e{Cy*$+YG z#5k>HgV<+f*>uU0o_b0)QqUiP`J*7OT7E z?aK}?w(Gk^-nLE2YDYCUjFxcAaZE2SFH@j0hDvvWHdQJqL(ECa$j$-;Hu?r8R4bKO zj2BbXbqsaR-WFv1S_cLI)$|!72_fph$E^98egg|hfWZ>movuaP#U=kw{-;ad*v3fd zM3FfKJ>Qp+e^dlys4S46`3qNAne3nYxmL)A$U@Nd!)Gs&{{F6;_O9{hG*-(sx;;ML zl9J)KeTdmcob6lw` z20=mvfj{B!k&CtTt`9HsXW_6ImTB&fHm=5Q@i%Cudb~f`_)Ck$5)$Cy!J$w3A1YJ- zU^qj=J{YOrwtl^CyP!|5IQhAUq@<>%rKaYpewc7y zL@S)QD= z2PP_#;O~&MrutOKtj=DJmf{BJL0y16(zC_wzShUq8ZGDoJ+$L!G#*C?B7sz{#Ca|# z$li{!oAYlar8y(S9B8zF%v*bi$K5@~D3n7c#kF_Q=fhuuP zd^Y%tfH90f#0(uGpeT8Ixt|%Zd6p6oP@s(h z)9>>3-A(TX&CMWZnPf?ZD%4gqkAglUZVCrnb`doc@zh0#{&E9K9n6u$T8&)XZBG)x{AtN4$9}z zNb`mRL6#8@4FI-22kLzZMr6Ss!m3Qwl$Mg&qJum@F>T@R(P@a?Y(Vlw<_M$qsOwpJ zCDbs40BDAJq@+Npu*i`ulIe>j;!#V818@YwEdO$gvKtF*Yvj70iTt*eTg;XM+&tXH zT&&xzj4%PCcv4hA8FYh1WCl?fOX8`(Ndk}=1)!59xC2F-)PEB3JJ$Ki$cTs(WoBy2 z%0A}(6YgHU+tzFF?Y27u%jgE9PE}A)aK@lzT5QIi9|0qQCk}!()ZmsQm?mB2&;1?O zSys@%tmk?8Fe($}U?2zr;OuDqsC$2ZHv=4^{x|Gk;KZqf1~TO6B5@Fl3QZBM1dJ`` zxMwkhTi+vvl5z|+ApU~!inIRyg7o7{3o0z|f$lyZL7qsTt)=zdOKY>9dXKIVDSWkr zb&IXfs^5xuwc1=?BXDxFKQGw6`0B{HcLPBOmqPjG)=p+t?qi9DV%`BDLM7kh-;v%=1qU+z)_(B$r($?l`2qeHHJ`iFb-a{ce7=i?Z+Q-V>| z6Vt&XOEi~BG*>2;wX~MwKvjL!ZT7o$?$;YsrLQLAacU1X*HO1TA3@VcAlTi~;(3at zwKMf!FRaFb9vD1D;Ba}mgX2^aN39NomJM4%H9!M^WYQfT#qzm+kv%#u2Gcd0JS+>A zZ2f7xspF|W*}u$eyPt54^fWr{uJA{?UAl0vH0$2sB;Lm1BTID zjChV4sdXaHIdjZ!aW!(Aj&q2gD3=0DiFipToccJ1vPAuc$X)Ow0RSO|Kc#nbgL<*} zYrcnf6jAlPq(WC9QT2_H;{%@ip6(utD(YjZ~A=C{H_C{+TWWdGa{{1ynNj#2vOY%0+3l@uvcR;3LDp zrWh#(MLYii0KC&iQSLd0P*s^72k#_Mi=cE^zEX#9*CX zXo0EKFh*6IKh)=bsi}VjNR&(DGJA+$Z@2k(=Q~`DRrI<9kpNqKd>DV}BH-XQH#Tf| z(@AP`Ehd=M8Ac(ae{cDCdwG49PNunkdieZN#Sl6< zkq`CV`1{^*xh*2{*gSk|@Uu!gy{jE(OWBiO!{KW#;wxZXwJ+kH_Ms|q%X4n?wJs|MJN12Nc>j1$54tAA~`NP$6` zuqLD}(^}oTRJF<12S@GG)v;k8mqDLdBcO3Ka)Ma%v z=ct+R`Slr$JVP&|=S?$;BD%DtF3u3UYOVYL+}}=YQNwqTgW~k(O{!?LsZ*V)IjNS* zSxnj3*>iXuWW2xufg$ks4-deJMMOZbT40mQeMLS#SW}Uo|E&R&z$e9SF(ODv`9r+L zE&}CI3zStkA;fyU`*{TJa~t>JZ?Hi@Qlr;a36*HiZytg#iX)lALQ{9(9?_92i492- z5-%NRe@CjNBTlA8Uq2ayY7mx5ZVDE1(+y_&i}l@?#})tk)LzB8C*&<8i!K#eC_jHU z_2(z|DUhc59dQPy>WSqtyTJlB|G;@l3E<~ChP%zQDr+=5=T_S$;KU6D$YTh*VReQ?-QqAkz0XiiA9nRlRdj#H9CzU3>+(0i zr1ywWY+KPs`OlWb=ut<~lPvol8XqCk#uH1CRf8$!x$E?y4RFSGx!w)D(7=NU0MHoq z3s{iBH}0E0KjMh&#mjX-G83- z{x_tpj`J&{>%XTDdcgq&>w(9wcXy64`xCGlK#M{$maYTMVQp@{@|}J1DIFFU3C1aj z%v3OVfsT*fYBT&yWc@-~;_Ga0&qz|#&@g9B1Z)7#KW`WOd>hE9_}I9p8cEIEfm1f}J%w7(lptS{Bt#2JqN#e6RO8{R0@Ope)3KVD2gc!tu4-vg5%4TG+ zoj8gAe*IrvR~Z)77xb?PxP-WbG$P%NETGg%cPNcC2uLFxf=f3@2@6Pxq)MZJba!_* zOCun$@8$pPectCi-|oHVIWgzVnVH|roO^K-78bU$va&DSf)Rg+{ZXoXlFCz&5tN_v zw#hGZ-aaj=QP#|RijX8UAHn#}Ioo7hd3f_Ly5+h>GsxLO7fL5>pc~|6sOKd&MM+3F ztRknIpa^MBg`CN3`N)BT>E94ZgMEP7?Kjzz&Bb`##_MTq4EkUK3%8v!T6$zYEf+-b zvXG9{PV&)+#JgUjWiTI@jOIn7JUZgCpFRQuOt#kdWxbXAgpxZ`p_GNHcQfoluwoGe z%13!~iSAa7vl3%y3ewYP-LVxuXD>fKL#hu~0W9&L%~p&kLMZM!>@X#yN=sdRu9TCA zjI0xkxBoej(sO(*3o)+_j4_$*X8g$jNKICYa!iem!e2}`q z_Nlc>6Z*P5C5fx~wm~kMe1hSvG~2ZX70z8ZFB$R3xP4ED<*v?lH&G}QxB`27z88nf z3W>~Y3=~lURQKNMl$T1Kx1Gk0u&UzU{FBAR#&ko=(G^vGfO1~k8?8wU3R)=x5h^N} zL*+YIWN6~GX1g(J_qO;IvI<$~3R4dk?vre&1~tunZhFGG%94$l1Z&~8rx^08#~cOm zWV?IxlBIaEZRE!N{U|an?3!Za*n`+7a*(6cretF%;S>6Uw5%-JCr=i{Xt6ZIm=Kh+ z&xtP4{u^k^PcO65(C6(dPNLK#B&Zr~(hXRkk#ZEOG~);gUvyafv30o~92^WL8tjSP z^XZ!|*uh^G+3*%e0GL2riv>jG#{;a1WN86SChkQIaVRi(hP?g-VFr|5-`*Sy}o*#Ryh@Q5RqY^-tRW z7clDH+$E9Mlw|TkU3xE}frAjG~rq?^%T(bhU zNnf_YC7-^o!Z^u`#st!>S8T%#;Scl<)f1(OLQKEe7OQA99@K@Ni+s;wi=1k19v@|N zCyYPquCy*wdUX$Q+Az+7;FW)uYOIr(M;vFJulENC!K-^NVpOs@;luZ3h|RXE+5uj2 z@*T@D{UU71s4kFSG^rF=mc6A!fYe@GA7ak@WW1c;^t_>eIM%Pkp9`b8qT!zjz1F|( zWQmL1hpAEb1qji;06-|>5$ zslToi+7{a{!`{zNoHmSD&np{KU8!V{;5{w;>7wa@fCxlXD%u~^vO$tjg+=xuxZX6Bf9QWS2n-n0r#Ub6)ik!|eT0h?mBuOIg``{p} zo^!GDLs~S_`iIuS85M!sV@lIcHU+o-wzL2%&%om|{f{h6L(K(SfhQS!((#0C#2Qt> zsoFF0tcXBMs2O7*VpUj_6B%6Cj-LAU%=i%7kh?3+@BsE=#!e!~Qyt&o45A>a))ZbZs7KO{+MTHx19 z%5^Pvb_+{U0Y=0HWqGTod$S`pMH25ELAFJ5H_Hc$I z-xR3WeJ<+6RB*82PH7Hj4h?@#ETV#lXPw z@~Pp`JPF}R)0AjaIO!FNf1Nz~5RCLuWhFepB^uppfK^S!j@+M?;2%_U=T3&O}?ukNq?_RJ~5qlQZG@W@JpVG z46!21Jdq#^uFRvXX@J6RKSF^j{>A37UisOo(rbfxGHsL~*fFllr4u7lem?1)>Vg|# zA{pGy=0aS+BN$5tmbq>*U{Zp|4N4ubXtPNl1w%1{D$0L+qK&4%Gkvq2 zfS(6EsrmARE_rtrA$L(xQJG;Km`=3?LNc(9D2h?aZfVxJ0R<9z12xt}unIr;orsut zbz?&|G$^N``NUUA7&DxceyralEJH{pN=91p%z%UhiHlT~(?hK60~o*(W{L?MLYE4a zo+%Wkr<=-#LHq6lX1c25S}tVlyX2tUQg<5+ACUHt5e6`%<>`1(L!u^q=PvIvd9B*I zOkd{Gx7=IWd4?LCCiCxkp=C7rG+*aHfk9Ov_zolZNX&UaZjRu!g3^~JPX5?vkv*K;Rm#S?i zCCY?x`uqz|6DYuuIP>;1GNJ)$>+6eNv8$;Kl4bd^D-u_4tn%nqU%BF}KLV-#gfSif zr?te_8b_)YK)xDU(9z53vbJ?}aDJ_Bs80X{-ui11F{`G#&;orKd|Wy{H&?VVyvpaW zG?S=pDp^p_BPV;{lwQHMctA6Fe{89a{I5!mE; z)1+}RmV*VvU0>ve#vn`Vht4rcH9Gb{>Z!Zo;qt8$iOAqK>n;()og)9W6R*nRg4zFa zu^f8RA7;8Q!M4t?ztaLQ#Kc%SqTfx2?~9UtIiSAVCLiNgs7VyCC`{X<_&Ugm!AN4R zFb2M@hYV(+z=t>G;4Qq5tT^diyKh_Nf=%XeoO2&~zx1HB`;1i)?R=fpJ^Dn*|JGmA z!O-J(n$i4JvM6dfnR+V6j&#rk{Ho@_ff0E?LgIlEe4rQ(>a%*RHsR7im+~s)z}Wcs zwx~aGV)mm z!DB_rymyW%T7u5&G_VWVhGeJ>cbzIB1_FvNDUZi2flzmNBYw9@u>W1n%y6;OkF~dB z0S+Xj?|sU-dNspIQ1^mk3g7ldb_Ym!{XM`%Cgrs#X8v{BNyhlLp6`gew3hyeMeS-+ zk9V=ZL}SA5vAx%Dt%7(}&idXWlYP49p2T1f1A9pjQcZDEcGzf$=f!uH`Lc{^>7L!; zmMsz0e9`ozhX8xhPNM?xX}xT(-)VhEcOrA)xGhk7xNBKp5Ss8bai#r}k|;r)ab{G4 zn>GmZa*GHq6H7h*t2kxNQ~I0$Dr!BxaJ~s%9NpxgvUqh2F&!~JwwyASiJqQ~tg^!* zfFMs+R+bX8z?J+!H9O&t?JD8rg*Y}`?TEc+fAnyWkHA@^Z_R0)#LXp8-fyWp$v4}NZkY3?qC^iuUdtUg+{mZ~LD2H!6czn#}{ z*2{z{VKMXZ)0Vn#l2-f?>G4;*6vXS(s;o&W6Wpzyd=;ZECX+u4iHH_&HXfZSqP z{w@>rsX>?8dW0|EIhk3`{iIH{IpMd!WVY|gs03Tg*vu=gk-*TIxDj^sv9ij})fo@@ z$dgt7Y&sx*t*JebeD|rYy#D@oeeYuWo8od~-@j~t?mr6`-M3xmKK`t14LCrc-?f!W z7Qgw9g>%2Bioq-W1#^qW*gB##k@JzT*D)`modd;07pUQMDtk{7BH2~K(#g_vd8j~+UdiIJ zXQylZiXD(>0D-#v9s0p{#PgsfWsw?OgYv_*-}_YNeCm zDJHhzihvhC%u2f5{8kbxGt%sYqLVh-^Zr;NTMUE#tJaHvrk*9A zRa$0WS8+FycVJgH(>#mb`s5MJ-NCI8o{7xGf*^<`_9L`Uf1CC98TC>(>{>bKn@W_)RP}$?wG=29^CT;Sw_BW!5MF&SC359a0g2OD^sSlgWg=(|85^NS z*kUZ}I)`=apbdv=Fa8Y1Aa7iqoE@B|Fvtld{83-vwHlscjN*Kiu8v|(BYj(y;6AbH zu^R#h9YmcGdCxLpV6bL0({z{pp;tROElloFM z&0@g!<;c|A;pXOML|jjgVg-oO`2tI0+ZE^wr1Lj63@BXh85e_^%DtuH@|xRibVJg=j@jc)HI7^NQ%`0fibCvIg0@M*drV%`47Xtv z-0@_1*zN$pI&(aTgi%kU<{eG^SA^HkB4yVGGCh zOC9|>5{G@7DtuD0bb(0ZFNXudt+wWx+;|KibCb$aP_VjME`+PR@SpqStwh7oz^d9; zPS1^XiKer`@}|YFT%5xc7q9IkatufC>0&Lf&Lc@1jhi%5jdee#8?(yCO*)X+;3=|m z96$^h=;^nd(oE-iw*zPbj#Y-s&#U}CFMknozp}V}zv^(5L$ProVSI(Z(a6UFrh{(w zAzxkeQ)yFs$+g8kfMoKjLbc%`YQZZ(N9G;xyB=bzex_)!OB<%xZ0oTE&%orU$Bi6f zf&YRZz)eP61zbn0di&ecb@Y`btgc8L7kuHVi7q4JB6L|V#gUh6m|bgDUL86klD``_ za_c-SI(}G5&@63L>f|ku!0b=T?3GXLMKJ!#%LmbAki zxC8H%p|MgP!fGyl+cFjH=4l~w6}eJSx>#jjxegJ0Mu`%>NUrCSLEL|e7_&VKc}S&c z>=SLN8)6D=CH2OdqbjqRqzE+E*ojoa;;!?4cK+?t7FYH3evnNCxn9mxXmU* z+injZJ_MuD*4Nknw+DWz?m*J@x#PP+^g+n^{rl06Zc*b0=nE~Yp3&|{0~rKBK!9U^ ztejfIZ@1-=2L%+tlPfEoncm&s#y?K8t$IzG&a`%`L@iH{#w;JLc6LTn$;s93E+NFw z%fF~z45p-{xKe-BE>6NW>fOQ$6r!Z0e1mQ}&w=0U&(&$Ye*GGZpuM>66e%_wT}W|Q z>V9q~QC3v8O+}G;yI8tYoqEB_DoW0^ffMm7Mm8DsxsF*NE=HQTh%50Y1)VThm3ZM~KgNvhA!?6|YRP+@nHTW84B zi6lxSS`s$c>vN7_z=0KlQ@Wu9ngdv2(t5D?kc#(ueV_fC%4y&ir&OF_UV*;@t3=`Ix^IaE@v;408^dS*snlz_woPx*H>1bBI- zZ{+Gd~vVGWjujkMIhmtw;-F*5FB~z6v z@%hu*YQ84_`7k7hVd$sev6ab|u)FEyeZOCRojIE+WTd1RK=04<)7ZZ#l&cWO)n47n z=b`K)b6Fgp%op!Bj+l5dMEycYhjT!`D*Bs3W{xzO346So5h)uh=Vwr)^^OX#$}2Oa zUo7>dc{lWtvL|hciP^3lezGQurRKZdtK;lp0;x!YA1ME+-o41Zvxf{ z_M<2bX2T!B;j1eHnZ5rkMoIOf?l5|-FwDY9M>0h9_q8P0;+K4PHqbLo9;L`dOdsD) z*u!F^!u{o=B#5|s$TI?xkb>%SAx1lpfS{3W`ctce37Q>`0v||7`a|KE@#KiIe6Rr! iN0YvTkndi1qG_KM05bOf9Tbq6O#lE$N;VP_ z%F5P`u8uC&j^D^-B_zndIXha~*jWI;e=9j^R_bcUctQ^wx8m~Q0m<@?s<Rq?0* zoCF#M3PcRKaEc$xxGKLeB_&~rhx5Z>Vq*iMaaEX5B9WF5_9zNsgA2nWM_;zR3vCxV z9}Xton-_%-t8Q`{rx1EUD5)|WDqI05<>I86Tfsy9gWG$|qJcRLVZBxA!unalhRGf;xpoKn?RdniZb_kW)QLma-whDi~~S^0`9-j z-n{)ciB>Z?$sOB*X7u@_2mS+WYP$QrKUMin6acne{iffUSQ?1}1mFYg-wUWOV66?2 z^W7ezEE~{8n}Ph}6|I|Z|DPMlAMtI=%lmtKOLG0;{3-u#a1P{YS;p7afkxliLKn$S1&XA@BFFS^b^ zL|Cz55Vi@$N;s5hq&8(N2tOnAk>ZyOELId1`A9g93RpgYONLD~Qk`5whU8kv8JaIl zU#dMpU>INzdi~xh&6XV4pdvJf(k#(d#zPb$Re=1*+?6de4lh6Jk8=}|P&D_C!#|bQ z=qqu;5<{%LM+68Q{dTO(gTKY=d6^KC%*N`$RVbB%M0J`~FdY$hW>fVZuvmeTy@=ef z9^&LCq+&AK3fhWGGG*kSs5miK5P1+`LR9)_!AWKEO*HM8PyGa@>}+A$GE9^USaH}a z7~bI${XA4y5fbdQZSl~u^+oD4STj;H4yu&LOyyaeGDMU~BP-^%4G4V6OyrEip?f)d zzxO!yi1#S2^^kH*MV*Qs)pqDqN59Gu?qlq8?!#N8vx{jIW~#22{ZPl`iqjRZ{?VdZ zs}fd*&FPlOHxY~{D_>k)kTOeTjc@&6Q+wpvj=7#fs+jgiYi8_N`Y7!P=GFrR^*e6x zP`DKxVHN=bffb<#L2bH13E^xM;gC8j58G+_VFr4JqlPv^3xf}C!YERTTnbGJF$0Tw zc|}RZMg_9QjmDUIT)Cl|Z;g}&huUsA;#_K_Mn#VDsT#4GRk=V}ScO%Yqq<0upUztZ zyv}ch-%1iiD*5$ByPbpN$Yz9%|1nY6qE>!)3*_pjsh?Q(acAgAens(zCxq)*@ze7)4!l}^4W}$Cek(!pOT`5zkQYn4f z#a(k=np4sx*`f0ih$c29N2^aOZ51~OmvgALthQc?REqaSi2tsJxx%)X_(uoCqsO82 zB0aa;Fd$dKv2??;>+t!LFUyUZ5$%ScOkD`DOK68vgSi+zi)iIpk7RqH^_?~A0a zB;R)5m^UE=)Uai=N)lZXKbIzF9DYsyjm*jH3lZOe+tgzgEA1(asU?ox7VI(lew!S% ztXXL*e5*E>;G6KM2>GBf<}_jEEaJiS;jTS7*E=VJZLgWToUF#IzVoux+6(Rrn~Siu zym8Jv`dl3jmp{LUCAL)dr$vzSQdn&_tNfHClme}q4=Gv9SQ50V7wcM!Jt`hdF7bu$ zg`M+ug?9ycHrO|GjK+C-TZdc6lzuzr8ij63_)~tEe|UXN1Em4fP*yMzfntGr&@Yc( zJ`_E%BK)fs_YKSEV$u0+Vz^>)LDfO~zp5#$htJ}xDIN~fCle-Z&_b2{ju!qPm>ify z{q{ql4Gjy``YsatEnJ&unk|jXV|q=(WfSrYNrh}=S+Obc)qa-aVi2xi{wlb_)6Us0 zGRSPHGd{1Kqb+ME|A~*8p@!SRu6y(K{3dKCX9s!L8$X?8*x;MzkIBB<&{Di|W-KQD zR8fU+Mc(AUVi*i%c+u3?*dEleNS=KpeO6$WY3}LpB?)~7QpIZ-hA&=;X9=BLo>T)I z#Z3EcA++W3oeHQ5>skD{c$x0x_UuCZU2MUL3Gq(i6%=2RTC7g24lLcrsw_eq-Ul3_ zT3JX_5Jqep8ow?YuP?TN zhQCIGelhekx>ZWGX`Q5$bDofe~-D*d0i$q&t zkKoTvi_($F2>}uHBK2GKXLat2ne}Fq#Yczf3u5oid(N}@RlUxKH{p@)RShVOFY}i3 z7B8|djSnI<5f#UesW0{h)r$5`=R+_vFmDKyXf2CvbMquKLh7n<3yi1IXhUS(?>Uzq zpHaC{HDa;{cPPI>Joka{D4 z3r{bcYa|-Hs%H61s*sL4}%_do0PetdXoMFR`gtK zSz}87^aFfo@YH+4T^zauTwF%n*mu<6twq z)qFYs<+0{La#^^EuC(Vv?oan&{ZxOa_NVkEi7+YY0~RLz=GBbj^XfmmNp2>i`UL>I zr~x1#7yzC={)NW?;Km97C&mE4pAG={j)_JCQUG9XAPW&w|8M2Y*CRl4VE&!&aKm8b zA}EN?S{e2ie1SFCI{FtCyq$HlAN>Ly1RGb~bl}2D3{IYjAZD7%h%=%9-2ZACBNtu3 zDVeFg^A)3r$--k(;PCZ5-T83i!Pf)dLI>+`1m0uQd2B7iYEsYzNfS*FClQ{GQ*MSl z)a%KW-i~H?&|g1OB(v$-!cMU6mak|zX$=3TV#oxVP3VH%v_1KONZiwh+4OeZF?M(d z_IQg(YCB}aP;wT52La1w`pxVnhGL*lV$`5|@l$yEyRFec0nKNxmI3_O;{ns|`8A#a zAEnV-Y@7S~C{LIP7s<=$bo&aLXN=S{p~N1LcRl$2Vn1p&)b7=)!=b}Wf4Qc?U?}n@ zIFiv+hA3Ydy#mN%I?^|ATPRM;b{?hAIy=idyl8k6)BVQ#q+g1|Hl@hD<8XyMj$%PW zLVwr3XOx1KlqeI?!Te;pyjVQ0PpdP-@DfrqfZiY(L!)|sGq5h6NqCx0lH_?HAzJ_G z&sryWx=@q|VY-omhqz57n=b2zaV+C(&&_4Bh!SGtC~L#M?f4(=XV-K-;#4z1rcAg< z5td>BK1)wx`7b@x{Nfj+nc$O|G@X0PcGq%Jx7+O=&l8&^=x;M7VTyjYBYHGn+RqnO zgc3FB}^Mk`C{(GCqx_nOY)jUobpSts8#&8U=T7u0Y z%u6H-xxk%HA`ah-qSH zG+)aL7?Xl1Rh*M0in{NU?9xpT5JV0H89#UA9AQFX(m_K+%`rr=Ab>I$+)f4nkzGkm zMr|}$aY|>nU@+DZats}`ID{NL(_^zDZnhd#*G&jZ0R>CtkpPB-ph4czB_S#hNWyzs zIH)ij#0Ca~VZ*`V@`>%oXSF31lH`%##WiRE@(fiEfR6m^^0*pouyEFy0*rNkCqzFs zqIjLf1{};lMSy+f!}kn~EKR`5f;UT6_PT7or$5cQ3lsYi5AzH@etBa;gTp~k7@z5)#v}|n|XC9&3p4Twjq#22UO4|d&69UF!2sPB1y;zq@Z7Ke=)U$ ziZF$5aSRWrGv7YIsprt-_dL=HnKiS@;+OEWlS;6$md(7tbXuW=&4vOS!sDt8PC7ic#s8}Jn@H}l|sS(k!u1fH776;2`b1~ zAu9lphg)KRPd0I3$U(reyalF^maZ8owH30!jMPJEIEWPr5uh_Mg{2ZR`7;*{0#MRp z;UqJ0`rSGIJjC=dLFfQjDz6{pWmy`cQ-7f&$2A}T3gq8g5;DvbB97xZkv!?y9^>{w z4uLnGRzj-o3b9DvC}YR{5sCco_GRiw6^o^VgWG`{2q@*0KqGBS1lh7y*(X(q57j!g^*%Wh2M}Y@VD~WIJ+~lBq3OiPk z_N8a$RwQYU#)5LW=+9PeI8e&H09^n|!7WNufp)qMEI~T%sq}9!9Vpz3uOP;Okv!^D zH5CIjiV_4us-p`6g}|xI(k-L0(3Mc1udf=GC?zPy1b~5Xu=xsFgbqbQxG7+6ZfcGr zK7EKQYH9+_{=Mqq?6$c90MiYi05ap`i3_Rh_gu?} z;cJ3o=5PtwezAm60TWHhnVW3_S4OTLlPKXU zINU+f&z(|Dg_W^c<_U}jp3KwKFj3BlorVs$CNffV3ya6~@O8OmABiHhC<;{CeB6y}(JJZkN=a4^NdP{x=O zeO~k7B`*A2l6f+>y$JB+kcp>Jkg|iKF#t8^tKOu&Ct_Y1UpQ6NVlc82m|McEh&auX zcwk%i6%)Y9C{18axz-J96{C2UcD3E-gwbS>#d4@>eIXVH%rznOI;SFt0acQ(M>A8F zJ`IXJY~~$`L$@34kGPCp1b4qxS`3rZJ>Uq)WwA6zA2c5iPaU&;Czp8?e^L*Mzx~Aw zd%KD#WhfXv(w3S7vyaCJ+a9(~aWp0+Z+x*`S;4Z2>{w^hW`FtS8O!zEG$Yu1wR5=~ zEY!)O*Fl_&r5Bw2rXZE^1)ZAEL~?ACQ1u!PVRAxpe5c9)lTA08BRn+b$nG(ft)rAVp^$tm{N22@oyztuys&SlH0Kn^UYuaFH7(?= zocjz`^(KC!Kq4Gf^jPzWq#66chmU=`hiQdo`#U}~MO7|92TPNww+cxPQNE8s4$DMV z29X1~(G-3rwZ-tI^xPs9`pEs$ZC_CQS=7o7Ze>o^7=VW(h7muf5uA|#7F7pBj&O`& zap0rbcLFagGw3I-%MCk@`A881xHw?I%cTK9V5ab*iLb4o*|V>3Dhkz>0_d1FLjA89 zciI#Jo26NWy4{P3;ib}tEfySoO?pDb$b7O|YP!wx0(w8lWyQGWY=vVW1cANfO8|fg z(p#{6*@;$Kcst(qzP%hG7133{j#DCj)rvivrWl($O2()R(~cq*O@yX}^G|rV^#6Ey zG>hxL&$KlIjyBwEzf7y(NMhQow9I`u5ZROUD~3a-zh^Cts>@> zOqIDnh#SQkp^8M|iy>Mvi+Er#*Oa|INJ^eh5GbWR+jNw|O;KElO1VRhk?E@f5v?9d z|16A2fdSjq5e_SJbY9W`AVSyY8eoV)1%Rob08Y8~qSZihkS>^Q$jbic6s8mjhk#@K zOBg5sXK`vbQ?F6C)H(x@NU5)`<@i?RM+18HxbpI&UyJhrC(N{Y<&N-gB>iL*_ zNPI}|Tfp=k6!@>EE?{&n{{JPyzRe@;9(t=8d9E}ltE*9r_DXFnCya**QCZ$ztodQc z#l06^Z@X9xMX}(4H{^sP$(CSwqWwWz5KdPhqqnR(pNi#NlF_iA=cppbi9%7 zC?}uVD*revYeT~4(cM{YDELGW!%I>OqFavnGDex*w#ifpem*-N8H(q(dK_&ynvn1w zS_o3~(9OXdKXxeZR-DRy*dx3;|BoqiG<#FVfn{0yU|-OuVUQ>JHYqu^Ltkz>S^q22 zV3UQjkf-30hXm^MQ=8hY<3xyEK(#ZJ)L+l z7OXL(m>{{2u0bwsIfSZ^z--XvGb5$;5FQjTQ%fu+DJcC_6wGD{15F-vAiewjN41_f zIV?1}xVS{V1B*%sE;)nxaI#!)I3$7&?0ja+g?@czEnB-#Mbva3@1PQN?=MS@%ud#b z_ak9cC0n?9!XKLbA=fh*T2o%Gm6YvJE@DA@#IdZ6L`E|*MUIGgsDR0C@xZbd$_2n)-zK)L1Cn-iynPp7!GQ?wnsEwLgq^){Ywu8Dx$g{CRx~|asz6XZbYZp*6CfOxMrBLSgKeHRGjQU;(5W+s-2rZv zcj&JwjW8eC&@DJy?x4q%Z(o}FPuD72yXyOA!e76hPCR2{HyDqR9S%2WMMrqIA}-m| zZra_6Bx3K1UInAurjp$q9XA}i{ySD56b1spi&UZ`?i~IDD*cP`ZU%R6iCNe1_l}yj zvymEDmAoo)ymE=qCPhNKSiT_;NVtL$Ehe566{n%}!k0ftr?Jhb2J#h>1q8VZ2W40B z7}F(u0HGlbB)SP9+bLR1zR`VEu?PFuU}-K`1qZp{Di#7siNp;@3GWAkf-n;RWApv} zCdBig-j-r_GAQVJVHEeuKR5hP80298obw5aNm6La@8-D*?eSPbe7GHRKi2K9Q}fcX zB~wg`)y)bUtuQh;rSoeihp7C8jh5pt{mjYirW_g$376}Y6S74J%{3napzzHC@z;P0>7BxYyY zkE{6}lIcobWr)D5r49e((qWM~rjF2IZaoWX*Zw$EPL3=JG?^gBi5#K-WvhDtIBEGU z&0<3D!RU63=e#_wdn?w_j^&v2AhXrqWx3L*>txTstvRVb7<&!`8M(|7VR-$kWx>uA~3x-3&*qka36VHbY|R zUz**;1!kYU=L~P7N0AQoC$d-b!AF6u@ydtI8YYWcgWJEKdqT;g1-czIM%;84C^z|T zwLSLL389pHhWkGy|I{7lf5l+qz{bX+z@i&~P5?FbV@5zqx^&VZYyx+qNqOuPB&s;x z;YGy`yC;DQ0nPnXG6CWX`FQ8m_VIZBT!$qa2+0gh!b-n6yuLiHh>lYOr=#TG-|Ilq+93@5|UI|9^ z%iK@KZ9JA|*}8b;_=3#i8Y}L9YeeDubM8t)&O7MqWgu9AkbDq@R5(=A9SQDT^!Ms# ziFvJ))6-ck;qo`TcW95mQFdqOcu-vcv}!;kh0{q3py{D=HyySyLvc=Bk9|Hd2-Ypd zm_a{XR2t`h%>Jb(S@b5g;r$}KnD$Ct)}-XB0li2$Kin^%Z#!=Oyl0FJ zUni>zhc@eflN_F{OI~LR9x$EEH~Kv_;-hu$o^|mDBWKqO@X_I58bfd-YqCHx5I|f7 z=SkCfVGuq!90Z@|`F89*SEqIgOEr@h0fsK3i>!DM+;3UEvu&Qr5rSg=xxbZ5ZuE4} zFT2Tf?nO!MP9ivA0GL7-@WvJp6w4?^`r(p@32*Tx$#hPhA=yO^ zW+kp9TvyCd`918ETH0xugM+C2U?Oe?m4wajiWA*j*F2UPkY7iKqhg#bbX!iSHYphy zp5B~MQwtUkuUfzgyfTAQLZ@ip{4y!DBzw#}DVd#}BWwfE;$2xN298qQc^v1=Uatf*CJ_w@N; z+=4{AF6cMzsfB#QBkVgyxOg0Ay_-p(%tjYi%W=<@-zsL@rG{}%CBuw0I$m8X+-e?k zH(+@8Oy>7Fch%=vEwknePoDxjg8!%#)7$P~$djzUlB7_R5F)!6MgWM_JZv)H$*jEt z#?~Uej;+ZzvPv)d$rYl9&i_pHIyB^VZ{R_gkUMkcaejNCtLkVH#f{gbMgJf3`{3G@ ztFUtmx{ajD5M26XO)$P43K7BD2O@~OMy)Bq!h>_R4&Fq$0H;w^U%5(~i$=CDk*+I(AySNu6((xi z8V@=egL2i54UodYlp==^U}K3vL~G2TF`zSOW!!Dm6lP0;=byDs(@9qgV;m86BlJ2r zywKP-I3ty*ritF~ThiF(JMMM{-c1S|^*EjvHv zFnvKz^WIaP|Ba?BGIhSzK4)rm`JL0J^^~D=-bQ{1`1e$AW?iqlT)Iu%-N}=6nxFQd zi)i^h9Sv`A_m4{{fNQ*VpJ!_xJDgNH&sq=9JDTyeq*6oAUh8hJb_aW7)M8hT-)Lir zDQR<^KOFspZVO&mmOPJRN{!yI0N~TNY2TisF4sP#T3^DgeU5H)+I9AQ*8i>_T`oEB zT}O+;&{v)AvUp=KysKs$Sl?JIQ!()oY zArBF#o7(aP*doEti;Y%>jQE?&{@WQm!brek-p!J*mHvb8IdKdgcr|-u=?S(6f;QbL3KyW)-skmG?c=IX3bvy`X(wcRX8rRiuUAfBKRf7~UZBp1dM@*ZLhrdLJI8-Shjt zB6es>V?x)Y-*iOfrP~{w85IXRvqpmQ?+1`+Gk<^LcJB)mf&xz7g`M)EZ{!R#=gkQ_cXQ2S&$K^%zWi&w8 zZ+}Pc0~%oc+b{38R=a|_*NjZsehua8E1m1{CMI;c;rVyPXkx*N?AuC;$XYYe>A}av zsQ<-(I10W#+`y;jo6~!ZkDuE$$3O>(=U{>mW5SpJ7#m6sl0$XUp~ULxEH%$eOJw_3 zBzN4e^&b|AKwd$(D|9&KIJ+3ogTa$7m*o${Fi6LIdgXxC?S@ ziD-RN6j(QvxdLVY@%8a*Kh(&74Oz3q&9DhgT&BD$4=C{dT*0CNHgqCiWu;cznO_Gy z%Ojkqro!%C{3BKalNI2hG3${D4!cotR4h?~WZ`80kDAsqHv; zrIH1<3gjJETz*UMGIzeW+fE_`oYwGt{L6bDY%g}VunP(w?vQEl)+;jTWHieMT~{Sv zH?wROE1rRXC95g5tDrXdxU<=`4e#yDo{!tq>7UB}e#eEShG=QRx3^o>P@3KDvvK}^ z_ehk;_^w&vNT~tF&7a!{Q>4y=!g{~GLAf2Dyv}*J1{SaK|bx$JFaYZIAe7img{(EwXpXYxXY~^Ms^fKA# z@Vp+_n#&rlr+u+V9b5*L@-^{B{u)4uvp z2Bm#-U&~DNu{O|(UI`A+iTnI^-0YE!w_3>vviR|Mfh4$<#LHNSt$9eyQ zQrGK&L8aJNqn}%;J(te2VnX@ulfEu!A`cMprTuWesfC(#x5cmPur7J8TghV%&n9l` zL18sMTO)AzZ`N9(0p)5}*~GQS6nUMlzerlU<__D%Z2kOCdlb9(G7W4S94u_{grBRg`ygL;a0hkH1_z zI8u>`QQR8^Dw5>n|B9`Glc6(pU1^Gltg=?Zd0{}uyKg#aj9#GXkEEnQsH&K?~uOVAjJHq(TiMfmpth0xYXeOmA*7OSk2L^iKnEmx`G5K{xo^ingQ@hB+>rC{&SIz5rU;Uj$l>b z?|i+;C*|Mc8s4#wP=;4mUrF=bWDK7+fKt?f>~doNkZp3obCA-1XwogRuDdak0)9 z&iIm}r^nk0Sl+hv{w<(08Lq_0#$#k=$c<>mk__A>^4^nP?X_e~xoL4ij zjzU{q?Q4%Vp6jyjdC%%yUH&`QO}?a0#mpNFeY> zn$-O_nC;zxxZeqf54G?>{KyZmAkmt7_U!7!bvAAxm zx!w+?H$ZcpT0Pqt4m8q1;i=e>rn$6A&rw7V7i8l`tn4fx!P|=1I*kAr!x^bEA#~(+ zvtJ=qIgoT5>l`&kZ~+D)VZt=;K*W4bgc}it=pWgV=>JHetXUF4f#B#n#+AuA?-nni zLAuGI>7~UWa_i7}PF;j1fgiNV4NhBTn?Ix-jSF1TO7w^AGw~2ASW;dcK4iKL3Yt>m0R`U}y<2V~56hq~A3!{Wl z1~?2DDseVZaM^4RmDCLarVIfH*h%Mii!O{@TgZA>%3jXLG{IySHnSAoofIJR>6M@A zdL-EJ*s2R_8GUNE6f||K)qh_4ca)#MFt06d{=9Y(SyJl~xa+@iescV1x?K2sk$jn# zgq)wMpctWw20BPnb9_s3=c@nybYj;>N{_3b=7BdJ8p{fk?fRQC?6RyesBUJ%k)IZJ z>6MsCu5?U|e^{Fy%0#njE4b9(4?9obDzJ-x48dQ>O)yHe%0>QLLBEt%B^4Ar#=tlb zJk@S87chBTQuai(ROLH9N@TwBGM!DJjj&ul7S)d;_fdgE&Il!qQl*BzoN!t2DdwCO z7#~M^MX>@iWxHhwc&$}$o@K<6jL^W1^fSv%uTe63xmCGZw;6mWUHvNBBdbtU(?94Z;l7>^`T)D zJ0GRrDkOn~9G)=bmxUdUmmlim&~;j^3@TNwzZo?7zkt#OBkbm^s=e!|syHDbI!Fs;>Pkg-q?pKjc^%KtARqJMu z7*w%HzCt{0K|Xd)f+++X8RHZ0^^ZW)_3#RIZ)@yu3$hE|9vEw)>XV^qm$urTL8Sk( z)OE;tn*Fqv8Dx;DfHC7K(?tKv?p~|04Z_ie$(AMx$!_feTx%|dNxt&Ct}5DV+sf#W z!&4-t+vQWT0sSj)OmWSmL0ES!H4jNZZr9e=O!;MXx4?c_HoA>!Y zGU7t;uXpL&ZudxS_PvO=$F!_nNQU=0AJV1JZUpuCc;`-@f4i0<=}&C``>Cu+ua|;Z zgvBERtSp%FNBpO=*-+=LUtJxbn;E``uN?iNr8~CUj0isGWZ0zXPc{Wa$Riyr>yIZ|J>9;v#W(FA0w$Z91IPNpJ0dq(Sil0>h5G6ptivRqgjdHT1EE=X*LFEV%qc@fT8~b*qDO z|Mce0`ajw-NTGw`KkDOgu)1s$s3HS35^)lX;&F(OL($gnzl$j4-RMxrZulSU2yDX2 zCW@O;r~p-oRI*s`TaaKl2=z#dZ)}jXqt8Jwm29#u-z7_2->~p%rpKMfZ3rcUNy@jx zG6?+udDXh=d0Y;o-B^9aieHadBaO)O0)q+l>o)PjIMMBV?)>)%ZEeKHWiqRS`O4Hj z!xwv_0q}?JEpNcGcCgOFK)Uox& zWZSbx*A@E|kN;+^=gnqi#H3DSr9z325gXD#I*Jh+C=fAF)|XK)+zHwV;ZxC<`5FIB zOg6C1xP`ws{#&0MnHn(weKey-nDZ%uP6}Jw3}TQZth$QAO}11Kuv$jLkU<-D%93ex_>qvh+KDHEi~6R zIm_-$4;^mdkDR!pfhHF~{I9nYqrgmP4Qy>#R7r+1QHBB}eA{y`Q)J$AFz(V< zQ_}Z}W=R5|-TMh$9ZbI0OQ(B@9SCk04YLC;ar}-m?n!YKBtpeQ z>sII|iC%x|fw~Abc9ZRS?`+Qrbj5Dhal~hBk)LPpLKPYfiBKUiYWAh;J>IYVl~Y1+ z-Tuog{_NfN(Js=fS;`S|Sk!e>8}c>6yKw;E{c*eEXqR@BY*~<4WcHCz_|Sb;6E$JE zl|P-9*QAG9L_rAcxZ!fF;~sS}N_Oeqx0GW&shh zU)_tn4-PX2*S)i~yk%BIgy{1fq)$m*HBa*?J%94Z9+TwJbhvS2c}v6O8<)yA>wcTe z6s*9&2lfU)U2eMnN&)~F#kRiz=g|tBz{byuzAylg%66JyCb5|46Vdv=}q z^7AX9nfw**!WV~Ou|2!r+g5sBs~Eqd34IhjIJTcdcWJc^$)@>K3smx(DN>CJN-U^w zctuc0rqr2QnA@^Rfg0tOUKvNdZi;oF^(S3BCh;*Bgn!WG|8b!!;p~RPh}Vg@*C*%3 zqbYPkW2*?p*SFUHd%N3I&nXT{q+xaKM#2nVs2b5((8b{Ht_b0WYE_X2tubRXfFdH) zoNQ2F;nF{K6->Ao@9IbUR=>4X&yuWs+VNWRE{|40zA@zg)@7R!*W~u(;u_cQS~?y+ zQrpe_uxiGV>AFxJ79;4DwvKRTZG;#KpTi0Z6+k6!hRBoi)P5X~Gg8z}lM~b*UGvk~ z(|5O1GAhsOte&lP{VmSF8_jUTvQasD#qIU)+XLz2?>zbf-bh!U!mA&VU4r11+3#iQ z`NoQP^m!UZ<~X1BID#Gt$GX%ba%-E@h*|Qi4fRVfMcfl_Yy`8>z?X0PLuxG@Z)bry zZwfNmQcZPxGwby?dma?iirtDrtxIwAt{)G-_o%Vs(?^IkvI9EI<2`8bj5dhiWGUmzew?=R=jLWOUgQ}iVB|t z|EQs!(~YIWzTG=Gy^iBuE#@vgKlkN7=W?IKU$f-Qt}w;Ov!LOoI{mY&e^Qgg8Df*f8NhXd z!=xaHQ^gMv&mcGY=8$L}hd5}YYJ~Dsx{&wKa2MgmiYxXx>$9_N4heV<&#hE z1_=={@vP4bH)WU&q}DD-UOi{x-fA_MItPJWCs|uxRYPP}jTsl`Wwn~-RGc{*?$>3Z zVSI=AEVzg%_1;NBs>Vm-{-(ImmlH>ni@T~euHJRK!_KpW>BehBwX>2=?GDUSnJ=Ae z$Z1TYqp9L0ia|$(Qk6I;UPy+QOb5s!#lVf=c++KdD6m^8F@{lCUO5pQRB-i1>Axc7+DFyFN#TG8#WLIT*#BH$*8(xc z{!*?*B3M^B-@oFSBRUN^UPl#|IA82$YpVsBUSr8IThgyIrU>QN~)O8 z2&p&;YtZ+^X+?HTPmMy^?5x|>fWIN9INN-Wj3i!Sr?p{&Dl9MVNINUlXt-?JyxYqI zadIzoh$GnOV6?(zu?t1*nYIr!=1*K1VAeM6$?-dBD_RXD=|oLuIW!!{ync5h%z52c zCm*=ReF1xZu_8i=_=MWxnaO;jSZxK{tUjOy&yWw;{pnV(Tb_ScyQCmxa<{gIcY+v>a!@Mc&0;1Io3vEKwU@L#B-DvbuZ#~k->yw|_ z5)oZ5y5Px{#6T0n-g*JHQ+G+?=-)fx2u4ZpbrJ0}*63?HjjH0k zpiHz7{qy!MF17n1AswtFryW=a1j~A|SloQbCXGolk#aBjbe$Lcs(6#2Qel`8@KY&D zr#uLksdpALm2vnI|D&gYFtZ^oXu(CbAthda$+|uZ)iPq#bMKqVcN)bg70+9%o$hh8 z@7{~BZINT$CbrOfpB-DROiw|NZK=EyoE8HZ_g@*HOQm->Ve--$M@qgy_k4@a@@wb< z8WH)FYVIxNBTRiTrb7Jw<$tDw2=g9Tq>v9f8{N%HRfE?Xhom5gSp(UpEf+ za3RBS2wEOAUy^lO{x-M@>{U5JFIHFIG+MhY-C32wR2j4`+=Psp!}CyAW6Y?Dwdl&X ztksOTK$SfVy3PGit(cy1r;zL|8GM$H&@!FFNZ(l~c^5BSoS z7J-Q8G0=_^dN05(D|Q=QsH{vJhw}rJ@BX_*EQCLdAM?k8P0SaPA755WUAlsP7~q%` z3voegVuE#sQ+NPqJTTimm-QvajIeB`^g#{adAxH#Q*#97&wO>bt|pVG%a`~HQ);A4)JA^%K>w1(bQD~p;5f$ zKZP7TQVtFEH&E_bBfi$B+Tow~?9lS=iBstv8GR;$I?d&tWc8ew_;)?3nXdPa3=AVV zT#Ib2jN6B~_I*waJ#%y_v~#QNg9=FEjw6XmD%3%Vve#iXoLM8K73zJX>C5d>GJT;% z`MB7&5v!)y+!ufNzagbVNXz{-`IRwaM6$Hx7TbnikTN;MVtzL)cdLQQu$-0)C8@yJ zy=4zm3SMyGlua3$)h^+z49VfQ=Egyvp&&X7mUSA|!(VxrP{ge(y(3cE4K!fcE@&rX zfVUVJwOlE?4233+C|VQ~UH#E>mdN?;lx_?TR@_D`OiuUY83&pW^F$h~I%9LexngxZ zRZ2_RZA#Fsi9Xi~GB#td9JtMO8YS@c4lRC<(AC4N1rb^WPZ{b1sZP z1*ep8{g5XVdm6_!(CXjMt|L?~^y&@G4FmW>&N!pl?LedSfU^4bYB4QWu2u^Me$hWT z8GR*dl*Y=Vg5DQz80S8uIaqSPwDDl)JO|I-9X_GTHlOqt&F5x$dCJ8i=&I^R#%`^hLel+Wx%M%`W7z26IjP)DpB z$EkHDWGHR4MO%bpYmI`g)b3sW*jPc}p{Qe%Q&dOk<|A{+NP`Vxy=5^C;BcWZlrv}l z7{*kZ7qwzgSGz~G1SoHWyLie2u-f<&4OOVn;=O$!Oi6A5dJN?dOp_3dAM>@pV0Xzm zFc6Vgv&0df@tVds3+{ENh249h6Ua}k3F@h*2r%FX-M}QkL=ic8nf?c!L4Dw`HPM0$ zMOFaDY=dJ+pWmd>E{>`A_AJ&CH$F0>NwKz#kv#TM1ZKRo|0grOM)C+p^#cx}$Q$qB ztA=De7`BN|@mwr3reww4hF@LKsB6Q>DKR^4c^1mt_3*gi9GN@xD#XQ@t--B1DVmz@ zjY#e6^4bmGYh7T>2ON}(6Co{@yy11tzlBiyWijot$CmP7U`1V_Wyg+3=P}ZnA`7mD zp!EjUE-r%HT{$dD2D}%`H+CGIS7f2ZIxPapX!r257AIA=aFv|=pY;-23d+pIy^DFZ zs?vBk^|)4e0jn-%ebBe0C;TYyuQX0BHWC79#dEJ2^kPAN8!V0_hbgd=%I=e{Q+%I` zkrHJpyyd=ky9mS|6H#-8DxZz6+WSYPTSM*E(H8iY#n|#UVo}@SS@`wJWJXSnm5nm3 z&=jeEo=I68m~tLGqAhBKZkaVvTUdZ2MYR>!#rQHso8yaufe99mq-%-D;Cu=9Fh5*d2lH48?i&1)a$hNz zI`xi=Wm~qKb+HC!iLyhp7CKGq+~ldN1?dPamTNl_H8Byckov(MFgx95HDdG2oU0yEVQa;w-`=-{e9R?@sBBe)>%P4&zgc?9LCP6j1wALaZi z5FxFR1yat`<}C5-BE(W>#@wNi|{uG8cV;Db9_w{lT4%I@^=oO(Atfi#e};3%DQ2&t*c65AW?Q(kN)c~>}pqmSA|ts};q zYVif=#mnKLdV#m^2Sv~<04-sU0AI)2Kz_-9pGlhj47#jYy}nn^ppK9-lfjmuhSc9q zR^17-#3_5xY6s1Rge2jjP9`hHokJ|d48GzYuaTSj%B7RJ^avkA>6#*r0p+{$fCk#_ zB`peQ>oX2i9)t+1w%;k{#LdI+tpr)#8QgkmKN(|h^^g_RSah)YjzWJQ7-ook&XPw$ zQIk_RdhXDMi{~;+W1GYB!Gxdo700)H2r!oHqo_~zxWm!N$wV^>9lSr{FqRT(#Qv2_ zjc!)rhjDzXU?V5$Bf9Hr44G8rCq=?9-GNSy`>DK4rllEn3M6WAqRFdHq1R??=+K<_ zj1*miGQXANpsL!}MaI`=(Lsz#vWQ-N&4W-i<+0s`2i>4f8Ft&eyaTbf?C9xyL#i}S zWBxzXtFF{N0XdmI-^=6YLru;7E0WVg=Z!(BEAtux8RaIGV2+KNR94yhTh3~uVsm`_ zLQHu%SuBGljOp<0DZ4%{8kl3O;X+lZRnWSGXd-K4#{g>%?L%T#HQn9_yH{xekE(E; z&~(-w5&j`E4q`;ejDs%XeC2GaiSBiiCJRBZtq33YN-Dh_HC>|GD$?U^Du-PY^5KUn z@a9&T-`(8yr#ii^ZZ-kp;9tmW9_(>4G{VjAsy8G4Trrp79?^cD1!2$bd^7xX;d(iO zKs{;ig?REdO&Rsu3tIIj^tQ#S-Aj>Kjy$~w5cit*qOxpdLE2jDJ7PM%P3w)Q_|F^x zy{pT74jcRpxe2NvJ8mW6_=Ay3>F!=B6F-AkjYx;MMK#aAh`N7aUlS716*D2G?BS(p zRn77x<$7y*#mpWk=RnJN_*88Se_f&pLEW$E9%gG<%dY=sDo50#f?J$8;BHX^{NIR7 zfphHrCwr*p;&uBmTyiOD(U^e%5ra6j7ArEpRpB<0av1)GB}r-?Z|;HFMj>x6;^RR1 zgFwTJpL_j`LA&Awp?k~oUGCe4ta5r4@5!&OuCFeyEQxN?^yb>6+cA(;+1dq9;6hre z3Lg)fTG$&>*Pn+7CLPI>-MnRQ)fo*M#2h(2>-loWiSXtPYU2#xKweVMl}hQ4%GR)( zG-79M_szcPh(Ty%jDD7znVGq;mic$@Pu04R60WdxUkTFNvPdRp$s2{zeQHoFAO@dB zYtY~Sa?4Hs+t?}9*=hXa@gvQToWn;Bn;7V)*M7wa#TE^e(-2|2Zy%*V!Hp*V1J1C= z`x6=FL^;GaEi@kVA%5|cEa}Vr*Bn>}6A{8lK|wLrN&pUkvLBp@`LF-s+P%$gJck78 zY%5ur^}D~$otDA2lDW|3BwO%3r~syWE*W1e`V6eYym`~6R%pEtXkf+F8{@6^PoDg? z9(5v$^u~H%Bk1{^N!H@uK6uJ(83imhv%OhI zGmtGT#hjliYXn=t01zEa`735?w&>5BxMI$egWIo*-ZCmp)iq6AYCeZ^l#*@DIdm!~ zKZ)lQ)xR-x&Mb0k7V4=+n9_zaFf=4)p8fv5m~&J7woO^yq;ilnYFoI_UnYgfEgl{m zXeg2Lxb1@5>sIHPF7@=F-7kbtD3s?_O=WfUov@9KjXIMq%;rq9e!Z#G@%m&>;PEce z9b8=4(?~`o9h)wn_wmHUc$O}@`mNQXVvOFD@DYV+5?cOTX(z;-8@$J}K&B_)Xg07Q zxYK9LNLTj`zzI=f*l4Nb;<8oTn@|vPw!Ywt3a*!rI6Feq=3B|hea?8>zzW(Tz_ouW z5BR>uvNf#C1_CJ6K0>tzo$hCth4`;eltmDbp3O8^@aWf_?UsbXPZ3zT;nIGKfb%~6 z6T>+c*Ud)F{x9d-;z1|7{s$|XIbfHoi&MgfZ{*rs7ruVGM?`euX6u9#Upa9W6Xw0f z+OQ`~O--Ff?XIMxG1WPjNV4d^`a$K<`WWmo?s5J!OtB*CKqkaJq+*o@bJkB7yuy#} zd9(aJ0eNWB?UUp`Ha{t@8Zm~$aAK|Cjn=) zu-)|%_qEdA0(5o4W75lc)Pi%S3_Y+pqsmP9fuzHp^1NzX3G{_x@Y~gB^E{g9=zLVO8l>%gw}!t8ENa!i+;TK;F?FW}Zr*5^ zURNjSCwV3GM<4XvyjQfX`E4~w&10G4nZaMINit`rtNBhHX+3@$tZ(Mq-TS|=>cYSO zgxf@fwwbg}m*9(zT>n)WA!59M-|Y-3k-xt#yoLwxc0x*DPw)tIUks86^z2`t%+4w? zRt{0P>sS#mbY;dahS6gHp1~Km`Zs%Z1zLZpQS0<>gF#Obq*g^r`h$zLRpvZ%gNY37 zH#sBSx?|L6p_sxpQE47rWMX19^7yD{JMeJpc=7tpG)v6WgUx1ascu{*Op9$he`GAQ zm=YBqYtrW#Kl{4$OmS=9wwD+g3 zSoR-l()O(Q+3>^GB;(Bn>iX4D4xX`y2CJ>(XXJwh{j&WZ_s1hoyb zr=2cY9*fep!zWA9JHdfL*FEJ-uBWuL;wb8v=h=t7FWbwF&8^NfsCJeMb~w<9W`6UR ztMt>m^+}Eefmgk&W`64(w59>ur*LGg$zx``up`o=1R4RucE2CtO6oNHrcEBdHeMAv z`JFCjoMYA}8+9w%79)@}dUZxI40lu6qOfWvx2PzMWNU;QDR}Q`9=G}QZ!&K*LzZ4j ztXexu5j2rewsyxK#VW$XGk3H#xw@QT<|<@z$C{YIyl?uHRS8m_m@VWJ?!Vaej!{ta zaNlD)w&)`bIb5YYaYB7GFgnN0gp_;*el*~2B$P?;$}>yIw~cVYH(uLoW1VUNUIT3&;eH{&U1XV^_JcmSNT`#e~Ylr26>T*5@)b^9AE+MRE=p*#gf0?;2_UQO*q zD|6jX>5J4WK758oi1F5H&g-xA9Ju3sCT_OuEvDpR+w1ImU*J4_r4P?*-3dA8!|I2B zzDDttI%!TXn$rop&%XhL{b5!4GLN5tLnDw$Qld<__JRrn%%Ftb_DAeVp_{9dWF@`DX*~c-vB8g2%6#eT@|0{PctvaLyC`nMqQ( z9sRq{Sc?s>ITmZGiK-6qa~=2glB~=|Z%Wx-aEdUzYl)N&9(;Y^8uz#D;!k=oFnc4u zm-dxwz%)M4J)`l?{-mk85i@c?^C+vB3~_j{5XV8~cV;a%G7Nt<^(4h?gj-4l( z=PFU)K_CF|X~^GA!)5|fdQrRW?ql>>NOw03rt?z1suU~G7gMIOeSH=j(fLPQ9p!gE zc`SRjiHR`{{WBuA#m)IFld6pJxdCNwBEFH?n&@i8sEBEB@K~XIv)zbez@Ci7<~=*6 zZDAjRCvy(EmZ?H){|=sSVW$RYpE=hcpiBa{++ogYz!u&BeyZOAo{1&+VfsQH{v>Gr zdxyT3QMcd3FVE{c%J3Xbb#Q*NQKet~UXmccC=+sR zqXr~|Wyz%q-VqV~tn`)!Qwc@eFU=jROAr0uvC>aY`-)V!z9iYNT>OFdbMlv=K@ig zmU!?XQ6|TvIYigdDh}-65OLq+#U3rT)a1cu`dXM-%12p(U-*U#b1&U$JJ)qN+-4h% z&c1>tY>L_WlAZpQpK0h2I?4Mw&U~1|;tQd6TZQjQ(L3B?Vh^ezH+i(j(noVE3xDdNZW!%7e8ARHP5S%)}>~xjQSI=(|GD3 zS>q0mWs-0m zm-b1_UO47F;^P$9YbEkwu*XimzNGaWiS=Fgm9@vCOoF8jtp(uErhRMcnq~$+q%J}B zoxpglHou86peJ^hJ=wQ@!!OMp;JslKjhN~@p5$(gPqnDTai5bn5s5|Q2C{Wj;?X0r8|r+j1`)&#RE=Eeg6-cBZ1 z$O9x!yYk-CA-pd;Nq2&n?Owk@O{7WrY|oQHTFhCQIm2Sp+$TCNXD7*=+E!hAWKU22 z{(Ud|2p1R3Sf13!#oG2x34?`3-z?cH_?s_GWA}YFdWPa&y;0N%Oo6Zy(^A?jQ@rA3Kp=0%CV#Hp^lguX0LzG+;ZZ(?)i~h$N80@NDCO= zGSjFl$$8(C$F}T=4sVSJ-qNf$TEF&nZ#--KeG(!eMMbON6i!e7Smuu3es~lVQ@_Ho zfi~{dxw(PXyYGd0wbJKCcm{rx=g|PbOMU%%!{+jEdIPbhcmn_s`K#7gw~gQd(KA3K z@Pk2N82r@ELs+mG+O>PN>rcVhxuV00WKy%t@|50G#gtpu#&0EiQJ?u=V-&7F5_2 z^ZgoVsNp$HnUdW)|LfTE(e*+8b^;TI#5-=iWXKk7zb7XR9uS)!v z6}SHo!vdL7($_~t)_*Tz8gXnn=U{5E1;@+)-5v3pwMJ`e>#=@oqJPAjrXpAfcJyKq z1zLx_MF3oFB_-^dW2=NyK`!!v5GWSFIy4JZfJA=Mh9e(Ig#%Z@Ch( zft^k4vRJExlIv9X(|7EkAQ3QCng_tcKDWA=$ zs!zHvfvg~076_mbT4NPi2?`%Q|mamb?jx3h$`#)8ZI368_8;MOPUrVEiHvoQfN8^3fd>N(}$LOP3z z`M(IRvg`+%Hj)oSkJxg0D0A*37c^Y81APrvmejpJwWcakXvT-`l#|=(+Gl*Y%!GsSqyN9M%Mf8EY`y@vso3v*F0i7&?JO@vVzqzD}aT9r}EQAyLVe1 zqofxAz=q2P0hJO7Dc8idfAR=MVn}{o&K%pqt^#%zd(My0$GxrjMzRSGRCY6m_KEjC zCeRKqyzF<|Mw?a6h_iZaC9Lz28N0CArJz7W+8-5zq(Gers~H%JVpz& z2*q0!1UtXs5I$`1`;nqhv^PH)UmunR)X5^k8 znTn}PLY!vxr&PX2QmWu-yRTnAms*L;QNHq9V%NWf$rE_3zgFa={;;9lSfsnWvCX(* z;(dkmopq0~yTY_7Mw6luwR5zcg(Dw(TV9)v@kv*$C*vGwwK$o7T=HN|g6m}1MMVcS zw>@=npdywPFDEt59Pm16k5i0a&Y(;b3_gtgVZL3M)rgufMP>&Vmf`)n`0MH_O6}V~ zv#9jxFL_=|dxy#^VF5G;Q$TJ1ERkI7zZ(0R%`x}!uTjVa4~Aw=3k!*>%#skVrDp{p z?JZ(;=A*e1KV^^S8x+Z^Dl5DH=Bt?cSE%3dwOT7}PbstfM!+QsW(K@?`KwB|OO4sS zrjWE!hOV=Ju=(fH&X8}>SmUhxb_?F5 zAOHlou$-T{JUiAph=~=cZKSTZ!sgiG<|**U%)o-rUi+_S3G`ef$!Z0=d{HrW<8)@9 zstVR)m&3t{NE)^GV9qU(EFu@g#>T)O4Dt}FU6{aEL)n8l4l zhg**>PgZC=65G$;-EDgio0$G%b+y@sK?%=D;=_w;6W^`b+PNX@HEURCCZiW!TX70~ zWqiJuAn-Hy9Mi3pUhU0b30RwwKiV{vcyqi35BV+LI@fyM?SJqH%ZM%Z1Ty)~yPLfv zASSY(sJx?fvMjRw&-9*3V+g(WygqBGBBk=G*fNxy3EP%2yv936*jDqEbzuAY}tXB%?@=G zEap*weL{pKHgdqda%yt|CKM@-I&WlujhXC`jQ&-i%(UvU%@ z%!M`G#2UE5k+r&)IfI?Kv&dIa*F48AoSVcz-c}KtSu5~S8658%ec5-zdxmk`b8b9h z2?}p~TMAPm z(?vn=$I5E6TlJXoO%=xXY?|H78DPqCKzYcXN9_$;iPu6};~DFh9n*$dYo(9SHM^lV z=O)Br_sI8fM>T`JOuBX0){wW^@iG%hN50kt6_0XR#y@c_pJKUrjH5|EZT?BTd^FHd z8Uo2wVs5ylr{^Z1g6M$Q?cQm+0I!|wZ?M#8bO+>2&EFF91JlSF^ne_etS@s0J2S3H z-Z0}MTnt{yj}=5=)7kY(o=_HNqW^gLxfJMReXrgxv7>Q5LlTjgu)~{9wzk&xZXk0} zZuc#0*~2WY>~3ZP?(Dldd1FLp%DX@Rrpp68)=v#|&o_QmE0)|2Ahk_1kh<_yLnbqIx$iHx>b7FSjz&6@NaHEs^=(c*O?0%%1{) z&3nS2O~wd=$XKPP`g&vrA|! ze`}ZdP6YpS9}oh6kTa~s8yUtN-L5Fza9abr^T;IL=fP7mR_uA5fx8qyh~V1IM66BX za=UPv-JG4(V}QN%U1(O10R|pD?D$DG5|Wa|6%WB1|3@CjC`APVQ4pYRX5Op*lKRjm z{#R;rouNwJ6#~B!;bv{y+o7YD=~kFawaFFea~6eI+V{Txd)g{!=jttY6~Sm5I(1v3z2J{8%*pH$?JxFi8yt!S!Zt~7snz=0V3w^AFXbT)5pxT`?y88DnQ=l6 z4uJi?QFAlB^YX%6)Ghk{XsA@zd83=j<;v`M56_AUyFBP1GiZ2sI1?v{ zN!o6PPO1%aGfiPh>B9%;^JIow@)3fO&7e%HjI7ju=1 zXFnH9wmaqdvroh|5rD7z+a@s=fJb=&$~y@71Ba>*7nphY_)%F(b6XbOW}rM7R?nKg zS9$SA%Q%lY<6=23G++3_c#%hnDd1m-n}DgM?gyD*%vI7O5v!#(8<7U6+@+f_Ck|bm zt!*Qe-YWQu8eNleShAKFGqbr!VRGeJ%wvAp^0do(ByGx<;8vq9iw-+P{i;4Hug${$ zIGVuks42lrdRu(xlL(W&rnL3HA5qXxO=YR1v7M%G0f3n`Pobbk`&C%Hb_PrT+Z6%# zJJ|9E30zNvNbNX>bnJ>Fd7rK~pkQrTt{n?gG}vXZhpFAX-9QPS>jfVh}KuVY5 zq_WDqLj!`*Qs+-kHboYBcCNh7hD`#GC~bihi|dDkOw&ha^##Y4PG-a;&CXA1Z1~^3 z>ZY+cc5g;iW`0?LNB{nb74;hYzrXz!ItZ%0Xr3hhDf1`kaly6k!K#RUh}F~AJ}cTl zL|iK5eGhi3ir*L(Hk2C}1llgax~k9DyKHARlG&M(8BFH5`kD)6VwC{}#+zja{D#m!U` zuAI=z0krV|LbtxKmJ~SiX4*E+Z9Zk}D6Y%KYST%MZvpF(A10w8prXgv-?TH$ey1+u z+Y<<2){MXMoFXGENC*#Hd8^u_!JTAgXm17`lnF6^n>nW5NYOgkG%%R*U%TA_2^ z_xf)1*lMe}(Jga50M7qBsXrSAO~OWrOFcgQYSp*c3hx0`<= z>tHL{Ij)^135=lqxtMLnr+!QoF%A98w_ulmg~E8sEKE{ph!JuZ3rsGb<`So??V5Xi zq``=dmIb%NOC{$J*sZ&0;fKM^>UVaKJS~btz=XJB9mv1==7_Xgad%}v$9;pTIJL>v zoB39v1($DF4sxg{cJoxg$Lo4T2E>7~^0b%Y#_r!Vk-2Yjb~y@YLw;i=~jujD|R$AHjEqm^!i|%-8Qc!>lwheNGIHKW(-gg1y^z z%Is;)nw`eShA(?4J36~jB zQPi0a$RKQN3TzOCcmN>sNX-;7zY`|+fCXp?xzC~m0qWqzVz^rh+`n>LJkLyPptPk~ zwxb*IdbqV#E)W4KHn{dfMljEQQxIxyuzXca&cEr(ARmf=1KCQ2BMj7D7$oF3r}_mb z#*mqGcTR-XM}=l`#xP3knv6fN({V$cB>Wc*nJ}>EJ0lf3PxpwsfHB-nfyoN!`_p{ z9cTH@vY2Rm_ro9I$t%^BSUNJhZ=bN&A7^5?zCRU*p|SvnI@GT*bFgDP$B2#wkkpq}^rG8XjX+x2ArCnNPl`0+(+Q`(~cokKg$vF{e z&+w2j(R}gV_j1ke6BtMq8LB?CfGbI>s&Y*Z%K^0?A&irxF$Vgv8GNPpyBjTNAI+8m zs9p?zaQs+XbV$@dxld_HUbm!XT`#w+}| z!=%&hD?oO~RNeZEQa9k+uGK^1ZQlkG)FHu$>f=DFv*+`xdBF6=sMBcI=wT57qqg={ z?G0}T+nyK2-u6o)*MW16PgcATc%J%2zCXTrpTX!T#dP>ix;|v$vB6ioqf+uq0TN-> zgmihL??+Xs%=L0oAelXt);B!kqP=gRVErdnQWHD~80p)7gOSc#WC)J`~MoqR* zx@xSbaGvqKuY!iRM%*oAh*Vv-_pyrRq!u4Lnj3!57%p#3W|hMeywfSaYDOv<@py}CxpZSwQS@3G6R5J_gRV{6lB59D88)wAce*f2c$BW# z3nu1QYUscVrN1Q>w6u%%mwO!@1^ZT(2z z7Pr@9S#p6Qx+z z;@I#|`TfS`2f=>IOrJLt7Bt%CY{*DGOME7{$U5r8jCF1|QR;=9=4ra2t3D>5KJxX3wPpDd#-8(22n>BW>!$Zo#Kd_PqUSIkmr)m>R;wwLWijU3rU&(R{MjNX< z^8dHLJcNxqCM`eWHLJHSl{NZNK4QMRvT`&Wonp6!!%Pw0%rCvDa819@m(q3rC-cat z&Dt|Q`!+?QACt;KlI2svnD@Hj(5-1D-tzU_<+MpEXI;lHKg4QIJ7dosb-`j`BA1>Q zahlI+daV;&m4}*5F##+UE=8da@c`VdmV<_07Ws4~xCH`6%UrD8o~AQ&XWF>haV3-* zC#07{DM14Y%xns{|BO}F@Ve&r`RtHcAM()`KA_T?ht8yu!R%`zwXX<(kK-P6J#nFG zd?iN}QG%CH*mk+DT;gPgr-3>u$e1h#K2>@yr=r5s#blmItMgMfK&YrDV8hu)UZDaA z1S$mt3gWV9txQFi3_gT7Etg@A55cS;7Ulc;5FMqPk9W$0%yRcFstq51jeCLLd7JnK(Ogs%u}`-^g~|l6q-@ z<)BESZ~;?DBywsh*BfEj|0s|*eVWW6WC!?EmtRD~sIx7yjElWQI}}I%TcXD|do?wF zmgIDMZ{D6A-Qj|X@XIBH7lRtD6~i24S@ng{x#K~fcfx{Bya}^2<5Tn%OFmPQ+{ah1 zNlg4FB*e;w?zw@N!K?tY%DE7E)ebwZS9crG0HN~6(|A=b+V~~;C2N{yH7y(YP`L&Z zjx}8ahVEQ)xli?!*eh{P*$K5*K1(4x@cgmbj7m&FeL|@dvmLCs zP4-<*wz@2>xajrs(RUOSKcl`$Y?K*iPlQJ|GQ9Ay$y-LhOm5&0qf0rmU93sUf;RV9 zrHDI8ei$(E*=S1fexsO#FQgu8;Fucvr}5R4ZQiHW_@#KvmXs29pIGlT6Tsj3nI<5& T9)|r>62LR1=a4!D^YH%x4Mr=a diff --git a/wikipiki/concurrent04.png b/wikipiki/concurrent04.png deleted file mode 100644 index 04321dfa34845a4817769b8956ac3183b616e913..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28727 zcmV)iK%&2iP)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z003oTNkl1GTTrS%7~2-fb3poGn2LXah(gbX1hGxI+8obMlZeU|r~ zcai|paF21Ad6#Fo&%O6^md`l{FS+EBb?esMd+)t3yzoMv=WExl6%lY^eis1&|BLwz z1Q5*c000OG6A{^pciMgqqyLvaB~trUEPlCglyE;7eas!m|2Mt}5ovv?vQ zUWtf^=zg02+7BSsE$GU%mjA%|Q%mvdcDcFjPz1zmieYOko?7bXm%nU(@rYnwv4d+4 zC?WtXA|mFeK2Nod=vNDL z61H0D+hbqs?!~@7)!jp?k*!*_s=vR#udnaE`|g`EWy*Qyo%hj?ezXJvh3Vt2L~3qe z`+#Nry~)*TeiYu@B%2%#>e$%GzJ@&;ZQ*laPws!5>*|TT==YRg^MHgLk z#1Ti_ci(+~`?r5VSL_2kj zy(<+PD@qCn5*}nm-W$5y42s4{MS%ldi zi$RQXXlJ^g=UQvpbm2&(o z3BqO#xAp=AemPP%wbEg zZa-23v2Ty*caJ9J|c1>5eqPYQdyQYNM)I7WLa0%=*}8lS)*I2 zOeuv#gbEQ@w6JEKi|A%^R5;i97;|nn4$vS#L_`FLiZYcoh?L42h$>T=Jq{rVBLaxs zTO6>u1sDJ?3^-zqvQ#x=%ZgFumx4tvtrnfcf5uDW#6`#Jyt(?$A8r24qZtAc0H6XO zL;z8M2teSUG!wW@p@sT`(Mim3FaQ9V>8k-mKm!0E1F%~eTA*+DJ#^mu_0S_zX6*F+ zANAO6adaZShN7U z^9i^$W=v)`7E-WIp`uJxotsiZ&FY_FX;-YW7-CsOlqex)3jz$F%>rN$1ZE*5voSag z5DIHq1dP&PA%xld0>I3g?YUSCO4*Zo>;VsRV3#Wk2UL+FC|T5mfN18rBQH%6&Dj4i z80nA`B*tVmYu;U|<^nW=#E{ACua^Cl1ntKh2eII*GM9}A(a4*v$GmPv*X`RDWj%IA z8#Rh%Boxtz#LQ-S2P_nc*I3xTsptuG&?4UKk@n6RX@Q+s(%ZaA6AKHVQ3(XcMNRYh zIt#n9GFqIjBZCwHfx@kMHAOsPl^tQ?9e!n70RhGPM#Wxycxut3iFaIZs7b-4WQTq6S_S(E_=P=0ZNdA%iW zO40ek(do>-Y_tnDe+mkK1_1%ib*=#bo>;f;=3AdUJB`H*fCm z??2**BksEEE~S)Lno0_S(N+z9Faray00RgE8{^Gs04!Wof$Lqa)sSH1#}7MpZPcOk z?bz;Nu{ajcLquy$%p#;w3kwp8FaV-L5Jo_9TOc9|2aI7h=m^Zr0IZo~?}>fWZi~S> zWbvjjvsf>PJB|fBqs&^!WC!`o=9CT|-PytyL4-An0dDs{_ZeLRHjxVcTF7Szh9;CP z&gcP%+tGq*61xPL-MR{UXs|<~uLuN-)1jk%V&2wd)_!-!2z33$cyrUNcSI@$*^HSZ zk)J4@C|L1`R9?sWAc+(|Cf1e_r^~moBc&3Uwl^X5P$(cESiDqh>+ixE%QaF^5J^OW z&1Y0kx1|N=fE0}hK|nDt`-ehk7EWxi0gKxpvG^}&3fNLn5Nl6F1BB5y1jM(-qQM~` zH1I4Sj6x1%3pO?iFga}@cs?D-dL3WPnnt&Kh&JeGZA#J1nzc4NU$8PkfLTzido#F_ z?ezAB94Uo@%&bU|6thNF#;O!zW61L7GHi$27ts{cg8UaWt0ns`q0Y(zw z4737bWCCQZ0g%WHne{1{5u`9NEO-TDffEw#nr#G!j8mp8{5CF{~oX$pHG^k0$%$iv-F>B2%*02#I1#VMd zHfB1o1b3-{Ol#2rSo_lWfgNi4lg80yqaq^OuLw)R!fl_68Pn-@o^(O0OKh_f8zaXTVPJ z)}RGA7RhtXCfw$1$N&1DpPzNsSyz1Ni`nSt=&{Ehd*_{Z8sH?N*f&o^07!(f(J3OD zK@4V?a|F~Z*xp6HN^O+KZOTw2Ak{!EmsFTCgULXZg%TEK&CJYNE3LI=t(aMBt$_%I z#Z%5K=81Kun6RZbeiC8xlY=7@*rl*`HO7kD^2hzZ*cb zd!JKKOmyE`@`e!r0zl5(GcZYRJ9EaEMK2VN^c#l_R<$Xao8>5G`xsOdodxU2#R7T7 z2UQS+tOG9ubP>hJGXnqzj1y^&n(bx zT9SYZ1Tp|2iLib8)@?vx4NAbyh{52o(=AND;wr!>5q1W)R%M|`@Y!R$MO57Rzh zoJU8@i4`Ct7#9<{V=HjC0ifO2|6|?r%fItAbC87}__*ZxfBtSu{K|WGnNomEv5sHk zK(#iZwM|9xCg)9y-2ejo^wYmPanbQhFIk$2$gEkj3}kwv(*&PAcAEcq&z^%5hn)g! zoV0Cs1c9QLuT1}pt;iZLSBZ>Wq^d-=gRn6!b*}9%T5C;O6Kk!B6rsUZOCS0)qDZHIHU^IfEsk1$oF&_6 z*16_f+)w6Q>n7_Qz{EAhyGxCG9-U_3>`KANPiroT6p8x|5orbzB4vHSN}QQtco!t7 z1(X1bi#Zy4lAZk~%n9hVWYHEx0JR1iE7pzz^U3O$*n_^>C-Vg678Wf@} zKAP;;n$xR1b{1Xn9!$g93{mc~j*TW3P}F@RSOq;cnvaf*KEKKM8x$atC`2+!6Cj~A zF_oL3hNE)mjBMctK5me5`FFnNe>bRk=!~rS!t;jHsvY@&1sDx*A_EAcHqJ$m?$HrF zHi}khB(tCIG;0YU>u{V@m^|e>`c~LYehPz9Fd7g=S+rCBU2_Q zirDF?MKNAV46#OajeWeO=O`>**Y4^x&@dUsSadAB>)lzbaoXsf!Vyp}kQZbxh7B+?wGHYhC z8asOyg$Zvm3sNBFJL)rN3FN;(_16LfT7*;vS^yYL7%rMQNQlg!2n86C$m^yE?CnSq zF{Bm?pBUT`cB?1y)?s0bcBUs)L-++>BeW(a5({AF zIQ5Jcx_o?@Kp5aXGnFvM*y&O8km-2rOw!G!IgJ^v+&gI*avS3$?rj-fSJliksh z0RYJYCpl40ysc@e&wgqIf~T=?o!2v($2GQQ3#Ge~s#43t$P#h2_bfE2A_Fws_F_FnWTkm(a(#`DUCT$`BtQ*y^k zY!Q~M!R-V`yA^FM`jOIdUjlTk8Nj zwkt~pGhr+8ov~2_B2ty-;l#OrAsqp&o53$PYjs7NrYArkN`WFdz7a1`vQZ4C0g3?) zx7WJ7P+7=Ca<(1D-;}^$Hd<9MM7=x3(jP>Nh$gLPEvvff11>G+3KM5JixX3?>1QFf*fb(lCP(Ve#0>CY8=FYt0hrf(G$5A}|PQ zA?rM|>qUWblQstt1xf%6&DU(!=+J`f@^W-eW{9~vWK|Y#Bv=-+6tk*Yx^1hbXYkO* zx_cq>DDtoi2y4wc*JERbS}A}?42T?YmOLs@bYuZIW*Uf=g&+9%jbHzg`M}8^`}2dR z$}!V`$HpAX!;*|R0#56yWim-A3?QsoYXn48h$29a&V-q{0cs(*_6P6z)2|Bv{K3V4 zfBqpm5v~89OFnq}5r22y!2=+|j?U{WPN|kesPo;Kmxk~D!l@Vit9$ule{t&@SHAbm zZ-4Zw%Z}T-2&t;N7sw;GoOsR+0;hcOACKF^y{NS|F?Q0JM_D_f6o8;sj7T}=sFet4 z)=ovX8UTYfgd%rS9GsbeQQAfz+Blw%2PhW~EwXYfdEMKWEcL9JShl*?^mP{)CBLkiU5*ru4g;Qlops;pKXNoETI;0kz%^0fyn|d6vF{s zic~Riy+txeR0pC}qWd^zU;Dg~C>5gQumYU$p<0#SssK!9*(&HcKHh)`$+dxPYnl8Q zZ9*~45nWuI4b@gqTuK1i10tD+f|lS>)E2N+hI}>B>2TVld4@6pgg}aj(Ec;8KylyY zz~JyqcROJ?xRfmCPUku6TV*CR4^)a6Bt$tE18YSYw8DVir#SbCH z$sdk_0K-o_HoSWE6aV?INMOwM3?x&iKol?`W(b)J;wmU4HUYrs!0TYjt|KEO{*p$X ze)8FeSNY4+#-K#V0dfHr&_WteGvq#-Qvmx1hM#;45DkaaIX4gyvx5I23ThJ3bHDiF zhc5i-$F9BY{e!sS=U@2Xkw5yvvd`{Ah7(RCBFcv@5$dp0+Jun-6e7Ii;v1G6GQ-{S z-nZWN-nt|lhh07fy5@&}cEejQyy={SW)==@5^1z%dx0P#B&>u`hyijDAk2V-P_v!n z+Ry{ESF_dr+%pgKA1=f=1*8r#T@0~cK1#?!VU9wT0wS7ql(!i&YYe7Z z#yZC-m?kJ|^(WzSO#>{M!cj;ViU?PmfLlV!R)I_?G8bdOs{^M%UN1#YOQ;!BQR1w! zh#edZ(^fzzHCVe%k;L!RSTKnnSl*tWP!VHnHw)Oy#bFFX)uh}z%Dv28;t zB!WmpyKD#5m5>_*P?vh zh`W3O0pmZ`25T*a$rg(OW;PB*VG+>Qn78B|6cM5*!UEQ>5KRoRB(CCC&yEfq&0DFP zt5RavS|iw4oXs&r>&qk%Rz@`tK;U3KTjR~GZMkcw{qCEx>y=l0rrB(ogI;;XXFl=& zT@0+>`OHJ$*sO(r0u01}T7&k~AraQOan)i}qQE@ntdKJh*Y6m<`)dw0iD=d#7u<0N zA>#TWFg#ll40ItATClmCB7vP%m&8`t7fQsz$d4Ad2@qv1o3G57H7f+64Hu9|M2JX4 zn+pU&VM2mj6o{C-6bPy;X<s>KC599fj_NL0rn@&fYaO$3MrP5(YzdhyP0SYXX@iu6 zRfOVbFiTk@f=hS#M0z=SBM(7M`DfXMU3#6+XWIN&W&HDc{C1k=-G&W3;=h=3MB zG`!rR-5Hsl5}Td{=0S-fgmDHN0(maA`z(X0^HE`Hn=k%k)_(U*-Tf~v`?NvLPk#Ec zzqstv0Pq)=efpE1z6=oGx&GmDIY94|GKnvqZ*Fy8qg)acD?d^l6VEtOpZFocMYnNJbnhMzAz;^-rfIOeGN?>TDe-NUE|iPrq!m?Mrm>hR-^y7(6xh>#w=W&Zn) zKH_~xAMr=WeD6{6d|eac2Pim+hwuI3kyqTkfoS;NFCKNp_iwr4Jx9I&`;QPl^27HY zy>P+N3l|){@cWMtt^MI~fBG$fZ=Ze4317PVIehNkFCBZramSu;+_4{c-(|mgj))$; z{ltaW{&E-*pS$ns(@(zraRTGzL0<*VX=HXinTirVj2IDryv1fBk)9(fBJ2bAw#J_; zVqnxo$Ne#A%2p&40uf)m&$4*gsi8g;>gi4~Nr(ftz<$Q&%(yau;Vj{(#iY(6YDO;= zGBV3wsk+?bTu)yE1Iu=8iGu4_i$L_R7R8I~-#AsqKZKHU&>nTHOi0_< zFL7(+>^SMARVGLMC1Km|Aw>B$rudSNJ=uj#&Qx;NYH*kae-sfK5`kS)NXj$tLn=Zz zc*hC?MrkJsl|qF`3Nz)flgN-LF(^%OK_rkOeb6T4fv3o^W^OX)taF`@>3o#)F>SC@ zHx2(@Yi-x5xQYiRzl#~{tA;{g6=L^!yGXTW&04cI>ydTNdCn#uPUrUcI?r>%<2Cd} zEy89qF|`-WADZ1Ubk1T^1UM{ccS>f>TFg0&F`egH=cdLdYg6sWd8b@_Cw$%A9fM<1 zXcouT;v!-V1hEzs7S4dG;22;AIw+nl^RBspcbwh7A z_V!_KA9eRZS0D8BaZjK0_Cjwj^!Av4_f6gX(o4?G^E}V4UC5>h8myKJ4v<-frsaR=r)=(?z{q(APy>8IUTJ`_M+Ktxz`^P=0C?md5C6nJ&i(%JgU%ua1c0BO|B<5s0N}8te|6qI z@vib8-+17Hn{NN)%niS|?1K+|_V2%U@JxU;|MZ^I|LKjlEx7esTyTbb<+k_i32VQ9 z^isI^hFcGw0kYxeUpVEX-@o+c1;>2pqksI#e_wFzYkzP#EWYyS*`SSS@03+ps)1-Q3y&k|3c`n+C{v`AMNLzP)up493KYkdW)Vp_Xpp81P}8x2#`1hr zn_#EbcF}=2k^?%HuDE1XK+%XK$U1C{#K54fEgb03Xv?Y~0*W9rWDVk6=L(S!^IU1t zxmFEi76FwZ_?p$?5tQ>h7ZzrOI z-&C7?0zd!?O^lY&Qf)y|Sv7q_{@W!NT<(8=7e57g7QX^h`pkF8T(FA=l8~|!95crk z$3_ns{w&5NdlAsNYCF-aBVVon4BdO3oc^`9&IAF(nTLGn(u6h6a&R+&g7kz)H ze>rY%1bBAMio4)n@A|MO0R6!;8)WYp@o^7Z`mOU19kAzp_K|1_y!~@$95fSP!|EUZ z6#nC_%$nUls~!ZEi*s>VBnw+d>H@qfwc?v*z>(hKm14MogoLG zd)*rcAlI?W3I$BgiQ~?iiXZ~TdO8v%H3G+G4M$aYLhRC&$t{kjNg!b^RQ3seSMY{u zDDGq3xg5&ITCL9|-uOIJW3oah%H>Pwam3?|e6!waiwX%9=x_y7ubpFdTtJQ2gfE+Ps?l@RKxA5=NI)dNmA(R2HuaNylexPjhZ_RY5A=3+LZ-$vw7$g0&?Kh9YZ6PQ?)R zVgx{K%yP){90?maYsx97++e5Hs1_5Q!5p zv}e1qXmM$*5*KW8aTSz8oJOkjaWm|hYS5IvuIU4ya|Fx?2vH%R;{*{wh5`T?a+J*p z?}p)b!>~P=0_dLlhtVsbK)R=DfeauQ$^ddfQ-2@_8^0BSoPhu!%V^4!jJk@2?(GF< zJ{%Q$_K0X;?|1*fPd{_#(2DmDmMgYEu{x(j#Yq8Xyyg6_J$}^T3*?;_{@s}f@cS1p z`_#d+N)348d0x)+VBbx|fAFvi{`&kk&x{9ngG6eO*DQS`GR|OOkhqtYskkT3@4_rv zi_SSz;teKT2-Mj_X@&wh$OkeZuEZP?OE@Y!>#I(NP9_m{iYt9k33Hk>ZFf-+RX2zl zrc}!sv`ET~1DT=hR(&87TNM@_moeLFqxY`DxOh-)nIRwP`oMCS^{yI9p6fi%^QLpp z=B7N5S&_A^bfnlTPi&bRf=~m3U72+B1XNqGmJkIP2}y$hYMo;apc<5G&MDV9X+$jo z%9cMAcI+fJuH8J>dDApYG3kW@OorwINTfhCl1V*ale{U2f@rGXB9cKrRs<%}N+Bsz zM37C2rv{CR6rjml2T&C6(Z1}VxB^VBPJ#fC79k4Ljy0Q7xh1uxp!HJdNK++;P4DmH z-f6u%y+)600>BIf0W$<5$Sltmh!_AA#zD_|0!_T+#O425yVEA005LH8Kq~@(>Yd8H z)28?L)sb9*;)Dm|ueavTjJJH?<9PjPm;Bc=)*-%n`9=TrjNhC0e$(lA-N%-%5dn~A z|NHO0Ca1k|FJl+&_1+);!-aqFlRH-Po=3d%-#_!!pRJGLdj$u*s}#o$HNd&zZO$_5 z>3hHH9Y4L~>;JRfHS@AARR9q!yypQQ#c!SUy+>G!$nf3Y`L>+A|7_;9x1Rs)4_|!E z61esB@Caksfdsu3nhIgPOJH?rI+)^;LIW(F3p9cw}VPO2rSa_dujy<%j zVH*OLrGK?Cy_!&B%L2I)8r?)Ym(+zk$D#YyV-ic}!OIR`uNgora^FH60-^Otl`&-^ z`JA2Pdd9rm;6id$W<#1>wPrQ=@MnZ!gaJVviNssC?d|NC4P>hvpz+FP)CkH8-_xvTo|UsdY2N6m8)>5l1p;740@;KD$@AE@Zx$ie<%X zSMD>t_h85Tlp`~wf$c+*LkjUQlS{#D=Vnld$;IyLK`*3~~P>!043+MiAB@0vQTtAASewEmu{ z{n^z1o`HcWJMXg70dIWtnWy*P{|&VZKl2$8zWk}*{r7zDKmFZqU;IBO9%(;&`qzIv zQ=WC$z4!6o`NI8+K7Pb?#tHlRzdL>}c=l(Pe$ZxSo_hT)Z<#4@`ezRN;Kd(0!g^Uh z_Ya>ucxFwBSx>@>azY(}Wnk{9pMU#@FFf_%%;(>+#LJfLKETI*=(3B>89e`n!(Zc2%jgEVoyEB+RS6Jm&1jL> z6n4{AvzW`lCe|1yAV)O{0&aQHnhT`~ILb5e8J%LPK>Gr=)DxWnCsDmOSA|*a>Jx*zK#cVJPYC$CJwaQ^99^qVKy2p|PXb zk~6L`r9h>;aBZlzf||?UE50z zeQ7}iN|hs}z@W6t1Ecge!H|9<0LbD@aoem)dk#M{qt0_AL`|$UYo#@kM(->%rBB?o zakH80oSRL}O;ZL=KrXf2wZ-)X*@Z=oBiI!YCMo)KLT45`+O{iSH@uVh=thL;lcttJC5;=&aTg@PBWL~1b|HXLu;6I5B}x|!#Bo;UM+teH2P&C#*u zShJbuc{A6|yqV{DZrNuV0JLjY0*AtQmtMizf!oaWkkjPq`k)>O%e-YKQLIhuEN9@XO=FO3OY^2#7$(y4(AI+Pic|K}@)4G|96eHhV z5z6EcjM8&TkGNRt3K2j|K|4dpR9Pd-8j3Q?dK%rm-Ccc+o?fN8l~SY{N+}T$&V{wH zjCDT3`KZ>T1~^5mR&99A*14?+Da%M9DNN#jsr6sy5y%-hs;NUintR3ft^1Jb?r}XVJIOiRIcF_Y5u6gpQ z-^ECC`Y9iH-JI8F-Va%5SRTzAb8I52|QMK*;L-BuXl^PZz2Qm_oM5X+G^K~3z$ap+)y zt3cZ#OR`9j4c&1|y*z6OL@km&+k`w@+?tfKvnJTfv);=Zx>Xi?g-B_%P{uW6u~qq? zLLK!&75Cb~$5ITt=)5hCb3t(tSClsN5ELk~uhABZ6=$#@)Y{aZ92?o1nW8LH4KjA8 z&EQlauIVdgW7#EOPbg)dxpNk3Yrt`CiqqQACVN++#7vF2Z%?a8d@;%nu26uxEZ?*?(34<~6ZCWc78V-4egx{N84>DrS z26V+UvANI%&ynUNu4)2NA>=35J=N3Gv*7brxEkpgwYh7NAuKi20jzkD%GiP}tx^E_ z+1)FjT=xthR!?BbK_*=kqkhFAl4Th)d!sX|o#8VsysuTFzL3bS{*LRxQ>nwpQeVZ> z@myL`QDR0?k*0@eJ2{Kb8P?p?xz2U7*=**z*=&yG`B<}=>wK)Kb>7T%$Z>SplTdNM z#`wfhQQ4?AkPAbW=s%WJ8}%^pRcE<^dA@MGaItCufM#~fM!XT=3AAn~EHRuzW2PD& zY%TXyN{Q>PD?-On!alMC%-wInPbed9Ah1o5BoW z+6V&*pa>x`urOmr2p|@y4EYBE2u)*b20`P=7ZA~&y-aAjTo5QWUu9%#H8GmXxkShs z0Z~zCVdRn$McCIVFeNbTVnjwDW^uj7Lx;(t^WQl?L#7JZvK1%*_{iGdtbOz`Q#=X) zkrbkGHRaJygs56)>G2mAQiadaYNZvknZ%o9P@MJF;>`2h+*OukW`Fm;m`2bsaB^j5 z_vQOdiY<$1w*@m`>>F-r$_PlYU3IJNJ}CPT^;NL@kRcVBDQN@rV`JVcn>U*}&vmn@ z^So(7@wsLJXBtNA;zEjuZ{5d*KGbo-Nk|%DU%g$lc7W=k5kXj33NcaN>LmJP=&Z>R zg*KuMm$)raB8oH8#5Kz;4q7O-6mxr|Cflx_JJUA&hpqBh>NUDLG-_puMt!0RRirz# zI7`QDZG-xiUI{nW*c>&9G__x>%`K4$wo|EI075xE)VK1kfl#bLTUX1LVm-7FR0avX ztYg=lGqy}141G7uV$IS5b~^3O6>TR)nM>Bp9D%l>N?zFl^T_R(Sg0ddD!v#s{9(Jw zEneo1rK4Sbmq?MD4^Zg;QIC9kJRLahL*GyN43~$vv2wyUqTn8Z%#|F|Wa|<3B zO^AnC=Z3_TbFOvXWJ_OSbo;*|5flP4aY{o`U_smb1PG99TBeC%X$AzM;KQ*G0YGc* zoW4M|l%T03h#(9^fC8G4Z1)v*ow1!8%Ot8`(6PX@V?hxR4ZbD@K%o;|$(3j|byH0+ zRGq`x?n7>-1#oryBfMwjQhPI(K_8}9l-G&i_>?9Wu$aQY>wlt45joGQ2xgKjabIp04 zYg5L9MQcl9jche2mlX)WSnNv@I*NF}G#KpiO4tWALn@i8K*UAot%lIL!40xz&y0go zxjY|<45~}yXmu5sok7WE^}JC1m7yj7UfOYKq(JnRQqkCG?v86^c9LpYOaLqUZ#%I# ziz!uY?8uhbxfL8&+aADeG|mT~QqXHl=`ln+a>FvuNWI)tV?X0c69aHDzqQ>&qF* zP2t@1NOZ+JMTCv5X}Y=*A`2+{lbk6=);=d~AegGfrrf9PGbgM8 zNf3ybO-oVJMg)n(Sto?#a+D+##wnEew-x({YP43Y>8T=dcCv_2sX%N|*W{uDNm^HX z7RPCm@%f2T6LIp|WAtWbp0okZDBHo>npNP8HLMVabNLd+NYl>rG+PDxqQjAe9>*hU zc2o%)da3<#g+K%-V*EZnVbSN+=7C_;%S>#fg- zm~CG)7h(F50T*hxN7b2qv1W)+_Ab};Z) zqe;ot-Lqv@hTFvfTPJDAIKJ8TJ5-y(2mnz^LgdA*D=Jim%o0@BMnj9cVUa!634Paf zj;KTInuO*^+rSP1x#n}&aqbG%ROBo709*Ci+d(b`2}nQaL`SO3JUT4Vr151XbcQAPkH zF2&LI2D9ZtT`gGz0MUZV@@avHwMH_nqD2Hr5S1x_AjHg|5Cv^_7XYw2ftZ31wq`=y z6djFeZCePKvoHrbk*8Y}E9wM;5~Ge|V%t-fKrRGFDjP*jghR^4K+6ruGvG=b0hE{r zVxh>!IBi+fNDQ|&X4RIA&X^`6Hq>YO!}|3U|aDkNiRTVouLQPms;#9)Q@Yx$8 zyG~7qR>`$Zugq-$N*Nn#YL;B*TC=d^!cmt?+c?vsW>f+pGBmjWtEL!&W^KzLXj??D zQcpJ2bLT?wAUl0R!FPwU5Zdo?As@|$w*%+6%rA~(Rbc0CgrKErk#1{~&?UE&PEskw zUKExP$lNZ~cG|+HchnS$2L;}|)a0?mJfrq_T-1W=8g^E+gpL?PE>3~*{@S|KEVi?2 zu@IuH$uxm-3J_r-tl2I-6tRx^9DL(uOCb#Hp-UzE|s5t04nb&?@cq?M zP#8dg-yU3YC0bsgDeJCHwk7MPW(%LpIl98@rY$9bVqikW%%sd7YhsmTemAw?(WW?< zl0aY@U1$+NP^eflDKfz-Bt&6A(!ho#1c<_5eZtIOfRNEO1^{94tv9R*1AvOy?96P! zmSWW@)0oT$grmqh7UnEO%hpU{!P*BAa~GfvJ1f1D1UjbRVX4ni)SobpaeBwBooHH@ zXhEjPdllHCDy$$r9uLB7fs-B27A%4W;H;2-ij9=rmzbqwFL_&wBAy-CVo(m9SaQP$ zJ$waNRL}SKf=Eb9w{(XhjdZ7iw1jjwEDZ|MAs`?v-Q6s(G)UJj-LNzZ(*3SqfB$!$ zeb{|2b7$_IIq^B?%sCSo6sBqFj+U0JCuaWN-17ul?3L{_Z%ZZc571ulkagw3=}~j| zjTFcmFLLPLdvXIvmRCC};&!HPi>=BfZbBj3pR#jl#9{d%%jstB==vUCL}wjii3BK1 z=BM)IZWj5w$j>JCB6dp?e=Jxivlijuiww^EP&x>m>*0;BWc@I$R)wXtzdS?SRiS#_xr$Z zmb*|$c!4Va0*-QJ3i9}}WMKuK`KW4MovHlscd3;)-c2k+4BFz04-_<>sjcBjjxY4v zq{CD75?vJLYo#k^MD6OBzi=}Ea&*Y6(ONxykDSX;tQtj(Di@q9(+kBirz1RC49i0oSp`wO;+OSDlB}~i!w#XdFIUgI{n>Ax zGpV$;L8qOp`bBGJl&J+SL8 zD^N~Y?#!B$9di#senqL5PFpZ_&-|wjRpg~XUv$BK?73kf!w(hq$@{21i3=Ph(v&^c z%-xF$+i~Is0dfmZ6{`4uEOPvDTPf`%$lYz-O;_j2EC{wU_q7HBx8Tcfoi6=P?{OkTTBb2lo-{I zf;MVKuoiM-ziA+;~L=71UUb&T@>;m#D6sV$*6j+;*(!4@h$NNom8QM z36cmV2THVOL+PI00@zOi7k|O&x$YqGv+(po@3r&K%5~H@B8Sx-9b)786*d$GIc@!y zVG1l&gi4%Rg@r#JjpqXnZlCv=2eEjMj_$KCU~pmdI;S8XwXJc*Iv496bNW?Z^F@&B zC@uLhbCpoHYadE!0ETik7fLYuntH41a}Bijb%lry3M#=&jdkDiQBj6}OT3}YbpZ8# ziJksrOYoM?_Jwv;t}PKnm)$`sq~OKYkyKd4zC`IR=v(ZRxv;j8HlYIL#AiX^p)Kdb*6=*%#iY7U*E#l`1ult!ZM(}|zHm3CG; z#E;H<5-DOXu{LB>xTMh9uZaGsdh!H*F~S6pHV~cZZ?$=!9k-p0fgcaR{IJ48W#;U0nsN9SI!pvK5l7QF7RYnKnc#@c4zZ4_1}cH# zBsWrKXUO)8;Hw1Js02JzTvg%?OXym z{c_532;Y7qQwbkxsTtuj<_|C)^&8VplODyEc9YL8e5((CPC?a2QHMBR^CtjB4s4Fs zGL$OIYwX=VeU(}PJdGT?fT^Zk?AZbQpG2JGwXh{SF!K5<%mKgIxLZc_JUkPu7h|3)zV zk{I-{W%7H2V3G!m1ULI%_uuS`ONb+pY)sE2s|D*ge&GH8{>Xsvty6rZ$_2T+b@m;` z|9dPX0NuzBHm#2O&UpxA+fAT-k^lc5CrV=mlJxv6F|rebi^}2-d1r8N@Z^Mt7ktu< zS$H?p*%<_FEi1F@k0$%ws`}q+CC+VpG&D4H0h04P#|tkONjQ3*p)US#UKRLoAW!4} zBizTw$LL{S2i~~oSZ6h!_1di8&gd+SjMwu1vI%V1V@eH;Y`2LSxSsFzj8|CG@< zSftkeE_gAPqE8vLqhb`rt3ca7zr2iX;xOibHWou6fP;;#nl0u(^n+EY1Pxk#2T8Ny zkDWLhe-|d>d)TsgNVe|)7HCFfkgyc|O;8-9j~mH)=Swjr0^C~$W(n;+iJpzE^NOSq zL^%rE%%4Ecn7taiaN?f8pN#ewKh=1xO+CCAceyi?UOokeOJ)ULoSZ-)6n+svP>Lt^ zu^_3?4Qva?Yjp8N#=B+gGf?x`R%(r)udlEF&Xxnp7-C-go=|LF%aOS^r76n|e=dzh zL1adme1%AW&X0iWJ$+7|w7?x>+!YG(#}0v~$8;kB9v7Dey}2wkTaW=E;8UJX^{s6LD#COQ&#zt*7g@d+Eqpmhjrs>sc*J-aPMK!WluY3 z;6oa_L$ePAc}y!m`C5%V-~=L>x7)^#t5J^uo0xfSutSjJvSv?D&myF~+Vr%utuJZ^ z8;ipTsh`u*{PcxxjhD%!s`K~_nvlATmw?|whnA<#H5gN#!%*^p;)tuHk7U^jW>`1$ zL=~$KbU3~~_5Jp`1(wzquU>T&#R-0CJjb_r?bgj4#zx{0fE$-5Xu64WAvg;YTRpz6 zppoB$6GfpR?$34ShPZjWF)g#*+2_Z0m8V~|9D}YX9OY=MCi6AtS{gwz**h|a9^%d> z7S%+7NKrZ=;|*C`1$hl=i3EYp4l8A3AujU2M(Zj+xmmdtw!PJk_62e#_gqsPUZ%(u z-rlx8i1!TBI=Kk%MY(A+G5jUt{uqk8+uIJ`f%d@Daf5#HyH|Wz8ppMoS2Q#ocYBzZ zqW)c3MPOi+KQP^PXv5Nw7w&BjJ5}yDOJ{~2HOv|z^69C_$WpIU;X+Tpw0pe9haMbB zsXKhc%60uF{(J-C{%zdB%2i}-K3?;RJP2y*L693dVwoj(XqxT45bgT7fSqI%WNCde zB9cPo^_awN(zhX7T@K}~*-*O5tgW(nguu2fn3vscwsV?V^K)9cLoq=}$*bmVzRGH? zd)flnPVIa7j0JXQ15WQg;d1gYx9r@r>(u+!jOvtv3o2rd~ICY9Jn)mZ%Lc@Tshzu5lpSYNR(7H1Qt#)?WN5Hw15NyH4@JhK`k8 ze}XKMwOVF@k5iLo<~1?r8&8m60~rJ;z$(2vEy zMp*J4YHejI>YJiVOC3MIr$D1ys5;le&iU1`f4@tx6}5oZ+0M$XPT(W#ky;9n+wUfN zT{8^7KDu3RzgpSR0k=ABFuLtvoTW|3<#P4Kj!`zgiUr&_75YNJJ!Tl_ptjEPi}V;# zQ)N9IN(mlyPKA#cJHIUd#5V)$gBq8#S8Er6)& zskke^e&dIm^t(HI(>=Kiw_}|^2D&=Sqx0Q7u(wO-8bg^iHm(y5fA?A{5C?Y^Q1qkW zFvkwY`PD*hGEF32dH+1>OuWW@yI>Xz+t6)q=v2b>&F_iQq($Fi;~BE4Px96@JFk|)Ug*j)3jf@Znaky+=M~~}?tXQC{tF06 z6IJ6jh&O0)+3Xh`M_Oy8sodLNCi|q|who8a4+BVND57z$}SHV>xc=`qxf4?&B+;-EHo!&%FMfOFR%%8l` zopDUS%|axcD(?`#&CLlrejOc_vzWZf8?Rg%;Bw-DCM@1J!I$E5VS7^it@?h5Jw@7J ziE_!Qa(YF3$!FS=X1o=%%!8B*>@Zl?j|p>n_y)ncK*@q>kA2@zWWSoaX<_0qJp$Ka zlOa23OWsk;M@9us&YE}_#Q^KO@`%ScjU?o8+czU-=l2iRtS_d^`-01sKBA4k{Um)c zm??hXvZL|o=3lJ&-JcE=sigkNW~cF2yL2Ud z1&9YyO^Cet+iE{=!sI9S=7;tL=pP{hwjR{#R2;QK)|#j(*39quoQrr`w1do+kn=xPO-+kMqP08u2H_ zGx5*k?nBaOW0`}D5I>hk$gopaoG*y7A$%GA$RnB6ZPE2G$s7HAubP=5AiK|r!zp`NECc; zTJiN#pw_U`{I0TVzm61$^Yho9c;d0mz87-6 zv!XIS^KvVET*g>7#EdhLN2mm3wUIa5PxGi|F>+?htsYG)K4sxQ_m9IUU3c;2DNj3} z;kpOxWV z;3?w?6%B%HwnHO*2X8-c3aGoR?pcW+8f}V4XgNni9-)_Op_Qq?32Eifs?gtVirmoe zU_UZ@$L~8uB~P{DQ4Cc-(SRq5u+=~9;HR7At3@z=+`IkicbB9i026a_b4aQ29fCt) zha$9{KF2LP2>g{c3Y(~F*TcojMHFuk>mLYo^x)l*lZ)Y!)wAT7oE@<~6i$?rlMCPN zl81`ljkv9qJ|Inj?_JL?e2);Mv0%@yO54fMu((^mp0eV6v8DS$Co6D#sUWy|V<=rs z-`T^5pL_om0=;e(5Ry>`1YD4-gK{P(U!Ob(Hb7C;k<4@Rp*1x%m6erYG`@`>tK?Vc zU(s!oE03`vTJZtj@k17t?m?RZ6vQ#g@^7fE_>nFMlUlarH(*F~&>CLy{6IzAqri#bDJK+oCD94WF&`jp_+18*8V z1z)^|65p+u|LC*ye!?7dWO84E>v@t8y=dBWOTGW#b*d<|=*w@8d)grM*bQN%*Bgq3~M@Vpno8;)$w`-W`a$(tI#P|$Sn+=S7z&Kbkr@;@6 z=|a`J!=_n8Mh-pOW)=}49-@jwYWo3)<=B~MWm)?FETKbwD{NeTd{XG*t$%c$f?{TQ@U}1bb6F&9>zrn+gu8(;5)eN7I@MPxvnJrJ+dP|k5DDG9o`wET~G zO(OJk1wX!uhUy3Dge}w57W_hjX`N_i@=>#YL}CPEdR@S9k36yvr}S#nWib}bb|=MPD~ zR(0QEI!qkgqyztqc6o7r?hXXfc)X{HWO|k=qoAPFUieg_{*>L4mzNhO{+J$&BW(Ru z%hpZ=Kq8z+tgk!vTr(?hw{g4Ln5BQ}x0QZ&<-%=4VVvDSk-~plpV+@4J^rL>7nL;zI6!0@^ECfa zamwo4`3IHND@*{Z+^B=-fFtOLAE6Zy6XVicHCAQuSy`@XhLa;i%435WST7r4OtzO5 zJvkjOspzF(J9qa>?}*-Q^R7Y{Azs((VVCn(Rb5?2&uI%D>*YB^wwtgknmx9=^I$X$ zc+}*j$lA==^K#x8YVrTg-Y60-ho`uR$rm${%DeN8#7Gw$@UXc0_Bxn7R>WTtKGMOA z(P&Q|>{c1LF(@8rvc5y3cN&GSAyxla;g)stXV3T3$v{{T_1!i%JoBCJY>V5DWA;}` zzRVA3ar)@P>MibwsZl>8Pzk$J`=6W_CWsXv{<{Jd@XZAnA!{7t->qjVTW4)F<($#R zSs=!f?VW8u_D~nQ*$T!L6SNx3;8pXw(_?<@@-L&ln}4QW9%w{u&{UAqII>c4(C~1( z_6&CUb_RhO^WrM~5jX=!Xlo5YI8I>HjI*i^-@UeA9CE=`vTU7k8c|!?46xrib}(v( zb{68taxfq2x>t6I_;PI`DlzsF3c?DSN;L6y#}0+P{cC=Ytrq^@E+O$@)Ag@~AXM^b z8lR4lcR|?5W~|6Df-N)N(;t*Z$Ht2N8KkGH9p(bH!T73v*M>q72O0R&5yeI<>*oC) zZ+2$O_0C3k!HX6tv&Z14#}c*o|IuCQN7s|Z*lQTJG3esyDI#pFPEFip)&FX|F)Bwd z>G=5g;d0T*-Ti#8DBGyc5*r`?!{2kW^706?M6OO{6yYm4UP7dBTow)_{1u5EQCn_j>Bh zmwer=WkQyJOstq7crJqnIKRLRO6W`dH+20Qp{~nh)O4S(B><^^H&1m#2>~dCc0gjY z3=F}4>y}U&E~^+;7(_N#DupCS5YB|ym|e5mN!gf^=8at z);RFirl`Os+gxKloo<6nN)EXUx|oR}lBhy`vt#^j{sAh06L2;?>^WaMt7UamEPjzk-1mr7Z;hn$1RB3Z6DGu6`3O1w!ilvWVoGE$F?yZXU%2ej-MC! z;gUN)FFagvTSd+);ddx|t+aA^i)a2b_^*UQp9DoK`_|_JBilogC1bt`zd2HjeD-4B zai(zSAzS%dXQgat3#W#DGG_zI0MlK(}Ke27K10k zDOjR;?fx+yStc^T{HK)75L4=iMt>6DY=Ac}yl$XlGrIjV zocCBaaDdD=?yiC+^PvlTvl*znI%yT<+Vz~IO-A}A7uPU>L4?>kvN;=xrDW?;5k1ZP zPm9vlS4^((;uPuGjN8;_PwT1dxIpehkK4Vl#Z*vxai+mtpTOw6uU&`tX&(vZU1 zNC9NR!OGM=cZO*`KBTY6ReMnKyKaLb6T54`<5_kb|I=az5FQrm4~(jq4S+550Bc<@ zMI3}E$646Ax^|rm71mUr? z^eG)>?&ks=URPP0G&z^#YlbN+=*+lTSOUp$J~!JbU>WIo+udV*Q#b>4NE{dwux2RF z^%X4)id^2l3B4osr?V#A#4$sVSx^tVRDVJlG(G+IvC5kpLa~J(UzPHl9me@NK}x|t)Uj}I0&WLjyv%-PNr?r4?|~Uh<{5)h;iOE-C5_@f=yg@ud$*))KcE!mLHdBcUOy@rp_X!`^c5Ah;Fq=6OcawWtP z3O>dOzjxT;xdU&85zOG}wO1WQ)9MfZCO?*H_9%Ly*~Hxh!^PyK@jN}sc7;=4mn^2x z^pA+Qn1JKB(Evf;jD4;7&km!Uo@Tn~cg9<0+C6`Z1P9o}JxkKrXu>I@L}G*Y&z=m% zV5<8g1~VS<9eJG5lBW*bJQ^0S4HM~_N6fkqu44V#XEZEkI}7f(-iUh8 z5IyZB5dRY&mw(Kn$Q0bRGc5l5aTm7=?rl2IF*qbW&>w>}I zM+YH_mfq}SXSe1tq>8#u(84>87s{U2K}}!!RPRR;;@ShAp4H7AC5E#8-g+xk)w*BW z7exZ^Y-;v8-QbmDzD(MpR7%)loDb+_$b0qcM{Az$8Nus{euhNHjmQjdSgOe7NE)1-(WdpTambzYVNu*6zd<1P?MHELy8G1QcG`f^c>DV zBH>Axxsbo9fVO@Fh$$v0(iLR~+{QY%7y*|(c<`eL63P%UrxX++><^Uj_0@D1Mxy}0 zBv*GmVWP@ds_(ML>|gyWa`G+<@fCFzQDX}fr4q0?Qe-OP!F)-O8~#lpaR8%$Jdrh> z_cud)X3eO0`R(Vb4=O=_a2P;{N`eUUlsrc6 zuhLBw8vtMt({PHQgIZgu1FqM{11{@O-=yB;C#nf=|Iqx44&Rz98hPHVjMLn~9u7`_ z%}P66#rkC%$Za2^iTiYx|A!i~+aGTaKp>F1;CcwcM*!z}c7l*s{#T$?Dk`ew8beIQ zN8oQsv~duuOy}Wf^@-rsOIE4Yldsdbf}I6Avhl#Dz2>WEJpUF`ReqagLeW{SQZ4Y`M3jBL{^O zVrjtUj{k=Y6G+uLq5ul>8-G#3f8gyU3hlWJ{^#Tgsy>P|5p$}le~`}HZdCO%u?(#; z08t!N(4Y5%?LQ3n(#bWlSp$tWhPPBJ9XaDaAj_aQzw187Lg^tN@qt(Gf7cMu6c6A0 z^9&$T1tUiS2N9|K9}Er8V4>?Qj*z5q|1mL`mdd&QzX+uwGWsiypw8Yw^SlgH!9Mqm zkRP%C9x=fySks>G9V%)JtO_e~`Gbb=|KhTyU#9EJQ3;Xcg5whUy!Px~<^La~^^!!v zlO&eJ!kL#sLOJVNUtc$i6|zLc)ST?vmC%@b)06?x;Klu`{hX1>>V{q#%p=(c8f0Ws zcQk%STNETh6ab1uwK3l%@LcOGLGxX7ut*0l3JS+QGoC+ln+DW$0oxFbrhk8j%{cof zD&ZyZ zNO+R?00|_*I?;HQWmSgyC%hoM(P_!@Pew)lK7H98_00v%{0k}?856Y;P9l##o71=} z)dcFQoyW>k-SAhfKH$Z(NNdPMD&#yUqHlR3f3}2Wc#LIW)&Uj|#U%2*uzDOY?eK}A zVnpu`Wf8TwiUYZ1WKvt$WFoZ%G3_ilb7fWd1VPgHx5`pYwKb3+2q*HPNqc>OSi@bm zdu`)kMdCwti=UJPFLU3+Gl{*EseH&+vL~}Ju-AC@N`X^x?c79*~D4_ zI{L5hReQV%nxaH-0rZiIK$WLh;X_06B42vs56#_*PR02hm(JIu;{TiA*76@1aP|fRo!*%WWB-raD>_NzaKe64g^7L3IL*6=A=c~1pX}4!qO| z59#03eG8C5DGm_ULFH9(Xew9;MtlCtT1k2R>xYpURwJ`fEfMfnP1(rO=vBWO=io=U zb`aHZ#>9HzkJrC5UMfGch~w1gtKui-iJUEYaZo9zo^Tp7dtKgV=O*6$%4E6qinsHL zX#ZYJOv73#sczXB@g_PL8(y> zH!s%|z9C(Il$&{F`+aEelP)wSA8Q{o3TieA3m=nDH!}!v z%X^E2PFKP~KlCOkUIWnYN8jYgu;O+=s2|NN?761OvFW^J`u*!8Hz!H+>JCzP@uanR zRD>yyu0I_tX5E(pwL2u=!$D5LI_xuR@ zwbS>gWzo(k$$#(9fr8ybQkCB}!b4-(xU}$6BRN4t89abzeJm_Dlpv`mHDr4?e(gO& z9=~$5&pmB1`LR-aC@qYP59O8neq@)zri;sylmlbUBiroPio>Jt-Ri7eIaQ$kZWx3PC^yHO ze{cW7tZ|nE>iX^@|B^BEQCjUHZSBk~a@QnH7aD`adH|p$Wi`mY&ly>T8MUc149qWd zbYLy41~&R`nG*5x|YQHWA*UOCC?I5W!{IhJwfMKx<`cExDqh!pe+|%k-U@5 z)%rEfCpBBMuW6jKPmA|vvtR$j!>C9Ryxy1?&#tz)P9m#vu!I(J%eFCk%~>bL$9C12 zFG03KwU@fN2a+DU6ZnIPL^{n=tO}kc0mOW#i)EoO2lz#$0P(_*7zB}S2qje_udBs z2E?d8I$h4n(qLwhl$;5vI?q<7;yZR}ags*A6>efR5uNS%kZ} z$EzJy@g}Hs1*P7EK-2Fz7`c@<0$38T(U%0cD7( zHsu)Be)Tj~aN~^JbH^?Po>)b*V7GFbh;+=g;5n=y_g-fK3D%IbiawMXa)};98Vh*En7TE} zdAoR;&U5Z@ykqg{stFg?MXAvrE{qik&OAEObz*3C7gJdkgG1z*{5n2xwd7^IL{BuxDcNK4{j z>PQhwyX%(0J;Vn(WUUI`5nu7{9y{-x=n|POS%p3pY$$(gw(VnQ53jK1ddXf(D%;!c z#BX^;S}m_3NkuQK5I&^M_Pjz56HzCpTNOqr!{MB(Q7VaG5S?Vc_ZHBoVDo2U+Ekyb zKdW&GD$siBkY>k9F?6d~U?(AVET=fWgi8ZEH#)rYWo8H?$=EkU*~*?(iK6CL_+MNm z767y_wVYea7tDk>J}i&X8CJhso?{Z3=A?0r7t~M^8cJHPN&Rj2^MbP zVJ2yjW#a|;Bj$^>wH1*6Nl0FnkL!gM_w8Y{&XGXDlh#iQ><)yTgzLBV z%mJ@5QOAg!RrTwB@Hy7vg0sSieIg#z=XC)u|9VJ~!8;<<#hNH#{@zFtB1dqTjwxPy zc%Ath>e8OgxMBHnHHQexw9N_q=y+n$g0ERHPr7KS@_j1Pk)a%Y4KC3`DG<(5A+->`WCx;ptY}wq0j+3 z6wxt$NZQE`{A^M*d!g#Dl~;xa0{Qm$_ao|P)MjNJa~d?x*v{}xUZ-#`*KPHb+(?Wz)x{?D~jWtxw;2D}+wfqVIb0rx$Anbj;NTGy1+!s)prhTz1&_%>X z5TM?_N~$ClrR&raTX+WLD&?Q$cj(WGk#mC2=;=Z8$lpCV0R(db^MVTfdjN>0D61w@ JDP{8Y{{g;+Qtto& diff --git a/wikipiki/profiles01.png b/wikipiki/profiles01.png deleted file mode 100644 index c8ba7b287c39faa40038f6960e874fad5dec23e7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33003 zcmW(+1yEhR5~8Pu0#=lk2D`X9+d6!(0f5hIdD?b5+D8Opx4-{MDMtpSDm!c8 zgTPu+F+q4q^vqPqSW1ypML+R1`>LE3Ot&8L1= zk%I}!%cR!^3gH3s2`kH8K!Xi1X9(P10D|)FvV38Hcd1nPFoj6~7}q9J2Cx?aYG?GK zWdQ?D0MAx=PzYFM12`4+Z54pVcA$3}3$+OVp#hwlk>N}Lyf0urN<;G*2+IQSNXUZ6ZvktO4Po#1&LZXx=EdB)ngoEt zB>cD0UOj)F#;Bj3=8tc~Fk?IJL42jQwA_8!o2hYu0Km3Kz}yQfM>9!~2x5@aOEKLk zyuB%E;iuae+a^p%D^Pf}rhnz~A8%xf5<7nW+=D__l?J8WS&ZxZzu5Jg_3A%=xDOD0 zy1m}&-k}ZVHVKx8zuW4c{HIbzHj|7TX8CJBLH?;7_4SE-fqGEUvcrHGZ&wq?HC`q= z_KLfVI!Y>;X^3wA)p}=>^$|{dlMiTg6o>ImVyiT>z%uaY-MIyT%TDLMMMe-@ zkbUU(jMwX##It-M9S~%znCuDwrZTkbI^)d}BOm~fDGX+AlqCJvN5tBTNY;n&s}J?b zoIgy8cCcRxOA5t0h|JBLsWwE4F=DEboY|aX5kk(}t7#vR;)226ulo%{%mwqo0+ip! z*cFTnFF6XrwV+yygt3e^pos?&W`*BT^(nyP#L$ArBJnh-m6P}sxU`~mz`6?Lmtt

      q`nHWBBxkQe5I~Ms~IL~)T@Q-jJmd(`RWCa6D-?{ z%n$D+1-77&R4`C6P+L`~1e4M7Vy__!Aj5@e_A^kYR4TX7f5*NbB(mh@`eLBKO0$fU zfXjj98!0^~K#LP4&CSq}2&?$DRA(M%UT*%Q7R?cBRSvHL2~En_n)Ul8B%xGRFw1B- zG!Hre<$;nysV?84G(ORO0e}$`+amB~Vl@t1C`hAh9R3zjbIh^!Sdwkw&4GF{?j6aU_43aR~R%3k^L2 zKXfG0j*&Qr2#Ls!*o&wkQ>C1EA%=KFhf{#-Pv$`uW|p(A0dpI(AAZs}N}5s{eHtk< zhfY;>dG+sVRNX7x37v#0Q*HlxIb9y@-74h8^cvmjJdHovq}p~>B9&jN?JAvhBuWDe zpQ8{B2UG^srAsvnznblK4TDjwh?_sNQoTp7iTD)EH%R|=>ZhM4b7$r=d1s7Rbybm& zG>;OGezVq9s;valZl>#9u7?`(0b@nRRY3G_yfda9Cem_Vl@2Z&P7f8=@@NK#&1kfU>uA$NqCee!k|nt~Im}pxVdGueU8iBE;Szd8dMbKl)nnDuY%SG}a;9<- z6%mz@smZD0spTxb95JpH?t`3zoRyr-c5|c8Myzd>ZQpDZo1jMJhNo>^AH$7=49g63 zjZB*5>hkL7mOJY@E3hj%)Kb)H@|W!f8ZX+$+N#=#8~0Wb*X!Gy+Wal-ED7z}hw2AT zQ+}lQfA^1j7DGb+@)M(m+=x8Dy~PbrSWozO_H^#4g#XaL^dk;CgBh%uRi528+zF;Z zhdk|^1$jF{yAJoztH_ur<&X*X3~}}x(&3HKA5bNaYgdzPpZV*&oaUVVlgjmmQ~pzj z(=WdYCV2~(@(p?1X9q^5w>0|INxv92B=G`2ivtC&~R9BBhn4WR0Pq%*ug~wO9sD# zeZ2GWqw0y55MH;rY5I908C%#Pi7%NDQWvth>UWI%(PgBU~fkaCsKV zV&5WWAOMXa{7blgghaecqyfnsR|cQg+%IYOO_>LobeZ2dc3kR04Qxt$%;MGTj-qP< z-+8}F471xBPA(bb87O{GCKF<3uIK;wp?mY`-=r=+ zZ`vWAGS!-%CY#6C69sb5 z3SLie`f;|C+sY!8_1VY`_J7nm3N?wkdatAG;v=v`=pojMev58nc3M)eInmFk5BNdv zqxwGBv~N75uNCI~A5>kGy>S0OzgA96)D1WcH(M#Fe|_E~ z{o*{{ll3dLrK)DI!+OSc-u7t!H(UNYjP&Y^{S1tc=s(w5&^Ps3POfic*Euq#7}q;P z+oU^6dPKi<*;I^8Pl-tAl&Xb*Jlr!94My8a$Kn$CyqJzw!ZOPrd5jUt z?w7nXFE(_3bltez;T;+m8E@#(E%N3q1-kH>XRL4SHqrv6C%GLthoe;XWwu<7cJ|{t z%Xi<^C&lNMkAM3-$*)sl=JJXfdMjP&j5(|wg)F4lUCzYjrRDhtu;2eOUoUR+J+PYI zbi{N%`;O(YJumwjb0E?sGHrbM&Ev9ZeGgavn|^kKu$j}b$Fb;3%7XexXKrV9eTVV; zj#Hl>t-iLmN2K`z(;NSOcwZ2_E-&Q^iEaG2@^QW$y1m{c*a&cAc%Gi<{OQGTTGyrC zW%dtpBKcE#~yd+&GU`it-WF<^Qphx`47Zeu~ z+L3U3K6x&nJ8-ewnBzB;W|RTl%vyJ(oFGlyRAn(&OY;_I%v?hqz&VxPO?U zd+ak0m+3#f$CEyH+>Uq zrJ$t>06ug85EKdk_pfi^5deJR1b}0601(au07BftFtQr&@v9=K&6R7kn7aX|IX!GY zP0C)vGR&SjU3flxJXoC%PT`QqNUGaYp&kiaTQASE-#Ix*w1f9V18 z5kGqR(aP8PzWa{*y6oU2G>=l62=qv5e9OhZJ|Lt&F4PX=?ufavv87PA8u>DC$HE10 z4g>@ITTx5iyR7OX<~ehCcZV~N1&$~(M1qWSv&FoHp^c}@6F68VfbfVVWY73|JZuPC&pBRrW zz6r-IS0NUAs7CDa-M2cR-^)fr=m<`W*kqXAp4x3$VfS?Q%geRM4Nu_aj2K3fkB?x_ z@SOcM@}V1dUvG`h>fO|*u9YTzES_$VeXOGiv+yjJXb_haG7&ja5jL^=B4bdJQ|Kk9 zt)I33fY5?SLe^Q=X;COTsVVVXhkM2QZr?s*X?uWmK{`x$ebiPKFCTst}@s(2cf+M zCeXopdr=_~Ts#1G3R!0U0aZw~nm}S!6fz7p_MR!cIoKB7+nYWiGAa`qpx&n18ueVx ziH*(Gcz}(?>5cYxEU)PTq;ecES{dd?!b1W2Bk{C}?WncME(6Fti=~KQVZoz7WT>z- z3L$tvZx8?r0Ym@@6im%S4Kg7``H9OI#_5R04gidpFd-1ENJb)Q@HF8xz*BRg0zYYG0Q0^}ys6ml=;G_l^)h{ZYP_57ddaX4{^i}{ zl?@-z=u-Mt{Dt?Q+hqc>lnQs`3S*zMxwFY2_G zM>mpx-p}$H1B&0RY?mEvM+n;tyrid|Bxe|5K}n>`vhv|UN}ofJ`Vd0q&U@pQ6ob?3 zO)c#Ky(7$EEvZ7xRE$@ZWh+H0mv{Vt^C&|zCYx^YJVZ|qZ@wZsi%$$^*p{26xsl71 z$C*TnWl5com1(Ss4P;*gMTsg3%gA8(nno*dVxwG&QqRE2C)2}fL+F}t6|U)sCoShy zBMYQ4lOo}85^d=8gGR#86k-p9qv6{;Uov z-q8nu6j-a^meQc8Okn}?aEftRHn>q%*5E5uj2}ydr{algv6^X@nOYR3$@%nnQpq&> z7!=&2vY*l=`LsgL4I|*D2!im_f~t|8sg#1?ds(3YKw)aeC4lvMRWNSD(eu0EOwsGN z_d%Z5hKXB$yYbqs%^VduA{xolm%WCLWXrIpN-#Bu>PbCXfiPnaNw~hkO~XNOxf*AJ zTd8KGl6BX4Bx*01;s6s5gK>sP6!9H3kWyiYm^pU$jmJ9-)NL$XibT&8EETUyEeF6# z(M`iUN2SuxN-BIz9*_&fDOp6Cl$ji)D1#z*hn194(S>mFREVnc#V}^MWsY5qDtkvV zNlE_o{u_)%!IM-W!_p(I+1z#U1oaPJ%?fQV2rA7jypxTgoK!iaLb)G|BwlsLQuJq7 z?VG)_p=O(*;w%Y8>&<7dAu&gkle10DGS<+1pLb9=S#UyX zY3QN%Bon+0UeGtsjR$8;a;>`w-`D4vTjLkYgRrWUm0A`;DUdvf3ab|zHXI9at`O^3 z8J~t_(LoVChc7gPk9IVZ!97t_h%*MOfD;bnARz z^c~D6i6EP=NxifBRUBxigbce_XU--{ylb=$)!5`^LRMOyhAK)%{iI3m?^zBrK;g|l zNRl7S&r$IQOU5FPN6HX)+Q72Rv%{YSJCaW~RtTIe<%rv5#W(G$q3&$emt#%BV;M!E0 zCG*`4IWt74ImqS5H+qvA>KWxSEuD98064Xn7V8Z=+JgNYB&E-qfCCG3ozH9pKA)L- zZv|pF`)c0C&p1^*{0Z!t^<6Vr{gFwlNQDD$9BLGo?1s*b1z}Em+v#P;)Zlu<$Amu& zYPnqQZ7f=R2k2t2L;8B(>vsj?v7|uTf=YFI)M~u~_9&mQ5x7fOtw7>Q+?5f+c9|T} zMx1?Q=twc@(Sw7Cbuy6=hBZZ(l-F!pwM9J_*)ox$fm=sZRd-Uy2BqRAy@N)~ z3_aJSv79iNnw+R5Y*l>+`N69+>VM?5{(!xa;c3gh1k20h>m+xjX1JNmD0^4wFdxxs zGtDSQ(bB@eh++n<(gcq(Mv9tqp72F@XSGt}ivCRGCjBd)pfF#814E>#gdYpm+SN>u@Z`>qr~eWNP*iPAbpRL9(Y8daj$ z@*1F|syCq<8yP!1@&?Ei(F;bEwZTgfc??8ixEG?14Fl9UYq*7Y=CHPs12+v>%3O#Q zuIRSA8Hx6ATXZS8Nv-B6ftq4F-9$|h|n52 zJgR!^46jgU!tP=tsK^AD()9Sw%c*ovTI=kXg)QEpoc8y)*q0N;u{atkW<}C2jZSF0 z*r`N2bm=gssr<+NG$lIidIc1`Rz?7e6S+4C1E4Dt4hhl{O~FC`@=?N?@3t&^v{}z% zK&h9Wx@_wW$Am+*88S!QCbbU=#==T0?bB7zl^thNP*JGl_i(CJAwgr^!)N0Ke`eKX zfxuE3B!j3M55DG(gXsZz*NElTAWa3nh_d5S*7Y?l_ApV_F{$yK@nxm`#ta;?2~43x zYHXX%B)IHUpXei4R2CA;NbQoQ^O%m4rBmh8nxD7#6y9eTuqaF&jQ}1H-?Bz6cubM{ zrn^%KzOi1x*6{M*z)PETmUfKHag5kJ`>sPL*4JX9F>%PDVmi#|rvC2I=>P;*+LrP3 zGl=@zW!AU&w|$_|6UIVzT>zomD@=B5Ql+u-EFj=#V)|&A$@5|Z;^yLcK&&!f?4!Tyk{7iLDv^RG6kij8*PWx2p!p4CL7O=L&>m!SL z`URqjgyV^OZK9SN!YYuFN{9EpGL}d|_onbRt!~p(=Z8U|2J~}GwLta!!-d-+oGmm! z^BAA_#J@8@TEvn$ONRy)2G9zc7geeK$4xKU?Xl|(^%kGG>j7rd2=U?*t5aynI-(-u z%Slyv3^LdRm+c3#;B!Xdy+@~q5DCNL;Iha*OKFE^(j#YOWgT=B1GP$W$7Us?)ij8!dvU-9!_}X0F0Q zr9ic5#g$kfK#CY9D>8A^mFyCf1XJb+#w12$F8N9&o%uSdik?02lB(qbXXBnG_s-JO zgS-i8@9!sb>NNbf6P_{5+3cniT%t?5xD(p8s<@$&oCUF^!UD2-u}3L*nrX$$`nY%+ zOO|+L58TL*`^NF2U%bXs+6!wL9s3t((qY9(aq>0jE&fHeZc);6^?KAR;yShXnW(44 zaX&J=e@1q|qb|PQutr1KM?vHwAxi)w-}Ye zQ*%ekDV}B969tJnlyDiy-IlTxWa*@lJ=26?S$f?!3_tBOJjltv`Wz{qC1l>6>w_(4=$;>c*UN3V5eja&+0b-wrPzgQYhS@mc zGY5M^KC(eCN03_IoiKppLbc|xb|hjTwA(qzXAR61l% z0qD(dJ7<(~(TIU4S)Vs(nRIV4^!Uh|)Ni&n59hl?N<1S|iKCE=O!mGSJ*WJf;WoZI zK{dS_KqXXp*fTs?e)SyQe0+w^&$k)fW$Y_ady0;HGNGr&#En;G$M%*1#q02rS(@Mc zgOZi}#K$HK^GJY?jV_-Dv6kk+YJhYWmex?}SsfT7i6hBn0%sNKEmmq&$ffLv^A2~r5RH9p1L7#j=)@;A z<2hEvcCD7Qy!#|iFlm6mLF9OXPF<|p%lAEwXoT;@ICyOtef9awNjHc8`ADT3e<5`*(xY;CRdnE4Ou1FtI#bpdsS#%U@m$qE8YF`F{0gT+ZI7orHdm(Plq* zRRZewcq=zc8|z6gvET>tU};jrKK!+z7c0WSv7Z`0!}7IczqQM0`qy-)J82%7ub7Af|(iGT^zzWopMLL?GNF zn;HwUwuFF<{Pa^52$CT8l=8O7cntLR<<3f7`u#ew&alCoHzx9@8Pm^IZn@B!SWZrs zmx56-(a^!gLA3mk60JbRMiw_R{#=@})SXk<=Qnq0$Y3Rx+ktCdbeeD3wk_Gykr^u0 z$;dhFJoDbZgz@XSK!w%%1bk^`OM%)&g^-To{j^^95ozIbb!6d)G8&*R1juV;=j!#7EQ>E z6g}dBa(QogZ(&y`L_b2k*B-S@P1nwnh|8Rlmu2S`POkAZh245QP;XoGVZVN;5T#9% z;huaACiOC3k0$C55z^uRQ7;7#oe7o7mM{A^DK(&J1j2(21Mq@CjF3u7yuLQp$BKc6 zRIfw+$NYCGW7gbRxgHB19b9j**SVtg0t^vJ0ys9`N}rHya&IA-;QqO8?L=D}n3W9N zP)XQ`lva=Pbk*92$C;iU%k#5}o00Ya&#{^jQ@AV2m)%SxeG`!K7ZU;X-`^kHpF+_% zFS@==XLjGE=jQ}?9ytXjE#(RA3TUfw{O@dug`&9#_wypPh;zWzUwP7 zFyfZmxt-Naoj)jjRpqke}CelxJX z9dUS4j_1@afz<(L`ueX=4FHfa<#U{CWqfue4IUO&CEi#B^q4W&?$p*1ArT*n@V#(ea3>D4TF zx{ze@AWHZk3CIGPz3RLVnVqB&bOmbH0h7bxEkXaSg zD@$FhW$lTn3K|&fVnT1uYx&7P9y6pF&t^X@Z%C+>X#t$~6+MC$XAAB|MQ;AN*) zEa$o<`@tCXDCY|h#QlqA2wb|Nl^@d|rR!$Q`GmkX1>d&R^IOaj9sr(tI`i|5nPYKZ z1p}WaH`xn}y8fI=bV4b;o&t1VErX`s7FatJx<_N`ht=&)K4bW@ajJ2#)6w4dZ)ie| z4RN)@c7K#o{PDbLd*HzMYW6zt*V8(CPiKnVlkI0rv|F(J4_|Cg|4T$NFW0XZxp1OQ zSo=TDwG!Akas`f#+NZPq9G6fxd*0^dX1qCojAHjaRUazb^#eUS}6cM2qJ zh~1_n>vfRxZ9W6%t%UsP0Rh?hIo0zx{W=!}hMLJAHrY9;rV9 zGh7p^?%`V8jyTsI-A-+j2N9W1@#F;lyE01A}hJMQLUt^XP z;^Yr>`bp?JN+K6pzn6p_ruE=}D)Hxu4Rs2h?HlYbbSWYdMn0PbZN>u7N_Y~f8aznL z+RkGvqqD!ITJst6LI|GNs!I{Z6az^cCl3~5WCD;r2XQ2FhgucGld}0WdA!%P^{R@k z%#*6Ylv;|1#d=d7;Vn}I`YY*&JV3ZO-t%f`AV!bDAT-n20ZRYJ7=9g^$E){2Qd83R z+6wbnC4A)b-H-@EG@0jV6;*}h@*}1^89^{P-vO?~RUClvJ(JO8o#3IH2lgk73%oM1 zlv~{5+T^zd@z&R@rv^ZabmEWbK|4=M-;eiT$Ma%2UwH_g$|F{G7VA``b4;6O9)rC(*bQLUHtQ z=t#iz`kC;?Jm@2XNnFB*nw_0n%DtNX{59-1!@$k!Z+o)W)BO}zaWf(LQ)qDjO+!EB zkM_L~3kh%7fPniZH4gMY7=VaC!vjy(#lalm;qj~49{b@k*R#k+1MZ;h%p&zEpZjF9 zI)9h`G1=bp8B7AM^OFpTB6Y@}{u^AAvw`!s>VL6RD2{$cw^M%eMgxG@uInQ4FTh{K zpayj!S3jgn&%mdZ_Q!Zq*Rb4n;ik z(1fZ-bJ_h-iber)kGHrNMoCENWC&Fm4vi$6b<-zX>tzlg>M(-heb1`7vjXR#7 zg{l;54hDBG+-?yYULXId@?6TOI)3owbn5fVR$VH*l(~{eXWDjwO+;JPBz7ePkoiPZZoY(F9dM>Qn7*m4vs=kh-5b(q>lux}yH}x1m7FbKD_A zt}DF{f`ggCC}dG~$YKk$f2Egh4H)wWP{{{pP2GLqlg^h$cDon(ns$<$( zT0$&oto5Ub4iyo;q(X~HI5b8Td`7T=EiQ+iKrwVX#O&<+xZ!sVxd~}kN!g*8pm1p( zx_v4%F@$jGwe~W8@->f_?AtvGAoarzET|7zeq4|dUhzf~Q31pIFKG&OkX!&UkgB#h zuf(W;MGYqiF9RDl6SYvDxaJ{P>i=$;yHn`xJUqwL^yHIUAl+zOsNx05{B_1lOU=7D zU`puf2$h;$=-g22Mxo5U`%6zvUG4W+h2;HrY$K9i!t3OT3sXFR;n($6j!0CL=;gnv zeBOO7>>4NP{ZqSNuFIqg-LL(&=}F=uo7opq;olQkD@{Ii=5dlx=A8evrBCP@Z_hUx zwR-UQSD518B)-dml z<9PAn+h6WhR`}0S<6qvre2wf0{597Unc=u;_k_E^F|e8DEcX5O_F`bi~X9=&$nJi>d-}c`5{$wCK!k&tlp(VZN^bkfvfgOIn1NJq9Veg-^v{dGknKu;``@~Irgf9@h zY0tvO;C_<+4Hj4b+AgZUmXIZ83wy56LB@#70dRdD%;&#KZp**>aEjFABaAqt-B-tr zm!n#tq33ByK8|Coq>5$_r->CcE?Mi$sf+zBVaJiId5A=MxU|`mkNFl!3eZZ>`%l7~p6AMhhw%}wG$3^foAX^dN?cST_ zWn7FG&r>eJf8P=>x#)3g5p(+6<^B_)cy)s5s@1_d54{-o%}d62!all^inz|54(}P0 z)qw;aG^i{0E>}n8X5Gwl_3b(G0h^A`RLgxkr!!X?()D-G=V|AP4@94KIp5S@ik?Om zIKM}M_PW=;1ddD&_57}L5fkqfk)FHlT7fqJeEhNC^c_5>&!s>^E}zk9h_gz*#Kj-- zz8Ss+o5Kd@dzYtHn!UM&08wW@Li(KqvmbuPDQJMpn(A%5NcLUjI>+;diFU(hqjXa5 zk*>ZIIs`|KKz!(wxVp=h+3pyl>kLhh=g5o8e7L|biEAIjg?8uf?fN3>vauDkaB!U7 zw02sNQNn?{-}@RSef@@OjtRO2w!cX;?s+rKC@Z?9s7RZRD`R^@O1t9Gk!;A5vEAah zQXs^e4*0K?PXt5?*)p(Js)>y;FstevxKRaKZ3aT(Hm688S67URIzDg{m8ys{S5Nn! zw!cJXnQAi|yXNVItg4~p4 z&iQAi`?28S-C+q--K;6Aa#|s-l8<~cUin0J6i5}edklgXGGT6vFU9N6EE32pxtZ!t^d)O z4!2>B$};_X?W)oPMdCOWE;?~(tS?Ng_w>A5q=IN;2FgH#{FsnqnHAZzYqx2vV37R4NIGS-B85csKgBRSfy;9*BU z7#v$=L$p(gT=EzDj5&7B?Q2nbaFPUnWb~9^uYyXUB5m*)^Opq8Oi#aw7;)P$Sk8M< z97ZH8+gz|^&ZqCJH*vJI&-PQlupI=*;2GgBP=I81(F7e{n>Q;#c{0o{?fbWjHgj67 zs!x^9xN;ezEVFxo(u=jvfXnCQC?Vmvso@d8CYlk$A8(I%oB%5Q2Z`39xa&;`@putl*TvL52j!4$nk@a6cvPGD4xs zMZ@mD1Er!7acF!Wgx$+NF_1Vo0a{9&7s+p}D%1VPUhX~bx78f|(eeHJ_bH0%;hxG= z5iRT$(yiPYXx5V{@xk)2a#~A;7{>?;Y_q8eP_S&8gjD&El> zhdX2AZ~}heDx^!(H6feCYuXhjM!}R>(n;mxtsVbCQejg5be?g~4i0E>Sdh=*M_A^Y z-HCNu(Lpu?%4ozG|ByGMtZ7ps;~f@bF_KXkkEjZ&NeLq3)h9~Y_alE4`bTFi(V#{P zG6}Fvm7zLtjlA)}tTAlv>Ne{lH0pdZgzRdM3A$(7Y)uwpKTn1^_&zNL4xu{YEr zjz-O7CrEAdl_Z7fKqGOVXLMZw0*Qbv8^UpLz6k9ye1}h!$mDMr5w{r-p>d;nW?l}1 z4xg(~9--j_*@QJWY9WHGEokR6v=&(_y<{jY(WhvAQ!G!eNw{!S^mBT;Z^7Vmji(qytF zpJ|ffH16294^*@(HTIU0Sd#{!@)RhWX=zER5Sr(x)OT^VDlpu6_}pI;g~^fT@`Mw@ zV#BnE8+9T~%OZ~q8PaOC7`@efVehoJq~N0no->JfbA3XH5NHgIuR?Lv1%nUX;= z+m%FUpXvcBYpp)8Gopf>nLJ3oFy>I*|MKixFy&Dc_4UqC_NKLn1I7`?n~nqPUWXbi(8ES zL|y6q81C4@(gU?8GL8t6(haCTDSD8E#ffup0c-9PZ*F$JUzUPaQWp_1@o=9;7X&wj zOxQJmCE%m3qB=!YN9UVG@lq>aUMnz}J}32nPFwL(;YF>ggM+&w0GxWBy30tP0)qh~ z#r-WY>ox?-Cy$nyjH+VuWBSYEAez)6NFnV26QOD3(sz=%5B>eCOTn+%0^al^-?Vx# z0>w6?9(7hfGD4vThHX}*2D*f~R+d6p3f}{F3?#vDl-4AOwqh;ZS?4-ScK;j7&TeU$ zoK}t-q0T**^}dEo5jwKcOA5P?8Y7QqV!a5o1sh)L{_1zP>gX$&DnvtZ=b9UiIx!sE zy8EZODdn>QKKVN^8TmTSvjWj{R5>25kJVE+I_;bbca}_1m~=uImQ?91_WTPAA3c+h zg`mop$q$}rNqorE)CiCD%em<{FbkJJwFA+{{iD705&CSVP_5K?-k4QwwgV9y!;vJatr2xpHEg(F<)X+{b$elcS`R`7)O( z^O{l$A@)~>gB03|N?rpuMAPZK6oyaq)HkCv9Fh1S22{1j3@YV)%-F9n7S`+~DFzGoM-rs!t7!$fW!?BFn)sYHtrHvwzE&?5U? zVTnUpzanKuk!_FLQPE;odblZNVKX;G#=h#kK(uT%F}T70NuQE67B3E|M>+r6x#(7v zd~&qdvnx>*UBf}pMAjUhL(r77P>z{h{zzwqlII)w{NeA`$a4|IV^Nu2!nQi0_+I*F zVgV1Vy!IM!ZR+`8bX`#%9c!ww5=U zPg#!YbxB(l6)*!mk?0hc2fjh0+G_M#PN;5ZG>^muA%%R46!yaX8V`Rz4?^j*q25f? zdc`q>-H&TkxiWp}G_?UmQrN+etVb7CtowMo1 z)^Ml3Z%}h*&c;UYnO_TELt1V3$5BACcYsUBLCRJ?5`bKdX^-Oq^nCkzjIExRnaajxiqFWhehW5Ox3RgGnJ$!%t8K3irv9m zU|%S5@Zp#uSJ5RWD*67O9%?c}q6n%tpMtBdFKHw+W4JQ(=ab|3H> z{4Ewdmf?AMkTR`AN@-jdWyqBlaH2kGEvr_ABo|OhUfCpqscXmYw4cdLIXGK%loY;3 zH_Co*MWAU`Cd)%xVKVBswT@T1H@ZNcWWsur`iuq`bmz#NILQ;l`mMAniz*OT)y6dx z&0es$BJsrcBz4m@zIZ{bTitZH84i{j+F4mcQ}V@eWg-JR0DI0gR(2>Ay7%>F3^iS0 ztM`iGkN`!ILefPwF`RyolMIDKQbjr2(e`=4T;=8#OC%;W@rbG}pNpb)+|?V_QkeNH&8u36)+x-PyX) z;`LL_OHW^gxj<`+oQcv?C2K|DY>a&Rvahj%`e;1EIP=*a9p0@*8gat5rdd;^%2|;} zKOui0$Dm3TNSwi;ZEh!3#(2;}O87Zfv&0#;5O$b}My_9D$tq|mbInFWWcBD$Vn$(Z zEqL&^d9Bp}SGRqBv!wF0-;n%$;k4zpjLuwI<}SmK&~!D~rS0x{_oyP7;svD|0#2=N zZ;?*kz8B17Zbr5?Q|Tr#kMMr)HHRdb3l|a#PpPj^<_zq>dpfB^tD!??l+GvHf9{ie zb7eM~Q&8RD4*^6laVNbLcB~6!6}eKUBS)8-r4*p^Z8KdWi_X!dg zoeKOxL=M?JWvf>4ffeosEL1H46i_X3C)M502gl!$IRpN3$;lb2I4?T4US$5G{-lp% z5U*FVZR~1mPNoY<5bS{XQ3w4zE`IZ9H|zWOTy3apzI~96$x3*z_OZeaxH%x z{+mEovBJAs#AF3LWeG-LBx@Y#ptdk!stQ5 zCWDrv(A-s@VeGfvD;fIwZ#X+ra7T*KACXhqVx9l3^N*@$J#YkXbS?Snj3(rKs9_s# zFa2?CB!=hviIIVU0TjUCASqe?$9+)F*7p|Y4Y9{gK*acwvBHDn&3X-OiuZutKcMW_*OtF{$dvkjvG0)PtsE0 zJ$74TqdojgB^%v0BIIX5kX1ar!5hrdXkSQBRz^S!B{1Zf?C*OcPQ%G+^ppgW%z}yir6WcFDa&zd&UULt({0C`DyZG!h~{ zx=$hXfwnt~Z=vRa30dRt!S8|&@rLxDyKIdOBr8*FHyh$xj;X|dQoH>OP7g(_RMQ6k z>?#*pKmE~dNZ=UT){Hggb#&ELv%!2Ct=eVJuD%fZrBnax-HWK9OeAK@V`Of2a<)<; zJHd5?yD~0^J8m9^rklJ!_PvGhn~%8p`ke! zhObncme~lar@~0m0a{i&s*sTDn=5P)#(R#;#z(jwU6?-}`yHFvV|BI@j6@Ir-C`py z!Pw(%bds308aDK`py(V*o86~TRpQ%%ZK>^jo7oRj>kHTLdpt{I$t3eW?+S>Y_6kz9 z!yVKa_OUC@ICHqDq|Iy&)3=5x6`bww5I{Z1EYxDljb86esUA_Yj)HB^Qj9-BfiYg9 zX>a-{dh2XWV)s8L_iIeg+#B0#m%p!Ss`u0TqLH7|V-rc1Ei^!m>LFO z9_Id5o9;gJf&YpTBp8XjW!BKs-=!f$2x`@~?R$Dl9x5S-VDIwrwVyw2Jd1Q!1^{OM^hZBlx4AX+?b~`wE1_5t zz5Sl{%g;Z54RJQv)3Rc$7|nN{6{9(S^b<48Nh;&NLS#sT0aDRP5%x$~j=ePv2c9nI zsu6!|)~X^?&=A@*d)RhqwCxWq){^e(Cx6}lrNOVlGZk&K$3vgC)GpOrvP0o|lfiIX zq4)Kx@!5aF)X8hmPN%5Z?92<`ee5`53;Z;;rkSD|st)(oecHLvAslK4Y6Ckfn_oS+ z>m_)b{K;<0!#$?De3ZkyIx=ViC0|?l=8VS_3|M z1v7KM*Az1iYN4n(=-lWnv34Z+#!DXrsZ;RJ{BC%C?8epFV*DhLMziyd9x@MO&YzxRvjG zxyh6lDHzh`Fc~54@9#uw>FzWeZs~{^)a}n7t9e_yIKP^$JgiR9s&HzISOQia0F;K+ zPn+#EXTv-6Gy9%M0tOv8)DMeB1ek6V+4Rtf;ArHAOj!aR#D9z&-+mPMSE&e&c|5el z)q|eX3lvboKKA{5`J0lmX?s@L3EFFR8fypE3x`0*Vd*U0@lUJ`LxU5LhA zyMv2~h+8+@8xQezi5+;XsExbuF#K8zlkFVS)nnU*-TE*0>rVSwBa%_s4&0wcyE$e- zTa6y3_m9&CS3YBXb2=SjZ-ViAtQLQJb*-*w>V9X^H(hj-G48ilf(oi0q3G2um4r%f ztBkLkPoQu_l&<~CP3G~V~OW(~P6{C!x#E6TGWLwYu@qXbE(L76O1A3e@{y6?Eu z;A+5$X#vzh_vXl02-ybp`iLM^l<8IT9Lx@*8HF0E8poG?ILhA9LK&(wVc{+psg~C@ zY;q#*h-tFt1>kW+wqS`0!29#?`|1`RDXL3@6I zRQc?r1Abg?Q8BtKyA}3aIz@@s1kc{I^Ii*iI9t&nG~^rt1c9dzTW2JNK;6$Ya!UUF z->z&F@;}oNBJJhy;xlZD&t|_ltvY{MQT7}Uq!_H9s|_tkZ45t>Lsy#M)4Ms>3*W;q z4|pT9Vm{cxw0yeHM8tmieC?KCWb*0$76#ku@h|_14m|-q`_!y(3dL}alxf&C4AlgrQ7mk=c)(Tt9c4o`+HBx?J9OE!y# zBnJiF?FCBka{4`fYEMP?+d-FNCP*|5&?h#Qpq+jX-ZXO{fVfKnPvtVoHXsidB+Uv0 zaFIXLudg|RlqiK3>}o||Aj|m|fe+Xe+lJqyq*5t~lTkZsW?&jA>zcM&yiE!W6o(>4 z@&8U?6=G+!7ZPv`>F0>(TsD#coapI9g49~@y~v^cnd93k<|piS;u}#`%Wtfw_roRw z0t>!f%)ecXtU+_($4L3$q1DLy^vI~DUx}N+7ljFahgQ&z1i>kFVdN)|cJHT1@e&aS z0f9K1emaWgfZh-TQpjMU>HB?mvjK=W%C3mru#>ziEN@g#Sk#v()dKFuf2D9l4e7d5 zijA+$wDxpTGVoLc*+4kThsxuo0iUSd1q%6^X!_A>)$3Sn1pzB^;M#p}Rx*o3%+^p9 zozzqXHwhQzJ69B%X>$30=EinTDr@@#{df_QDgy}055+H`=d*gwyZIuXU@B!#&pZ0^ zeO%8XR095Y__j!8V!n83FYkHl)e~jr^VSF>uZzI*^~__s>%1Bvk7MPU{uG-SR33{n zO%AGku~iqyhd6*Nz&5YZz$9Ir5r}uZ?61a%lq{E@`jXu5&R(x{UTaOKY(fTaBgEsR z*zD(}OgSKQi+M=0w&8QroE9wVR2!_dcEKedPd~tZR$0s)_z`Hea`uQec=c>K4SctT zcw&yw<^`xe@O0R}MQyK3dXJnN+WrsMTR<;CrA=g&90(Ggs=?Pr)=9euCke(f9URHHOyVOF54 zNHiHdS#U1CY!YgKd_~ zq`#}9Td{q@WHa~KD?f$xl`U*a#n|!cYt&hl%QZ8Smaj5T6IL2jz;A#3D-y2n9Of4^ zmZ)D|@_**LA)GZfEO>aCv0cCIN`7;|5p2iq>_h~0%Eu>I}k+(%zy3wiQjRp zZejko*ZT!HzVY&}lEKq0)1`z;Fz@fn#$4>eZ2)R?`)&W6=(uTIX3cG_-O~Anz{9vU z2p>ZCTABo*chZex-Tmm{0`2PiBJiX)8a|zsl1=6DRqT!6k<7r70c9I4pvso!$K8Yq z2->u#azLy5c(PP;>@>gL=6>$6lV6dLwz^w+ zo1C=hxx5(HVdqR@rPI;!_o~%E=Xqpg1D}u7#ObggPG>6{G+BB#WIIE6x6Z=m9A>r+ zXCvKm(Qnk@jn4oBI&kuMYY<$7pG5q-Yl00@WiC|uIX19T|8j0o8fd#Sff`H%j_7jl zc(y-nIj``%d#O8bzZ-8k_pJ9E@U_umNugt402dcmeWC%FSo5&(aDXIg8&`i^Wnti} z)_US_btM%fLHph^cIfOlVRKdtUQN25FW=BsfdO7Mno}1Sg0~pP9;EcQDMn$U5Ino! z^_(crH~+Y&5v?}sR)=f9D^%2fYB=e}1-Jssc>Wqt^)?$-XKQyGo*mC?cOx6LZ@M;P zNu58P^uOl+9F^ID@OfS%5W!y29Vg%|Y2O;ne0|magU(n~EPJ*d=eUwb;QRJqxiJ6i z92M74QGcuBbTK;lFnVPWeck+zzI|$yIWyRp53AU$y~Dy(E2)Yrd0mc_G2t6(jIAcA zvA%M@E=b>)6c!X@Ji2WbYV6&4)mp-M>qJLYR4jEmR3Tfr%>z!l6nI)489Bdrz~+te zGhdO$l4T8mNcL5_PYY&2Z~7n%>SF?RidnM4HZauMY`n%#=f1T#iJrDEw>>SAm5?*` z6^BJPc;1iW^INR9xF1DZF{-g8RDwXg(4)O#J3~la>NzB_9e-2`D$&Ngy5lot)L#Y! zUk=}1FNdC5;sRV5J}a-@-p9!&bGbVH;jprNQ)O#H?!DrJnP9HU;GF*nQ8$JhC6*9b>y`NPDPVo>bMwb9C!-!5 z!;99jrg%PJk_2Gb$Of+r>^Z}hrTrR0PZCs8Ycki2{=BWMbS6n!TWMN#F-S%VqBxDG zti{M(Gfh?U+_WtErF(MfnXzp5hSHY%+iw{Bv`2l}=rwl=1}iB@RwbPCM!f(%6c0gz&&opwmOUjZ)sFy_Ubu+|g)K zDco|MMUuhL!f+{vXS2&>XnM!|l)4A~k?-5dsDpg8VFRcTo!zX{fQxk+9jF~E(^abLzBg=iq2VMr*-kN z|HimPlnh((K3-SbVkgfR1e&zE&WmA9GBMR0PqJ`(-rk;=5O|pE=6F!jQ4bu+`E0rY z{`;pb{LN*}sw~*rRP;!+>&v66z=sYx=H)vazqVm!66(- zM(hhGqnG2hOb5JGhM)(VV6)w}&|IV5e@<~Z_t z#7gZ~Ol$UaWC0s&?%P%0e#?2sQ=%1-$`_0FYxB~#s@sVQdUwCjF_znbS0R6gJ|?rI=~z@Jt>#T4h7Hg4&~!|}Ymmae1}i~(Cp{Os~6k8h&tL4$s} zoF18AP^_0YL^$gsn=M(6n6yj&q1$dOvPzH(a-(~X4;_rY{GzQ(;)m^$u~YR;$k+NR zR<~gva{T9)&By|Gol&^v7W1U058bGepX;t(BHc@z9S^SS+~%K#XUPf^TL0~RYU%Oi znc4!eB6CC-<8&H`pcS34`h@7=M>3{zDsW8D5nXOa3ko>D!4Y}r>V%${qvNy2OFEq% zR`~r^X^Lx8+`XL$yV3-^K&lu%D4eU1-=XWIxb@b?a;`t?$;n0E&{)R&>0Tq|{`!HA zE^i83q$Dn)>I?aGgVT1c%q$!0DNh$Lr|N zg7T+n&EGNyWu7k;mFU!cW~Xcf5p5=3y_;z~%LOE(UJPoNYrAg?5xnqT$)R z6A9WsGWihE+LW?)Bzq23%l{l`b-o!AOnxb>icUkY?LV1qse$;LU?wU5blP|&;k40c zdSF+f+4#Dax>;&|s_C%X^C} zB?f`M;Uhz#A8WFYvCgB1_JXxqqIiyqtXArmOwwSqnjM$wEL2EiiYmlvJO^&cY2Q2) z8wA=Wc*k^LvS+Btl-uqWx+uL_1uLv>Imcag6sc#q7U7+(+s~_sI#;dMaVzbn9+Kb+ z13Gk&Y@n{+{^rV#wt+y+YZp89_yS(n*9uWyPu&~8T+#?%II3A#wb)%&a!sIv$HUW% z>IZU~e0(~Epg(41sE9x#6*P23uUSW#%oQsX=1V7Od;II;cfYNbr$q!>=CnB;PRph9 z?2fbaYF_QGQ)YPPA6MCx67LW_c^_+kwmouTRh~LsoW2XvVV?xKEgesnL6s|P5UArCM z2%gjOJnCpTr_BjU6YjrU|0{je*%bI>`z&vw1CsY8LN)oy*4gQA-M+cL&A_u~%yn3T zC>JZ~u2pZjvKI zM-;dU7cJg)v74mR{`C4JndYolpoCI?-pw=0=KtCAI5Qd&WZ85M=aR`+#LI&8awr&l zggvyu@bb!X{xp^3bRhqB_`r0{JdoOkPM-jY@s`3|kVjaj2m z&ki$}*D|LO(ydxhs8qpCttovf2S%;c#!K>l5$`@(^V!-!AOfjkDX~ZO>-i}!R@7&2 z1Lc|i{tfT_M(*>W)6%mwx1JwJx0nw!t=z~0F(JuAWN6C}s#0tjlBq@~=CtLqQBEjc zOnZ+m>(5v2$FHqc`_|D@n2Xt>E9(QF1?^`sA7HGGra9fT9z~9(DJIwGKjJm!{E)z- zpqMZiAY&x2!KTU)o>k`mNexA(4)FnTRo>al^=pft`loTOt1{N{+EQZGod7<#*SgYz z%1$eku_7EOvm0apg=h}l5gg0&5q!Ph&h&abZ1;RRF&OuIetss4;@S$M1rO$5*hyly zw-p~DD+uGE8!)YSR21pN9dGxg+aWNKu&`R^x1tyXHA zHiPhaT+S?s9I#G+ck{3?)9WHT7~FEZ%!BxeyEvDs;&B9S#me43{BgLOh1*rs(J4JP zXpro3R0$^JDEzX!z^9ghmu)3QP3D}msRlZKyg}KTp?YcaUm{qpt_TY znD>L#F_j*GTT_8aKtja0Du>c+AQ}blD;Op9(EjcmOzJzC-oHgzlt}YV(^zP2AAVfb zMv15jWE=P(j1)iU)*DV%aL!$|3U{p69xnLLhK^9qmIiUD^3-$T%u+fWQedDME?W5N z_fgMml#~I(P2A9!2_gYFylm7beaWr%l7S@WiMc2Vr zSM*&l$rT1%nIf+vwVGu?v7tr zK2&ydGoG@%z)MPYDNUj?lq&y2_tQGB)%E*j>H^t0TMVlFO@`NuI<1!TLOwHRB}I*h zAZ2-m6xR(UAj7EVL^v)OCulCo$youijHJ(x>sF;SG|jk$c?+v!rlBe|g}?;$49O2W zp*_k@U@&<7Pk_^L3%I1{0CtWsO3>5%@O>E&^$d-+7fW~LZm-}ln4#Dwcd(n6BWDqq zVS)W#$*4(_&~yQu?wLuiUd>1LauW~5B&kF>3!9pV-s-vaKBMxQ^VZgG>26dx=JDoB ziof(XU`Q~&Cmc#AsX+DsHGzw8OuN%Q7pFv0Q~xCCqR=Ntz|p925PzTQStROj^10!! zYbKf_xd!cg&!7V=BuJ=XDo&yxJw1wt!9>pvMHJQq{kNnxl^Z_lt_LiLWBb|pmlmZy zZs6SMush|a4!hUA8t@TpF9;h*A@(}|#?O`D;1*hHbN!z=g*^vtL2?uFA$#0ZEIMU{ z$8CxA9z-r$jQ|LjBy%&YNprk=i&!Poho3ZfkO?;TTU%kZY-wG3s$`K=L-?SURz++3 zT^T->wcgosE+-$W$!6lBe%I~)l^@h~ipnrM@D}VXO81_gykAzM&(6wfqsFzL5hC(>oO`Jfi#AkSMygZksGApW#`y-Pur6eMG`XKNHMVXRpVq> z6fu$0@j@J>p-pH!y|HC(^W4KxI_QsVdn(Fh?h{#IW*?~g((XEwv{CJ4Y4$#rs;`pd z1zES1SahO*F#iyLKDvL4m}LqSr~Z_2_iVw4Q0a z0;hzwLN3U{bN)No+VFZge$k8zN#&0$G%Mr+Ebj~=5HrBtc4?^AI%WqgUHzmYnB82q zCO%_p5MtP+ew(_(eH9S*`O&X;SY2$a$-0&w4SzBI4Xkzq@Bj(9k`7_*N24Tr5>oYgO0Q|Kbf%bY0hfEU|3gT{-<*RcT7E z*b@Rzj2;7(ES&H&QBQ)m%?hx=7$4%(wDd1##Gv_R{p`g6N`#BR)7hnM39;ALazg;PuUD=VuuXv?CfM^ zBRxfyekdp?Xlh!n;nAx%entQO0Uu3PI%K9sIHAcU{uDag|5(e(U=V)lBMCsWQUqAE zbar>^cO1y|XIhJencb4xosv~ontG!Az%y?Lon7xLcmL;r0G|_IXE?v@)YGc$SrWUC z{CHC!+wnP1&eFr+#GV!lu9RzgCN$)yOnCqQ@;+rAB@?HG&Z&*nuk2-Mi)H}&b<;Sn zF|&DF)szlFOR0U?yDP7x48~i?9cWZa0HC$X^RzydI5QLo)G7IF${g}a?uVe7E;^>2 z*NzRRVRUa*HJ72)Pkq?OUTft^6&jD7Ot_@E># ze+}>)?HBELa`>l75d=IZ5C4~`_hLTnwLV-}Zr0t4qx`5b*VNqXW`j0ge*W%V@D)3_ zUayPu5or=XLN7M|?d~$!XaEo`k%XjUJQnu;R?U}5uomwVjYjRSCRl?I2?-(UFm6+p z>9oZf{LcBXn~T@2E^^l0_LzO>ff|A^LG!5RJCpwxVX}S4qpq9CD3PH-KGwOEk!ejH z7WXHPvv%Bw;mWyOFd~sQVRmHmDSHW{HQ-~hvc%S;?OX4pwvDGpgOGZb&c0~tG;XFM z!#Wy-lut2bjP~&n7U^8ByEQ6Kte?K$uV&HrUVd_@=#WjpH^8o{HZ6C|WjWC6#W}f> z9^rtkVW@hnw;4NnIf#H5U9FR}`DHxbP0vjJzDzv#@`!z~>e%S02G+Ri-c~h4OwIG@ zXyj7$MUHkudDL1Z2VS_px>)nPjA`SKTQGfEhTSC95_Uhc<&qSR~ z>Dlu*rAn~6jQ;4b`eTl|#GsA~3BX-~S`4Bc+w6yeXvYX$Y;b-belJR_&6OyIa5{(lD;i((d`+z`z;62z@%~sjD>A zqewj{i#?9}J;60*lpj-~P>{R3yL+=+F#qA*irS7L{1C(Vg8!dosx3i(6x$Bxqz^Ye ziKqzd>#AVSFBM<(3+W$UQ=c2karz#aXu7D9sj0Jw(AEXFDiinhi}UHS)9epPAXOd% zZ0Nys{s@pfqlE^Xeh9}JW(EB=KCq%jll}i0+p_E_TYP?X3iBf5btd4nP6IwPQHq6S5aD->KY2aS0n0dmkPi#1+}FZ`7pX>` z8crpMA22S7a;zjGda$s%D2E7DlPpmHD=ex+$$e_L_m549l1+qx{++$0nIg`y_3=r0 zKG^}!m+X9;*N+Z-CzgLn5P!h<2qHry{qSrG5{7Rg;8ZVo=UTa@;C-nAY(o$Ng(T{3 zIUc7FLV7*E=U>(W=R(mUQ5cw*(Q_`y@eT)rJBfz|>?7aV=un9)l#eyE$;tfGLpWY+ zROwb_mxh2B06GAI0&O*o^_`))?Y-UL{qk{ul?N$A)=pL0CKF;sv5lDKAlS#%?Bcy2 zFOdrgq0-z$VXYD+3GM&%?Jv_mRf5)JuL%NxKOPfeBer6TQp^GYRUEiRB5HDU69hZ& z+_NR6DjVVqi1Y)=A_RrACho{73+PFzkm<|XyQFb8+Qe{~)=>zB6`^j?w|1&1VH{_% zpZlHaS1&<@TtfBpk)6<$6`%iL39Q&OM#60d-VkV(Qc4PKR_WJ7xuW&%ykkxCJ_J%- z3E!8JRmhwfWvOHXV%5dIxD@_(YZ5GxIryTyXv#{}!1Ll^y3au>C|3+s zPBd#%yzaP%%MsJ1(50e-0odOSFlf7VRsQejH7Pz<=)0?QJ4|D)jYqPwKVS zAowyJp|1G{H(5=>rlykrN+|~?=4<1FYbXayD91yn-?Nx@_t?ltYlO?ty9})qGfd4b zbER}5$B6b_0a$iABmGkdxWh1vT827(k*O>MbXd&5_)<*tu&|tE&$ixotXku`||_sEr6Q$e46Db3iwAuM~2@>BA+u72@TG6|7pD zg#xV=4w#3BP_dk>EZM!dZ*DhgE!mL3%$*?)(!)WKG#jcAmHJCLKYE6DD$hCdC$`@8 zlqKw}!;+8No>s2s4@y4|f8=_9q2qAw&D7v%F#kvOE_axR;S_0;an)%XeZ%3uO zO!{7D^>K9|&jsru5Es)PmX$!gDMyB$G3h1H5b2YQ0n=mnmbzU*-8VJ_PR7k{@W~gPiBWdwt}WMX;5sE#aLBfqP1855R{wi(s-IDZ!xFev zWyt8_fbPoq$CbZKA<(5H zP;n98#pG;qCI7^6j&a`&SnV_tF&WMgDqKli`s#a}jaDEGZK&Ap8fGCT#E3(7`EC>0 z0Eo3~0XcuI=F7X#Pj!u2^;OwIu067UujSoveUOp>FXq9EJ4A*pW0~V(1zgv516C00 zW+pk=S16R@r_(eVGAYOcTs8e}|3!ZVc^*fYC7`zN1(tuRCw?F zZ>3!C_BPQ_gl@Yg^!v1zjc;ShoFmU41vyi{uCFaz)Z*GZm1oo2O<{l^K&neDGD!z#lAb0Kl&{o(^h_9lTSb{ggR@U>$V;Mo3 zP1&S+P{*iOP&Q zi4y6;noQO%*;#dmlWUzWs~Lk-&?+ho8wu+Yu|Q?2%Igc7G_`pdg!nD>I?#to?CTO_ z2tl$O2m?IS9sH&IYK9FM*Jmw*zZ{OMEHyT8uLhEYtfkv`y%MfPF)J9hXhRz+fbiY$c@9+8wu3`bjNT6DD>;IQ{>2mCkDE{09+kA8e< z7OXB>B3yj?uHkT6@b2WIW6x%@It^Nf}lI&btinS(#YrDSM zLx{u3I3WZ+&CyOuqG4VPBKLztDqAQ;@_oI`OiATM)qwp&D0!;3=lo+>cNid=Wmk5k z#eI8B#RV*mGMo8Qee?L(A{dyWlMaca^_t3%^3eSPwhh%!cL{oMs)lj>mxAZjzT7YgEP6=57xYu9#)AJ`FEJGq znU>ROV|ioS-{5xqsV2LMEWHs<8gvSl29_ycG!(*)nlV&mKqgCrE2y?c5rM}}Q&2*o zE~8o%vB|hyZ`K0Dq?;-_``9Tgde8FKO*gqN>-F0;b6?q1q6u5JZa7ENB?;|*J@l7E z*IN>~AHEUTsSX4ax%M&;C*cD15o1Sf1=Iw3>b!D%#cyS5tR~}Wvhk!726FsQCtC_~ z+Ti1xzY2Nw9bNiMef)P#bu9MC*{0Re65YzH)8XVHKn|2$vH?h&oFi+ z3h?uvS5rx#osU$n3p;Gq)o#S^7}DjAUf4-XRFD(Z=&DytpL^W|)*5}aB*rW>63yyN zSL(B@{`j@IchH?JZZ_@G2BK^{IdAamoS1F2PddvH-o}@(tRUWy{3&8qH4W>k+%p_1 zsN1~g;W=MI1iBEeEPSMWUEzIO)qW69BIC`lGmi$kA=Eq2rK)>gCbjLBmBfjc_Mis4 zw7*qx3YOiM$sfi@>$u9pKcBf4qWtg@_B|yCFNimaKf;JH&A~8GD{un9l@cixWTD;_ ze}@`$-@d0|ND* zUo|?aDtwGB{gf(O`Ig~Vw$UoINb%CZ7@-iTziR%nvSL8D}ML(d;N-S zwjk4Kzu0Y7RyB_~Q;7-^ps=vow2tewab5DWYp-7V2TD!mzsn=9nPiQ`f*rDd{D7~X zW7jB^rbmH-)IvAqF|pPZdd@bBFTdj0Q0qpWl|>u}u(s?IUyqTPR}PoHJUS++PnaPlkrW)l*w?sII+J~URo|K@UBW^QcIJ1 zy=;#7KGNa^8Pw}BM<69gSzLr6h}Y<1(5crdr@PB1QL=3HNVhQis`oS{Il^QWj^gyO(=hhzhUl=s}JCd5CL-F1o*PbPC8HFC* zipfV#UP&oIA*gT>S_P|V2I)`8NM)gEKTD*zYFQCnZ;NrQN z=;5g#qUDydVf}Gx#k(QhxXSyc8Yos!sVnNTMAu};8u;wK%73@&u%PAgbU7BzDB$vK zLjhoN=;%KFO>XxdUanZZG}i&>J~(wnnd|x;yoC1EZhh}iW`+10!`UqwTAo_P>DM!4ZGAwbQMN~BHGSPcR=RiZ#opS;1ex++FRP;W|620bX@T~mCUNnte3vjkLWBZj|_k3pBj4Y6^^2LO=-I+>PJ^$_X%HM~>r zkqQBEP8I2Uj1h+>JBwv0^`3P}p?;xEy4IKN0%m)PH0_>_NHC+b@4Y(rxV&t6dv%#h zDnBfUqBCc`-XUXrew^Y?1jL?zdhL3~^XaxO_4DAwgy2>P8MtvP>_wansH@vvYG`;d z?g2lu$}w7Q)U&Ut%GirnGsM`$ zX!qcc4Fe6$a*K;i>7nn|)|ND5o8#@t5;70|Oj0O%(753%khVs?oqu`xDs3fr7+Ox0tzE(rE3m2yt#CN9z|h8rr@ ziZB*3w0Nb5h-4r@js1f!c?W^BbZl|}Omfx^pviVU%&m>ciWo<}qmwxr2T7QD>h3KW6UIMA%1p|0Mf+2j)<@c?_~@K4$!lahWA6BEN`r^JUg z?86U#^k^TI*XavBmZLr;aRGFC&1W%n$quu9_RA?Fs&letgP!ayN3(-+7RCj_5X7|; z87#1@Oj6nX_7UQu$^8R=uNXBrZ;o6sAI}red37$K0e(w;e;i$9xC4^{JPQ*flg5{9~CQbzHu?&Ew z+g?4w9>{zhom9eL9dS@rJ)>QtfGplZ_T8jm+o{T@p2Pn!R z`Of9z69TTELSX`tF{x)%nG!TddbR6c&%e3Xjj7JY6w+-6zkYwuz`8<+zQ+j+lTa`IeBh9aCrv=(Oj z1^U)HikU1SU!ajPX16d3`~hAGx*sF6dUe&Hno&q*F83Zls4+gxmsX5%A>#P#%8btk z_DEjk;&XlsC`Sz5pei)?%hk1h`nqv=&ioM-O7r=kKjoG9i#nkI-mI|YnS6)7s3pTq zdQnMDdomcljsuLY9$+Ss>O;8sCBQat8C2HgW&{>kY-U0!a*n4P3bS>mbs|Ilho zS4Y5hR=Gs{9}H|X)=UxmUMnZX+&EU38|6$PIPj>avTOsta#?rVU145PJp|(T_&wMl zhNoF|k(`IKwph{8(*HO9%sp+A3-SdWjFONInt>+ z8Tudc&S0h9s=N&Df75q!$7S15f)5$)XHEP29roxCQE@18>v0_^Gj{+}XDIZ$U)Q&@ zGr)OoC`W))R+{+}+l?oCY2==6AW9TU)E_Do>kJeGN`QLBgAS@s7!T&G=#*W8|$3^`JNyPh4y21+pR&8XgX?2 zHcp#OWUd?QibxRG*2rNgTU4e`>dqkqZZ|$q1)wl|pro4`#AVSJg2fNj{Xqn=QV?2+ zdn*GJx1e;351>+^5H@Y7q$j7uNPS~7P3b3vBk=m#b=$@+Xye`+Enb@X>k)EmD6S{V&{E>?KqJ^Z^4b zf#0VRD5gxagMN47`P19?Uc74Y?Ipd{J3sB0o09~HuIzu}e;Cx9SBLPisAzLuZ*_Ip z8#NnEg`h_UP&2?QZudu)cAVw$`KAct)GP|y+rx@r@hAlVTu++qzv2N+k0WNCe{!aS zK9>1HH;BS&u3W@;38_K8LU254fJmb|r%Q2L6g|}9b3FBMj8zFd5FzyYK#0(7J!159 z7UA>*bOI3C{?@$~%)Z_MQ~zVKr3$Qk_h|gZ{cL0R59ONvMj$A&ezgB^2{AlHzpx2* zf&^2cF>bZQcYM3@D-;d3ijY8AD6CP40uz+cdt`zV1DiZJgQ!5$j4;L{tXKzNAeBW# zV?IQbeZsKzdhxE-qKrs#8y26x1+?k&3->}5n$k?l3os`J)IvRPQ^72|-I{p%6Q+gPIhIVjnSwH%kbXLWb8w%Qk7W~aEhBl$l9S$sgm#iqMDy!UKt(4n>ex{)t9j`Rkw@?NeW99-MzOd0 zl5QqUbye)e`Ol{<_+Ol8TA`Pv2`5-~sAD2~<{k3?akbU!w5sIl?D;)p(B!_SVY&)zL=zAhJQ zs2F2Rtmw?>%vII34{M{i_?^u3`=g9XqoD94S5H3(5VWrw2ZX16%*GcCcoBu@2^KrU z@xz5{8${N+mCSx0o=okijZfoDi(I`d%Zo#!83SUMoWD|CLT0%~^`_(aA!BtwBGl%uKJ0e>B8%QAjN| z603*ajcWOjIlN?LU zzH6)+usas8Pm^o>H#Bzuh+wW67>$82pGUL8oS#~zvcY|d^b#_j_lHJB4G@yd+6H~t zFZ(4Us(8^&71U2?j+iAy~6NnGz@q{yg%acBd!xe($< z6cHuiv8Q4Xm{AG2+Z8GOiwda{H+y_h4?h}w;TLBm)Uqce51R? z#rd0<`E?spv7~V6w_0_CE*4U^E^fA(M7Vj0h>o#E=S<&8VNvU77qO_ALa(vt#7#al z(dz|=pq(ta+(116M8L&{y_gsYf#|Hu`<_A{2At3kVv>SG1HLwr#-O-@zcwE5P!ZV5 zP<#>~jCJUy-!| z_l=tKir7K5JJIT&lH^O!FsJANYHmOsVi0l~tBIWO3h8FEwUg7$-q;_;#=m~QHl-+{ zKoXf2kkfkp7vyUPF}SU9W;C9yFu8Sw%P?i#-qmjyRcmI}8_HTjxj>euN1Wl6HNca$BQk7p+i27X-3;Y8c zAulj14r<#EcuMdK!jf6XS=%|s`r0BpO>!BumuShhT~1R@Q+A!g#S+X%*co+M#c;ng ziK^?3uUha1uSKTYb9a=U+1%>#&-^qx{r7tiu@sckfCa>CH8T!F69S=2F zgcwhIUp7<7(an?6EHIFZqrBmsX~u{~pyS6WHeWf1%ePhD#W24fop9vP@p@#VtRMnCemr{uU^bY(M~l{=k0}z`_GT z9Hz}5-E;}JvD9|8&3o3Edoa0fwL%m$K;R%_WpxT*R<~zsE7_vK2mE3O z?gR*_Q-c1CPx;bApom3v39+dC&2 z9ajJV4d=fL4v>}e831^%Y%MPS{kxT;o1?3hqZ65|xHy@Ui=&0LojCyDwVJDDsjhbP zN$`I2R!lx3Fh$-`6%Un6RV+FXH<6l-{2i8D1o^KOJeA&$l9Gr-e+wcI;^G2h@KhK+ zM7>`|*&{EE3n_|-8hzgOEwWwgxIdV9Yg`gKtiH*upF-(D{g5WZuEH7kp+b!0<5tM< zz|i&{lSt5eN+$poYW)v#*VnIbfQJA90eXralr8|A*Blxuphq#ghviE+6!TatQy(rc z6t2fDkw+di5Emfg6DL**5Rrll%*~)y0~8H8?n9<896&FH z91pG_5kQ7x9w7m+;s;buX+}u`v{?YS7V-nUfMrGii>#J~4B&S&pl1>btqy?t0l=aX z5%vv$=nF9Z`}M0AAT$$zD|M|Ua7AB>bw~%3RA!w(DsFkLZDU1_LL{|Likm>fC><3A)Dk302oS8GO3T&3lF0L z01^d3biYN3ZhJp7^dNufMOyDgdokt;6{8&J6T=dF|0D2=i}APWU@_XC6TgY+jG5;} zh&g&xtbQgtVKDV+v|tE2VLq9l=JnEc1ieEP{fmlYLcSUSXBwsbH4YU&Gwgx9R|XL~ znv!fJ0#}7XK9N&~RW(YTOhbnFTF?caH(Xz;Es_5(fGzmtXNNRvN>H7O;QWV1@z!!~ z!ceI~wCNvitXc7&3bLnN8VChrxPBc@S6N}M#tVrLv-JG?jKV%($HFw!FZPFr;a#%X z*dL1O4^=~izcs57+9M%mQ-3@Wv4bRg-fqhG7MiAvEy-=v3w)M2e>J*BgNThS`*-9{}ijwV$Vv= zI;eg58wch(&QxWIl2elnq)lnNc zf_grGaX8$wcqc+W$;y}16sFD*TH#yW zTZ8_&wSC-3B~ePB)|wqVlKz+e58>AH1Nu+Akl_eRT7vA)D4#6}JU@dn6iNx^q6vo8 zS-4qGG7d8_GaWUw>6+;L@DfMgr^=;LrxMXIt5;N(R&G|JY20XxsmE6ss`=MSX|Sv9 zR=k@}tJ0{<{eGfGq-I&cUmjj*S?;JVTpXbD8i}mauh6e7UaV5^$7r`>hz!k)px%pt z+!np+r+X0R0QH}V6+aKU_Ka8J_GrP%ieJ3q>~ic{^{O{17Q!gI8O{$mZc6VCY0J`Y z0-`o?FTU-3BP!)kXk|6mx2;S|Pt&fFsZyzuKI!DDJuAyC?UZcSc@Dx59hRffr;)ad zpG3+%R9jKoD0^S_Nl}mwQp;3nTSD}!UBa{5q3k>(ugfqnPr5D(}tNN?` zQyE11gEn&g2TJ6%50jq-205J_1&Eo4*RE8=4f;jIOH5Kt(zinsTW17{7NlaOFk`HT z^mi$D?T74#il~vP$*JWPj}_0eR25rGzm@VU@GA^Yj87C!EM{_M3$iY;9cCY9FJ*(9 zjdi_r8JfzQTFhnZ_H;{i&YLf zzG@n2s%R$oy}yjSR@-FXA}ROB~?Z;DXDi z$+wv`nR71eKX{vV#B8ZOg*COzzT1Q|_HDpAS1o%^+7jQg)ivZMB05q&c#J7sh$)+B zXyb3^o}3%R*z6LtyI=4O#U(X-s$p4n7!|poW|5toVWq(E(EkBjT z7F->mEUp}6*?9Ps*^D_+t7hqUbBSl=y~zc>(4CM={;trj0QV-_rjF4#cTe-*<}u}d z$2_AjusHB5^as=jIs+&Rq=K_Vhzt@9(u03~@bM$>juYlvGry}_ITMX3Xcfg1jSsE~ z-tVm;xB7dUP(yxym@%0+X^j!~J>cKsG>XZANpyd}2b!?(Fs+}$aZVB1gfpz^oSrl5 z;;vwcCy6wP&1_3nWnK`Y94DPnC6kT7Dt8-4oA3~mh0gebcCNOpo%|PGCc0WK2fHrt z%h^r%PVNrct}lKD^Iroe?_ZOBw_#(WG`XZZw;lXNa#>NSJ=qr%lnk&L1xb; z$k)jll9ZU>ELKUbnA~J}Y9ql!)IN%~L597f!M%-ewkK#B@At#}Pu7>t43xE* zb-;}#Pd{^sgzzGxYH`=_)A4}IwCi5`MB$F3-I?nt4HZ=btv{wLW-X2mHW~BuFw!d1 z57IFl&{tL)(7~DwXOKI|HRkjQ+O_tOCh^vyZh@8#^Rki234USqV)a|~Cv~p#*^Ne% zr3Z(Zb0Xi4JC4(ZHNB4eSD}%vH4Qio#RZE6^Jm%T`g`Hp$jYOKv}b#R8YO$@vtfi; zgjbZW7)?v9^9#hYg6gXAi}WYb7{jDpZ@CwqjObkG8nHP;J71k7y!Vdo-+}K*(D_z9 zVtlK&QRYZJh%JekZN##!v!t@svYz!!_1cujg=Q9yH+^2D*GMsQI0SUO?1lF;Zw{to_0{p%LD>$U#}r43&x{}YiT?8>k4K1?cSqRe_2{KceCo#(bsqj(;oDd({wL;uhlP`+$(f9q zU+LHB$=&vTC9lUlCj_9ip}rxKt`RSGR>ND(=d)hVbx-1pA~2@%o*x;I7HakQ2ckAz z_MA+RoD4-o$hdhiV`p6Z4|bZ#s44;gK2!ieUhsrkb8`RIR!QQE{vHx1s=IfK6 z3itEobsojWL2JYJL~{W&#jD|u2?!=b{lD{0IEO7g6}p0s@hN>KcFPjdG3(_bps~5c z#7xXo)kRlTuF{m{yQ1sjS}p`*Vb|uF9CE(F4@>m)Xj4qVWW*xw?vU;N@YEK$s)XB< z@J+8NOlq*t#@4w3J2rMqowS)o<2eW;$KVD?3T%G`O7=ICX`>D3CAC4$^MN-l{1+{+ zS--SA&yuWJK65Bm@fjI(UGxkolAgbu&Q&H$^B&d+u|yA=a%E2?G9frXXJ*(v1m;kK z5$8bCt6i9yUh)1bOpPVQ#l>Z1dJJh9Y2Rc!j9UBPqtTpla{)#%|#ANOqsAm=n231nNi1Pyl%-R;0|xQKqL-*Ws@f%)5)VaFq!O z5mfR}vQR9s4)`B~PJ7Fdbzo+2%Q-2e@lemxPWWjiK8{52sjB%cFVSLjYO+TjMKr`(ZBh@gQfc#+!4979SoJ zPBKw}nu=;Q}XTmxUo^I*sD(0)8c*7NvG z|DU#0%CUICr|9jk(rI0HqnSnFp;(N9EFryHF0BASDz0dP%ym6GT~*GR_OG#hw$C3_ z2Gq}8c6UK3ijRif7hU{D1}7e^6>H)evDPtY} zp~v6)&{UF8DhU80eZ}A7m5Zw|G|=%3T0X#s#&I zUaZAX-TJi3a3q`@)m|jjK3<$0=Sdz*30cLzpHt@{79D@F5Ur6y6KG8wwe0wAJdQG66bJ=8~qgAW9t8e>TNxa^FF2V5Q4 zMjuyBHvQ|tmAq=)!MCi`B%EVN+NSnA(*@O+HZ5*?UY^zUmIDD&=k6@;V|z#a2kw z^S``NtMBH~xLEiceLtB*DI1FQO-4U8CMenWUP;({Qs;2q#y~e$+SSY2<6?d=tVjVl zzh)S5zG}R}C4BUYq0RlYZo2MT0SUiO`UW?<{Xg7%aIJ7}dNKKu{)IEY?O7ah`q<3$ zcMyHWoX&*{SBt&_Xt=79L<3T8qnXa2CKkMQQsc>YLPSWYU#r{Rzw3h0df-#PV#h(4 zT~YQF6own-B@m;c=rl@To|RmQuI?VO>}Wbc?pi%FTH`7cqntIsNAqvYVq8_vmj0cs zQ1Pm!2ji!v5;NV!xz8KX|I+M_GCswKnsHaV_G#&I37Ms>>N4(k1xNshp!0Uc5Iw1K5YG3ddExUboN)uwfk*lGRqa6 z#IqBoIv36seTair$l94(>lr#^SSh!%vf|21!~bZtv5J?qx2O`rq}4fhbnB(xsKLAP z$;`BF#!5j(#_B*MRHt+uO3iSn?u1!Hct~eySjm^M)Z2kU@~p8^Q4cn>jdjuL))w;h zc#N*;tds6G{MC)uM1C=|zC4P5cNezRt{ah3`d-B!0!jWT79X*l74U zT33DVwEL@p>gwEH2tI_Lk`|H5RNNwxsNb0xgd98BGR3xkn>x$xx;-qyR_to2oRiOg z99y#fcCapFohD?B@Kmf@D`%OsXHwWZcIr^GxSiS(luSuhz+5+D$CYh!>h2IfeB@D) zHOeE;lC5ZwJYvU|JpuUcy(i-@-dS0ZRce#9S|uGnKaU%0qtrZhb~V3zqF_<4%~kT#=r*d*Sb){187==er87c7;dJO4H`mOZ>w9zf!AU44?+tug-q z;TS)`#8>N0J+@KKm9MJR!X)OkojnB!@-WQIKTy()6nCh(%?aldG@oZWLmw6CvjAqO6$;Z5ed04&8T+ zhZOiF;4@Z6H7R#0^DHfQEf*=?8<&F;5){a4#ZoQpdceW%=f&w_-~O|2YbY1JoyiPo zvb{Dox#B|%jZDNiJCl-(G38)TX)MO}7y3YVjLZivJ0Qo>A#r#BVWXKS1?SVIY?_ob z-}pTyh^`^uwK|qR?2Am#oIW4Tx@{v;oO6ZanAJwR&s$%IG`?QQ`18`CGWyM9$TOZg z*5~Am00*=on)S=(NpiD;af02o`acW2iv{&twmcolqP_5)U8QTWbEaGBDBOf+<>Gt< z`;HCtU#(r3hd!6wj&u|I1>~NU07>XJ{C?~=sf~yQh6jg}@NZm33zPDw9Y)3EOKF!% ztahLLBLzYSpBCD?HyiF+kNQ=UV-&f-RE*@^`E|Ch&$e$b`CzES;pQ0);D^!DI}<`s zO~ppN?M0Ka@Y|^oX|9k@%dgt=mlbyRg+pTZMhHfG7YENNI!1d@Q|W=9#zN+trBWUT z{g1;kQpe}LxlZ5i%9@H2!-*ekM-D=QZTly~d7S4Ubi=NIQym{S`BO)tQu=QT0<~=$ zIVwsTN*c$FYL0>$C$au{vBX@B;|3Y{rb-VDxMb>za81Hb6xHuN4+}pHv8jcD<$=x> zHO86CEPD4?>39-;gf(Vu*Vtl9SbV?%l^eVEDXKf5* zNHtIg|9f)8|H9Cy0nt!Di--qp?LfECeU{C04MvUO>-F+kQrJ!Rqo`o4-=EDqP~p#- zYUd*Tij|t%Nl;qtXpOh~`si3=Z6&yiZ0QjUP^53wHf5bq%#78|zATm070lP`j8=J%vV;q@5)E3d;#M>C9l?o9tovc6bk9?QvTaBINS z^GmPPMo{e}^VrU`8m$x={6&<)IMa<8v0~!ilGa4y!$zwk{SNMs(?7qVg@NYXOheK9 zpC04**=TV@%NS|>rxi%CN~ItK6~gQLdgEieOYqf9KT?rVz7f`S#hGzy_c)v9_G!k( zjc+eAQzM)MRst*H zVto|!tZFBU7e#AAO9oEHn$m*~1xmVyMf?0nd-7am4w`kJXZvrmvH%fOE5g@@U1b~F z6I{uIoU&3&08Y|?B6af8iSOEcSs66c7DRjxS;`OnX1(`|O$tFyuG3+Xz_QX9TP?O$t9*Ay&^_ukYH;CtZM@ z{IEhOx)^RC3=rZ3TV-IY9ojF%d=;PD*tvKGuNG$&MZiVR5{Z$Ixe&z!I zhtAvHU^cMvx+(=xGEGJV@NV5J#4l(7Rl`85jW*&)@ZC-bgFB}=CHB0f{ z*aSj-t2Va32zfbD7GikyGLzh?SDFHghyM{5Qj>lFAWfE@v$wTXB4l<68Po ziPzor_+!qSOT1uh2C|^W?^^%%nXZq&JPM%O!Dk`&P0#kR|H4eV&g$R+4~ zyqK>)dd4Uh37!9jS*WsbTn2<2vMo(!|EseVHMA_7ay)J1gGb_kwOM?y!;W=~`8mww z(+Cmn?1;zIa;?$X&pdEAGhBL%Cs^hvMWJKeB1@vJ#u{4M@>yrL*X%%M@E=EZsV**t z@zo?%4Bw7^8@)cP(m+qL!n=j{P{1cAb=;`&dS2`PbE(_`tZej*#|@`Qsa-ltKX zmSURNKa4PsG859?ZPY2t830@Mj8Nk879c5A=k1Q8aLI6Nb!46N#qL4#3Nnh}w{CyC zHghtIr(F=dAozms$dN1h zo&JYP?L~&HpK&GA%z3FeJEfZqQMw-6Y}4J6M}9PikC)NtA2z%KW7TK>qI{3BhJ)?8 zD4_sRq_Q@}_khEx_N>otP}pLZ=HH%*H+I`>o_jsl7XcK0LJsz1HZ<7gW_f?mjS+u< zEmjK5=H|mPxfKqKy8bp0Fs{l1#{b2rt$F41C?SSQ-g>d2_Y1|yOnm_v&28o9ilZ`R zXu^@xg`HKUFVc+>si3b(OU0*>szqKLFmmTk>E?{x%EN$Q+Iu6#8Plr7+y+Ks_CGI> zN2Kp8-K?}5g&sw@MQI+h&|5}s4v*jlT-l_TW6E4UE#QS2P}ujn;h_8|xeuJd&&Rm( z1%e{#V-mrilfasAD73J@xLsyvB&NzoNiAkd=XEMrvRZd>f1X8&&;w25-&`&ekz<|~ z*m4h)H4Y$!EUDl1&N@pzh(l*z8=J z{-uQgD6_lRWF|(3Jn=*Iov?P=O!_Ax4Y+EbPa=qZev7K}zOhi8%lZ;mSV)mQad#;X z%<=Na?A%*UkN-Qw)Rx3Hp{C{j_vDiSTe8C2y(W@OACGa5B53fQd-zKZ>6%{sBssGo z@%e-#qn%^cKkZ>tJwEFDwXj~2f07rQgU3CC{7x_S0m(0q(KuISTe~^XiMIR4=4!xn zv*l1bNH8HW?aOyn!9c8Kui0YRPtjC+&5!G@N&ff4d;C8w_hPFBeX-k&s7gu+V_(0- zsolK!*Rf3fNE$gv-c%nW`$btnc;iJ-Q5EJ&!&Z+{Qri^v3SqZVOpS-3#fPXd1;nRv)eYvhHCn`U>nAS z>RY3etdwda10e99QB)`Z4jwSRb_rr!8wLm91o8yDd|r~wg&k??pRPe`unMHLdGVhd zg`aQFe0O8H?Vm2|ixFq4w3x;IdV>9zj-8KKA7+>~38feEveed25ASSLp+e#`cYk8I zs6B?GOFPF^pvsvRj#&RJDRM;>d_AUKPO`g0Efm}eaVTn~iavH6CfjH_zS_^;8)f<` zvF6oYQD>0#R?}`g$)r`G!jT8Ei?%v>x9l8<*Ri*$U98d=Dpvr(c22?PgD5Lu@S!Vq zLT<)dHa6EayAB)A`{z+1T+PE&LAV*A`B-G|Jmz1#f_a^{3f4`Q;+L;SCU;YfVo7ox zIS9wb#so=}qme0IcoZ`;{m=iNx(*{Xh!+aD#OW?S{vO|;KG=En90?Q(XvdNk@6Qtr z(<>E29nv;6Ei7E#Xlh=1S-*Ofj9+(>kGG*wUxNdTBPReN0NhAY#>Q-J%E1WvIX;di z*18MeM zY?aoO=qGv2bi*oW)1;yQ=@5}L6(!{t;eZZzi=(*yMxGU+V6w!~X^(bJIg@4Z2u#aI zM|BLoEfq~dt9r!u1F4tMyc&COSE#y`)<8;HH%O~BUZ{xN=jlpS02GYfeR-;hu{T5CJNJMrZ)Z)$--RyH|OFzC$Wg3~51WL9MS(cU;-HWn->8 z1DO|H&*zuhqvr<6KQSicWmwS2|6@2G5A%ofWm%He*Vk=9olTw>n_h!tsIzc60^Zjr zpzgT0U7)0j&)w-tjUIPMFPUtTT<^Y{w}xCOauO?RZ%STbUeb^E3jKD?Ys47R{{Dg` z^A61?vlY_fYHDg!vT{mFN{Wh#3JNLaI$CQ#k;~>*3ZUgM-U^mtV#ceh6<*On;^7!) z8|_PH9=qORSbKG3n+kMw3}t0yu(=3QQBkq7vVQv(iM8X>8j8h~KDObAgKUXL)-s8kZ_~dLWd3%k2asfp+)FI)ydlrQBBaO3l3~2JZ(M@Matazc;ha$aI-ye zFZBB$_2f-=Z*q(q{9R%%G=q*IbfDEZX4sJHlVwKxQ+jYSowlU4=uk`D``54jC1>(7 z^n=+H!o*sdy&+i+uh%pBuDyDAu~gXso9^dB9u=*;ik=gwI$}Pv)hagWN>YnBWd|Mt zV=Y^=dC_mws=e*(FsQ8Z@ZcI2FFgF&QUOb>Fm+hx^YcCEZPEVp1oLGkZ;^^X;2A`8 z1BuW}7ImklPTz#yLGKtZ?Yxsz2+P=`u&zi&-obIdKHV_Z*ZBk4y&j;Gf*;5}Q>6MOCgfahMjI|F&#nCLj&HF(TS*?cPFPgkk_E@Gqlp z)0T2*j1U47CYvdZHw+O-bd+#WS3qd!;Y0uo{?@+&#GRQ!u@d*4E3Z#= zavEHj$8tTGs-A~&NWNzr$jN*JARoWp#yy`MG;loY^l!e_4oH>~0r5^sRo6*$ZR3+a zNDSX-x#h2W}Zp^D` zS4S%0jNo#BpBo`y0;SlbB{T~kaF~-@24^2Rz(Hi~|c5*v5`9W)L9 z%U6rkHntY@vF@AQ*9lOy&LhUD{mo`%k4`or`imn*Mu&2+0nX2wr=>E)z@9Rq#h0bx zKPD)6J`8&KlRoEj5eULjpCUtUnk?DAQc=OwkO;&Wb|RYWBtE;_*RpSC^W0ZCCvTy z+TJvOTEB4m{FOn^J%dBTa$PgvF%vY2)C#O#v8?jW?C7R09=z&q>f}b35^62607viY zZED`N$bO}d`$CNO1!&EIyT{{U{vqTPA>BHDmv)2d^=(yw)H@B5n?VvkHOwh zBNE;9b)(r_WpIl6W$KT1*c&m_;Aynr{%*wvmIDMaR=HN6TrRSf%h>+8UHI&KUe?uE zfYT%|XT^QeoqG2R83BMx1N>LQFr)6ahb0ix;@CTKl~FT>p=6_tx+CTO?w6KcG?MTo zwcT5F?g#v`vc;n&UqbbkgKYaIIO?`_CxUV&Q8Lo5KUdt?zMCBczZsf zo7y52X&*#fzr4J_}nw+se-9#rs;3FYR}IKjxTSeCE&m)-&}-ACXW87AWDdN}GeQq3^K*2^_V$gqqNcus5TGD{v!M zDI!lb5WL zx1e7&$>GFgy7QqW*N4NJ>)wz+=5znD^Hyhjk~6Pxs7eDXNZ^{dhq!n_Jdn)3%vN)# zLz3Q)b#6VUXMdTK-t29R9x>tfwf1KLCB6GzF!f!Ua&8Gzsy9dJ)1Z19rD9s9lWTwX z&rK?Gi}j+mA}tva3IKLwGZp~5XrOr(%!Z|zR#P2gq&%j3&xW4o3k(r^W9|4Yn{DWnV#gH=8(_!^-n&VXd6Ui{*L?`jrRjoau5K zbT?M$>Pr0XK6k##=C|kgCwWOSY7aGqv{Y}Y{6-JA=3W601*f;7D@P##jhPK!0+~O> z$}ibIfbhcKwcdo`v1?8#kf!9mA+Ea`Nkn_TJVZaKhuFNU7oe+W^*aU{iZ{;m>N z0{huxIL&Mn_m=m-qIQ#YAJca~0ox(u!s4gGj0=K&#)VV(Z8~>#mG5Szls#IUg z3~a5u*0w_`rt(RhAJ8z9Gt$|brQ8YJtH$L8V?OZLS#HN!x`Mh?KKS!kNG`Z<>V`)# zA2rL?#*BcKq@scyBR~b=)w71SlYAUOFg?plv{84%WctLbRT7%2P6Beg z7d^_*G;MSj&2E>-a;PJkI8x{VODD(&og1(nK!@CdhOB`zt`>uc)pKSa@5 z84L|S&wpFJyTcgyAU+g;L7PW=rQ=;-5CX~`hE0j}@nVafIHzR7WI4XHat^On5$OJ3 z8gGFSsekA7@(8=7?X7oe@EG%Z=JeMZ9aAbq%M{kT)1v$4KZ9+nSqA*g#7!Ev|7NOu zNU{*X>3E~B z?2X7U;C|Ea?9P7S`P@^ugQ%c!<3#(MnV!$>a5cwhV?&zbJ}3`hb+EVZBu35~lo}YTXkTaY{YXy)?{CFJPxk|d<@zXs)AOD!uLu)TDjJbwE!mG~e zGJnr?%5}O9GB1&Fy*NwDq@Y{@Bm`^#N}OhtL^p)n{HMD>!oup#ENg7PAJZx*3f#MC z1Yd=LtIqcztxd2Vxc%@|8D<>wYo6~Lc+Ei5Cz=4%tqIbx14r;|mY%u>zh=P4&%7qc zfYa3mHap^(qfO46$ib>x$VoWHhnxdg9813Lb?uv_(__iO!IUp#3NXD@5`;a}&~)2W zx6=;u#B$5!SG+}1MIk;TH)EsS{C>5T%?;cnq#nDR20q2f#9(#wbIX5gMOx;Ap06l- zT+fTxHH`|&rz>u>P)ly4v$eyYR|rDFeqV-eS8npM48Z4?xpb|KwK=Va zaD0c&x7!BKxRcn2ru!vXGT_ya)1#38-OKz@yrhTsS>=+C$AydNLJES@M~F6H>lP~T zGEWo^0Gz);M#~)EZ@ghLuY*zG!~KAyfm_Zu_V4~+3j8*!UMzCI{@)Wsfbi8+{==%x zm&YE0P%9cVhj7fMo&vaGMq!=DTUaF2Z`T#Yi@VLo#SLO_CLwUk^-#M-Ob*NLO)P!L zl8Ti7F0l3~^>GdYq4@-AgZO?$*k_)4jwE46XNo5Z=tOPCGy4D_R4;{QD##Eq&fyHl z@9i5j2QH!HAk+``7oL+Ll1&Q|~uRAkpP%RPG|)RR1CA1JU!Q8NG+D)@g$foAcNz z^y=dJVCEx#4ZVku@0{nw3t00PEK0|Dq2Uk`OVg_uO-jTxkaq~Ydn6u%^{HLHs($GA zE$j1HEYe%NF!ZK4{SLez#etp87)<|-za%!8H{*o}V+uoN7^D9;O0Bk++45bGE0%UV zpMx`oK){I#H`?l(f!Ai6>EShLAAk3A{w4e8*B>iSc;~-`y071|g_hf-K|Uvo#5foE z^H+zaW$s9Tb+4tE-|hpztnGHDF7I>_@6$|a5??81noxL9|x#b9MGX?MCn3xt)y@!<@9@iGdE9u$) zeGt1%-haM@%_8sFZ*1!3dRsV~zU=LO%Acm{>(rpVa0UVZ`t;0}E{|>~U5^XsphF52 zJwyVq3;}P}L4clp)lND*F_>^cXE5pVBpqWH_U_gz_+pE3HZn3E8!_j!X@FD@o%oJ( zmC~OE;$4T)r}VE6Lr8%tYhURlDH3vMPl&j?8SCxTb)Vg=mTOjQo6mh%gttg@Uaoih zJ4^2!hPr5KFkg`kpPuXdc`&M@ERo`iZKp{Y{g{^r0$GI5NtX7}=apX^^Rqn- zHhU&rJURTg?6=1Mm;oLc`E-_`_pc{LUQh)iZ6jU_%?k`+d^pGlJ!!W#b8~@%DKM{F z0#%FO8-3NS~6L$$iZ)|3C zTY#z${+sQVliQ8JO(cNR^(!R%wok2$uFe+%IdXJeeVVH34#JPFb*#qe(uTZc9^^c9 zr*yi>(pq1bG+PWGyT%8s(8T4JD6R| zWW1!5^khF+o4n4argE1O$SdLFRvHboJR1Svw3Iv+KuQ(m|GKLj*LKG3$_4+S19*(M zj1FLNnLS;YdfP*>mAxx}x1!iwU({gtwP%Rb4-P=-dz^1b@73XUEG{{z(Opo&g34`|(jXyG@OwA$y}xvkjNyWVU*jB&SP@SvD` z`dch=8q})-Ay3geNaI~sDcncmWe_N$wzrZ2U$z}s$+ zkkfptZ@&M?sEZ_<=h)v4b}&nMzQ^(%741*kpBu}wS?*)%?Z!oJ7O;QJFz{Ccr(%4r zE`-JF8*rTetLpG?nL3@dJU@vo3Tj9KL(MydLf#$5sKly_W(?6Ts5399S5~Ch`W|@c+SXQP%%}ItnhJ5V{P2 zF{0Lt5^(SmV*jg+P7B_d?U@g9%%(sMb`#Pkq_wQFaVGnZ8;!W0=(=#i{jYfZZ>~x4 zOCVV~L&|JrC7q;7j8qXNXIG0D>PNAE-3pi~SYiSs$`%#}z4eQ>lA-FBPTbuK65-uY4slfa*ed(YaayKq(OK#m)3NNmZ~M&h5K>^i>LM-t zfH_o7&9fiFHX*x!T*-$R|Fv{cOj6~2jY&zw7 z8QL+I8_>H_Vy;qjnSTM@DH%$U<&{Y?yToGI`eo|nF0^#|gQ^8xur-bh9{o6u3Axn3O zF`v`+Q`~9Eui`oeOait6JFclb!FDR2<9nDm;Pyl=!)-}wTQd#@wlHA=H_2qHr2jV8 zQQ4lvKAM@%&J5uxUsCGyklc=|&mX8T`P+fyJt$udSLUzcJ<{>bM5sHC1QV5RI(ml} zve-ABoA`;&+R$)w`j_}{JgKnV^6wJ)bS^FBHQbj-kGI0S?IBcUG*3H%nm9s}mUn{< zlBT1XwZ-Z;Eyo_NQn0uirY9ntFR}ggI*6V5Z^TLGKe- zNE-?5w|s%7dE~UhniN&JrKw<@ld<o4ifcPbUa4*Z3q%wbZ{ z*id(Ol|s64kt)|^&KS)^28cyaQ#u-s6lTK0Gzz1r2EEbBk>EXSBzebmzi+j>ej2AU z)Pmb;=cVrV(VfmgbG&u|0RA%f)-PaxHlx?7jk$xYG^h}KefY`>3Q=P&GZcJCUV(Ob zl{v_=rhKuIKIffk!{FRvB7eNehoF^U(!7KUQ;AZ#zFU{=Vn8N&yV5~i21&H*C>s3m zmIr|G$V7+;Vu9PtwT{~REanmb-m~W(=Ey=33jd|P!A>u!?e-SuoEz9rkb$lS5Xi|g zh+mwkZ-pd3vk3Wbg*_o*?SaFk0!k%LwZBWjRQv){RvI22BPwEQPn*MIHBv9Notd^Z zQnk*ec2|+t$LfNV+Wf|TQgD0(*^1mSGDaY>LEana78VS~bcIqA%#C_(C_2EiEO!5X z?ek!R+6uF-h-~Ho9J$E%-iocRqsGa6PtK!*XZ_cgX*9j=NsN>fWlda36=YDRhe-D# zHFNlWa`uhaFJr@ZxR{!_<_B*A4GPQwm&5W4KBbH73j|aTW>vIH=uDC-)Xd;NKw*GF zw)R#xmm3@dtsZ7_>OXKvFZj<#eqjn?Aly9Qi)#%NWCZ>w_AeRsdi$r~TInIg0!mkC-kdPyTI#GDkNg|P>q zab2*LgAQ7HI*NaB`)5UofI_61ub#JI|6EN}9vkp#Vyd4eCg6Xk#^nAAJjkejFNhoDSOXnYkwoOmU%cF znHv=N;Wm&znfurtPhHdqc5bLZO5~m(gsRiNB3-P1_%S9^zr2voga}W6emSC|5a%;P z!PJaG7+MKR`V)eO1h|&Ruw%UJzEVd{TThY<8BQZv<>f-3N@N?r*Je*-0Ci&?u8s z z2X>xidTMO0I1+^PjPhIvUoWg zMBs5HhWAFHyhYNt-sT{H>}Ql)(nqLXOU|8n@G}S2VtOtyl-4VB<@g zQi@u=O?6t%wC`Mx*m>@vu6-|`2R{MV$|VE$L}GBq!kY~ws%`6 zF|q`~YOscIep%qO?Dv-X-Pi^=|9{62W$YJecA9X9Zfm{}%fu*+lE&Xx^+WFpcBTe! zo5Ovm7qsWHSps`I*^wy=Nr=BRyf*yITB4i*_H$ zBA>g4*9sa0BH=1ni(j+)4U!Jt%5_yFpxsif9*-M;bY+oNN?q^J$%M!fhLpLG=xOt4 z!uEM%dILnXD3_v@s<&^hMM&sFX_^wzl(@Pf7M>WzgqUZFm(2kgNYmcbzEZ56>W-BU zLamM83HUwiaBh%;%;trF)V}ol?BgXwFs^B6$HuW+I7+f$8XxW*#1?lU7b^j2k zz6WEtF1i8yP8)le3Onw5Sp7|ixOody66NEHHh9tFVRaPqC{_l=+XOV!Czu4+HmYc}yID8ai6k9=|ZGGt%>T80`e4EyimIuSzR57qA zWC!ogXJW%r8uJTtt1XH=dNMcd z2pHm+eA$Vod^#1`+n153CkSQc8X#0;Uv+EsaZq0W`)cd?-RXydh|fHJ&cA7;c4NHn zCMsQN(u#oxJ3-ntihNP2nj1Z#$q8AEPkJ>lGZFW1rXPFoS0i@#J3YUwoZwC)c?w1A zUl?+j|7o~2^{~kl%Q`R1$`}8ghBIP?iA#9yNyPY(wmJmQJCS7zwiFxyXRR!2$5s=v z*Xk9j+~Z;VX1#z!iB+qf#FZQewJ@|2X1N#TO%&Ig>qsZ}XBTSvc3;}sGXZCTseNq6 zS^FD%_2A}Uu@(0}$F`Pgg-@xLzNeNnpM35;eqepl8@m9Ln@2eRWLab|}-=aPojIH^zBA0pQC zEGd2qw+fQ+_t(*SYrbh{>c_IedO6731Ugk2R9<;A+i>?P=KTjObT92E7`pR z%BEj`)qtWJP}b@b2s}FlfbjqK0*hL}C`<~#IRRie&pVM6HNt!RJdLJQ7y^TY+g@E> z{riY?m?sx-}-V{8E$&6;8MMRl#G z9-1+)zWn!9UM}&bz>`E;IE)3E{LONzALrx?k$9r0AIRi9{=NF3#OB(W=?S+1SS<*6S#4D|D`Rq)bI|Y zYw+b!w3c_ZfY-ijXC8hlD{^|vy&oa$48$WgH#cLBNDuG|kB?m8N?`=Y8~# zs^m#DG?fYGf^~#PxMz*A?{7$VXkg{z8(9;9pn+(kL!6;-JbDUq6l#2Il8^=^!6P$; zF6M7%0??S~B;@o6PMYiw0nMcLEIVv>sD_ry zBGV_%6kfa@_Oi&y%OEJ?>NtT%g)%?E4(P0qw$Shgx6u>WF^b*1?-UzE@1fB3h1}z( z%@Sozvagy3sUAMGsp4bzwmiU>*=kt1eZflPs*9KSEq^>zp^fAM^GsR&TJJ7F%Kq4x z9um$vY{>J@yrC&&1A$S0nhkJ-rem4>XP_-&zmHA+^56d(JLbB}2PIroDwd{8`4pYC z9iB}}u?ef8ckuaKX#Tt(HcG>9TwMP(v{VPMuJEdM-glY}P5a9pQEXea^ccvE<(12< z`j>~vA%2v?8I4tG8q;9CV@MC%Ax(5oK9U zAzi$ZzF<}+sS;?=8Q9vU5NmJG=Y*iYeKfue87jkIyx{OeSg`8H6kP2M9i8pyR<>e6 zNxP#myUKB7-r1JlTj&tSNKO7UJ4o%S|W^5w+P} z!*Tr&e;)MN9 zb@57uNkNR{Da|jZkqLGQ8a*k-pvwu&43l$&=i&GEPQDnK%Xzy*w-^Atj}S zf;{_o8&DM$>QsC;<@S zU@@P|}OzZN9u<<>|wdr}w_Bh6)_YV24GUM(??77HKN0~9zHCIptljwn*a*&kautq=Um zIBGt3B-Bsi#s=wO9bPmGkB_S5`arz7DCCxxwnPD=`Ls92vN)lc$HC8>W4zrYC>ocN zvTWesH8Q^aTJYvED-X{`jUeIVT;o{nU*s!&t(VrKG(dcO#+x48sWcrKnyIGx1@%&m z%i5Szcl*ObblIlEv81duiIqKvAG_A?=c-rMgq3SA)Q3d(eqX=x*`NV|3^wu5>K3Fx z*dIEWlaeeOnPLgZH6v4N@P<$rH2jP@4kBqd(P-^uN|s*Yx$Nf2UKkc){Oh3S;m zv}F<6G|2m_2Uh&-H#XM>6s5xSfxq=xa?Z9YQldI1)*s+t^tN&FrwTMCTKr-H)$1?m z+jD9=3ocnM)$Wc%*cT$0L-IfSZN)Sn7=%a_+s)*!|FrSTy$7~$Q=Ne0Yj+i!aWuDI zLP|8ua|cm`@aVgFD10VPWL{X$HPyE0ILXfbYObz z))Sq8HEKyt|CA*`k1O{JU=4^+<9J9XWCxuc+V_X}1G*p(_f1n;$R!><2prjHE#*fK zrmoou+&KCLd~zwy?{^6&d@FT~y;!VO-dekBP*k-OXvFU0imsH!!h}yf+Cy*qiV z_AHYNTn{q~f2}Yb7OSRehJqT7#3!F~{9@5~YPuX@qD$9%Gbu#XqWZKLNj@x&#{mw&pEv43k$+oCYGn( zc$!`TCG1=!?CfI0gJOmoqM43RrTcC@D35e-vi)j(I{p@0W|A1Ye({bQkXr@ECC7C`RS;n{gnl9CM`R2KPgQK50cBQxM zY)?MlV4E?y4*Jnax8$%#80S}HU9 zGD?<{;2ea)crap>H(d-Uij{XheZ!HA9coUnv{2(h8eopS$HQNh(qkP4KAgt8BMS$F zx&B*e+II`p+2iZ?z7yCjU{QGUrv3A{l;xq*AN3cy>bQ!Ezczz;B479!nJX&36f1@# zOt+!qNR9%YLi^MwRZxKK84f4&oY}?%o*dLnr|#}GOk%Y_h)VL z&l}DEEg=QpYk~S=^@F&8P_cCso~+xdFGM+xeQ^f7zjUZH9lxw#B@%g_nl zx0I2=v*IvWi>C)*MCC(p`q%Nc|4583|4UcObq{NHmZUrpXz*4qQciAcK^v@q$7Exa z6jYUfN))}TL*7DXn&6=yz6S4-)$jno@uNmBzkY)#m-bew{(u%Us2#C6`dYp0kzx23 zCF5rEJ6}-Bvu{AFG*e^wW=?-h%dIyRfTr+@h}iy(xkvkFNm8YQ;v!cgKxKswiY;F$ z0NR?BfN#wI)QMawRGr`5pZ3~TAdoJf^M0Bww)bogP23M}Cz6By{SSpUL@E zplXSVx8+os1;Lh@Xast#{nZtEkwLx*;tYZg)2$j)?VmA^6ne-Lr{3mA^b{z+wX_&} z@1WtC%^=?YQ3Q18wp|W+mZQ_6l#fFv>Q0TD))eK ze!(@&%Ee+Ju2^ovq?As!riQnAarxZY&)8RDcYN*QitgztrX@DAl(Hm}qxynQ{{bg~ zy-1zc;$P6BS1>Ie+=Ucez`Dh);(KEgzi}G$LEvc@3 zcNVuqQ(8fOZe*;@poeoD5W}cDdG+SU?V3?e*ho>FM#i{{?`R?FhDN*hn9j18f*ZL zK}j|9c1)#2!IFY>w%FV`wD$~hXKT;={v&{5EUaVS4Gjl*?j%pKxUb#-jk@q2iQ6Oi z#c!ACKX?`D48xz;+-a#)Jbe@;n>%E~O>yk!YN6L@Phu-V!M7u1#xNRRxCtHYO|7-W zIhkrNIXPHm`Swrid1(h|J+`T;^GxJ5cB`cJi_0qq>5;{#dq6pLI$zdP@xtmiMZri> zx!cC@%4Tsnt&pSXn>X}p>m>IyF!s$<8O{kOY@E^llTvS>z@^E<2$N1+pSHGd;TkrW1{;rc)e;`{85>o3k0-z>Bm=+YlMOw_xeUr}W^nWLA`-Rj(GT!miT62FrLJsf6`AaVJ`Ad z#BUFBT3N`>BBpH83b!bkloCQn9nvaHcnjfD2k7Tvb|213nxr$|WJlx^fKzN`?;3`P zsS>J)O@VWS_ogaCN{KY(~#*%}aU$}sXO8UZ(LU@a}LT)e@NyWy-G zs3-9GHhCAqF+uN1ImdlX{47o?Cs%=+?D(U?qQGLp;=Gu z2|a(2Gne>TY{VC+zTvBNt2ewqr|tGdM?U{F?Jp|74d)?%uZsnU=VVd>O@1gy8ma+t zqMa*N2qO1N7y12%NJy?ffc{_i@-q&F{^w5~WyQ9AC=fJF?-&{u#kgTUv+ zbZ}UPfzou9;0VL&Luo8!^rF{H1voii7UnSY-x9y!43N0r!9=04crs87v_O!IKiUIb zFhKb*x}@a7)y=8g4UNkS9x~W*Gxmh*#PQ2JDO4yyuoqe^(Xe8O>$!2vNZVLK<^735 z<)ML4CNwOV(4sILrc;=L4w3Zl#d1(l$s0A$F_ITBFw>BdGOH+IP*8va6{8h63^H+$ zMdM(1e@zfu(9_VzL1;k%B!N)eNSBVFGm3_2x`0#Cy3{mu8#V>)pp1Xa=Yq5JIqq@Q4S%J zHo4_YPEqCw~-{3#eT-?wfD(YdA4)eT}_ceC@+ zUO+(pE!rLI#wj1PskMznU~^bNoPB3yHDXXa2zNUr4_|5bd1Em4$Rhu4kKlqJgv5s>U8DhO5~3zJ3_gcWXfJ z$fNQ3`B_5Hf_rzCgW(SkpiHE<%)_elZuX!{Fnz7%)N(?sa{IK;xwAF1AS*!dS-EsC zIS_exCt#SYr<{vQwxe2!yn-S$kSMBLEeJu258Kp`e#6>^wF>E-!bCe#aPDwOyF|R)&^x zdEG-U`?up0aKwB-T&Li!qqSm^M}FuOGLLj-0+Yi7q3Cr`X-70(Xe-c!YEE4rC5|+i zZ2NVr(`VlofAh%rPvaq`XhS#`77WsG@ga}YOf+y!yP+SKUMLst%vrZ!=*a0GXe!0+ zgXxdvI3(%oyJhU&uy`u+Ir-XB)&9|rK#S8g^zsUjd2N+AqK?A$*ALVdq#QZHB#6KT zkf9?}5JMf*kXRa>0L}-RLo1i{IqZ34kCr|3W`HZ|!fy0|_|@bTkdnnx|2MWgtM1JV zNwl}$^`nV(u0nm^y4$lpoSIz^&uico(86X`QzI3SlD#onwUO_mR*au%gwu@<@uz+f z&x*$Q>qEuiNYow$zO3dKVR}}2dY;y|&nTm?;)hK6+2WM&!x`jx<-+4^&=$??9`w0G z|9K6B0}+6v27KDom4W~LGJ6f(Phx(3Eb#^|O!gj?wX= zL3f=mFv;NorY-z8H`kq*V8@$$pU2)vR!A!jb4zNBgyX%d1N8nepvQ17)Ba6M7*4Cd zTF!vUlGmdwj0wN60ieg5^u(LT3=3KiB(@Tzc32)%3Sz|vR0LLh>EqkkYE|tATT7`y zfff@Km@1MG*vy%PIPCi^6t!2Y3dhZcdj)v;%l-C=5zfMEq>x1>VZB!Et8=-{B{bHCn!01POn1e5^X-&VUtfSZY>leF~K!0vav zg&rSs}B~dqp~AgU1us1Wh^Bz?3{2u_h~6A`pTzriw{jnt-#_p zZ^1kPV7n-wdy;}c)TJalnPiO0&MF@8BT5Em`!b%~Y}s`QIluh@l7z?+(-T8+AO}~M z3t7itigjB>hD!Ps&lnP+wSV~z>QNdTu%ZB6woE?YA+plz6#@b0M{{C#?UldUbhObFM zF_x4A)WG@P!+TPHfso9#q)Iub1o?xY=&%6kma}7dC`?LF#)n=D{WAI(&EI)ZyQ$(S zA5tzZkA>GAaaumR(c zgcn)JAr-jFH~HD9Ae&iB?PnO8G5FGPVQ(MDg>~_wp*IxJEsqA$;=qPeJ)M?eKg44F zp=rnu{jPg+Eb>^nt#4H%7=eLC!dcbh{gSeF_vL0 z#IfL5At*r*Tskz9Asj^SRH}Kg?!KfQxQq|FA!Ct`BbAZoW@cbwVhe{Wgu~oh3AO(e5XlOXGY6>L(V##0%+OSiwh;L2EVX$E9F2d@N@bBg2>rRum z1HI1o+>UD_dlE|uHRLZ`9ofB=P=YbLZNy~)b=3%j89&v*q$sf6!&5dr*_hYd5wCEZ zDH1%E#I^4D2$1~odNZ}0mmR2A4l85qZ zS?T2um7R$zM4>nm^l>HM*#=i-GEk)Y<2qQ7ItRU^#o2bi&tQNv%emA+L)h(2Jo6XVyTxKM zG3_R{?JKP2-}m&ObNP3JWicFk%J%dE%w1C(E)w4>cPaGt0I#&~!Y=VW6$g4GbEw9z zH$qy^=u6%CT2|}znjP{iEu*-K-=YZ9*E%<*SC^_vN~&-yLpUQe)%Bitb>T zqUYSRjGvL8k})IG1ts;Wn;NE?JuiE%!o~6D7z!MnPmm$bX&PlU8(oNM&9kIPY>+=u z#7FJv;^LjL;t)>i)Ypx|RfK)kM>AKi`*e-o&1(rQR0z|IOlav$7oUjfGz-wPzr*+q zx$Wt`2yS}bX*-6_*t^bPp&a~WYFZ|ott>H?@m3c zIMhdos0jCYf}BevxfrYRa2WSte{%+p)f2P-Hk3Q6oY&`E$<$aqsUzgZN6nTF-7NhT z&YEfMQy3x!x^&S(Gme226-w2Jg(#D0{+QMdJI?NiUVia;BVL7L9E z15o-J){CC8ebk=Cw((brqzlAgiLe?{B=7sf<_mhzTVLna!Lf#r3jXD^!WVU3HV%Bs zUF(Tj%>s*Jx}|PU8*9_?PEc-py&RP~$upGsYwFRAubpqrXHFhJJ@)8vOFCa7=6lU? z%6{8*R+*;qyQK^qC?p%+;3}By~I=xhPT- zlM)j@(v{$BC&r7o2!`8+n5l5jJMQf7&VKjecNA*0!Vq9%Q)3Rrimp6uKS<-V-d;m( zs$`WG6@7cTyw`ZMCOGqeuHJEdQ-XqdJ?~dNrMY2u>G!Q0w};`jP`ZcFhTJYE!>i{6 ziDXw)?}xO%dw&QZis-?`K1U1^iJ9|31-rUw>NlH{#LpnEW4YRgzKi!WutQDX-b$ao zxct^`*Y6i892~7W?=yH7RVGf}@ZK_p=)nDrO5-Ax2{C($NVcQzwwz)=kod7PHg+2J z=*u5;-w)Jkb=}5Ip0bWvK0pz(&LgsC)(fGZKd%{XKr_d3znk$2Zzejg@t6N%Ou^P- zE>v+8>CY$=b8WobF4_djDeU?uKJ?IcUPRTA+&r}37ofbeigabH-7JgVeQivcXJz%8 zR^%ZkGNgw|DR4}EJ0s;hD@jX7(7qhe);BiRo6Wr%zs|z^e&p(ntbKyQM~uinW4zj- z+a8hTVH0aT;Xc01TVlGJM(@h!s%@mN9_V;KemNa=Fep@D+9vu0y;fO~8a+=`&EjY5 zlLBg2S5ETsBIJpyL*EL$eqf%k#neJcY3XxKBcC$lsgm|P?b1%$$QYgPe}BYrwHwV( z3Old8+kV83&1qYpSKSxP*sSIQ^wS!SxvI=CZPlEU(?xYTDt1{GvyG;3@h z@K3KsZF^|`BA%MrJrmUa)c%!?{o}^1&IpOgF+2OIjN7AFykN;VGEN?PECLlOw@S}m-D*?xtV17LC$t~Vja#47?cX&)Btg4!Lm<%R+T230I`y`KJ-_~6h7pH}%V^cOP>hLb(<9kmy z%zdr6*}YUz`ZDA`-6wd}{Pg5*PQMZNfs^FYmy^P z8n!wPp1eYCcqy5@>g6X@)f9+bhui(9Q z(jR9;Mk0$W_4)9AgiA{1^o4@__Npv?DT`9?RB7~Z28jEXJmO(Ab!IhGRw;|;@j_&| zSjtMVW9Q~({@*8QDHN3WH1!e_OGKCI;Kaz^`rJz$P3cT;@e^8(1;!R%J{(j|H<9 z3NFtP@fd?mFCGrz@oi);paK! zqsNYBdU;H_<22!Bymu>pccH2>-yA?TxW?CXuDP$B6vY)}ncRw(lfGufL0eax|Gv=} z4!D~fXb)$9fZ;dI{S0BZ-Bfa45v$P$e6%S*7Ru9JkXf&F){R3)4=3epvE4w^ar<8k zj)zjA3)Bz_Qq1yYMUrIH?o9nrP5OI+5@3@UQ;9S8u^K*eZQEZmjBInkzl@g^nUkZz zL+jd|E;e?>rN_s*8GkbS{X|Z2BPlImGgepS&KFAt3l#GK>r3y?@6k)ECN5Z{4i$e{ zH(7R{7IhBox;IbhyeSvYm}4XZX=zWJd=L_41X6TR^0lA)no(C}Hz7UmLh4Z`n?u!Z z(YtX$o}QHMXUUoA(T4I1N>^PgyR*|7{TU)|Ds?xfrh;?;P6}&%A~V%$({Z2P1lwu3 bqXWsIKMd=&bvXq3*@NU|RHVzKOyU0rTkX@S From fd860e6c6985cfa2469fc78ae4d784bdf9a9a473 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 4 Dec 2021 10:23:59 +0000 Subject: [PATCH 1766/1961] flip RFP newwin max values, closes #1286 --- user.js | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index af8b477..cf9df45 100644 --- a/user.js +++ b/user.js @@ -8,7 +8,7 @@ * README: 1. Consider using Tor Browser if it meets your needs or fits your threat model - * https://www.torproject.org/about/torusers.html.en + * https://2019.www.torproject.org/about/torusers.html 2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries * https://github.com/arkenfox/user.js/wiki 3. If you skipped step 2, return to step 2 @@ -479,7 +479,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * no unsafe renegotiations on the channel between the browser and the server. * [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation - * [2] https://tools.ietf.org/html/rfc5746 + * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [4] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); @@ -1031,12 +1031,11 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs") * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); -/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] - * Width will round down to multiples of 200s and height to 100s, to fit your screen. - * The max values are a starting point to round from if you want some control +/* 4502: set new window size rounding max values [FF55+] + * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * [1] https://bugzilla.mozilla.org/1330882 ***/ - // user_pref("privacy.window.maxInnerWidth", 1000); - // user_pref("privacy.window.maxInnerHeight", 1000); +user_pref("privacy.window.maxInnerWidth", 1600); +user_pref("privacy.window.maxInnerHeight", 900); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ @@ -1221,7 +1220,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF91+ ***/ +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ // placeholder /*** [SECTION 7000]: DON'T BOTHER ***/ From 9d61992c8cc2a46fb58ea79866aced25e3574d9b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 5 Dec 2021 19:49:32 +0000 Subject: [PATCH 1767/1961] don't clear offlineApps on shutdown, #1291 - in v94 we switched to cookies lifetime as session, so users could use site exceptions to retain selected cookies (to stay logged in one assumes) - that mean not deleting all cookies on shutdown - but some login methods/types require more than cookies and also need the "site data" part of "cookies + site data" - that's the offlineApps part - note: all site data (and cookies) is still cleared on close except site exceptions --- user.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index cf9df45..4087fc3 100644 --- a/user.js +++ b/user.js @@ -902,8 +902,9 @@ user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] user_pref("privacy.clearOnShutdown.cookies", false); -user_pref("privacy.clearOnShutdown.offlineApps", true); + // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History @@ -914,11 +915,11 @@ user_pref("privacy.cpd.cache", true); // [DEFAULT: true] user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] user_pref("privacy.cpd.history", true); // [DEFAULT: true] user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] +user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] user_pref("privacy.cpd.cookies", false); -user_pref("privacy.cpd.offlineApps", true); // user_pref("privacy.cpd.downloads", true); // not used, see note above - // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] this is not listed - // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] Site Preferences + // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed + // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] /* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) From ec595c3b95909998695a714e96dfcf2a29823ba1 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 5 Dec 2021 19:59:33 +0000 Subject: [PATCH 1768/1961] fixup duplicate line --- user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/user.js b/user.js index 4087fc3..5f06eb4 100644 --- a/user.js +++ b/user.js @@ -905,7 +905,6 @@ user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] user_pref("privacy.clearOnShutdown.cookies", false); // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] - // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] Site Preferences /* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox From b60a888da3c9df3862b9dbaff1b1ac2621e67db2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 6 Dec 2021 14:45:47 +0000 Subject: [PATCH 1769/1961] update WebRTC, closes #1282 --- user.js | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/user.js b/user.js index 5f06eb4..6064f03 100644 --- a/user.js +++ b/user.js @@ -631,18 +631,25 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * [SETUP-WEB] WebRTC can leak your private network address from behind your VPN, but if this - * is not your threat model, and you want Real-Time Communication, this is the pref for you ***/ -user_pref("media.peerconnection.enabled", false); -/* 2002: limit WebRTC private network address leaks - * In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3] + * Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the + * private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after + * you grant device (microphone or camera) access + * [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC * [TEST] https://browserleaks.com/webrtc - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 - * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy - * [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/ + * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ + * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ + // user_pref("media.peerconnection.enabled", false); +/* 2002: force WebRTC inside the proxy [FF70+] ***/ +user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +/* 2003: force a single network interface for ICE candidates generation [FF42+] + * When using a system-wide proxy, it uses the proxy interface + * [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate + * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); -user_pref("media.peerconnection.ice.no_host", true); // [FF51+] -user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+] +/* 2004: force exclusion of private IPs from ICE candidates [FF51+] + * [SETUP-HARDEN] This will protect your private IP even in TRUSTED scenarios after you + * grant device access, but often results in breakage on video-conferencing platforms ***/ + // user_pref("media.peerconnection.ice.no_host", true); /* 2020: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); From fec5168203edf80768d67fef3eda664b0c899cc6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Dec 2021 04:28:47 +0000 Subject: [PATCH 1770/1961] 95 deprecated --- user.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 6064f03..69e0fae 100644 --- a/user.js +++ b/user.js @@ -370,9 +370,9 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * [1] https://bugzilla.mozilla.org/1642623 ***/ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); /* 0807: disable location bar contextual suggestions [FF92+] - * [SETTING] Privacy & Security>Address Bar>Contextual Suggestions + * [SETTING] Privacy & Security>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ -user_pref("browser.urlbar.suggest.quicksuggest", false); +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); /* 0808: disable tab-to-search [FF85+] * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search @@ -1363,11 +1363,11 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("full-screen-api.warning.timeout", 0); /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] - // 0=light, 1=dark: with RFP this only affects chrome // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] // 0=no-preference, 1=reduce: with RFP this only affects chrome + // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] + // 0=light, 1=dark: with RFP this only affects chrome /* CONTENT BEHAVIOR ***/ // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] @@ -1411,6 +1411,10 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m // 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 // [-] https://bugzilla.mozilla.org/1715507 // user_pref("layout.css.font-visibility.level", 1); +// FF95 +// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 + // [-] https://bugzilla.mozilla.org/1735976 +user_pref("browser.urlbar.suggest.quicksuggest", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 7e1b92567ca2bb76ad358d0fc786fd60b3cf7970 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 8 Dec 2021 12:13:47 +0000 Subject: [PATCH 1771/1961] 95 final --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 69e0fae..af1d2a6 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 24 November 2021 -* version 95-alpha +* date: 8 December 2021 +* version 95 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt From 72cc4d176ea08b4373e437f9f3f44e92da547c92 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 11:41:18 +0000 Subject: [PATCH 1772/1961] 0706: network.proxy.allow_bypass, closes #1292 --- user.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index af1d2a6..c0993af 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 8 December 2021 -* version 95 +* date: 9 December 2021 +* version 96-alpha * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -327,6 +327,12 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [SETUP-CHROME] If you use a proxy and you trust your extensions * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/ // user_pref("network.proxy.failover_direct", false); +/* 0706: disable proxy bypass for system request failures [FF95+] + * RemoteSettings, UpdateService, Telemetry [1] + * [WARNING] If false, this will break the fallback for some security features + * [SETUP-CHROME] If you use a proxy and you understand the security impact + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ + // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF] /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] From fe75baa79f407c2dd2368c4170265c10f0904da9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 11:44:51 +0000 Subject: [PATCH 1773/1961] move DNT to DON'T BOTHER --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index c0993af..3784ca6 100644 --- a/user.js +++ b/user.js @@ -612,10 +612,6 @@ user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); -/* 1603: enable the DNT (Do Not Track) HTTP header - * [NOTE] DNT is enforced with Enhanced Tracking Protection (2710) - * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ - // user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 1700]: CONTAINERS Check out Temporary Containers [2], read the article [3], and visit the wiki/repo [4] @@ -1318,6 +1314,9 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] It can compromise security. System addons ship with prefs, use those ***/ // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] // user_pref("extensions.systemAddon.update.url", ""); // [FF44+] +/* 7015: enable the DNT (Do Not Track) HTTP header + * [WHY] DNT is enforced with Tracking Protection (2710) ***/ + // user_pref("privacy.donottrackheader.enabled", true); /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From f7bba92c71cc71455b0128fc4f4c739eae1cca16 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 12:28:45 +0000 Subject: [PATCH 1774/1961] cleanout FPI section farewell parrot --- user.js | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/user.js b/user.js index 3784ca6..e1475cc 100644 --- a/user.js +++ b/user.js @@ -941,45 +941,10 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) - 1278037 - indexedDB (FF51+) - 1277803 - favicons (FF52+) - 1264562 - OCSP cache (FF52+) - 1268726 - Shared Workers (FF52+) - 1316283 - SSL session cache (FF52+) - 1317927 - media cache (FF53+) - 1323644 - HSTS and HPKP (FF54+) - 1334690 - HTTP Alternative Services (FF54+) - 1334693 - SPDY/HTTP2 (FF55+) - 1337893 - DNS cache (FF55+) - 1344170 - blob: URI (FF55+) - 1300671 - data:, about: URLs (FF55+) - 1473247 - IP addresses (FF63+) - 1542309 - top-level domain URLs when host is in the public suffix list (FF68+) - 1506693 - pdfjs range-based requests (FF68+) - 1330467 - site permissions (FF69+) - 1534339 - IPv6 (FF73+) - 1721858 - WebSocket (FF92+) -***/ +/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) ***/ user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); -/* 4001: enable First Party Isolation [FF51+] - * [SETUP-WEB] Breaks some cross-origin logins - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/ +/* 4001: enable First Party Isolation [FF51+] ***/ user_pref("privacy.firstparty.isolate", true); -/* 4002: enforce FPI restriction for window.opener [FF54+] - * [NOTE] Setting this to false may reduce the breakage in 4001 - * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But - * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3] - * The 2nd pref removes that limitation and will only allow communication if FPDs also match - * [1] https://bugzilla.mozilla.org/1319773#c22 - * [2] https://bugzilla.mozilla.org/1492607 - * [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/ - // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] - // user_pref("privacy.firstparty.isolate.block_post_message", true); -/* 4003: enable scheme with FPI [FF78+] - * [NOTE] Experimental: existing data and site permissions are incompatible - * and some site exceptions may not work e.g. HTTPS-only mode (1244) ***/ - // user_pref("privacy.firstparty.isolate.use_site", true); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. From 97322d6e8bcf5082cfee601e480c520f0008a422 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 12:31:38 +0000 Subject: [PATCH 1775/1961] various inactive FPI prefs --- scratchpad-scripts/arkenfox-clear-removed.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index cc8d330..17e39e2 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -13,6 +13,10 @@ const aPREFS = [ /* removed in arkenfox user.js */ + /* 92+ */ + 'privacy.firstparty.isolate.block_post_message', + 'privacy.firstparty.isolate.restrict_opener_access', + 'privacy.firstparty.isolate.use_site', /* 79-91 */ 'alerts.showFavicons', 'browser.newtabpage.activity-stream.asrouter.providers.snippets', From 0634a568efeca4d837a34dae47b1a3b14c85dccd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 13:45:46 +0000 Subject: [PATCH 1776/1961] remove redundant site data prefs we've never used these - service workers are disabled (or soon to be covered by dFPI when enabled) and sanitizing is already done (or will be done via enhanced cookie cleaning) - storage API, storage access API: we sanitize on close, and sites are isolated by eTLD+1 --- user.js | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/user.js b/user.js index e1475cc..f26212d 100644 --- a/user.js +++ b/user.js @@ -856,21 +856,6 @@ user_pref("privacy.trackingprotection.enabled", true); user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] -/* 2740: disable service worker cache and cache storage - * [NOTE] We clear service worker cache on exit (2811) - * [1] https://w3c.github.io/ServiceWorker/#privacy ***/ - // user_pref("dom.caches.enabled", false); -/* 2750: disable Storage API [FF51+] - * The API gives sites the ability to find out how much space they can use, how much - * they are already using, and even control whether or not they need to be alerted - * before the user agent disposes of site data in order to make room for other things. - * [1] https://developer.mozilla.org/docs/Web/API/StorageManager - * [2] https://developer.mozilla.org/docs/Web/API/Storage_API - * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ - // user_pref("dom.storageManager.enabled", false); -/* 2755: disable Storage Access API [FF65+] - * [1] https://developer.mozilla.org/docs/Web/API/Storage_Access_API ***/ - // user_pref("dom.storage_access.enabled", false); /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] From 83602baa38e70bf8a4a87837ab1cc5f5cff87bf8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 13:47:57 +0000 Subject: [PATCH 1777/1961] misc site storage/data prefs been inactive since jesus was a baby --- scratchpad-scripts/arkenfox-clear-removed.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index 17e39e2..b78cc94 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -14,6 +14,9 @@ const aPREFS = [ /* removed in arkenfox user.js */ /* 92+ */ + 'dom.caches.enabled', + 'dom.storageManager.enabled', + 'dom.storage_access.enabled', 'privacy.firstparty.isolate.block_post_message', 'privacy.firstparty.isolate.restrict_opener_access', 'privacy.firstparty.isolate.use_site', From 1fc43574d6cb0a229892738d7b9117a4e4f1fa2c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 14:00:21 +0000 Subject: [PATCH 1778/1961] move "cookie" permission info into 2801 --- user.js | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index f26212d..298366f 100644 --- a/user.js +++ b/user.js @@ -54,7 +54,7 @@ 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) 2600: MISCELLANEOUS - 2700: PERSISTENT STORAGE + 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) @@ -819,19 +819,7 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -/*** [SECTION 2700]: PERSISTENT STORAGE - Data SET by websites including - cookies : profile\cookies.sqlite - localStorage : profile\webappsstore.sqlite - indexedDB : profile\storage\default - serviceWorkers : - - [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode - [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), - indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications) - If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become - accessible to websites except shared/service workers where the cookie setting must be "Allow" -***/ +/*** [SECTION 2700]: ETP (Enhanced Tracking Protection) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB] * 0 = Accept cookies and site data @@ -864,6 +852,8 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ /* 2801: delete cookies and site data on exit * 0=keep until they expire (default), 2=keep until you close Firefox + * [NOTE] A "cookie" permission also controls localStorage/sessionStorage, idexedDB. + * sharedWorkers and serviceWorkers required an `Allow` permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com From 5d508e42422ab910dfd3155f223f0a0cab216808 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 14:05:47 +0000 Subject: [PATCH 1779/1961] move LSNG to don't touch --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 298366f..580d006 100644 --- a/user.js +++ b/user.js @@ -844,8 +844,6 @@ user_pref("privacy.trackingprotection.enabled", true); user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] -/* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ -user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -1169,6 +1167,8 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] +/* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ +user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ // placeholder From de28689e76f16820f4e34acb3fc850b2b47418df Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 14:13:39 +0000 Subject: [PATCH 1780/1961] flip from FPI to dFPI I will tidy and expand 2700 entries later --- user.js | 52 ++++++++++++++++++++-------------------------------- 1 file changed, 20 insertions(+), 32 deletions(-) diff --git a/user.js b/user.js index 580d006..d00c8e5 100644 --- a/user.js +++ b/user.js @@ -56,7 +56,6 @@ 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING - 4000: FPI (FIRST PARTY ISOLATION) 4500: RFP (RESIST FINGERPRINTING) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING @@ -819,31 +818,14 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -/*** [SECTION 2700]: ETP (Enhanced Tracking Protection) ***/ +/*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB] - * 0 = Accept cookies and site data - * 1 = (Block) All third-party cookies - * 2 = (Block) All cookies - * 3 = (Block) Cookies from unvisited websites - * 4 = (Block) Cross-site tracking cookies (default) - * 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+) - * Option 5 with FPI enabled (4001) is ignored and not shown, and option 4 used instead - * [NOTE] You can set cookie exceptions under site permissions or use an extension - * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored - * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies - * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/ -user_pref("network.cookie.cookieBehavior", 1); -user_pref("browser.contentblocking.category", "custom"); -/* 2710: enable Enhanced Tracking Protection (ETP) in all windows - * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content +/* 2701: enable Enhanced Tracking Protection's (ETP) Strict Mode [FF86+] + * Strict Mode enables Total Cookie Protection (dFPI /dynamic FPI) + * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ -user_pref("privacy.trackingprotection.enabled", true); -/* 2711: enable various ETP lists ***/ -user_pref("privacy.trackingprotection.socialtracking.enabled", true); - // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] - // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] +user_pref("browser.contentblocking.category", "strict"); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -914,11 +896,6 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION) ***/ -user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); -/* 4001: enable First Party Isolation [FF51+] ***/ -user_pref("privacy.firstparty.isolate", true); - /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want @@ -1169,6 +1146,10 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] /* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] +/* 6008: enforce no First Party Isolation [FF51+] + * [WARNING] FPI is no longer supported and is replaced by network partitioning (FF85+) + * and dFPI (2701), and enabling FPI disables those ***/ +user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ // placeholder @@ -1210,8 +1191,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); /* 7005: disable SSL session IDs [FF36+] - * [WHY] Passive fingerprinting and perf costs. These are session-only and isolated - * with network partitioning (FF85+) or when using FPI and/or containers ***/ + * [WHY] Passive fingerprinting and perf costs. These are session-only + * and isolated with network partitioning (FF85+) and/or containers ***/ // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ @@ -1234,7 +1215,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 7010: disable HTTP Alternative Services [FF37+] - * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ + * [WHY] Already isolated by network partitioning (FF85+) ***/ // user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] /* 7011: disable website control over browser right-click context menu @@ -1255,8 +1236,15 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+] // user_pref("extensions.systemAddon.update.url", ""); // [FF44+] /* 7015: enable the DNT (Do Not Track) HTTP header - * [WHY] DNT is enforced with Tracking Protection (2710) ***/ + * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/ // user_pref("privacy.donottrackheader.enabled", true); +/* 7016: customize ETP settings + * [WHY] Just use strict which sets these at runtime (2701) ***/ + // user_pref("network.cookie.cookieBehavior", 5); + // user_pref("privacy.trackingprotection.enabled", true); + // user_pref("privacy.trackingprotection.socialtracking.enabled", true); + // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] + // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /*** [SECTION 8000]: DON'T BOTHER: NON-RFP [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From 4d5abd6cc39ab67a52578c7849e1076198009925 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 14:18:25 +0000 Subject: [PATCH 1781/1961] tweak 8000 title lets not encourage non-RFP users to see this as a sign to use them --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index d00c8e5..12dfb76 100644 --- a/user.js +++ b/user.js @@ -61,7 +61,7 @@ 5500: OPTIONAL HARDENING 6000: DON'T TOUCH 7000: DON'T BOTHER - 8000: DON'T BOTHER: NON-RFP + 8000: DON'T BOTHER: FINGERPRINTING 9000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED @@ -1246,7 +1246,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] -/*** [SECTION 8000]: DON'T BOTHER: NON-RFP +/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere ***/ From 8860c90abf5c1fb0f87661c3327ae4e75992be13 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 14:31:41 +0000 Subject: [PATCH 1782/1961] make service workers inactive currently 3rd party service workers are blocked in FF95 when dFPI is enabled (which this version has should anyone update to 96-alpha) - but I get an error even on first party - https://arkenfox.github.io/TZP/tzp.html#storage - I get : service worker | test : enabled | failed: SecurityError in FF96+ service workers they are covered by dFPI - see https://bugzilla.mozilla.org/show_bug.cgi?id=1731999 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 12dfb76..8e93194 100644 --- a/user.js +++ b/user.js @@ -698,7 +698,7 @@ user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); * service worker notifications (2304), push notifications (disabled, 2305) and service worker * cache (2740). If you enable this pref, then check those settings as well * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/ -user_pref("dom.serviceWorkers.enabled", false); + // user_pref("dom.serviceWorkers.enabled", false); /* 2304: disable Web Notifications * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (7002) * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ From d5bc6715cd3d416b5c09af6be8d5a561df9de19a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 16:14:36 +0000 Subject: [PATCH 1783/1961] remove web workers section farewell parrot --- user.js | 67 ++++++++++++++++++--------------------------------------- 1 file changed, 21 insertions(+), 46 deletions(-) diff --git a/user.js b/user.js index 8e93194..aca695b 100644 --- a/user.js +++ b/user.js @@ -51,7 +51,6 @@ 1600: HEADERS / REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC - 2300: WEB WORKERS 2400: DOM (DOCUMENT OBJECT MODEL) 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) @@ -675,46 +674,6 @@ user_pref("media.eme.enabled", false); * [1] https://support.mozilla.org/questions/1293231 ***/ user_pref("media.autoplay.blocking_policy", 2); -/*** [SECTION 2300]: WEB WORKERS - A worker is a JS "background task" running in a global context, i.e. it is different from - the current window. Workers can spawn new workers (must be the same origin & scheme), - including service and shared workers. Shared workers can be utilized by multiple scripts and - communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. - - [1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API - [2] Worker: https://developer.mozilla.org/docs/Web/API/Worker - [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API - [4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker - [5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker - [6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820 -***/ -user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!"); -/* 2302: disable service workers [FF32, FF44-compat] - * Service workers essentially act as proxy servers that sit between web apps, and the - * browser and network, are event driven, and can control the web page/site they are associated - * with, intercepting and modifying navigation and resource requests, and caching resources. - * [NOTE] Service workers require HTTPS, have no DOM access, and are not supported in PB mode [1] - * [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for - * service worker notifications (2304), push notifications (disabled, 2305) and service worker - * cache (2740). If you enable this pref, then check those settings as well - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/ - // user_pref("dom.serviceWorkers.enabled", false); -/* 2304: disable Web Notifications - * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (7002) - * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/ - // user_pref("dom.webnotifications.enabled", false); // [FF22+] - // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] -/* 2305: disable Push Notifications [FF44+] - * Push is an API that allows websites to send you (subscribed) messages even when the site - * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server - * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind - * a prompt (7002). Disabling service workers alone doesn't stop Firefox polling the - * Mozilla Push Server. To remove all subscriptions, reset your userAgentID. - * [1] https://support.mozilla.org/kb/push-notifications-firefox - * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ -user_pref("dom.push.enabled", false); - // user_pref("dom.push.userAgentID", ""); - /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2401: disable "Confirm you want to leave" dialog on page close @@ -728,6 +687,19 @@ user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/* 2410: disable Web Notifications + * [NOTE] Web Notifications are behind a prompt (7002) ***/ + // user_pref("dom.webnotifications.enabled", false); // [FF22+] + // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] +/* 2411: disable Push Notifications [FF44+] + * Push allows websites to send you subscribed messages through Mozilla's Push Server, + * and requires service workers to subscribe to and display, and is behind a prompt (7002) + * [NOTE] Disabling service workers alone doesn't stop Firefox polling the Mozilla Push Server + * [NOTE] To remove all subscriptions, reset your userAgentID + * [1] https://support.mozilla.org/kb/push-notifications-firefox + * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ +user_pref("dom.push.enabled", false); + // user_pref("dom.push.userAgentID", ""); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -821,7 +793,7 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); /*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: enable Enhanced Tracking Protection's (ETP) Strict Mode [FF86+] - * Strict Mode enables Total Cookie Protection (dFPI /dynamic FPI) + * [NOTE] ETP Strict Mode enables Total Cookie Protection (TCP) * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ @@ -833,7 +805,7 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /* 2801: delete cookies and site data on exit * 0=keep until they expire (default), 2=keep until you close Firefox * [NOTE] A "cookie" permission also controls localStorage/sessionStorage, idexedDB. - * sharedWorkers and serviceWorkers required an `Allow` permission + * sharedWorkers and serviceWorkers require an `Allow` permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com @@ -1147,8 +1119,8 @@ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] /* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /* 6008: enforce no First Party Isolation [FF51+] - * [WARNING] FPI is no longer supported and is replaced by network partitioning (FF85+) - * and dFPI (2701), and enabling FPI disables those ***/ + * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), + * and enabling FPI disables those. FPI is no longer maintained ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ // placeholder @@ -1215,7 +1187,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] /* 7010: disable HTTP Alternative Services [FF37+] - * [WHY] Already isolated by network partitioning (FF85+) ***/ + * [WHY] Already isolated with network partitioning (FF85+) ***/ // user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] /* 7011: disable website control over browser right-click context menu @@ -1245,6 +1217,9 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] +/* 7017: disable service workers [FF32, FF44-compat] + * [WHY] Already isolated (FF96+) with TCP (2701) or blocked in 3rd parties (FF95 or lower) ***/ + // user_pref("dom.serviceWorkers.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From d9f49bdf1fc7950bbaeb1882ee9e0d0fef31b9f9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 16:17:53 +0000 Subject: [PATCH 1784/1961] make 7017 clearer --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index aca695b..2c216a7 100644 --- a/user.js +++ b/user.js @@ -1218,7 +1218,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 7017: disable service workers [FF32, FF44-compat] - * [WHY] Already isolated (FF96+) with TCP (2701) or blocked in 3rd parties (FF95 or lower) ***/ + * [WHY] Already isolated (FF96+) with TCP (2701) or blocked with TCP in 3rd parties (FF95 or lower) ***/ // user_pref("dom.serviceWorkers.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING From ec7cb6a491feced2ab2f89880fc3c0538dbdf130 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 9 Dec 2021 17:17:52 +0000 Subject: [PATCH 1785/1961] 2702: partition service workers --- user.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 2c216a7..63579c1 100644 --- a/user.js +++ b/user.js @@ -798,6 +798,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); +/* 2702: enable state partitioning of service workers [FF96+] ***/ +user_pref("privacy.partition.serviceWorkers", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -1218,7 +1220,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 7017: disable service workers [FF32, FF44-compat] - * [WHY] Already isolated (FF96+) with TCP (2701) or blocked with TCP in 3rd parties (FF95 or lower) ***/ + * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2702) + * or blocked with TCP in 3rd parties (FF95 or lower) ***/ // user_pref("dom.serviceWorkers.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING From 13e5fe17b195ac1e6aa04e57fdca9052f2cfee0e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 06:56:43 +0000 Subject: [PATCH 1786/1961] remove rfpalts (#1288) --- updater.bat | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/updater.bat b/updater.bat index a806ca6..badd778 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.14 +REM ## version: 4.15 REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts -SET v=4.14 +SET v=4.15 VERIFY ON CD /D "%~dp0" @@ -23,7 +23,6 @@ IF /I "%~1"=="-merge" (SET _merge=1) IF /I "%~1"=="-updatebatch" (SET _updateb=1) IF /I "%~1"=="-singlebackup" (SET _singlebackup=1) IF /I "%~1"=="-esr" (SET _esr=1) -IF /I "%~1"=="-rfpalts" (SET _rfpalts=1) SHIFT GOTO parse :endparse @@ -141,10 +140,6 @@ IF EXIST user.js.new (DEL /F "user.js.new") CALL :message "Retrieving latest user.js file from github repository..." CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new" IF EXIST user.js.new ( - IF DEFINED _rfpalts ( - CALL :message "Activating RFP Alternatives section..." - CALL :activate user.js.new "[SETUP-non-RFP]" - ) IF DEFINED _esr ( CALL :message "Activating ESR section..." CALL :activate user.js.new ".x still uses all the following prefs" @@ -320,8 +315,6 @@ ECHO: Run without user input. CALL :message " -singleBackup" ECHO: Use a single backup file and overwrite it on new updates, instead of ECHO: cumulative backups. This was the default behaviour before v4.3. -CALL :message " -rfpAlts" -ECHO: Activate RFP Alternatives section CALL :message " -updateBatch" ECHO: Update the script itself on execution, before the normal routine. CALL :message "" From 1f0dc1853df76853f6559a2ddc99a4b98db76ea3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 09:13:09 +0000 Subject: [PATCH 1787/1961] merge scratchpads into one --- scratchpad-scripts/arkenfox-clear-removed.js | 202 ++++++++++++++++++- 1 file changed, 199 insertions(+), 3 deletions(-) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-clear-removed.js index b78cc94..d928daf 100644 --- a/scratchpad-scripts/arkenfox-clear-removed.js +++ b/scratchpad-scripts/arkenfox-clear-removed.js @@ -1,7 +1,9 @@ /*** - This will reset the preferences that have been removed completely from the arkenfox user.js. + This will reset the preferences that have been + - removed from the arkenfox user.js. + - deprecated by Mozilla but used in the arkenfox user.js in the past - Last updated: 29-August-2021 + Last updated: 11-December-2021 For instructions see: https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] @@ -12,7 +14,201 @@ if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); const aPREFS = [ - /* removed in arkenfox user.js */ + /* DEPRECATED */ + /* FF92+ */ + 'browser.urlbar.suggest.quicksuggest', // 95 + 'layout.css.font-visibility.level', // 94 + 'security.ssl3.rsa_des_ede3_sha', // 93 + /* FF79-91 */ + 'browser.cache.offline.storage.enable', + 'browser.download.hide_plugins_without_extensions', + 'browser.library.activity-stream.enabled', + 'browser.search.geoSpecificDefaults', + 'browser.search.geoSpecificDefaults.url', + 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', + 'dom.ipc.plugins.reportCrashURL', + 'dom.w3c_pointer_events.enabled', + 'intl.charset.fallback.override', + 'network.ftp.enabled', + 'plugin.state.flash', + 'security.mixed_content.block_object_subrequest', + 'security.ssl.errorReporting.automatic', + 'security.ssl.errorReporting.enabled', + 'security.ssl.errorReporting.url', + /* 69-78 */ + 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', + 'browser.tabs.remote.allowLinkedWebInFileUriProcess', + 'browser.urlbar.oneOffSearches', + 'devtools.webide.autoinstallADBExtension', + 'devtools.webide.enabled', + 'dom.indexedDB.enabled', + 'extensions.blocklist.url', + 'geo.wifi.logging.enabled', + 'geo.wifi.uri', + 'gfx.downloadable_fonts.woff2.enabled', + 'media.autoplay.allow-muted', + 'media.autoplay.enabled.user-gestures-needed', + 'offline-apps.allow_by_default', + 'plugins.click_to_play', + 'privacy.userContext.longPressBehavior', + 'toolkit.cosmeticAnimations.enabled', + 'toolkit.telemetry.hybridContent.enabled', + 'webgl.disable-extensions', + /* 61-68 */ + 'app.update.enabled', + 'browser.aboutHomeSnippets.updateUrl', + 'browser.chrome.errorReporter.enabled', + 'browser.chrome.errorReporter.submitUrl', + 'browser.chrome.favicons', + 'browser.ctrlTab.previews', + 'browser.fixup.hide_user_pass', + 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', + 'browser.newtabpage.activity-stream.disableSnippets', + 'browser.onboarding.enabled', + 'browser.search.countryCode', + 'browser.urlbar.autocomplete.enabled', + 'devtools.webide.adbAddonURL', + 'devtools.webide.autoinstallADBHelper', + 'dom.event.highrestimestamp.enabled', + 'experiments.activeExperiment', + 'experiments.enabled', + 'experiments.manifest.uri', + 'experiments.supported', + 'lightweightThemes.update.enabled', + 'media.autoplay.enabled', + 'network.allow-experiments', + 'network.cookie.lifetime.days', + 'network.jar.block-remote-files', + 'network.jar.open-unsafe-types', + 'plugin.state.java', + 'security.csp.enable_violation_events', + 'security.csp.experimentalEnabled', + 'shield.savant.enabled', + /* 60 or earlier */ + 'browser.bookmarks.showRecentlyBookmarked', + 'browser.casting.enabled', + 'browser.crashReports.unsubmittedCheck.autoSubmit', + 'browser.formautofill.enabled', + 'browser.formfill.saveHttpsForms', + 'browser.fullscreen.animate', + 'browser.history.allowPopState', + 'browser.history.allowPushState', + 'browser.history.allowReplaceState', + 'browser.newtabpage.activity-stream.enabled', + 'browser.newtabpage.directory.ping', + 'browser.newtabpage.directory.source', + 'browser.newtabpage.enhanced', + 'browser.newtabpage.introShown', + 'browser.pocket.api', + 'browser.pocket.enabled', + 'browser.pocket.oAuthConsumerKey', + 'browser.pocket.site', + 'browser.polaris.enabled', + 'browser.safebrowsing.appRepURL', + 'browser.safebrowsing.enabled', + 'browser.safebrowsing.gethashURL', + 'browser.safebrowsing.malware.reportURL', + 'browser.safebrowsing.provider.google.appRepURL', + 'browser.safebrowsing.reportErrorURL', + 'browser.safebrowsing.reportGenericURL', + 'browser.safebrowsing.reportMalwareErrorURL', + 'browser.safebrowsing.reportMalwareMistakeURL', + 'browser.safebrowsing.reportMalwareURL', + 'browser.safebrowsing.reportPhishMistakeURL', + 'browser.safebrowsing.reportURL', + 'browser.safebrowsing.updateURL', + 'browser.search.showOneOffButtons', + 'browser.selfsupport.enabled', + 'browser.selfsupport.url', + 'browser.sessionstore.privacy_level_deferred', + 'browser.tabs.animate', + 'browser.trackingprotection.gethashURL', + 'browser.trackingprotection.updateURL', + 'browser.urlbar.unifiedcomplete', + 'browser.usedOnWindows10.introURL', + 'camera.control.autofocus_moving_callback.enabled', + 'camera.control.face_detection.enabled', + 'datareporting.healthreport.about.reportUrl', + 'datareporting.healthreport.about.reportUrlUnified', + 'datareporting.healthreport.documentServerURI', + 'datareporting.healthreport.service.enabled', + 'datareporting.policy.dataSubmissionEnabled.v2', + 'devtools.webide.autoinstallFxdtAdapters', + 'dom.archivereader.enabled', + 'dom.battery.enabled', + 'dom.beforeAfterKeyboardEvent.enabled', + 'dom.disable_image_src_set', + 'dom.disable_window_open_feature.scrollbars', + 'dom.disable_window_status_change', + 'dom.enable_user_timing', + 'dom.flyweb.enabled', + 'dom.idle-observers-api.enabled', + 'dom.keyboardevent.code.enabled', + 'dom.network.enabled', + 'dom.push.udp.wakeupEnabled', + 'dom.telephony.enabled', + 'dom.vr.oculus050.enabled', + 'dom.workers.enabled', + 'dom.workers.sharedWorkers.enabled', + 'extensions.formautofill.experimental', + 'extensions.screenshots.system-disabled', + 'extensions.shield-recipe-client.api_url', + 'extensions.shield-recipe-client.enabled', + 'full-screen-api.approval-required', + 'general.useragent.locale', + 'geo.security.allowinsecure', + 'intl.locale.matchOS', + 'loop.enabled', + 'loop.facebook.appId', + 'loop.facebook.enabled', + 'loop.facebook.fallbackUrl', + 'loop.facebook.shareUrl', + 'loop.feedback.formURL', + 'loop.feedback.manualFormURL', + 'loop.logDomains', + 'loop.server', + 'media.block-play-until-visible', + 'media.eme.apiVisible', + 'media.eme.chromium-api.enabled', + 'media.getusermedia.screensharing.allow_on_old_platforms', + 'media.getusermedia.screensharing.allowed_domains', + 'media.gmp-eme-adobe.autoupdate', + 'media.gmp-eme-adobe.enabled', + 'media.gmp-eme-adobe.visible', + 'network.http.referer.userControlPolicy', + 'network.http.sendSecureXSiteReferrer', + 'network.http.spdy.enabled.http2draft', + 'network.http.spdy.enabled.v3-1', + 'network.websocket.enabled', + 'pageThumbs.enabled', + 'pfs.datasource.url', + 'plugin.scan.Acrobat', + 'plugin.scan.Quicktime', + 'plugin.scan.WindowsMediaPlayer', + 'plugins.enumerable_names', + 'plugins.update.notifyUser', + 'plugins.update.url', + 'privacy.clearOnShutdown.passwords', + 'privacy.donottrackheader.value', + 'security.mixed_content.send_hsts_priming', + 'security.mixed_content.use_hsts', + 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', + 'security.ssl3.ecdhe_rsa_rc4_128_sha', + 'security.ssl3.rsa_rc4_128_md5', + 'security.ssl3.rsa_rc4_128_sha', + 'security.tls.insecure_fallback_hosts.use_static_list', + 'security.tls.unrestricted_rc4_fallback', + 'security.xpconnect.plugin.unrestricted', + 'social.directories', + 'social.enabled', + 'social.remote-install.enabled', + 'social.share.activationPanelEnabled', + 'social.shareDirectory', + 'social.toast-notifications.enabled', + 'social.whitelist', + 'toolkit.telemetry.unifiedIsOptIn', + + /* REMOVED */ /* 92+ */ 'dom.caches.enabled', 'dom.storageManager.enabled', From 4ebabbb5692a25df6a5bf43911f13d078bb44e4e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 09:13:51 +0000 Subject: [PATCH 1788/1961] Delete arkenfox-clear-deprecated.js --- .../arkenfox-clear-deprecated.js | 232 ------------------ 1 file changed, 232 deletions(-) delete mode 100644 scratchpad-scripts/arkenfox-clear-deprecated.js diff --git a/scratchpad-scripts/arkenfox-clear-deprecated.js b/scratchpad-scripts/arkenfox-clear-deprecated.js deleted file mode 100644 index 9ef8100..0000000 --- a/scratchpad-scripts/arkenfox-clear-deprecated.js +++ /dev/null @@ -1,232 +0,0 @@ -/*** - Version: up to and including FF/ESR91 - - This will reset the preferences that have been deprecated by Mozilla - and used in the arkenfox user.js - - It is in reverse order, so feel free to remove sections that do not apply - - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] -***/ - -(() => { - - if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); - - const aPREFS = [ - /* deprecated */ - /* FF79-91 */ - 'browser.cache.offline.storage.enable', - 'browser.download.hide_plugins_without_extensions', - 'browser.library.activity-stream.enabled', - 'browser.search.geoSpecificDefaults', - 'browser.search.geoSpecificDefaults.url', - 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', - 'dom.ipc.plugins.reportCrashURL', - 'dom.w3c_pointer_events.enabled', - 'intl.charset.fallback.override', - 'network.ftp.enabled', - 'plugin.state.flash', - 'security.mixed_content.block_object_subrequest', - 'security.ssl.errorReporting.automatic', - 'security.ssl.errorReporting.enabled', - 'security.ssl.errorReporting.url', - /* 69-78 */ - 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - 'browser.urlbar.oneOffSearches', - 'devtools.webide.autoinstallADBExtension', - 'devtools.webide.enabled', - 'dom.indexedDB.enabled', - 'extensions.blocklist.url', - 'geo.wifi.logging.enabled', - 'geo.wifi.uri', - 'gfx.downloadable_fonts.woff2.enabled', - 'media.autoplay.allow-muted', - 'media.autoplay.enabled.user-gestures-needed', - 'offline-apps.allow_by_default', - 'plugins.click_to_play', - 'privacy.userContext.longPressBehavior', - 'toolkit.cosmeticAnimations.enabled', - 'toolkit.telemetry.hybridContent.enabled', - 'webgl.disable-extensions', - /* 61-68 */ - 'app.update.enabled', - 'browser.aboutHomeSnippets.updateUrl', - 'browser.chrome.errorReporter.enabled', - 'browser.chrome.errorReporter.submitUrl', - 'browser.chrome.favicons', - 'browser.ctrlTab.previews', - 'browser.fixup.hide_user_pass', - 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', - 'browser.newtabpage.activity-stream.disableSnippets', - 'browser.onboarding.enabled', - 'browser.search.countryCode', - 'browser.urlbar.autocomplete.enabled', - 'devtools.webide.adbAddonURL', - 'devtools.webide.autoinstallADBHelper', - 'dom.event.highrestimestamp.enabled', - 'experiments.activeExperiment', - 'experiments.enabled', - 'experiments.manifest.uri', - 'experiments.supported', - 'lightweightThemes.update.enabled', - 'media.autoplay.enabled', - 'network.allow-experiments', - 'network.cookie.lifetime.days', - 'network.jar.block-remote-files', - 'network.jar.open-unsafe-types', - 'plugin.state.java', - 'security.csp.enable_violation_events', - 'security.csp.experimentalEnabled', - 'shield.savant.enabled', - /* 60 or earlier */ - 'browser.bookmarks.showRecentlyBookmarked', - 'browser.casting.enabled', - 'browser.crashReports.unsubmittedCheck.autoSubmit', - 'browser.formautofill.enabled', - 'browser.formfill.saveHttpsForms', - 'browser.fullscreen.animate', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - 'browser.newtabpage.activity-stream.enabled', - 'browser.newtabpage.directory.ping', - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'browser.pocket.api', - 'browser.pocket.enabled', - 'browser.pocket.oAuthConsumerKey', - 'browser.pocket.site', - 'browser.polaris.enabled', - 'browser.safebrowsing.appRepURL', - 'browser.safebrowsing.enabled', - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.safebrowsing.provider.google.appRepURL', - 'browser.safebrowsing.reportErrorURL', - 'browser.safebrowsing.reportGenericURL', - 'browser.safebrowsing.reportMalwareErrorURL', - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportMalwareURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'browser.safebrowsing.reportURL', - 'browser.safebrowsing.updateURL', - 'browser.search.showOneOffButtons', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.sessionstore.privacy_level_deferred', - 'browser.tabs.animate', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'browser.urlbar.unifiedcomplete', - 'browser.usedOnWindows10.introURL', - 'camera.control.autofocus_moving_callback.enabled', - 'camera.control.face_detection.enabled', - 'datareporting.healthreport.about.reportUrl', - 'datareporting.healthreport.about.reportUrlUnified', - 'datareporting.healthreport.documentServerURI', - 'datareporting.healthreport.service.enabled', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'devtools.webide.autoinstallFxdtAdapters', - 'dom.archivereader.enabled', - 'dom.battery.enabled', - 'dom.beforeAfterKeyboardEvent.enabled', - 'dom.disable_image_src_set', - 'dom.disable_window_open_feature.scrollbars', - 'dom.disable_window_status_change', - 'dom.enable_user_timing', - 'dom.flyweb.enabled', - 'dom.idle-observers-api.enabled', - 'dom.keyboardevent.code.enabled', - 'dom.network.enabled', - 'dom.push.udp.wakeupEnabled', - 'dom.telephony.enabled', - 'dom.vr.oculus050.enabled', - 'dom.workers.enabled', - 'dom.workers.sharedWorkers.enabled', - 'extensions.formautofill.experimental', - 'extensions.screenshots.system-disabled', - 'extensions.shield-recipe-client.api_url', - 'extensions.shield-recipe-client.enabled', - 'full-screen-api.approval-required', - 'general.useragent.locale', - 'geo.security.allowinsecure', - 'intl.locale.matchOS', - 'loop.enabled', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.logDomains', - 'loop.server', - 'media.block-play-until-visible', - 'media.eme.apiVisible', - 'media.eme.chromium-api.enabled', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'media.getusermedia.screensharing.allowed_domains', - 'media.gmp-eme-adobe.autoupdate', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'network.http.referer.userControlPolicy', - 'network.http.sendSecureXSiteReferrer', - 'network.http.spdy.enabled.http2draft', - 'network.http.spdy.enabled.v3-1', - 'network.websocket.enabled', - 'pageThumbs.enabled', - 'pfs.datasource.url', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'plugins.enumerable_names', - 'plugins.update.notifyUser', - 'plugins.update.url', - 'privacy.clearOnShutdown.passwords', - 'privacy.donottrackheader.value', - 'security.mixed_content.send_hsts_priming', - 'security.mixed_content.use_hsts', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'security.tls.unrestricted_rc4_fallback', - 'security.xpconnect.plugin.unrestricted', - 'social.directories', - 'social.enabled', - 'social.remote-install.enabled', - 'social.share.activationPanelEnabled', - 'social.shareDirectory', - 'social.toast-notifications.enabled', - 'social.whitelist', - 'toolkit.telemetry.unifiedIsOptIn', - - /* reset parrot: check your open about:config after running the script */ - '_user.js.parrot' - ]; - - console.clear(); - - let c = 0; - for (const sPname of aPREFS) { - if (Services.prefs.prefHasUserValue(sPname)) { - Services.prefs.clearUserPref(sPname); - if (!Services.prefs.prefHasUserValue(sPname)) { - console.info('reset', sPname); - c++; - } else console.warn('failed to reset', sPname); - } - } - - focus(); - - const d = (c==1) ? ' pref' : ' prefs'; - alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); - - return 'all done'; - -})(); From 93874bda436f6365832c1ecaeb691013bab516c6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 09:14:59 +0000 Subject: [PATCH 1789/1961] rename --- .../{arkenfox-clear-removed.js => arkenfox-cleanup.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scratchpad-scripts/{arkenfox-clear-removed.js => arkenfox-cleanup.js} (100%) diff --git a/scratchpad-scripts/arkenfox-clear-removed.js b/scratchpad-scripts/arkenfox-cleanup.js similarity index 100% rename from scratchpad-scripts/arkenfox-clear-removed.js rename to scratchpad-scripts/arkenfox-cleanup.js From 460951df9e54a24540181a74379a12aaffa7798e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 09:37:45 +0000 Subject: [PATCH 1790/1961] tidy, add instructions --- scratchpad-scripts/arkenfox-cleanup.js | 27 ++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index d928daf..17de71a 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -1,12 +1,29 @@ /*** This will reset the preferences that have been - - removed from the arkenfox user.js. - - deprecated by Mozilla but used in the arkenfox user.js in the past + - removed from the arkenfox user.js + - deprecated by Mozilla but listed in the arkenfox user.js in the past Last updated: 11-December-2021 - For instructions see: - https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] + Instructions: + - [optional] close Firefox and backup your profile + - [optional] disable your network connection [1] + - start Firefox + - load about:config and press Ctrl+Shift+K to open the Web Console for about:config + - using about:config is important, so the script has the right permissions + - paste this script + - if you edited the list of prefs in the script, make sure the last pref does not have a trailing comma + - hit enter + - check the Info output to see which prefs were reset + - restart + - some prefs require a restart + - a restart will reapply your user.js + - [optional] re-enable your network connection + + [1] Blocking Firefox from the internet ensures it cannot act on your reset preferences in the + period before you restart it, such as app and extension auto-updating, or downloading unwanted + components (GMP etc). It depends on what you're resetting and how long before you restart. + ***/ (() => { @@ -435,6 +452,8 @@ // 'dom.ipc.plugins.sandbox-level.default', // 'dom.ipc.plugins.sandbox-level.flash', // 'security.sandbox.logging.enabled', + + /* IMPORTANT: last active pref must not have a trailing comma */ /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; From af109d4696a3f8142a1023974b2a3713a89b030a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 11:15:34 +0000 Subject: [PATCH 1791/1961] tweak 7016 --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 63579c1..279dd42 100644 --- a/user.js +++ b/user.js @@ -1213,8 +1213,9 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/ // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings - * [WHY] Just use strict which sets these at runtime (2701) ***/ + * [WHY] Arkenfox only supports strict which sets these at runtime (2701) ***/ // user_pref("network.cookie.cookieBehavior", 5); + // user_pref("privacy.partition.network_state.ocsp_cache", true); // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] From 7ec13c0323f53a959eaa7f21b425b30290112e12 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 12:22:00 +0000 Subject: [PATCH 1792/1961] sharedWorkers tweak tested in FF91+. Seems as if sharedWorkers no longer requires an explicit `Allow` --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 279dd42..3827e00 100644 --- a/user.js +++ b/user.js @@ -806,8 +806,8 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ /* 2801: delete cookies and site data on exit * 0=keep until they expire (default), 2=keep until you close Firefox - * [NOTE] A "cookie" permission also controls localStorage/sessionStorage, idexedDB. - * sharedWorkers and serviceWorkers require an `Allow` permission + * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, idexedDB, + * sharedWorkers and serviceWorkers. serviceWorkers require an `Allow` permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com From 54810e333f4b9ef442ab66eeb412efcdcfe81eda Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 11 Dec 2021 19:17:43 +0000 Subject: [PATCH 1793/1961] typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 3827e00..23ba046 100644 --- a/user.js +++ b/user.js @@ -806,7 +806,7 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ /* 2801: delete cookies and site data on exit * 0=keep until they expire (default), 2=keep until you close Firefox - * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, idexedDB, + * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB, * sharedWorkers and serviceWorkers. serviceWorkers require an `Allow` permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow From 8cdb30cc0811ae3f2198aeb24c330993f5192400 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 00:26:12 +0000 Subject: [PATCH 1794/1961] make cookie pref active @SkewedZeppelin ... https://github.com/arkenfox/user.js/issues/1051#issuecomment-991806497 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 23ba046..99a62e8 100644 --- a/user.js +++ b/user.js @@ -798,6 +798,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); +user_pref("network.cookie.cookieBehavior", 5); /* 2702: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); @@ -1214,7 +1215,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings * [WHY] Arkenfox only supports strict which sets these at runtime (2701) ***/ - // user_pref("network.cookie.cookieBehavior", 5); // user_pref("privacy.partition.network_state.ocsp_cache", true); // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); From f836e553635ffe057d49c591e6256d46158ccdf0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 13:31:01 +0000 Subject: [PATCH 1795/1961] tidy ETP stuff --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 99a62e8..8fea2f0 100644 --- a/user.js +++ b/user.js @@ -792,13 +792,12 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); /*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); -/* 2701: enable Enhanced Tracking Protection's (ETP) Strict Mode [FF86+] +/* 2701: enable ETP Strict Mode [FF86+] * [NOTE] ETP Strict Mode enables Total Cookie Protection (TCP) * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); -user_pref("network.cookie.cookieBehavior", 5); /* 2702: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); @@ -1214,7 +1213,9 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/ // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings - * [WHY] Arkenfox only supports strict which sets these at runtime (2701) ***/ + * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ + // user_pref("network.cookie.cookieBehavior", 5); + // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("privacy.partition.network_state.ocsp_cache", true); // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); From c8c86262d7dc21cfc1329cfc7fafdb286149d21d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 13:51:25 +0000 Subject: [PATCH 1796/1961] enforce SmartBlock shims --- user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 8fea2f0..bdaf498 100644 --- a/user.js +++ b/user.js @@ -798,7 +798,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); -/* 2702: enable state partitioning of service workers [FF96+] ***/ +/* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ @@ -1124,6 +1124,10 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), * and enabling FPI disables those. FPI is no longer maintained ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] +/* 6009: enforce SmartBlock shims [FF81+] + * In FF96+ these are listed in about:compat + * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ +user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ // placeholder From 8bc25b552db5fb1d0fbe5cd248bbc15c4aa216db Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 15:30:53 +0000 Subject: [PATCH 1797/1961] expand 0650 to include any removed item this should reduce any dependency on the scratchpad script --- user.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index bdaf498..77f79c1 100644 --- a/user.js +++ b/user.js @@ -1128,8 +1128,13 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * In FF96+ these are listed in about:compat * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] -/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ - // placeholder +/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ + // user_pref(""dom.caches.enabled", ""); + // user_pref(""dom.storageManager.enabled", ""); + // user_pref(""dom.storage_access.enabled", ""); + // user_pref(""privacy.firstparty.isolate.block_post_message", ""); + // user_pref(""privacy.firstparty.isolate.restrict_opener_access", ""); + // user_pref(""privacy.firstparty.isolate.use_site", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 8de87de0506c7a508958920e24ff2ca0b7026c98 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 15:41:55 +0000 Subject: [PATCH 1798/1961] update 0704: GIO, closes #1050 (#1300) https://bugzilla.mozilla.org/show_bug.cgi?id=1666725 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 77f79c1..5560119 100644 --- a/user.js +++ b/user.js @@ -313,9 +313,9 @@ user_pref("network.proxy.socks_remote_dns", true); * [SETUP-CHROME] Can break extensions for profiles on network shares * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] -/* 0704: disable GIO as a potential proxy bypass vector [FF60+] - * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, - * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) +/* 0704: disable GIO as a potential proxy bypass vector + * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, + * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+) * [1] https://bugzilla.mozilla.org/1433507 * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ From 78297132b421115da2820da133c24f53de3bb658 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Dec 2021 15:44:39 +0000 Subject: [PATCH 1799/1961] fix syntax --- user.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 5560119..1ae1f9c 100644 --- a/user.js +++ b/user.js @@ -1129,12 +1129,12 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ - // user_pref(""dom.caches.enabled", ""); - // user_pref(""dom.storageManager.enabled", ""); - // user_pref(""dom.storage_access.enabled", ""); - // user_pref(""privacy.firstparty.isolate.block_post_message", ""); - // user_pref(""privacy.firstparty.isolate.restrict_opener_access", ""); - // user_pref(""privacy.firstparty.isolate.use_site", ""); + // user_pref("dom.caches.enabled", ""); + // user_pref("dom.storageManager.enabled", ""); + // user_pref("dom.storage_access.enabled", ""); + // user_pref("privacy.firstparty.isolate.block_post_message", ""); + // user_pref("privacy.firstparty.isolate.restrict_opener_access", ""); + // user_pref("privacy.firstparty.isolate.use_site", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From c269ac9f7d8226fdc53da74754a0441809ac3c7b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Dec 2021 03:49:42 +0000 Subject: [PATCH 1800/1961] remove duplicate --- scratchpad-scripts/arkenfox-cleanup.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 17de71a..c209797 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -152,7 +152,6 @@ 'datareporting.policy.dataSubmissionEnabled.v2', 'devtools.webide.autoinstallFxdtAdapters', 'dom.archivereader.enabled', - 'dom.battery.enabled', 'dom.beforeAfterKeyboardEvent.enabled', 'dom.disable_image_src_set', 'dom.disable_window_open_feature.scrollbars', From 238f1545f4de5b873e9e717c458c200a049c73e5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Dec 2021 14:15:25 +0000 Subject: [PATCH 1801/1961] =?UTF-8?q?fixup=20thanks=20#fxbrit=20have=20a?= =?UTF-8?q?=20=F0=9F=8D=A5=20fish=20cake?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 1ae1f9c..88af5a7 100644 --- a/user.js +++ b/user.js @@ -1231,7 +1231,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 7017: disable service workers [FF32, FF44-compat] - * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2702) + * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710) * or blocked with TCP in 3rd parties (FF95 or lower) ***/ // user_pref("dom.serviceWorkers.enabled", false); From 7811e912f479e1b1036ab30328d89f5d1ef7422f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Dec 2021 13:25:46 +0000 Subject: [PATCH 1802/1961] make push notifications inactive - they require SWers which are already blocked by virtue of permissions being session only - also remove "dom.push.userAgentID" as this means prefsCleaner resets it and would wipe user's subscriptions - not adding "dom.push.userAgentID" to the cleanup script for the same reason --- user.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 88af5a7..3e150a3 100644 --- a/user.js +++ b/user.js @@ -695,11 +695,10 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); * Push allows websites to send you subscribed messages through Mozilla's Push Server, * and requires service workers to subscribe to and display, and is behind a prompt (7002) * [NOTE] Disabling service workers alone doesn't stop Firefox polling the Mozilla Push Server - * [NOTE] To remove all subscriptions, reset your userAgentID + * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ -user_pref("dom.push.enabled", false); - // user_pref("dom.push.userAgentID", ""); + // user_pref("dom.push.enabled", false); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -807,7 +806,7 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" /* 2801: delete cookies and site data on exit * 0=keep until they expire (default), 2=keep until you close Firefox * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB, - * sharedWorkers and serviceWorkers. serviceWorkers require an `Allow` permission + * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com From 93f0ff89c8ff54e74b1d0cc9e27a41f653c33812 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Dec 2021 00:05:03 +0000 Subject: [PATCH 1803/1961] move web notifcations to don't bother --- user.js | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/user.js b/user.js index 3e150a3..3e19e34 100644 --- a/user.js +++ b/user.js @@ -687,18 +687,6 @@ user_pref("dom.disable_window_move_resize", true); user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 2410: disable Web Notifications - * [NOTE] Web Notifications are behind a prompt (7002) ***/ - // user_pref("dom.webnotifications.enabled", false); // [FF22+] - // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] -/* 2411: disable Push Notifications [FF44+] - * Push allows websites to send you subscribed messages through Mozilla's Push Server, - * and requires service workers to subscribe to and display, and is behind a prompt (7002) - * [NOTE] Disabling service workers alone doesn't stop Firefox polling the Mozilla Push Server - * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" - * [1] https://support.mozilla.org/kb/push-notifications-firefox - * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/ - // user_pref("dom.push.enabled", false); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -1179,6 +1167,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 + // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers * [WHY] Only cross-origin referers (1600s) need control ***/ @@ -1233,6 +1222,16 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710) * or blocked with TCP in 3rd parties (FF95 or lower) ***/ // user_pref("dom.serviceWorkers.enabled", false); +/* 7018: disable Web Notifications + * [WHY] Web Notifications are behind a prompt (7002) + * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/ + // user_pref("dom.webnotifications.enabled", false); // [FF22+] + // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] +/* 7019: disable Push Notifications [FF44+] + * [WHY] Push requires subscription + * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" + * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ + // user_pref("dom.push.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From bb56056a68906ddd178f64ab0b016c8bbe9786fb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 15 Dec 2021 19:23:03 +0000 Subject: [PATCH 1804/1961] explain 0-RTT --- user.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 3e19e34..4d70fd3 100644 --- a/user.js +++ b/user.js @@ -481,7 +481,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * safe from the attack if it disables renegotiations but the problem is that the browser can't * know that. Setting this pref to true is the only way for the browser to ensure there will be * no unsafe renegotiations on the channel between the browser and the server. - * [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4] + * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -490,8 +490,11 @@ user_pref("security.ssl.require_safe_negotiation", true); /* 1203: reset TLS 1.0 and 1.1 downgrades i.e. session only ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] + * This data is not forward secret, as it is encrypted solely under keys derived using + * the offered PSK. There are no guarantees of non-replay between connections * [1] https://github.com/tlswg/tls13-spec/issues/1001 - * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ + * [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt + * [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ user_pref("security.tls.enable_0rtt_data", false); /** OCSP (Online Certificate Status Protocol) From 6675225ec4a40bdb7d38b299893cd5b472b60c3a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Dec 2021 06:36:39 +0000 Subject: [PATCH 1805/1961] make 0301 inactive auto-updating is not a security nor a privacy risk, by default it should be enabled and it's on end-users if they want to disable it - does not affect windows users --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4d70fd3..56be810 100644 --- a/user.js +++ b/user.js @@ -142,7 +142,7 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS] * [NOTE] You will still get prompts to update, and should do so in a timely manner * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ -user_pref("app.update.auto", false); + // user_pref("app.update.auto", false); /* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ @@ -945,7 +945,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ - // user_pref("layout.css.font-visibility.resistFingerprinting", 1); + // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] /* 4507: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ From d48d3ad29a095eb0bd467040c9db5482a79dc516 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Dec 2021 21:20:28 +0000 Subject: [PATCH 1806/1961] remove browser.eme.ui.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index c209797..6aa8c31 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -287,7 +287,6 @@ 'browser.cache.disk.smart_size.first_run', 'browser.cache.offline.insecure.enable', 'browser.contentblocking.enabled', - 'browser.eme.ui.enabled', 'browser.laterrun.enabled', 'browser.offline-apps.notify', 'browser.rights.3.shown', From 87bd8683fa384c0e9932230c8957ac0717a0b430 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Dec 2021 21:22:41 +0000 Subject: [PATCH 1807/1961] 2022: add browser.eme.ui.enabled for those who want to remove DRM prompts and have no intention of enabling it --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 56be810..3930e10 100644 --- a/user.js +++ b/user.js @@ -660,11 +660,13 @@ user_pref("media.peerconnection.ice.default_address_only", true); * [NOTE] This is covered by the EME master switch (2022) ***/ // user_pref("media.gmp-widevinecdm.enabled", false); /* 2022: disable all DRM content (EME: Encryption Media Extension) + * Optionally hide the setting which also removes the DRM prompt * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV * [SETTING] General>DRM Content>Play DRM-controlled content * [TEST] https://bitmovin.com/demos/drm * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); + // user_pref("browser.eme.ui.enabled", false); /* 2030: disable autoplay of HTML5 media [FF63+] * 0=Allow all, 1=Block non-muted media (default), 5=Block all * [NOTE] You can set exceptions under site permissions From d2510b014d768d867c9f83ba7cded0a1bf280b52 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 23 Dec 2021 23:42:28 +0000 Subject: [PATCH 1808/1961] move updates to personal updating (app, extensions, ext cache) is not a privacy issue - if you're willing to use Firefox but not trust updating, then I have two bricks to sell you: users who wish to disable it (to check changes first etc) and update in a timely manner, then that is on them - including any prompt fatigue - same goes for extensions: the end-user installed them (and arkenfox only recommends a very select few) - the onus is on the end-user The remaining ones I will deal with later --- user.js | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 3930e10..3d95610 100644 --- a/user.js +++ b/user.js @@ -139,23 +139,10 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /** UPDATES ***/ -/* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS] - * [NOTE] You will still get prompts to update, and should do so in a timely manner - * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ - // user_pref("app.update.auto", false); /* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ user_pref("app.update.background.scheduling.enabled", false); -/* 0303: disable auto-CHECKING for extension and theme updates ***/ - // user_pref("extensions.update.enabled", false); -/* 0304: disable auto-INSTALLING extension and theme updates (after the check in 0303) - * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/ - // user_pref("extensions.update.autoUpdateDefault", false); -/* 0305: disable extension metadata - * used when installing/updating an extension, and in daily background update checks: - * when false, extension detail tabs will have no description ***/ - // user_pref("extensions.getAddons.cache.enabled", false); /* 0306: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); @@ -660,7 +647,7 @@ user_pref("media.peerconnection.ice.default_address_only", true); * [NOTE] This is covered by the EME master switch (2022) ***/ // user_pref("media.gmp-widevinecdm.enabled", false); /* 2022: disable all DRM content (EME: Encryption Media Extension) - * Optionally hide the setting which also removes the DRM prompt + * Optionally hide the setting which also disables the DRM prompt * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV * [SETTING] General>DRM Content>Play DRM-controlled content * [TEST] https://bitmovin.com/demos/drm @@ -1286,6 +1273,14 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("browser.warnOnQuitShortcut", false); // [FF94+] // user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.timeout", 0); +/* UPDATES ***/ + // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates + // [NOTE] You will still get prompts to update, and should do so in a timely manner + // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them + // user_pref("extensions.update.enabled", false); // disable extension and theme update checks + // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates + // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) + // user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab) /* APPEARANCE ***/ // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent From 7e18f8b47365d0b4155b83809830bfd10735c164 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 24 Dec 2021 06:01:41 +0000 Subject: [PATCH 1809/1961] tweak 2011 - FF85+ switched to using application regional locale - go to about:support > Internationalization & Localization (almost at the very end) - look at Application > Regional Preferences - add test --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 3d95610..4e82ff5 100644 --- a/user.js +++ b/user.js @@ -131,8 +131,9 @@ user_pref("browser.region.update.enabled", false); // [FF79+] * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); -/* 0211: use US English locale regardless of the system locale +/* 0211: use en-US locale regardless of the system or region locale * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] + * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] From 2787da7f90b31b19d3549b61a77210b79bd1166b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 24 Dec 2021 06:04:38 +0000 Subject: [PATCH 1810/1961] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1522a3e..80ceef9 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef - [wiki](https://github.com/arkenfox/user.js/wiki) - [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22) - [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs) + - [common questions and answers](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Aanswered) ### 🟥 acknowledgments Literally thousands of sources, references and suggestions. Many thanks, and much appreciated. From 7016c2050d20d53242c30eaf0b3beca947e172f6 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Dec 2021 03:15:56 +0000 Subject: [PATCH 1811/1961] move TLS 1.0/1.1 downgrades to don't bother https://bugzilla.mozilla.org/show_bug.cgi?id=1745678 --- user.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 4e82ff5..804f901 100644 --- a/user.js +++ b/user.js @@ -475,8 +475,6 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [4] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); -/* 1203: reset TLS 1.0 and 1.1 downgrades i.e. session only ***/ -user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] * This data is not forward secret, as it is encrypted solely under keys derived using * the offered PSK. There are no guarantees of non-replay between connections @@ -1108,6 +1106,10 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * In FF96+ these are listed in about:compat * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] +/* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only + * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed + * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ +user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ // user_pref("dom.caches.enabled", ""); // user_pref("dom.storageManager.enabled", ""); @@ -1150,7 +1152,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS /* 7004: control TLS versions - * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/ + * [WHY] Passive fingerprinting and security ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.max", 4); /* 7005: disable SSL session IDs [FF36+] From 06b8d8bfa3a8fd63083be4aaa1afbe0d21df8814 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jan 2022 17:29:26 +0000 Subject: [PATCH 1812/1961] move 0362 to don't touch --- user.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 804f901..a6f8472 100644 --- a/user.js +++ b/user.js @@ -219,9 +219,6 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] /* 0361: disable Network Connectivity checks [FF65+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); -/* 0362: enforce disabling of Web Compatibility Reporter [FF56+] - * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ -user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 0400]: SAFE BROWSING (SB) SB has taken many steps to preserve privacy. If required, a full url is never sent @@ -1110,6 +1107,10 @@ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] +/* 6011: enforce disabling of Web Compatibility Reporter [FF56+] + * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla + * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ +user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ // user_pref("dom.caches.enabled", ""); // user_pref("dom.storageManager.enabled", ""); From ab7380c93b244992234e33c424f4bd7579f8e53e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 11 Jan 2022 09:21:37 +0000 Subject: [PATCH 1813/1961] HoM: tweak background request info --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a6f8472..0d9bf72 100644 --- a/user.js +++ b/user.js @@ -543,8 +543,8 @@ user_pref("dom.security.https_only_mode", true); // [FF76+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ // user_pref("dom.security.https_only_mode.upgrade_local", true); /* 1246: disable HTTP background requests [FF82+] - * When attempting to upgrade, if the server doesn't respond within 3 seconds, - * Firefox sends HTTP requests in order to check if the server supports HTTPS or not + * When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends + * a top-level HTTP request without path in order to check if the server supports HTTPS or not * This is done to avoid waiting for a timeout which takes 90 seconds * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); From 926a2d4ac8ee7971090583c1ff190b714c227bd9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Jan 2022 05:09:17 +0000 Subject: [PATCH 1814/1961] v96 deprecated, #1325 also tidy the description to reflect that the setting is hidden --- user.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/user.js b/user.js index 0d9bf72..c46cf19 100644 --- a/user.js +++ b/user.js @@ -140,10 +140,6 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); /** UPDATES ***/ -/* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] - * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running - * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ -user_pref("app.update.background.scheduling.enabled", false); /* 0306: disable search engine updates (e.g. OpenSearch) * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ user_pref("browser.search.update", false); @@ -1339,6 +1335,12 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m // 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 // [-] https://bugzilla.mozilla.org/1735976 user_pref("browser.urlbar.suggest.quicksuggest", false); +// FF96 +// 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS] + // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running + // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows + // [-] https://bugzilla.mozilla.org/1738983 +user_pref("app.update.background.scheduling.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From bc2aba3829f6bbe5e5f8739f120cc6f6f251ffba Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 12 Jan 2022 05:25:31 +0000 Subject: [PATCH 1815/1961] move last update pref to personal --- user.js | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/user.js b/user.js index c46cf19..a9d2a0e 100644 --- a/user.js +++ b/user.js @@ -139,11 +139,6 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/** UPDATES ***/ -/* 0306: disable search engine updates (e.g. OpenSearch) - * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ -user_pref("browser.search.update", false); - /** RECOMMENDATIONS ***/ /* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] @@ -1275,8 +1270,10 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("full-screen-api.warning.timeout", 0); /* UPDATES ***/ // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates - // [NOTE] You will still get prompts to update, and should do so in a timely manner - // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them + // [NOTE] You will still get prompts to update, and should do so in a timely manner + // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them + // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch) + // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines // user_pref("extensions.update.enabled", false); // disable extension and theme update checks // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) From 7a4676fe2dcb5bf55974b5cbc82f8353114175d3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 15 Jan 2022 05:25:11 +0000 Subject: [PATCH 1816/1961] make 1601 setup tag more explicit, closes #1326 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index a9d2a0e..d321a4f 100644 --- a/user.js +++ b/user.js @@ -573,7 +573,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); // user_pref("layout.css.font-visibility.trackingprotection", 1); /*** [SECTION 1600]: HEADERS / REFERERS - Expect some breakage e.g. banks: use an extension if you need precise control full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 @@ -582,7 +581,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: control when to send a cross-origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ + * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram + * If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/ user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ From 09d62d2302c2306f5430a397596667ff167edce7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Jan 2022 02:31:57 +0000 Subject: [PATCH 1817/1961] remove 1273: "not Secure" text on insecure sites AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure --- user.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/user.js b/user.js index d321a4f..22e5141 100644 --- a/user.js +++ b/user.js @@ -555,8 +555,6 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1273: display "Not Secure" text on HTTP sites ***/ -user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); From b5bf2ee0171d6bf4a428f944054f778b47a7deb9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Jan 2022 02:34:21 +0000 Subject: [PATCH 1818/1961] oophs, add removed item from last commit to 6050 --- user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/user.js b/user.js index 22e5141..0037897 100644 --- a/user.js +++ b/user.js @@ -1107,6 +1107,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("privacy.firstparty.isolate.block_post_message", ""); // user_pref("privacy.firstparty.isolate.restrict_opener_access", ""); // user_pref("privacy.firstparty.isolate.use_site", ""); + // user_pref("security.insecure_connection_text.enabled", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 83b6d64e67d663603ff9e52a5b6627d7927ba86f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 16 Jan 2022 02:36:08 +0000 Subject: [PATCH 1819/1961] security.insecure_connection_text.enabled AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6aa8c31..9d2ec12 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 11-December-2021 + Last updated: 16-January-2022 Instructions: - [optional] close Firefox and backup your profile @@ -232,6 +232,7 @@ 'privacy.firstparty.isolate.block_post_message', 'privacy.firstparty.isolate.restrict_opener_access', 'privacy.firstparty.isolate.use_site', + 'security.insecure_connection_text.enabled', /* 79-91 */ 'alerts.showFavicons', 'browser.newtabpage.activity-stream.asrouter.providers.snippets', From ac0820a5dc00e04fe14fc2a74ba75e590883293c Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 21 Jan 2022 03:48:06 +0000 Subject: [PATCH 1820/1961] add last bits about ETP Strict/dFPI, closes #1337 --- user.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 0037897..9c60d66 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 9 December 2021 -* version 96-alpha +* date: 21 January 2021 +* version 96 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -757,11 +757,18 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); /*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: enable ETP Strict Mode [FF86+] - * [NOTE] ETP Strict Mode enables Total Cookie Protection (TCP) + * ETP Strict Mode enables Total Cookie Protection (TCP) + * [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of + * cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); +/* 2702: disable ETP web compat features [FF93+] + * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants + * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ + * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/ + // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); From 10044fcaf77bfe19f2b90c606232f0a9e83401c9 Mon Sep 17 00:00:00 2001 From: fabrizio Date: Sat, 22 Jan 2022 01:49:48 +0000 Subject: [PATCH 1821/1961] typos #1342 (#1343) --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 9c60d66..e80a95c 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: arkenfox user.js -* date: 21 January 2021 +* date: 21 January 2022 * version 96 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -1089,7 +1089,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] -/* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ +/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /* 6008: enforce no First Party Isolation [FF51+] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), From cc7ca9d0fa3d4ca4c929ad55c218b9bf3d0daffa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 29 Jan 2022 05:24:41 +0000 Subject: [PATCH 1822/1961] cleanup dead images (#1353) --- wikipiki/backup01.png | Bin 5639 -> 0 bytes wikipiki/overview01.png | Bin 19862 -> 0 bytes wikipiki/overview02.png | Bin 11179 -> 0 bytes wikipiki/overview03.png | Bin 18001 -> 0 bytes 4 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/backup01.png delete mode 100644 wikipiki/overview01.png delete mode 100644 wikipiki/overview02.png delete mode 100644 wikipiki/overview03.png diff --git a/wikipiki/backup01.png b/wikipiki/backup01.png deleted file mode 100644 index e10f1ea228659521464f6508b74a1369f0d4dc03..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5639 zcmc&&cTiJrm%b?Ar3XPlY7`q%Rf-_RL=C7^snQ}K-2e)qBtS3(Q4#P{K&1*u6Dbj- zcfqJs=_En~q#Jq&HGJ{6JKxTJJF~O<&Ft(y=iYhCIrq$Y-t#>7eQaW+$Hy(k4FCY& zHT^3$0f4QU_5KCqWLfOm*h>I7)Oqa+%seQC_Cq&XTw_0Jx%N~;L~Xb~=QLT1ZZBe2 zWhh;FjAGX~X{Pj0SYtrMSJHaO_m^1dlCbNG6IZ{Cg{L*2ciw%8SRKq-Y>uiKN;`7x zd{%n)_k|Y|%cohP`d?)506^n25Dr`#_!o_$4p?l}@F=&7yMQs?n~XHx+Z!+3@Yi}W zLG@`}9p8Pq_)w{sid|kAuF|0;FlwpOK00x4(g0H6(H0L_($F z;bSQi5k)&YZnGNcS*6}$gienRt8p8RdN=HXT#l81 z>=q7T%^oj7_|}&~zx7%ew5Z%l$5us{kge!*7BXOA781p+vhX@*j@tVqW?0PgvFt7Y(YDJ(5b8@3hxd<)5HJ@{%Nf`=c&@MzA*`y3QOSAC z1qU>$HyTvAflET{M**nU|Er1M9LrU2c#_){CTN_#d(5GJHFUi+Xm@yfhI_8> zO!ZP{gWvbM9^rHh(e2i=Ctrq?+x)c%Z05NF381*Lk2Rt_y7KTQsg?=G&$BY*y9#Uh zW-EOY+@c=vP&DW@7@tHlxpY+eXC~gPf$4mjB1aEJjsPF$yuBvo5G5n#_2P#1cZF6t zzO1`^#f`9gn+&SX25C=`-TnDfDYLXZl(XIR%5*e}m1I^-HqAUE)=Vj)EM`LUW?KRV zg;VQ%5o|w9wkwJ&{QaQ3!2V&pS8JGLeaJMwz(kV8sBx`s-R`Bjt^WKQNQ4l<(jv=R z>>IjtfER96qRJ1CTJ0Fye9v$KrL#P}^u$x=rs|gy&XpY^basApJ!L;%oqx~J#z6on z{&>23IOqQBebcAPC1g=42ML{;hbUK4_rw@+Za8#N-KtJ9hhrcE+fvOlzZz_XJwBS= z1bte746)x*O@o$2rWO7zx@$OUCcSmuA{FW%r-Izd(R9i|q-$t;XT3;J{G8XSHC3$q zs#pY-Y4>AJU44+-hSikz`<4fqL$14&O0|tNaYl4wNBS-Vex4umlG&9=Y7fm%wLvTX z^0SF=3saP&=#}5AlU3P9n1jLBL+T1L5d;Dz_qXUShTw z+vzgb=e{I%k80Jl-HlPO*1R)GUhe{B(Y;7U*@KUxg<3Ma23~`emOlo|Mo*3%VPCB- z!r{o<4=T4>2Tx=Qcn`O7X84IU2Fj2X?MTmbw-{oq&K0QLgYU*=J!DW(kZKCH63S~Y z&exeyp{;lkbk_72g3VN0+VH_A{OF5aebA6`$=Ez8?j!_R<{SMPsZuptHYcq%J%AYsOOL9 zrpqgjA91Yna3Gy8&SBI{24}IR(+}O4&WPML(P=Zb#t%9lJ!4Y;9MesY0=`t{CqTI1e``8xj(b=848{qDQar`A=6lj`}4^606b zx`i!wp=*gU#26aw*Ab5(tE7iT!-^5zR%&e@op#Oe`2`3XkKWwKBGD`@qdp^byLZR# zULB&J69_DFV%n>v#kXutyxbo-ee zFnlm>=V{>8My!LjZJ^x)j|ByID`On zpZqUR2=Gi5|9@pZ4n!qL@(J+Wn3n@;T4dBw`X+G7k7m*eZ3%Vcy0IGrnp-Yf` zmo)Ld`&bG}Uk_pguqb&JZ03T3Y*0zq1vVDLy_Eq^g+tlH{n^LZS$RAwB0+afE)X_X z=}eP?-o1$%#Id-=@rwALmD}pfN?fQ2lD;ojYS1#QN*?{~D$BjsmH=EO@e8vQI5a8RgY8$zuI+jxI5xN) z;X+;x6bH^_U1Fde~F7+U8f0udp1^QGGi_|oK#H{q9^Ac+uctkDMv<=B?JmRjg753GoDpP&ons&Slk@ZqV#*D(jHnoEPDI#s-+he)z8x$fu|M;( zUsZZ6)I9fQ1M``lsf+%*#bLaOtd%>_pdB0AdXAnZxJAjZgh&~6amKjew$^6u`(Y67 z@^9F}Jtmae3@#Z!&UJ7B0W7=_auLy2&jG-G7L@9#GAUmhPO<^Y5Q0!6GLh{ch>C@# z0IYM+^G|RbyamZbO6!KP1IMA@DW@48E&JX z;=P1Su0CEfV)TPb6$o3n`UEVTwI(}1%>ZF=0<+};FXepIWslo zy5#3}`L8pw77aZPay9?$DEJ^ukidQvcHtcR(QYODGuE))Ln!;!RmedC``8x<;Zg$# zXAMgn!9!+5VEU|KnahxUyT@3&TmJ1F`2`N5O@`vO=}cc{`$)r-mq?2wL7bS<(PD6} zp&A|HEvwc3V3U{uKIo5 z-~Nw(sZs?#%H?r^X0w^Xa`OE4N9%S=ryG#iPG8u@VBoTaRKhix)6}(Wro$1n{24Npjtnk6a+6929?Gm zj#rF(7U9&o?@=8dSE=mYXXb=%{kX3oQaX%l!Ts_`%6vhQ?-+cy>(jZdZCtY%Yah^j z7F|-O__AW?B@u_dUUKH;M?NEzU1*NybbfiRzu~R6Ov7AE+i#7WT&V>=tHibdX1iA- zRqAiB8Q$7DYo%|OWSd=T4)ajfCYd{1@5xrgjxDW8PiaRC{>E^z!~j_hTV>}pjl~RG z7DTRz!DhIcSL4pzJhML&HTHD^>cgDn9#M*;YVUIRh=27QW(kx`8)mU@ekTg5x&I3ST9K8n3)zyPPYOX z-D<$|^;}SS!Lg+$C`-y58awl<3!HSe9Glk4*{a&b95r0sYCD{?bplKf%+OHvAUqUS zt7jy!wA7W;I0x}o3teP=zT+Vf?xTH|lrX9*NzzHM)djUBpRcrE7Z99HCc0?;-U&J7 z#9d-n_C{XptghQg?s^PWl;a5ck+@(r!gcNoVlSnDuM=&q7hrbRn3nWJK6=;h9?8Gl z@czZm<$8A@pJTynQ%ZmZAx_OR*PZF&#Wu9q(!W8 z7<0x(K5NI_>}dwnyt(^>K%3JMw<>tFO9}~H>>IPE4R7mFQBen& zYuz2QU0m8)TD)O+HXy9%ayJM6)4 zd2O(w;PtBxl>*vNzV93?*8c4CiX}aK*I0ViEN z=WMA00DKZRhL9Z!a*Rcs>XfLIXu8u$OG+=UgAq4giHwfaqQ8s$9iS={O}8Y6owT$K ztw|X2bP0SZTlm*r9gyKg?1s0B9`&}mshq$TH0oM&^OJXj!;vOg>D9HAmD?Yo7va`z(aLBRO_&eB5FDMpevT>kk4~# z2X;Ervg%;jH3(;0{J>!#d@M!=Y_mv0ETyDI$n88e3D&8!jt=e3|9<;*5335wTFe3W z|517VxwBhpU+uJKm5JmKg_Q5*H}nyzRuw-)&(zc?W)n0BKU3m-vNVfia`JX diff --git a/wikipiki/overview01.png b/wikipiki/overview01.png deleted file mode 100644 index 2c8f3b60d732604803fe1bd7eef5ec361d5f790f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 19862 zcma&NV_;;>*7x0+*qLO4i6*vfPi)(m*tTukwryJzOl(eUzdduEbKmDY&xiNW!0Du=06_N)4K9K-F&p~|xzFyH~umazpZA8`V0RUK( zKYt*AvQ^7=0;TVnkVdGXn zBE%;_!de~`3Qt}j+~-Ry2?ahhl6VMy?k`li-p}8^gJF&2gn&jx`9z?~QNe}5EJN<$ z=SBJFhlGv2Y`f>1FLpc}OujcR@f=p%WY$kZ_CUcUi89JD`@oe7;C|lnA08Om-lO63 zg(0#5AVJj|;@iIwf&d=9xVR_@dLX+1ATIN;P=Fq(^d36w;19$TfmBTpp8${^hgdcV zD4#C?KDQ`=A^@K-h)-q;i2@)844^x1puY={r3UDddLPUKd@>(X-9Z2v3HYcWIk5md z6r&I!zzav_1_05Ere z?g$~F3m_mB@J0Aqh3ks43h9sn=&95?u2v%U@4gyP)V7c+Dm1ucQ)1|pUs&`$>80_} z^tq;fW$xH6iFwpL9cf5a{dgzVA<$+wcJZ+YVl{ z?^Lw)m_D2kK9=u!#OGi?v|)1`AHt365cwJbImat1H#UEK^F24F_1CZcy}f1e0RauY zF%{2ulRljul{bqgFRs^zyREJrB3}kAUlFj!t-gs{$wKVuIOqWVwS#Dp*Jjv{SDbl* z0WtknRf;dWa>%w(LTM2<421-t0&(Pn#B(2pJDXH5pgfz*fEqI%5cgQ>5-kJJdkIn` zRfnFP2LRx@-MaTD85F3`5C83H=Z_2CH<27-fRC|QoGk#LEks14I9AU)3!!VE2Nr^}@dDvIGba4fF{h3BVZoVB6`ESNI8#1x?oAQ0UVB`KEbz6j{7HEqhM~a}1WWGWO!*JQm1rKpVY;3p3`oWS3p$#iet}vxD(HBF@mhikxbh*) z8s!Sm_Ru?n=~`znWZ&;S&@5oi0(g43{GzIos?y7%C3x6GOrKYvS)oA#4PfXq&itN58YT3w(rw@JQQF1Q4R$uW(6(jQGsqOdYAaUSyr`i}?G>LZ7?&+Cb} z(#bO_bK}P%N6AN^x6W|zL8$)2Atq#B(=i}1Oujl}RHsN5eVq^gI;=>?N`IPin2MNc zt)xoPMB#xNI|h>|o=B32MM0}rT2@rHQ3k7YqcpAkiMw;ejNy$m7<)YLqUn#J0|IR@NS#QXr^!pT7LgZmN^(jLPfkqcO)jP~r*qRUF&w5JrZ1&$HtVXps8cnSG_@Fs z)$OSlshu}S7ufcFSb{<7k@5pm5!G#&ssF;ueoX(Z7Oa4TC=|l zv0Bw++2pBbqK|IUJXqC#9^V=7+2$Gf#tjJ{{0pHRM;*t@zQOJbhcd@T+Em6lujk-x z(lM=x>NL{yGUIL&$~gIeX{JK@yod?9Nvpm8O-OjCgx@$#G7n8U*3kM$=bpI3ovqfk z+uU7ddVPA|S;=bkIm@}}dGK2H1XDJ7mKvk|O#g`BmfZdkmyDo{uSw$} zA*}&ztV-olO>?1h*@NB%I?p|iUG^@|E*I+t!-ks91Zz+8Nb|T%zjc;Q;HIEA;fLXe z+s7=R*oPRz1T@r_-&f<)%cGkIes>fv$EwkN-LEtLh@4h_RQ_ncO27TyO8g%qzhf%# z9}ZKdVy8?I0%g697H1&!4)ntNz2Ha#g9BB9c%y7WR554ilbM}o*97f1g`S0ygf`Mm z=w;Zesl}Noc*!(nA&)UXpGe+7F07;#VjPS*=Z=MSgb6%Heb(ff_E}^V0Yco zQ)oxDY+Q4v`fdY@(MoBMsW_7OBtxXx5-$0XC`!;Gh_6wciKAd#`*8Y92xw4 zOT{;toR}OKJB?Qu1=hU}T7@^$;wD0ln%BovfU8l%GzkrP!uXeccoXf>QRo-;l^*r3kRKu9V}K1fEeg8#MB0Kci+ zaCUe9eU&zOl5Dlzze%t)zniP2!>D+4YLb&zu|V-w@mZ1Od~Ur_Z|Tu$_8iN-(2$8 zIc`Py=tas?5rpAyUGJF}&eZTM@Jf*xLpy{vLauwq573(rxbPe+P7&@E+mQ3$oN!EV zXw3xDuG56m71CZb^flUKCU|BSPd40MMOMEdW-xK7xr*N?j+(9<`_0FjTu(=2CT4ni z(LAl`uI4ql9~w+;nju`cc&wc+0KjiG-oYK5*ak#Eq-A7SrQAw-j(6KymIN^Ga zpO+bK&uCApYSlDvJ$LJDbT@uD#>!%yTEFddy+Zp~T*zYQUhlkdvwj$SxZ6Zq_p&2> zn;LKbS0(0}?p_AVMx5Ij0H zdOQd|=roIshn;X_W5)-qX#DDe_CH+C*;L6l>SY{japV%n~l_uZu>j`tOgsn^YyV`G4~+v|55!P=TC zr^BGo%}sAGz$IS2hjpFh+Gmtb?hz{MM`bau++*m|%b(qlAMvKv23b{02b!vz9UmiE zhTRNiFMFn4bv?Jp&4=B&SQz$$YO-7tisi3nm~4^p5_(Q0N3Ppk`UoNpegZ03o^p5F zW!7X)$Z|2m9Ur2;Rp@Th1;A7+I7*;akJ z<`Nec7T|*(TIyvy$w)e3D#OP1Wu4XI$;J`;k%M9Y+07agtC~B5r^+!aLge@W_I7v( zgFN?~&dOomiED`Z%BL`;73UNx>dgE)_Y!$R00!o%1U>8Wv+YI2PfMjLzyqJVhRl~z znvPb;)O~p4hn$#rN&D7b0%I>o}P(d+_co$<=;vt=|jDtY2FEInZHG%L2NRrsRrF*{J1F;rPcyFxZL& z8xU<9f27i#kBWUtfS_s3DPkdo?(N0nw5g5aV8*fu%Cf79PY>Fz9Y`wFHJ&j;QLJp@ zVZ~(Zbn9bgI+AB$WEmT-Dr$jK4k{F5$0b7FgBD!s4COz>I5WdyKC2u@1$*FANZw%~ zon3IgZ|iEqW=;1tDEmbNc!dymC!608&Uf_vVsi0RKlLVZoyR0n)JhLuNj+JwueW}F zyXQ4r0d&H`j;?*Y66WqTLAhkm4PI-Gu}qvbI>||V=Qw{UokOh{OlDbU>LSoGK}`!< z`T|Z>H-^qVoVsu+kE<_73Ul$6?kRXU#+LWo!t`_{et44Vzb2plxF7@cP?ue37s;KF zs~Lcvu8uwCId$L6eD{)k@wdNJ-*Abaw$?pg-Npvx2V4vAw0b9M7K#pc4{&R1tXMf- z)8V`rxu5gaTdU3wZgxd!N=gIA2~3P76QV7psNTkqf)h~eB8NK6{9WCn%Bu%!x4h_< z7Tju4z?mbBWXCw{X&`eR-lUN3%_+WxyDi2^!Q^ z`vGbYm7XISh^*}a(x$UNPvh4X+YtaZ5gLbMcX<(lnv%4kaK{KmSq$dE3qfTkLrgR( zkI&f6Q%dPl7&wPbo@-{~sPWtfXCmUW>#taHHNU8I+otpu4Py^{4gPpQqUIs+d`8Xl z`F=$nC4A0Npdw#-L5i;>3)5hgd&zo+jd?8Xa@FdNH_2N5^>XqB#)YC?{!$1UlZq_w7YO z1pI?#>$7+ylU5G3@25nrOY#g=3G4V#rC(U0xlE_1L@X-6{@)-jwV4S1p1Gj zP1(#M@jN?bdBK>R2b8) zju;Ur`}4fVV}lIsw!|%Dh~`FVAX6Gv1v=H*io5h=Y%sqyuY^emc4M4kbNg2fl?8Q- zL_?{11~EC;++lZm$?0gVr=TpWjbtgktW*&*|6DwLuDZjX(Yt+yzxix!ui<=CB2IfH zo_rHm+EGh!>8tnzX6avA+r^Yq?01XA&k?cm+ucsf00DAs#NS@Is#QIlZF0|9tL2YL z-42=i;?1SCW%!6a8S5-2P?{?NFO1r9!)Z|Xfs)+A`v#%R(ENJOU#rol z!VFYcM22z9`*h{7rsq5pOw3a(%xrSWsB*mdjUk2`WcN{n4V`XQ#w@g2?qm9k>S}W2 z-Q(#(90c&yr+gZ-@YlIh=G(8)^kE!dR2DIjtvy0DYtniIb0oHU)r(M7B($(sOX3UM zZ@(|>w|qSV{gLNYoY3FeE5|QM*_;ctJ!TYtZHIy^v4tf1xRj=T47Ue|bx0nlE9#n?&%4Gdo?6DX5|!Igbu z*b0h}ZR;|`Jpu;QL*v!J+K@4R4tgXkNI$(9{Dhl?Nms@VGlC31QgOQJ6~U#l{tQZA zjGDY3yja$;xUKuh*uhSDqWGk+P)dA4FE0^{y(+t>BZz&XTyvy?)oP2V12*K&85Ds^ z;u$>;;;F}fSzVw;jBcJ5Vrq2cPFT|;OhOcu#ilkaC5p|uvqyKLZ#8CC-nKl)S2_7J z{ut?No{lmd-Gsvcr3LfqRBng8snXoCN9jY|$x(~}R@j<(h~PR5+M5|6tIc+}&lLSC z>lQ~`_OGR5y04#8`5gnbDh7R1SRklse&_5Fn<(*%cCZbMu8^1SZWS)G>PRxGgk4Lp zVM|1QClHSo%m#X_WhPsLD!%Z*p_2!GF+I)Ma{TvTn!5f95?!m^lbGv1;-DM~X*nK| zw&ac>b;3d!m}zauuMDx<@;*s5WjiN6>Q9xAd6BW=iFw5|${qbBIvLFxu*0I1ICVpR z9HUsF8zH(V?oH$Fg4xMQ_C@8e6;hwiqzsT#m-1gS7}Y|5`{F_KR$+y zWMDJ{q#&?P-489u7}YJvJ@otSxOLGdO7_*f$N4bE!g8Ga7C4axhmlytFdGxB*SC%` zeA*WF=u|s{f8<8c&m%@OcVVCRDWW@rV+8DTs2bp3qCBntKkKj`t|CW z0XTEcI8&J~w>u_Pw_3rGDUvU46h5Ik+3i-40I1f57rVHv_upl-nhv6yj>~MU2@TAo z&^DVdw|N84C&_ogxzorBiGAVSGS*Tp7x1m9X)kVMPaFW3$)EflCp|hAckdX*f!}?7T#W2jz-XyL7w=6I5M5L!_!|4$_(`Ese7pa%ReMI( zMA~n@Ybnc0iQpKWr-tn=eXfCLu7Q*qKgs10uwvUj-pP3jbgRhmKxeKbW^s03Nh>n; zG?pv5X4=AbNb5BTYG$Z68uU0j`)(fgH)^HT0 zY>rFxl=@NTC7@^c#CB%7wJ{t%A%T7Nft>1<;laG6B_KY&*VvT|2BZ9D!RZr_q3Q8F z8z?F_q)a}%Y9eIA5#SxNpJqNAe{9IUL_7iiK5m(7hwkNQ)nkK43vE*mJMYX*4VU>c zLQ`qmetoua$F1n<%BY0r!K8)|8*Ug$QClRLaz>Ms1;hN+*KoR;%YzAI)^H#EwCkn5 z{E&v`;Cd{hW(<4SdrY@ZDN%tY|qnmh6R7j-c{>VsAE%e#?&9|XXv-Sgcv zA7t0*7Y|7gL?&R(%2^-{iVYts)au1rOP&^Gb0SoLRyZ3vo`n;@b{227c^}-`&S)u? zhVeYW*{ex&=r`{lAoiq$FY4O7&eJV{^s2|rjonQ#V@7XH!Cvw+a1i&mHu@?m;y-^uq$9O(Szgw%O$+*Ks%Xux_nP?> z5-1Jbk3`sVWDb09ld`vyRSW)P3WMhO{}7duH#@J} za4z0|#O)V#=0OSw=-K9=7Wi~eo^41+G|`%;CWKyA;7?}xsO67djnIk`KY+nT#G*i_ z&Ydc~c*K!@hFIGAuA`ZUGC=IY{{>Tmf>3R|DSF=NJPmla<@Sp>?+gXnf76mpwf^+b zaLDtVY~R$-FM^0uHHAumEsijFNsRjuVARikD2IQZDmvg$_n^}bl3u(`D%+4)2< z?YJEw>{`%Sm5QD~4IOs+X1S`is3AXkG^ruonT&AF0i2ip7w{s%Y3WHTGypO}R@v*16XEdoVc|Es>CEMPG~m8&5H@k6KwSk5nSh&9$Aw-RGlTcT zJSOd~It#UCs$e2t6nA4hNaBq^)<6FA?OqO>u390BgT5MN8t24Np7=uqDx_w}O_=eA ziZf_&xe2n7p#m^=TDz@?NGmXrDoOtYY5xNg@VzdN!m~_&R9OG;D57HzJ1FXmG&)!& z_n)YvGfD}JZD+Ws-b^ng`_WDA#vOlSesXM9Q{bYJXnYzck{4;BTN>T z#9Lrbp+Ci5HPKh0uJG!qDp=nIpn+kdgLYv;eN&DMt6oiGVe9ek#xG(O;o#Y-gQELD zUfw<`q6(=2A`FKlN@`2)sUPXZX$&fnyxh-{3Nuq;OeSGwF#Za&O`338(HrGg{S5hc zLU#O8mC=nOe|Oai3P2)YDWo4qXVToOE9rpP(0s=R67BjCD{o+94~#XjCeHcsNmT%v zg6Pu^oE=#4F=?={oy>&?HCPJpy`FVT+SZxFi9Q>QajfuoKu(w5 z^qTJJFa>NUUAn@Vr&iQ{igNNVTG}29Zw-ZRUaNa!bxx6e3evXcDeWbdoXSLg->UWHQ5|GA+LR+{(U^W(DC6UFFR`8oHsWc25sf247X`BzeR)&qn* z>zv;e!~G|vl&vRF)r|C|509Q&T19|k5sC1@aI)PbYSKEV?`vwEKfChNC^ThB@J?~x z^@Xl-eB#8XErE*iE~%+S5#$ zUhW9Cek&AoHjcEVA9g2>;1EoF*YL4VR}G)u_uXh$z|_W#N#;xR-ghX7ryAQ0oE{*O z=&~ga9%-ZD`tfww-gbGQ0l>-Evdk~)bZqt8!o4gT(`nI_td9OvPPza3tS)k?)9)=w z%JIm8006YlkxjK?`+QiChqwWriJI@KKmpjhi>-E@P;7u6mSs-Zo^1!>wA&u4+lVyj z33bboGAl{gb#td-z836BaMgnh{Zd_Ruo{n97`1+*7! z+_02gt6IkYuE;>npZ{~dGbC(NA!oiVRCd;@Aa+J-8Rm7t3x_#JzU+C^%*roAa0fo% zB>fUN{u<(M^x(nw1qC!p;X`AWI%$+B{#HpU+e+MlJ;Th*Er#l(Grq=iCXwj*f;&RE zzPe~#KXHDZo@JZm;5qBurCN$ANlei9gFaCtn`&s3z>DrK;i04dSp18Cj(;E;!=wYp zA)GPF7JuC+*#HSf${486_}PGq$!S2X^05-Kx6c*j^d_l>Yw#*{=4`AL!!tTUs%(U9 zKnW7q5uKZ}ELqi*Jt9>L*)9x(k&1c5k*&FW)vcKDK0(i7ymePS!N4!~F5rXh_nmIjXN;`N!`&F3c!_Oan4y$xwjaA!I=qYL_HfCdS(~dmPm=>2h8sKv(wF zXO{8Etio(09{00Qt@;TNcHDR9P!^V#ud+1hQvB+=*XsTwRf zOzSP+Kk|R}tr@~cTU3Jf40kaVzR}u0delap`@2@%HoC}|DMFI>?eINQHBayt|7G7) z$RVCS|G~EZ0o_1MezGZEpnY^OD$(!|A@zKG4wHCB@0lA2mB6TY1JtFru;5eGX zy^X@1XUt8~mn^vKHH($y=E=Ukk#YrOj%~nhQZV76=T5k=kz#So+`5ZkNOWG){}kTR zUdk$@KB{}!mLU6poOkgyys@G#v*ohizjzpJBAd{tDf{Cw{!wDH%@r-l(unYs494Ko zdP1p%StLcbyoC-0wl=k(dN3>u#nX#KFrDpo@N^a~=oY`%Q`DvwFRJVOt#Kg=qOp_p zr<$vuMhflLD9$YW9bKl6%Me?+xmU_#bX#I6JQ^0PfSw@4cKeNVM4HxBqoDP=v!fA? z8ndz^lqy!r%-y8v=+tjCKMxz4Nc&gQ@=fbP!xOAcn`Oy}9%WSo18?cNe>b$8d)rw0Y zfN&f{Z9rbJemhT$^KiI@{N}mAdppc(#`7A$FcFtw$2Ib}p;MIQ-r8hpp*Q71Sy@;0UQl%gu@+KN#itsXow)3xb9^5Du@ zr+1SZ%VVr`gu0c{g}^YJDckNA4It|MOy_@`SLgM|qW$)jmrh;}3%X4aXSrVc&s&>Vu@Myk0j(I1q7p zbr>veGYjiba4BK+@f&1t7CW8GkGMZD_v+U#Z6uC+^6On)&aRt0i4{_NxUKkcxx9FG zZxGwV{fe8d#uQnM%Em5!acbR;^;O!22m;`u_Y$TwtPO=^H$a!tS3CU5uHB`3a@Ype z(vNC@JFwug0mZCiB=#SsG^}akHW7Wc)`sJgV=vRhP#2RD&JbVE%&6if1uJrt!jMiU z1|(V`XD(#uQcZP0W3oUZxqnAOilDCy44pj%vzha1d$#NBDQf>7g!Lu>1u^yV?B&XueO?csPq%o<2o8S=Tx9KF9*tebpX)guDHF-f56N67yIxhE(qn z29Jyo2(vR8>}izx5e`W2qjn#A2gBVMy+*-Kdo2t>{sJT7K(R($AENbcuG$+qY9J93PRlibkrq^!iO z+EZWewM7PmXD&she?b90Ip5>dErx zX%|TvKLY)C{YkU#Y_luAgQqEP+6Pp)A^ovbZLA-t{Xru9;HSgi zys~f!LcHysVq^6?cm=8WB<#noHgjcw8!< zZujsDoedu1Bs6HdiJjC7Y7;a24MA9KalSC{;DlC;3m4ovSc3j}rtxq8{%Bs0o~2ZS)OKwihjYnB6tZ}Cb^CN)D*_!8eXxTsq<=}X@>UFV(>s=it9J_2aZ@K=Ea2C)T;{vwn)xM&7k+kAJ+|KQBLrm4rhl*eO$VNX{`g_FjB0i%R(A z^}fABFQ!AoA#OOgf_DYRs?JgYZXhDv{RYwHS>_j%Swp}tIX6JmNtIIYIY(7{OXi!S zZGb?lfp|(X#@KkP^t{k=?0cX0X8_*dLseRu!hMRBC}m5VDIt?;D8eSE>$$P)YXNn+WfZgdbZ(r_srDeJ%fLu4@~JBA;sUuEkrop zu+fV##$1m0+-U}`%^C19cDUGR!Snn=f-3(sK!lUWLoY@P63?`nt*|5YE&p&vG9hn8|+cWO$X+6_Zu!qAFEl%=-p`Aqz-(Q=+8kgj{ShO+|Th1G92_` z_AoGaCUp5Vc6xZjR9n!-q9zpHVn)lh*I=iYKUyxX?m=O*5b4UKB;TTa6FecaJhpob z4jZa3rygm$-%U2zFZUh_m!9Y6yDeaufEM(Pfzyix-$_c&1&FE&xS8hBkN_!zBe9-- z90}POOHzt<8gQOCjD_x!2d5N3|B)(85&R=$_`k5jR2c}+$m;E7i?f{@8zrx4tn}UL zXkil5{(SE@-TUTm6Yuxk+|M^Tc6ojzvSVubcqGS0;J{c*GBm*Qd!fv0^|v?PY>jvF zr|FN2J(Xgf54H7=>kkw;ew0Oq5V5qBf@JXchUDjoC0XURY+*MAnWd(Ys(6ac28@XG z%d`%0Nm6saZJCdy1KJPob)AkEP>&C9kEc76_uIq6?8nNBZ=o=0eB`86oIF75NRFZW zf<)}Z4=Y(22*k1(5~WgsE9<>9dM88S?-;@D=7uB_q_APT@KTi-5+j@ zS!s`RE+gH@s7$`{(%7_;f3J)Xb|-P_xJ`HJ`0vV8;$WxAuQ&sYY;A%5rB$0$W!2## zIVN_lLzDC{^|<+1GyAABg2^uQjFo2k2KEV{A1C}637nIZt2neIrn+98+-*4qFljp0 zH@4E>Bva+iI3jC4hCjSd!pC-KyDz7byYC`thulAQt^Gd|OLG2<5Ojzbha_-@+`!CD z7H7CF&nucH^K5O#JHHhkN0K&yXCc;z<@>W0TdTu4ReV$4AAmp!S(sIS_oW9wH`P;HCdrzZVULF<|U^6Nf;Z&rh0KC6hA&?+ClM)rKA+7 zC=^}s*voQ+maU!sF#6Y_q>KOmsUkfA+&3&NeF?=5#HTy6q+%TYP8{v({if~6OTNc% ztk&;^l3!EXm3x)iw|A5{i_V?j8c%E|dTYk`_LWhCATY`A%q*Q&eTIhe2NPp~>#HCB z$z_pkG=jv3{-pneWh+M8@@|A;3vzD%50#q|Rn=wj2j9b+Tv3n9}8 zFl0ZTIN|O~A#_&-T5HEOM6}Q6md6b$7AXL3Eb~>ERTXWbF4}W@~Wv2>i^tkmR>lH>DbU@{(5 z{GuF?!$}0@hD&YOtfiZtVJB*AIv=*RrB6o_0>vz7G~ui@k7=NQ2-6>yrdg4AQ2&;b zq%rP)Uu3y={ZG2&okCHPkfPxeE=A3QNQaXL`n;O<{8lf~#XgTOzUxverdRoZ<7wPq zIL?arXz%Q1*KLq=%mLZ#@V}%8naBX>6vQ}KvwNbasN6grwW*2A93^zP3ZDIVg%WW) zz4)UOPIoOGt*G?LZu$iabO3t!Oz%BczoR7M0xp5t6n) z&P`B?K<1?*Bysjy?i~x@&cBh34Thc0s&PMT6!+$yu<*$0J(6tM0*$X)#!lmc1JFZn zl}Wi24tVL3{tp%u>*W-)psCHgs(Vq zM#*O}JqOZe$V|{^EGC>n#>@>XvP$bIL$&^}$uyg5hcd;KvjvdGMw-O}ZUMeGuscmS z|5m3AS7fBlV8eBIGAQW>!uzl%gU-CD!{p)8DB}wSWg!%u?tpLT9%0$wj86YPbx4Vj zU1_zOb|&o>KS@&Hnn{Kfl! z^&$P_-F(wuCrEny4ddmY0%-GF`_IsXxB&&}5xtO>`M*@=t**Y=VoR&!<>=56!+}4! zeaOdAl`+I`0&|H%^z#}~u0fp09BcbZHiB?bLQ>-@Pb9Mjx6kME*` z9?|`41qxI0*tQYzpeh7t6q^O8$q-#5$8=`(7o(1m?ASJhh*N6h?^T<0-%70}fR!cA z^}ku94v$*dRaF*dRNLtbq|~n-z}2DqNCuDe{zXl7+?3{=63;CHH#Vzk zRl64F&E_);stYlsou6z<8i3ZJ)O%Vk#bKJA+JhWxbPA4+Zu5_Sg`!xo@)0JRphwZVnkE&1pTqNBSo9urv z6#h&)Sm$^BC$;byrcr!}#b^f=e=Y0qLSa$PL-G(4Ty8A%AR#}pFfzU{MQKE;mP!J* z!Z$N5+dXBJj4C~~Pf;J4%N>}vPS;P}%zn*3PN>g}Cj6B@Df#16fyYAN#gOH&SXEgT zcd;mGO7^%y0Di7fD%IsXRQBQ1OM=!ZTj~@uY+eG&0=WpvXJ&NzN`JKx8O8}A2a84? zrxRPRbG@%|23CoxaFb~`eGE?gstuC8RW_MFDszM+`MNXx>7l*H=@Hfoc0i z=Vaz3twWMub4$Cux2Q)^`!$W3BOn_=?d8+(G4Xra6_emlYHhM%&F-@;CUK9#{7Oe zh@Rp3c6^0yJ175ovV{Bga(H#p@jrUqFQs%~zs*b!Xb^*Ntk4nzM>%8Yw-Y_?0& zKgpbF_wz=;QO!-rPF@8FeTg((a8`L2c%{?zJUFn=@mu}|Kb#3ZadYkp^3h$vbEP$M|f^HR1_@Ta*f zqPux8{ppCIH0Mbz%*e^ZZqn!#Ws0bijA_|Cz&`C*CNuwk zWSt427>^wcIW_7DSPnk|)kB(1Cyw(m(uHz;H3|zhbFDa(-T_Ry& z#vteZKwwB3G|6^3gtAtoPqpvEP(u=!xxoplGH znwi`{#Q!*PXnk=|JfUVwf?ZGPTSbn<;_J{a(R5vWB}<`PAuuI z$dF0>_Eqp0dj6Zzy@S%dN5Y+pWvf;??|z!f{zFGCdkLndwW4}?3b#d*lPQLHA)=;wb~7;<%@b26k+kE*Y1FfjM8oPQ4V{9g?tnwDz7PJm)y;>Qjfxw znY-9SuL4fY`%57Xz-QE+wtI%@fZNdHaxu3drY}r|m(I!g!tLr3ZR7+O*?!@m6Fx}nK z@gk>9v}+4L7ti_2TKFD8!QILPy`FeF&!%N7fDimPr^61`Z<=;MqSbD+IveY#yP!Br zs%fpvF-)EPjgeP#1{+A}gNdh{jQH)0gKm#|cMm1baaZw_u2!;u83;QRI4sY=0$LHEk@jfCAFp+M2*8z+$qPe>TqG|56i_ItccX3A#rTlcAnWt%}EDn>v^P zrkq7vuKygwYD&0+?J99`5S|m43aEGv-4c1J-0YN(i;jBV%AbA-et#6649=EiP~$1a zMr7!ENG?6puCm0`NMYO%H!m&iq$mvd=J}9D+g^b4%%WYz&4yOHi_@aye))wVy8C4+ zG_1V1!#z6Yz=GevB&(7=-t~1|<KMJikGcFrJwM z<`{kG$4JIW_K)bC&R8~F%Nv)SQvg0;J6g-N<&}5V9p2sX2rh_B&hM?E=C9{#M*yGL zDjlf~r4B?KmDEX8Fw?%FDRMvyYoZ0MlQMtIy|W7tw9nQ5YQ>?#3RA{WgDMSUtC^a#jNk1sHs+WPOnUKuM z*R>Q(|6Yd!Xs}LW;)a~rH5Lt|r=RmCZ|N}On$Q|gx?Vl^r(QhceiD0thMBAfB7Z|| zS8yQWLu!#tlPepoJ|r;k>h$a#yx9E>W_|FZ!Gey2D@w)QYw3#B1cAQ!dIOj4rE@}! z3n@7NYl{-wXTyKEc}2+hQNnJwASc{fm;JC#*P%$|g~e4Co0l>p1YdAec83KpU%1%s z>mRbRI>Sk3+IbuI(13f1QSL>&*w1>f5#z#mRx>lGaYP zX2ro-1-`P4XvlT{dpJKM&u?w?g`UdA(4Mwss`1`4ou~ntA4_=36qP2I^DP(;nzj`; z#ALkuvD$+U&l`tG`hlRNUg}<_!?#e5g}PEwV6DTZz%}5Na&`4f12D6o1~1mK+Yb|# zMXcJv!ut@8elmMU#hzV5^)DRG@1C|+uP)7wtN2=QHmJo+i zhu&7oP%J&pqwCn*-xUwTnuP^AHgd8`zP`Wbiw07D0g8nF6f^Cir)AY3$h^7BZfASb z(;dK6Iq8m1_*1_iSfqw#Zc84UgJ8aqFRe8+)5|QG+dr4#1EVsmwj5iyTip$BLm9iD z^cA(O$`^zDZXu^h{;8DuVfvwi4I&8r}F-5=t^*Q}uy!EwNMpQ(Q+RkHF^qW(cx76VWfv+j;HK9R4Lq{QaAb1%AL zA>H`k$j%0Xeo*l53Mb;!KNU_JI0~hof#|8trE7D0l~D1JIOt2-gUWwkry*(UIK1V^ zQV76bq&32Vi2g-UUL!lawRbVv-K5Ye5+c2l(T*o7+`%fC?pes#)&Cba+1?%uY#QM| z+A1L=A`@fLY+&ut&z}cGVoDuN;en3rk)o2w2ftY`B0{g-hRkqlB8a?%9u%{%=hY z0j-R%YPvedABn=*WP_6%Dy-=g+TQ<2nxdlpS*3s_Wb1RNb?f%G9%~T5^~g4E>H^7F z3KD=ZKeIB&MTxd}CM|RBJmD6jDO*oE+D!lDZgk8qMH=B)A^6vOQ<2w){AoS+|5;*% z@Rgt8eQ(1vm^t}=7Z}V7o6q-o8kJnnA>3Bjf5dh`U6t1OMz*zPoTj(|5%f1gW4e)6 z8qJveX6w3KJRRPZix_Dv9Ob*(hOwduc_PkC`$A(B;WubuBrrf8t}kF~b;akD#=n#Zt>G=;-<3-b7c3x`5apfG)|?jgYJag*IRfT-%mIua6aM1d6HZ?l zu*ed~qo@GE^NBy^K=HdW8a;u4H|nU`)zAr{BVD{ulo-?uh;YZ@OeI; z=kxwNPS2&WKe4IjSDR+)x9)7Xhcwh<1xx<*jmQKHY}ePN{hR zD8u&(RY);RFCvxYg1if5zQSyk?B;wg6RT7UV)1#RZc!~9BmD)5fsN6YJ<+Qtx|;4g z{~IHHS}mlHT4@MIpxp=9@8iXuq!HcL1_W1Ggvl?1Od7(_v2hIHmBr;>3NgpJ;7{$R z9)AY!s}I^X(4v<3%F8YSS!^VHkY%7=dLFHODv;z>E3wQbG3~HX2q|U(9u_Y;eHdZ8(Ons%iXy8UzYl;xJ6<>Qrq7YWu1j~*GWa*MjN}*5Ntw{RV$Pr$+ zkBOs0PIk06L)(iil#lA4DFjn9P<5Gh?M_;0Oj10m{+M2`EwF~7D%((vKQNip|0~W% zz)bk=$1g^1g)S-u87YV7mH~4|oo`Nzis(rO!+$aqKr<+F;Qi01Jg6 z!k2g1Qvi^duLBo=vRiO@#3FK9pRfNz;}pu*-?@LY+S(+dEff(R{QXm<}3gfdMg}qqsL`E}7qJ*tjxM#si=P;QXVYKwK1BN3k zbma;=Y`;=dP=CMj#&L#orV=4G!7a43O_=n_Mkh*<5(h*sOcm}mzx^rbrO@oojyfmi zfn@&mz&j^(X)b37GNAC`U=}6~Zp*ca!|#Zgm;<=; z0ngEiH{0O?@t-)9`N)u2vMx^;_Vu~lCC6cNJ^vSasdU0+)qD* zaG>>65+Xw-t=CrDIJ*QK`WRlP4D~(e;$gQmNjWHT&_L}d;|BQ)bW7;868iRq6~=@I zNi_(k_RR%3Z{NiOo!5B&?bDjTMCP)~T0BXDTZ3v<2~2P%M0DB9=QeYan(I!$S{%{A2H?RCVLD=ZUCE%{gVokoEY}M zAvA7zSxps<0J7)*4-XnJ1wfCPR?2t-cXQ{>WW=iZw&Th;J7cGSVlNULiR(mNYzvk_ z@3<1DK_C$wdOy}(r*7UYS=jq+&F_*c%_YTo$T~8?D;}kz>lj#<0|ROjp7o=_T%q&5 zVA@bv*Sq8??Haw3xoT}qmyh%3g;cewbjP9)%15!<)W{7&E|jU?WNfOveQB<|ICc}& zt}RRy5F=pJ(yFAii5KR^TLb?r->xv3$aSYKOoZ8=&?JYTsyUHonOmgwjG{W< z9#R4r2qe!5tAu6DkEHu@=I%D-m-1(MjOwSfy_dUk%xRQZ5k zcV7SMA#wV9nNj8Zo%vV=F$>Dc#===hm@iBk*rt?H{Eiuno;DRgJ`$Yj;R+$WhO&0Q z*tH%M|_47>q^(I}u{KHz^UwF5Ih!mFG36<5eifnt~^!}m3m-*Uj2n043G5J!l zZZ_fO)M$+&#vwWWZ;)^iO|U7>u|em}gN7B5lrPOgz5%Tcc@>jhGS#vw-TD~;0~sQl z9)7wEl$3tOm%ePib3qz&KGSp;*BT}Y%>hh@pSR+zzf+EM5pY9fh0_w!pNYsXflV~` z@jlDN3$A^oPFl{Lb8ZrwvGlz=!c${;DMgIYyL>IoJjq4*5yIwfaRC@KcCVr>h?ta0 zL1^jLDWp2~f`a4MCN&$UKl)u8u^@g^vnaikLS?-(#buS5h}fd0F$=~QfFGv#HiEk5V=?Yz*)8z-s64(CZhxP z{5xaK5rNwF!7nMZqsn3```y2TQLM# z_fF0Ci+KQtpHn^5(q?;l*kArvZc~Clas#Ql{~@21P2jG0R~}cxdy4HcHhS{hL0XSI zSH(9OBir|(yBms*@UTZ=petkGKDA!>YjB_O#-LKAzG#bblPRYPvbYq;xT0O3Wo^(e4%_$cxG$`Xgpe&tv4-A2zdC6VPu1%{PS{KdSSX#? zqsRS8p>nYe_@4Zaqxn8X@#8NH7bE`%KRURaIdlR|D>NGhjf7nQKE41M8JJxyyJ8#q E2f+KbJOBUy diff --git a/wikipiki/overview02.png b/wikipiki/overview02.png deleted file mode 100644 index 28638fbf1573b81b22378f15a93373b8214557ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11179 zcmb8UbyQr>wk^B~A&`(D!QCN2gS$5tER6(r*T!9gLvVM3ySuwfaEIUy!3ox{^E>xD z_ulV}_s6R-x^`9Vs$Hw9_FQxB)gfQxB;LKje**x(J1I$!0sy?AhLziqUcmB*SBluM z%WE4+HG2R+#`yb#15(m(0pN|inW*TOFQyO&h`lMqhEz&al+?x!Vr*t<1OP5e>53*w ziU-*Iw`*4-(!oA)(hvnKBvJ*DFdxilYFe__XrF`0ek@{vyU@kNUJ?vu1;a-~_*tFs{y39z$b8U zz(?SvJD@vALE!@UCj*$`7b<+`bmeG!w6L8@uI6i^8IQ%64fWUMC;((dW5HH?`Q$Q=Qa(P;5mAq#!*JN~3QDf8zxBK`QDP$m z02>Zolh5=_HTXWfuY9bYv#CyBnrb6wIo^gDSECBm0a*u2Dwj5Y_eShTRMX<(&i3}g z=Ux#Fyzxy^_fzoQQetufMVzDe>5V z41FY;ChwKfZ&Ibj+ycM1jR2*5zhucH4-tv^*he)5HQZdMe}ETQX9p_H1>oGH849%w z;BTa9&{Q2dH*W#pq6N}5^8pFo$JB3Q!Wnud_#}}<1^5_C#n=LXHi(i@X}Csk00{s< zS-!ND!UR`cxb&T`2)htgx{x1rIs8Q^d%H!@MBW(s5ZdW}Ed3_(A#kjch*p>5 z6Kon7YlFhrt=x#hZ-aWThm_Ivq1E^GOW{Ez3_Y@?U^x9yRf-5CoaBHzvM$M&@53lb zhk`M|K&aFSvs=#hasf2LYCEkAbZc%yGWeVE&o6b)rp$ocR9Y z*~mW)9hg%hv9nTt+STIof9LqI_p`(lbtzInbl_9xJ}x3_ujMDk{vMGkF8bH81|wDE zrEg36@hiWU!ncH68%$I=zkKg2*7=&_rLzdB900V$^gq40`Yg;rs*>~+bMGTDn9$sVMSD3Z--n2@&@@H8kgCd6ntDGaK4q;y zaX?>`$|i|V5j(VGXi<&G9Y;?}HyE&;zTLCUx=pZ6cA@bmU0=vH_fB#1gTk=+XS^M> z9k!iUMoBEf$~h?ttA#(5(Agu^Maq8ED^!4k3NhFmQ@F?cu%)E)%Ch69@lA0|Z_O(9 z9h%WszkL^o=@TdO zQPN&AYBEGwmA0PN11oy?P5kG0>UaWLCZ(d{{NlA@WaUfc5v9l?ZAH&=ab;G;t)ka6 z2_?$K>0gc%2^39=cngDyO$s4Og1KI5Pa&_=dSrU!MRUPfRXSU({iMhScr`BcWESsA z0v&zXd#S6&7CoG3TauoLTEh5?i+*s6vVLY&sZqF$GZsYLO0vC6bC7$z_n{#1(kpZg z^X%j1M}mAdnI>i@9 zJ;g=E)q*z#*s}aQ*X4}G7I_3eT0qVn)&-|Y8SUCW88VQ9HP^PidqPj9C#5H=`+{qU zx2msd-cr6=emjoK*T-%P;Ui)iSUv}fYV`<-=IO=jC2sgfH%;>8%!-GLqkcE**W9Aq zvg)_$&!K)rO-3y(dnkLFq9EIp|1qCehF4}_Y;-JpY%ZBSm7jT@WiNFvbv|{yL08>H zoxZ-XzR^gkdRskT?X^B2W6q?f^1Obi zzNi7Oa%bVya(TT~y{DduK8{I4UwO}IY+I~nvuF4dKjOQfMU)aEbs{hOT02ahuRLoh z<7uaYo_$vd2TUfa6KE3)tXuUMBOiOs(iKyuB}{Nkn(X~9gTq3kzl|^^3NWS;^sf%K zZGU#Sw$<8jo4QU_sUqIEb`y1* zkTXqkOa?EAYSI$RT}aZ(y2Ttvx3arZ_Oa&C?=<<-6h*blypvf?<;lQKaU!*1;pb^% z_KS&*vK1*NlZ~x6IW*Zdb{Z))3aEbWvkq%uB92EKvZ#qFMNngSQ!kRgucZEAo))p% z#7M=sV=QEtJE0_lZtP^VW_US@Gwm!Bdh)*e{YFfEUZAuJ1Ci=(Td6sBHJ`2P@|!Iz z1iHYluS)qEL+fd+X5~vxR1(X*+Nj-REqt}RhQD>y!C4$3E5F$Z@H|?XKhcs`Wl~$O z)4LB$ClJ622`$H5#!1BTUih%$vO^FA8SY44iK{It>1{HcFrG3#*j;1D&_GEjPTWmI zv3|F>RQqoIYwgMPjo30%;@F4f7QcGYrkoDG##W<(q46&a6B_tqP>d(BY8pId)oppe3y(rMyYgqUqGFtka72r4V z9DN;$DvA)9961vBF7POWOMshuQ_$||;ITk-!f=8*1LryWd88Z%o5|~L_Go^5GHLQh z;zeR?hm}X((_!ZkUd3{McRz9akP9ob_SM&ilP>2KXQH#5byWFn4^r@?3IFJ~f zK5(28-BLew}iDrkj18rFC6|y=?wJY3z^F ziS-#W!l$}cX;TpPw{7KlMMhfMy2A6Z)&d(S&~{lOz?>Q`tS;fs*O@?ctrj)lKH3x8HlGsWK@!rUV~=4?8T}i9=O1! zLYMuURz1#wGUGpg6mP$Fb{2%D?rb?Tsqiny(}`vMdLEmZnbCRvbLOoiAY7ZZr$Y-h z{y-{5@9Ge(UA*>L-y;~(yL4mc7~RowFeXQyP5hDoNU9+#Q1{k)zUVC2AzB;oYY{HN zStoZB2_=Lhzeucj2=bUyBU5+WrbK>wD;khiR8%DNYfdLl{^wmx!uq~({(h4L>UK?TG_s8YlFJ;!xq-CX4%iQ`m{qWO5<*R zPpSTiX~DIE_fextINQN>Y(0c_BgD>%=~Uy!CSE$~ol>F?k;G$@%T31Hd%Hhxk)%K9 z9`TbQ$$DOnDftAS-c+bRgjIXStBj{W?gZ3pb{)6aoBynKq_`ZYNLQdwx(q!(@jg53=8gRbjj?qDy*&eFAagZ1T*pt7TnwKgC7i7QZ%l|#myEraQkMYZ)Z;(31fC^7rWT@Lt!cRu*q_L z+X^hvJ2@^0&E<{z@q=dUD+e-LDuWB{sv;ieRnelc#WBWIvkEoqDCgHHBJs#nxLk`` zVuK4WQ!*XG=tN7K?5gBs7VIk#bF6_+N4+eSyXQC_1rGP2w+G=8D9?IkXWFtIMN=dm^^ zS|7SH$8lNyX@0(3vE@RG?9o(2C>#()+?HkyHCSVobNh4B*Wh(`BF&rG+I%@w0)0Hj z+%*!kZF79$ zBcm`fGBSbogd>1rcj%z}baY35;yJMuPV>SpYiiD%Ebl`5asKq1>Gj#fUJSjk5<|9M zG`Wl~N!b1@ZJ$_LOj+e@R~B2i*N=25|P)4HYA}B6CJvLU;J9XB`qYU^=Y zTH1P|iiyra`Ey*`(b01al*6UMaejw|eElr3Y5*;xE?m?7>^$PP`}(41QFVEFQgdHnui8v#a0g3qX#LnKtX0&VAm z6#@(MxMqH9b0P~?@acY-6ew+{>lEU_ILbH zbZosljJrHx=j?uaxsCDbEi5rAUQ!oC#X42tQQ+<$kBN_%v-Dm`eSCWb$<%PS*}Fix4i%) zC5ClK3KyCnyhIJl@)+R0@$}SSxtw5Q)BRC&9M~dB^#?z?Zg2251TH|If>5q=JYWJz zm~77>6Y_Ag=j_!gPi#f&bZSxRkrX`Wyz<;{mMz<&QJ)xX*Y)ZGthT5!Z~{p~85aUk zbyxH9mp!0dPv@^P5LnlphDm(UsI?tP$U_dMF3;exGY$^^YSmEY`8_zeJky@2L#P&J zFO_$^PV*IWsA%UBxH$b&*R&;+9CC1;Hm48xl0(_dV?e?z-ZhoXc z;A^PonpT-P=S(h}3(m;bn%%aiV-=uYXL|K`r38zm{8Pc0>e^@r zU$=Df1lu#q_3DE!-j9Jt*z{Ub1)AkQV#0ar`P$AeqFF^9HX4t%FrT3M>G48@wmFyp~}p|EjtQ{0J1FVM>rjx)>yO4w@PfziGwQP5M+ z%_6Gu@yh%{b?PzXZ9IK;&*zb`gMiYl_URR& zzzow>HbgFm(9WOBXG(HBpg;y%KB0PQv@EP5)$_PZtnrpKdTj^eKu_$T|X z+6S1cNID{;p`qD3U2WkK1pqt>Pj64%=f^)@9niHlcP=RaNG7APx;=h=ddSPmTU^A2 zIUJ!uDUZP>`#qF#G(f0dhy?bO|8yL>;}{vL1bBGDYA_pEL{QLY=jY|+d z`2x;K5dhH7(phub45z9_>vBYy{yM8RLSThAClTHZ%kJCp{h~WTXaIBoYEyV#rwA^M zGz#T$)jav9IY{u43A#03O=V$Sps%9Km}1Qws?HS_>1Vw3Y%(zUk?~E7*Uefroq7SX zN+jl$T|X1?()E(mQuFORuLX23A+{p@du4rpCgcP0^UwROIVGa;JD2Cc%oFqYGa(4Fy7=IF*sju{nOZ%%E~iw9wurE${yxjUP*wM~w31Eb{|=qh!n4-+ zO3PrT`IXOOXW$1TdZQa4{XBrBX_VX%VCE|%r8XW2QJnP0w{M+yxqigUY7S5d&hd+tPd*m7cw~o^NRJ z^EWq_Pw)B5G*Z2$E6F2+O&7GhU0ojn^|LqAtva;rf9LJS=DIk`(*+FCwemWh--KfI zf!Msxe@Tzgn-@+aFnu|$toZX-eY4c2A;*>(Mx;FbR@rN?CXbHCC za%h&2>d{rcs5KHx?8r{_qGcC&Z`FA{d}YM-=)%T5T=hJ-(6(cNaEbn}Im7sp!_H>j z?z2f>&hY!7v0!Mo*AiLB3rnkeS-;cPMuKhuuO_v*;Hk%_mYW$8wzh}GYTUjV7pWk)5{@9926m+W1KnMw(^7Xs^o2-k?@fQ@& zi1W|G5RY`s1*8t08v@7ZT3bY%o7&sk*Z9*K^zCz0UHcr4OU;dyOjozs+p^`Z<&KE! zQEqLj;yyyeu!xLC%$JV#3+<+(IbY)8Id%`E{#3u6AtC%=WeS0;uMcX!8S_=vG(%kZfN(ir*DKHKubfL&m$uMrwW~@RZ=8J8X9PS@!09&)%A5lh_NBC z9pvwOBr5W1?&2$3Z3AcJr!{&M<&Z8D3t@pBEacb0fzt7MpD$N`yACjU{rn7?adU0V zFV>|)SB~EeapYYw_wyUSxETv~Pymbex+k48p9?V(TM2x$Wc2=ivT&83vxsJx<-G2B z8-Syoq}PgGF~U?e?)l*LCKLmo{nON)yzCex<(0O%T%_>k+(^&K2tkN?k*#a{PlW=4 zN!SunmlG4k7ey3F><)&H-j|d)8Za{P0-(UH#!^4iRVF`pz{+L$&&Pw!z}X>0YLHScdEM2~UE!f&HOu z&zmfk=vo&G2Cx z`FS4sg+b=ot%$OUAANIZFyT)@S2Dr^2vc<%g^{Pde|(#pi^XZF&Lz7uNHs}f_$%{I zdJ_$l6s`|h&%IT&S^MLMvPUIpyxgv`%k%U7+i1ro2s-$MKod&wyM0^xq|;*GIn4!K zluPMhEpKM6)cx_fY~1;nGFLx9b=5+$iM^q}`fRm?)n|Gz_7Dqa^grhLUQT(MYMafn zZVIDnxmwh-rNQo)ij9RHP`q~jRtx(x3l(*3Wbzpa{9qtf|GSgUTj%$<4kw|&N~g$k zgv#c1`IUFUW#80%B+^je3a>UdTH3kK4T>`lwCFIsLt7XV=_QJXP4o^P2|j*e9vC9` z?4A3rOEd53$CWSBWh7F30BlrRI>^CjUsASbqX+voLgkyqFSx}P#I!vI33C*Zax#2; ze0>XO*O7$3Mn2hX#JCVkB-IR7*0k%IU2fn?h0NLbovK&*3?Hf~=L!6QWB$UAG=f46 zFpo{Sq6^ImRkq^R@vnQd68bi6c@T_=CIlYnCoVsr`~2pL;B`ElNnp@m$!Z(DQuVsK zk2X@tEjdEf5maz|IMZ>+=uH0Ra%~6b=JWf>@F$oMDmPC&pQ|V+d}JEO9OZ)vME~y` z<r)Y3soNP3lWo_-8xSvw>J5@#-ChaDwnb?k=6UzV+9!iv3Wl~ z{x^3N9nj3#+5K*U$xq6>#2U**7EBmnP@)Koz()BK!l-EwR`@6TTT8m!wI!4Q@l7yk zx5BidrG4w~RrW}f=OYs9Jj;UbbvMxGMDOyY5Qhb3K*;^&l^w9Vg0;R;narwB_bG8S zqr%%wQx0_;2SAT*>W} zn-HbN>50(M-#KxwhAz{G`39d^@Rro5zxB}37%>g+=TWw>`N1w!?M6_l9(wIoIdX9E za<=~$50g%IVRiK7VIStJupTh_z*6~w1CAP|hAj@QQ)3wY#!`-c#dIEc_$K7c!s0-S zXhS5|b@R&}2D%;Bs%q-A7|f8ND@`kiw1h-hjc93X{+_wJhPax@I5nBDebd3?s8OBB4ehJ-_Y(milu`9cKc?CAPE zxFV7>nJYbGu%z8guV1_kBtFMP%hsP}Y51K6-lUpm81tm!m>XHbLnn2Y`)fICFFv3k zq(!iJ7uU6EqbgEcn{+|#*3hGcPhKlgGfv8g@ip~6xTg6#^4imHoNP+$=QI-4=|jk+ zrZnwAUMpWPnI7GI!MrUy zY~4`jV7OMK2mUmS3}!+0KK<#XA5N!Xg?Wbj>Ota-WA{mT)fXH$Wiiya(JeckmRIq& ziUSeX=e^0Lll&|gt*?A?e>u33PaScME$yFOpM%nh#0&d(m(&ev*}0Y0qL~HAB(g0* z%#Z-18LZDL(QJ*V`>fGXki!Jsy!FFd4K04P7wp?nH1ke$z z&(FO-7h#LVKm?~`FzpS|WP)q~A&(*AZBad-{mmQTwP884ZSQRpI>aZ~cv?jmPWJ|c z{|6UKz#H-Pt2x-`nAE4rSN}tM{#%avMEQ}!6x?6%4So>TL5P>-j-Md{j}|j8>^Qix z?KViRp27+7Xns&|Ov+(zyr87s&h@XFV@$OfwyfFc1wgHs)Q>?UF*R5)RqE8MS3?sX zUYSUoNN1=p+K3|5y{%WY@e+5yzh*cGe!W2TR;Wds3^nX|!rh6~8QgF%u#&?`9eQk9T1$vPnWfxd$f5sX*KIFf zI>e)C74X*=OkbJGAu`RV)tHaURvCK+m>=5t#QBpc^Rq4IW}b1*EtOH1SSh7>iPuz1 z3?JFWjFAz9%Kfx<$J9X2XU4)vvP$^LFe%Nk6Ts~$7vbQOf+g>e-AZgba`^~7!BK={_X3tIDV52nAe%M)EH)$V0Yye z`c`yAMv%!8jNxhaKfwk1FK}_7ORPY@Ae6Ww#Of6FmSo#H;z@Xrkjr_znybBEzL4t1 zh?7ZcjGR6QS)k!1L}wcPeiH6r=SKsPaP-+$ob8zwNEdhRS0!*?%RP2Vb(l{K@i!}E z&j<>4Krmn)_yQIU=BoPntc`NSSuKB!_#jbB^IC;2lsma+W%Q3e--m&R^yTP`wbKw#)6YFnr4nr1qvfN6>@puoH=dELD#i%)pDj~;V z=n4VGSG%`bgpz!bEs(aqU?arN*bCtbciX3$bHzcl{fnz3oBzhuW%R#srAIOr+85)b z1$OLm0y!gK49ua~>VNyV1d#d~qFxxyF{1~b8u*g5!uj+v&nIzhKCC2P1t8pP1NU6a zL&E5Q&GtWQJO!2d3Y z(6*ZpHM)QMq}xM$n0vxNE&MLc)5q3tiW{KkV_*T=XZ<_qHAxO{l?+XNip< z!7d#of;=U;N z{ev3u!-0V)&W|mtb5qQm@|mAV>Y7LS8(VwD?#^~9QSI-lqCc1*Fu7$J4!h1TGR#&P zczRsPk0DgRk)Fc{Hu#E1u7>vB-IEX9q!|6MvZ;O!*NPn_-r4ZG{9yD4jW44bdU%cj z;^+7=#99+sS{GNSp~wY-O*er&I*qNA)rqXDC4|T32fyEo!49K?V$M+bvV8t?gZ9Av za4C#r^m588iS~XaFT=eb+d9>Nu;bCA1O@E5lFQ}Lx)tSxAAgNq$p4Fv65GG{@c)N* zkpF{scC_Tp5;4gVEK$NLzYunxAu-x(YHuPa*1`$B*lx53FZ_6MH7<%Krq#m zspm2R0B-?{XVT-U!h#0>sqlmbVKDkvDAF+QSH-vD{07O*+eS={jEwGYiYMKc84g6G zqFHz%n(o|wT5<)`i|n{h60E+P5FqhF44ji{DGiRZVO}QH+ratH=5xUzUE{`(M( zZ)bKKB4%K;)pM_&Q$TU|zJSrh$ai$RR-`wIRVxZRsO`&TdjNRcRcbKmYJ+@qmKuC8vo?@Kna1k9DK}2%K^_RfgYd3?j)cw^t%-Wumv7e=^!6PwTJS6WH zy)FzWK$b3Iix?@BSsD%nSlI-s6p;UtlB1=!EAzXCPy3bpmxxlkSjO91FcEe$gd)+4 zVQW+pz8&sB?zaaSC<>xfRPKgBtKYMtisPnLYVm~QAOTW-C7aXiB%9gUjhFT{${(s7 zarLA9OKZC}(*u)#c2X>!h1I72?_!$Q!7l6nU~FPsFVs$wQLcc7ye(q7)c;wVM7}rK z+<(cU9IM1_`wb!O*&uFa6a~0GJ*lCap>ki6E}4-OD2=%7OsWa zsSPR~Uejt^nXeLfB>C9)y!!I_v16YZJzsKr!aMyp4|$Z3m%fB;RkrK@R(MJxOjQ{z z|AHCaKQ#0&m@WSg8p<4j(a@=uVwpu^aaueRZ?<3=X&0sy5H)z(bLHpp;cX}C8X)u{ z*+Pc!+|#<3fHYe&5)}Y?-NYLQ!?(PnQTX5Il?(QzZ-5r9vyE_DT2=4BFCg1+M`=32$>$;es zt9oj>tE=9p>bYyezRQZiL1RG!001}%ai9VK@QDln0E3761j=D*lUfA5eYF)=cK`rj zkpKRH0n#!s003w?GhyNH-%V{CZ5&K(YzZWUg$Zo!ZH&z?l7Vr(K&XCaIjTj8@=*`1JP1Ft92>^4Qg@FQe%cOTR;Dmf291Eptf%yi4bvwp# zNJ06c00i8lgo*$HqF}z6DP)R(oG$>qu^$FIfbX;bJ#wG@S%7cmW2y%jKr?|56)Yzf zK!9u%3Iv#P1InjV!bJdT3;+~kseVqt5-os1Le*FtP~8ORp8N(=3xI+JFvy1nQ3Aer z0Q825iCqDKsQ?twYgL{r>dJ2iRG^kht>tMU;S}-Hgrc>BR8^(JqnMOHr$%AZ|D>NL zK-cS*ipk{1g7D{N9016PMFrjM&712aeC6aMTT~;wF70s_#0Qaq!Or{MRGF;+0I=og zJ^fBYUx($(4dH9`o=1BA#Z(6-$LS%$xE4X60g!XFqIzTdw{1jnV_KG%_jY%eB>ROl z^+#2`-c5RSyH(#TpS*cqAMXBiZj<;iY5R$NdHmBmek)ywGZptW&|qypTI{t6=HnH2 zmZ)FCphb-eWk(*#E()0T^M4ha)5N^!*F|(=H)ZrCM%%YoDa++miCwSkI(l~ zuZ$3FxG0049R zsHz3AZ+kFkx*>3Sz}I?UUiH`lg-H5)g}wrs~b3sD45RO3?V(a#CsvUJOv z2FKgN)AcGh!}HoAJnKVc^-#3?ef=Uh427&uxDpCx5UxfX1%;j(^hnqv{sk$5gkU5T zMV?41mQ|clAzX<-SseG8*Zvb{h?Zz;EcY;g$^SLDU5qiouU4LS4z@wKkau0r&nIf!2^9c_zbRS|sGWT0D&<*wp)o{>!jsG!LLsSl1 zHi%WNQvSIu?C!@@jmsA#KauXQY+qc22=ws;#nq(MWS7K$5#W%pAg+96|N1#lzL%UR z{+CoeSu5gGKZXGlV~CnK4ev9Rm`>1k(khDn+^ob2b8VNQr@+@g(IS z6(Q9|S&gcZ$`dtq6gp8dkt`9Lie9Otw5W8W6h`?*c}yv~L`Tu9QdF5)ai`?#TvC~G zY3BD6MQlZr67F9ir6#{@l=ut0)!)J()cd6Seqh$Q(hyp}l?6Nb zvG$YIOe}jkQ?;eM;kHHamX_pl3NuSGtJW#pBpCBU?xff~W;n`zJ)kH~zVQy80u^O}* z%qN2&BP5fOIhHw3Q;=yXqAcQ;=9V6s7@x?SSV(0}=Ve@EI!HfAUrgU@($jF&plSTo z*lZ+GyQ@*8e%{z_9i+jjUZ|$5pP}z4L-x2TC>J|CM3kesp3}1$;f$Qy1Z;!&I!nKh$nQ_kV zHE^4BL~o)t^=)d2d8ZM1jI!S>Q!#y3%mm$}#UbD(G$KsOe~d1fk1id1aDBLASJLs$ zPJ7FJ<}Ne6F1`2c*J{-{+qv0!$XfO|OEzVeI8G*c-S|XHq>>;*}I#Do5tk&Y_fENHidnN zKMX(IKc)f2zNBC#pTqnF{WL$lJi2=lc17`Xts33eE}seh%xMus6^!<;@ZamHAT%95 zjj14fI7pd{oiu|F`tE(W@EcNpUq7PH8#4QrY)nbl=_P1s=*_zX+} zZls$q%5hfFO0rV%mC~8>tgyGTwDJ$q8LN-at7WQ5SW4k=(ot2iSzC5)zMkELY-eu6 z?0BH3&<|_dy5&yx-Ubz;mCzy4a3u*yhsts!Tnc`p`i1tB^cvZPGz!|S7q{1hh<=)F zI&?``iwaNnTAWJ8J?=ENoz;zGfVq%nuO*PYB&J;&PI^6^D+?{nnZSyPm#c#@ATBn> zPNd92(hsP=upI--dlFA;LYqAsQ!T%8uWQK;xpNrPgM3bNM3NY%J& zB5ag1sVs|n;%vNbbTx)O<0AXx45=4sE3UCHSW1-^S8cze+?=zP$IfjPdIuGpI#>mw zoToXwk;-abuIx-Txzf9X%w5L9Pp4c^j5@i)V8P#WrV$F3AJH%$RD|IcQzNDJBWsCZ;@f}3BdKBUOBLe|ReZ0PgM=Ql`V_{PPS zxp~|fUL}R-1?m$q_#ynx_sk0yS~xa1<;aY|ZDL!X+wRfB*Ubk!IIb1vpC08~khA#C zxF)#t=0a)LX`<l&*J1=@3?Wdc^G)O+eBOU zwkLm^9BW&4AwREZmuuI(6*v=I7G4jT=hu8+Te?{DG4FQCxtU%Qdw>WEn0k-Bi$)Lz zk4}vq3x*3m$>QMS-|D7M?PkBFjR5&wC%ML`S3dew;s9oSaUX&P~2fj_l|@qX4JV=c{%HGS#!a?$lpYe+w~;yq4+R;s<~7AUHlS{86W@g z<#Wo->knqyRnUBs;D@+^3;^Ix3IO;9002)Pp!XvHz=;6>IMxFIxKaQBbelNc0Z{;e z+fxE4sN}kG+Tr7z;-uYHXpuIwcwD7X)Ou*)kNJ!hF@!o+@^?t*(D7cQF zu~M=Uji*%5V6|pss3&iB=N+x8t#L*>__eQZuUkgz9^R)8lYA!G9T$m{rBz;M7GFU3 z0RVJMlF`#6WX8ypuXOqFyMuvph++ch{uaf52Hj}cuvgN!TT9o6;<{R*^?1xjO6W76 z$0T>-lPd8lS=Vbgi#iLIjP_)ya#`HEL0Yy`64P_7J$l8rLyai5f6xy6lX9%$F*kx@XWLB1=`kOYuOKfxcgF zL|t1=jU&VoU&Za?0bk|8>s{+;|FX(km4UAzDRi)SVFP3J`cL-9o=f<}+w@=v`(R^e z5?K`Rfpj{YWIr=8aOTsz`Q76q2Lv_%kd&PqpZwxMRBQEt`*B6Bi*=3vf>&vR|H9`J z^)j05Q;K~PWpy8AZM?9J;PWWVf|Z$-WjyG+9H5K@6caPoP(xGsB$X5&A3shV&dgTl z7_9T={bP9t<|6BCA|=-C?j^FVaXP*Yoo>3Uf!;Gsz7`D7otK)ik|$S)|M49CvU1U3 zTeL}`^E6)!9-@P_Q5o(k#*RFF`!~HIbh&7f7eT#E`*^;#`KYoyx&C@>sBFjsm%Ozp zDlYE2s(QbocacV{IC-lw`k=!=rA?Y^4aMKFrp@z8(T%t}esHnEZnN7aPYw-r*S7=! zs26rm739SEv!2ePoHtdG*K=kL@V|9XXhcyUMxMFu@gFdo1pO*FgJy=+C1d8Cot>RN z4Djjr5l*IS`rPuI%&E&n54!1XY1ydmQ`}7Hosk{JLvn!LKspX(7uNCuXD#jdwzD#j zg(t5|2nd`#%|1FZqr&erdtbZo+M6*IA_%aMc_e+hv{OY9svM#@`c4>$4oCO4+aHEZE}PNJ*jRCDi`mxbEQYDgWw+fQ)KtQGXv>gJ(03c7&-sC#x_CASwauJJ#7d=}pH6CW<6`1aRQVE9(k9;SdOX`Qzb;%55!hSti zUM#KLt%ihBkV_{}e2qMhyW7HZo#M;GMH_1LW3up*15^J@EsT&5$D$?4>m zw|1(iXwSaG0szCX^aq1WXu2uL{N86zkee?n>%#PK`0i$pA6{ozFbzRui=kCAH}s(K zT$(XorpjDam!_Ve%*okqHUdg!INn)@VbixSprV6zj%lryv?=j2mA&29gQ-PC-evjM zF4YQ+JNK)D6SK2*ZVP*RyrzpMe=_!GaYv`ieo}* zkC&rEyz|B@vZC)C)hwyC8W+U$cm-a{>Ui0u=Y8~lGVXZG<_ilt3ynifVe7~aSv+65 zD~-V(g#oC2)qzKRd-Or=YIQCuP)>SxkbkupfH|?!U@`r5xxe)K+Wr=FLB1jc>^SiG=%6y1Pn?H;%`gT| z&`WLj8mU_VCg?xFm@livLJr6i8;eyoZ@}sRW$7Vy*WrNP|2b99{_j~S|91Qv9F&0; zvi38PhMfH1{q03An{R*sG%1jt?6v=Rf2;C&J2_db8UkerILEa3H5AKb_ilhbBMtwz zs=qS^0NLLQ{-4LbBcMuRa?AHQWS#Xlr;EBCZ%RRlYUhI6#+wO2`ILL*wgUIvqN{_y z%`#TJpt_nN{<*YZu%=4Sp!>sBr3pkMR7gIip3#xos2PlO1e z+$?ML@(`@65;lw51@$f7PgI zDKX~)3~+O_r-ggDIM?odxJW()H>#B#Tnh&TzQZ3Jl>uL(*yaxDB&t60`rMw) z4IqeSE*J6c*s^)p#X-eqZog^Dj4Q4CZ40VxVGw2DU{-A>Hd;%2oq#}O-Ymq-d;^&2 zBr35jpd5nop=e43fgLxC$I0k)jdwqSex4&a#_(3?>C( zz;JLa@7$>){5kiEl48Tf+Mm}JxfAG?RXjP!#5oQsHP2rKMUuD%h`DiTtsT1cZteyP zg+SF@>fCp4s%bmLepE9Gj5(ANN+zI^f}%3U(N+B&Ol$%D(n@nwgrhr`KaiAbBS-mr z^w4ZJfdr$IJCC4FTogP4>DThaek6gdA#>^Zq{p_jcMHnv!S%=pzx61N zaN)%l#a4xr=13qkuFy;+s56!kg^%+{{~c6l-?@)?On4k?bB`!Ep`eOMb53 zT7*K7T2JOfdRB^c>LMT^V(KzlUi#o%bnqPW`dG(2pj_ss%=q#?SRX|9kpm^vW!yoo+svk!He0(ImA+M1M_bPFR>w z$rez1+XqG9m^Pk+V$)nsDCxy_k|x4bWbJgoSPP=3}^W{G(3Yt%a5wCKSN|Y zvtlE|Bis^)KLP98#1(t(ayQ-yspwXJZPCJ;&DfWQ7NMx@wB#@MPc+a@xvLu3Hg8Qf z=H|6hZGe4+4=O56VW$XHFVI16f#U`PxU%h5A)InM4i94|slsC8@j}h$UBb*e`#%uZ7rNRoeMZ88j&*loM8|?wu%+lf8s#uZ zzyI?FWi?%6q+ZwLI@TW=M~&RNu^^1<=3Lv1RKQO;+DJmkn@9OGv zvyL&nbgbJq4EUyg0WvBs}~^UTe~KCk>0vGAV= z1bVjMABUa%94L80tTsl$LTzPpxf?ko`F-+&r-Uv(qtG}`pfOs~WlmD2dd-h0BhtJM zKg30*_d&D5r0YUDNHVjdkNd6N*`rrpUU6n~TJ8-Ouhg!3k|0elx>;d(Ip0Bv0|%9b zm4`>re4HBKOH?*@4698bl=~YL-Ro+ml8-%vBK(bQv{79=-a9$I0ETtwO=Ls85fM2v zWp9rpiweqZ*XJ(L4?%q5Qz}kMDr)pDj10^4PS1li05D2W4FM9B*lv0WQ0V_B$p423 zbnk*h;9tk_HF10U`+VL%kx9V-1Rld{$pwq$>db6x_qRuiut*?ng>1p3UQX8aE}1>D zxBvDGswyQTh@CSUkGB^Jq%;cv{J-+{kEZ;iR{yOrzNiQvgBlblLb{+6)L`RRz za#=ir(SVq=28+e_>*TK2efF+Y@Eg+fmD(ANrc;^8xw*OBT@v>%zH`9*>GD+i<+-H9 zg;pczti8XLIMS12Mb^rI0rUnt9Gu6KEzQRyEpXfasw6-M927*-NPt&2Fts>Snu}73qo3Q zDQA5AlZUrsfjX5yLiGR`OqWX~-+LYJZO!_IG;n?>8b3@l9ou{D+Wv7ZmSmRfZoSY_ z>IUI-0+V>_wds7rbj&%^wNT%q=dc5xM3bo6eVp5jcdX_5+(z`qkzTd9;V?ujsg{?x zt0n&9`pO)Z#+3~Re(03xP{}RtT-WVk-PlpThzTi+W@$qJDI%a}6qcTxN-Obw)3&rB zL$oC4kG{)W&HgbmKYu%Obf{^4oA<9@PI6%KJ-JEQ9iI0UgVZE#9_6VDyL%VG7d&e% zb-tlw7a3kzbDz7ohr`HnD@&tDEolO+Hr44h`r0>Gp+4w?-wQog2(`gV=yyzBNaHC!lSkQ~&~0MX;BI)6U|AWX znH;LIjINOA5*bG5^d9PYsfp7UKLg!*c86&m^vFRaI3NcoVBFU4q|r2ywBM2Yxc8MLY4YsbjkoKVeYk zd(;bzCp6V%&{bO`Eoih7RJrem3pB1^+XcDrM6%CJE_#-~pN5{>T3DQvK-|Y>!%N%k zVPW{FQeHOt9Q0X-?bFk$V%bEZpSh{RjD5?d4YDu^Z3zta63-)2Sv~VErxS^Wqa3)No>f`ZspLDg_{E^a^+DP_I zPX~8*uE|esJXwy5drc`0o9^LAr-A+ulPDiGYTn)kyA^}uu1PaIEGrsw0&~)EB2TZ< zkurJIkxlnaXh$;{xl%R`<`!dRVQdFdcwffNeM@Wj#zRKJ94hl!+zw7%yj|6&myNUi z*Q@Y7_?>UsZk&=ovfr>TZibAM;?CZp&pmA)hv3#<6OUc^s)22~K5t%Jmy?hUG?7A1 zSIXoSP=DmqZkK z2AaFb_kXMX?vdvnIC>*Sr{XwlFnr-z9`11ItA<#h$(jCutZRtxF5@Qvdh zWS}VIMMsww*(B&9>St@27vhvY7qD=t;b*On$$JO>dR2?n=DE4ww0Uo{!R7OLXJCGE zvYA@czWR_lXLq`2xEk?ace2Tr7A9>I9vU=~E<@Xnc#W+X=bktH*p?2yu^2dV6LmAs9x0DCkU7FESuepp zYU$sUXaH&{VBnS`I2a{rRFLI;r?_3Qs1hMUyoCakY;jc9)zyI(4KVv-maEqt4=atE z$f}DM9g8aOmlvCkx`X0=PuHL|P2C-AZ38W&)?VrA$E6};NeVhKxUmhWfS{z|%Cn8b z=K9{pUQ5&j;K~WmyJ(NGYPnss(UNR_ob7rh6NMg!$I$`BdcEn64AA;Xj~>wdvs}H7 z%wk`Pt-+|U!8#Sm;|DD}`jivsB%1K#Id9&uFc=xd52Fy-GY%Om&D_y815c>+ zGvM4wQUdokk}ALn370npV%wp>4@tgq$1=a|X_wUBE+`my=y-1dZi7q*E@Y zC^{UY!ILtRf3TS+>qPG|(Zq;vU4gGWJgwM3NUKyd&KPf$E+UCQv~~autCh{eK54(I zjGr7awU)0)ruSgmJhbDvgr8{~wgq^dMM+lG-f<$A-Y2g6~jw zzo;_lsFNjwm&6`&rj6!BKY`7d8(GD+E*YFzN3-Wfl4$*bxphU&(>6=Uk0E12Y=xvc zBbzj2MU?+Tc5JCtZErr<$>Fqh?? zsDz%$cD`zp94MkHN%U?0h9##fP4T$S9}(^^vgNPVNXsnkSse_eG>Qm|k_ z*1XG|R&d6%IDEe{4;=+1UX?W|Dq z&c3YezR*x7AEv&mZMt0_qS7B+R!XuzswdbY{d>NGdKmQ?*}EOwjaj`Yvs*`)UDdeY zeW(<}cQlPHv=GlTnRC04vC;IXvUl}gKn*u$fCw+T_PI$aB0-zPNhGUoHvhd2Dq^Y? zTR=5&gw(*%9ThaJyVs6BQH9Fb#gFy?F#W26%N!!>9fzxJ0idhbsGdWs79DvR{c;r3 zlh}5oYWa*IIGM$cP(kc)_l80QtfPn58T)5o#!=3M!0w$RcxZj1rw-qWJ>x)aA6DfG zRijf>0jENFYM$?m#db~=4o9NK5?binpMA%)L{5LsODhRY_>m zG9BU1UQAUc@9a0vonZl(Hcw`~+VE&(&}A~2anjk&N&y4F%2cSW13PGt#`#(Q^ce>i z%xmNPUX=k2&S`Fjd{cYO0(^B2@$2&59huHH$(ccLiN3mt{k3A!t3t3X5&wY3&LZck zA>3Ndv-U&g3kR<=8EvZMc|(^}3Z$@a6Z6LuQ3;%8%<5cZc=(!{@@OG&X@7gyfOT?* zw_VNpL4Lh5(R#a`d6(Kodc6WTuc}I~`gmxN)3|{RjcEm4GAcbS&DWY6dmZ7A(MOdn8YThD)5Gg_3B9^eluj__{!4e z$#s9B;Ogvo=SRoRgF`{M^=6VItpd3K3fYE8P~{+h>VH|k{5uU(o51fy3FG;Ay^$jH zUEX>gjPUz-l0z_dvH&Y^-I=1Hw@J%h+4Udes|lw;iy)P-f=Iuihqsg>6B})dtEC-P zE}-*N884(L@hy4LIIN4jA-_bTzQJ*{M7;Cam?uVNT*~mdiu5t6QG?ZWe((-&@Ch6C z3SL&m)bX!EmpaL$#~g<*bLR7b9sL`7Y4)A7lZW-nl;E^(A6=I#O8wB9T*pgilL$Jh zIz}?vcN1KK90KEAq>g({25=(ca41S0bv8ahx9={Po^v&-Iamd6=#*0O>p~plP_FG+ zUt?LyddxVKbo&Q%V|AfSUdXd-oP#No`fv!Qyved)S|(~ZUy|{6(Zk0)Mx0Z_>b^_> zxRpO~L7)w6Cmgpd^#o|-V`|4S>O?JXmBJzf%8=1Y_>fcHk8S$V{S%+BZ(bIKyh z2L-n*HSF*Wt2t?RWUfEY{197erJ@wjuu|jD^K}73x%V^YYrB1Qs#rIIUV|}hiePHy z-L+K?ZhLhvOIbo+q{tP0_ucDnJp93JdsR7m=1OQ(Z?vqCb1rTu}%Tr94zSO&$&;o{fJwHx8Smznx+##!z%> z$GAc!90@Jv)J4N-2uGIgwBeC{zKueGh(J->kuFWQZVDNPPfi>Fy|!&k5eXTG%%Yjw zy9|&8FPj=2sHR1hLX}9u?cQKY-l3fT7|IH1Ta(ctj6*SS2vZEwT*JeUT^^SEPVLmP zzVStZs$}5o{wl8eW)YRVm@`R@(;T^sQCV~Q0;~P(A9HGRI7B<~Jz^taRqM+1v>Bez zY!TB^mRsI+UtdzxV9U}6~Hj;`*i6^gli0nmQ73sZ+e$5_+DBT!s#b)ZmFpcg) zb#b2K!m3d>VTGEOg>zKcYGHuS)$Zon7TA~hiCZZ>**xDR7DD7H@IKK$4}UKu(zm#< z=)$zcd_q;Zhk1AoaK3J0aZ4o8C)W>;D^S29tSQf1((V)$9&M!9l*v?mT6~^>rw0E- z_Fpztf3-3yrXIxDqBpZ%X@*-$oO4uO;7q4-koqTed1f;45{A)UsmZY&d^0PVJVI!@ z*z_5ZMQ)7HGsmQJv1`;2%7&=eTgYVMEor#VMKhKC5R-ZMNym;bs66RESvkY|-R_Ll zeM8}su*RtpyH;1l644s`nm7_vsS4$KWojvbW_4bLvfLLak08BltENX! zp1zz&WQE+nLO<(R|C|VE75q)P^c9`C3O)WrV!V)jDFZV3?E5Ho%5DAn?f#fQF(+`f zT3KXEa4CzFsACb*b7!mB;e4;@<+Xrct>pUQX?XEK6_b|AfE#nuH6>8Y2|}|liMLy7 zDL~f}G<}Mv-#oSDJaFV{z2xD#FZf>aYtG6osjcRC$-?}M@47)3=es(tvHnf*-p9db zrUV0*b8G~dg8^*I#Ff25l_Qw!q~Oab&mH%T#RKw=fxO~E9%R{?!je0nXSp85yu-Ht za7hY+9%yzr@Hoh73;$N#jP&sIlkmlznw&`F5u$Z8-9E9U4QbL_vps{fmh zw1RZ!|8Hp}PErN*`2Jmj0DM1LER+k9gLWa%E z8z5wNh}4&ze0zDw=JN^{1i5D*Lv0V_`00K;FD_Q;MuW0^PYE18TYvyhPzUHU|8Gry zzyE)*90FnW3A>EbUXb(Zb9JEnHw|vOY`hxcm4ZC|BTeqtMQ;xu=VhW;aeaM#vO8so z$RD~r{k|Vp<<_*mD6BpT#^c%lsgI+e6gOA2toabh@6DHrQ*!YMph9x3i_d_^r7nys zd!S6jgvV7MeQ1tWUsEtBk8@<%hNji)ejpVbmljS7VjfZNZgDkT`CCfKUm^?1$RL|s} zQ^P$Ovj^@T;2j1$Sb?NQL9wgjrKb02HmQe*GSZhTcluN`)PkFz0sFIKEnI)9O5EOl zSIK2zC$#Xv8DWQpzT!^Ks)pU;T9r=6zxLu?$LoBEgxuWD_rn4UwyJoKt@uFRFsOLt zCP!UmLTf#AOI&{ojVKKZt#K=@!$~>lBs7%Forjo9Yyd5fRynFSEDNvncO(P4;I^~r z{X*ip&BMTs5C>=&zLq@$~!;>XI@tZdiI#lhUGl~(0p^DjsJN$5aK9$Y05 z>beb_Lp9je)5;IT;(m^=7n!ghId{G-9!uzodn7<1_#KIYQ{8~Q3S#zl`DKg(| z>3MR&vD)jcIl($n9N{7P~G)sblp`I28fn=@)BdCqTf)(f`^*A#1;ka2z9&(D`_># z_i5tH6znM>%21XMI*5UYkcDQ}U1k3tTM&^D7I9K;|4UqClo@Tlf2$MkptHwz{sg$R z9M;8Oayg8NWv8jaVB>NBR?zbYyZRJ5cODEP#EM0ao#Z>mo zg_x<-)rKJi2?q+%-MIlB3rfMC@1e7acKvK;JuiqWc|XQ#jcu-y!VpPS$s9W>La2@( zucgd!oIF?^V(c?p#ffS5%83f|6q@$b&j(9?RF!DMDEu9{m3c+LOXbGP59Ek+#EW8* z5)0f9XFpI?Xya4>0S%qW`9BUaGBT$=J|Q=21k-_{?*G43J}wwGnw)2jflveEAwzRQCdQMtF>f{{x>4P7o3Tcftea_1U=0(Zz$km z9RNrW)PwuG<$y+oCIow23m>CtR4 z1_@|y47@$FN-cfYt3vVY-Y&r{NS_!uVQlR2c-;dLK}u5&#`gtO`+x5=_&4FB#(R%! z_)Zbn2|A$~gDfQU_~ay;$ITxPjDXc*vGQ$?-sfq;#+w=DKkc{W^o){{l93UKzn);2 zXudkLZfyxIb%oOy3eOlw$*K=^WLdC`(m#QGJCB3Yl>fjxTp+Ixlt37#+9f#oGibI- zV*3xN`SX$eTI>LK;ant-HzhCKk8~6Hv%&eILcFRqP%PC>fV{NnYT;3K<~qMONIgTwl40I($%v3t0;=Av*#l^@ zoGQk$qWv*#+&QN+zX97gL1obGw9j?t053%m9oiPdcP$xO!Y{66)wUw?gg`T1|Mrs8L` zFYok701>GQpRz0Hfz1lp)a0%86h18V~HhQB#AVJW@ugf5&j6V^v+w?}eo5)s)VbKpA4& zbUy9h-a2N0U%T=gRgT#(9(3NJkS=`%hs&UR|55Y$+CQurnR-Q2=w@2q@XPO4DpvUQ zQz}+E5X7L)Y-nc+Ifauq_U9IoRFSPFlX;+0<^jq-yiyS2kq@-Q%&sSwFJ3Qe^Xew} zz}s~B@4Zj=T@Fs@KKNhQHx8o5evz!c;IBXZxs1kceWISf@YD-)?s|WIar~2sV6Ki8 zbi7?AtARMY?W$p5yC2EE@x7jFR4$4B<5K7eGNg%p*zvUcl=bo&q01o^zWqkf;$%zY zJ8+qx}21bEI^1m&5&Jfw_a|;TDL~6x3-rvDizkh3p@V zB0xpLZ+Q5$NN0d9!nD}Pq@1(_Lfp);nvbU~IsX+({;7tj&2|5*YxC7*lgsn{Rp0pf zWFxDpZTlm6&E|N+VkaKF?PP;5KIQ6XZFln8N8#&5XG1&%R%F)GA^aFKCakRFOus7m zn@>@Ax1`8Z?rrMS^{T5;uAWQg3licwOrtt{HowhTr3bhC=PB{?EW6FxM)k?;rf=W@ zf-280n-)7w(mm&`Qqu#LQnjdm;$D&(CWO{)hWb-s4;I5`Z+>3S@x`kX52Vd7E3_%H z&p3p2#hZsU7chVr)cz<{gN6(+_xoYPqD};m=nxU0&}XM*VqyYXG@y+qFE{RaTr^m9 zkylo3dQ?@sZf$lQb^eU~bh8J7@Wv;Yh8CLe&7;aqA6vx+3XJq1DzgFFQXrsUvGe3? zx3PQnvD^G}5^!k`=-zN6T(v){+H6j+y(;#(llh5~g3HkkiuK)j9-N@%Q;!b77ZW5` zG7JA=`Rh!i_k$YNbXg~$lhjb?Og|yN^n5tB;`M$I zYXM=Ek#mUFHM|R=F(c>Za*aGge_n@(fw)9|B>C{s3HW4X?xD6BXbPjx1NMWoCD32S z(&kp;aB0?=KJE97F>-6sCHJ+@-2kcjJR?9RScOJ7Y<)Aj9?|m(Jv=a!BYr>{XdDqn z4DHC;@De%>kDiWY-L$%n`bYXc==gA0AmT60`DRi}f2HO>p5>m(u$e9IeuM`@!%aVA zIY-xlH)5nl5Zk*0Q-5*OunC(|u3=R;(XL!Y8V>T8!$6MV91?izV@1m1tdXO7Ln2!M z`^LE&?>Wk9!<;fIBT-;2NNru3=@Q;jooSr1rnq!jwq6z zq(F-3w4n6RdX?m{rFjvR9?FCGzim?0ugVUC*{@*Khkt1Pbx0!j+p)Ydm$nLBB5Y0c zxnTZSY2=qr1@ogTL{2pWE9-bRLf8_`-ROr`RKT_w3Nb<%OCm=Er4^Zs5p$xvZkdJU zLiZ>NhQr7@sAq-G@+IZJ`n|~|SV>?)DPhY(H3kqxdI=>i;)R6FPDK=S4gZwtcFBc? zR|Wzig+jy)*y8YD3o6*`*X3f_WzP<1MGa*OX`vITM7&WGeoL{GVS=d?B=2+`8pBkM z7+62JO~5k(%&R%i$l89ao!Q0r8O?{^%AlqF{~MLE|; zVVW_tXIIswX^;AEB10q^Ig!JexXXo#myM*nvHC`zvzeE*$=I&aSG)>16vDy8o&wkd z&QRmSD18|Yso4()3~IL3ri4gmMzO2zVSvXiMI=i(@)BQ7xQV-=Sva@s@MHbHjP>xC zSIqC#l0|;Idm<)7E>?)w7+{>V8yush^4AJ_ zWtwp1u~u@k7#eFeVd%Q7L}Y%2fUnmH$DA!Fd7m&O?<{|-o)#Fq+0?e(mRp$QBh?MJ z{q8q|c{0v`8I|NX0X>Ag?Jg!w3?oCN%f>4P6y2B zoD=92Q5tew`IRxKmu`gx9)Jw$VX7-KuRB=#v!;>8*Y3zWI;jDth{<|6H1)l-@J}o0 zYdaw4l^s|0t?qkR{k1V5+?}p0h-uXlLSGCmIehj+83YTT z2m62;6-k>zu8^O5btJX~Mb-unwg>z|FP{^7_8nWaWL0!)agDB{`?0Ik3P+%&7Y2jG ziDUgb3ehkR@1H@;G?ZgjFx_wX#$M}BQF186XO#+-H7E~tk`&O7q(UZOCCb`3a+=aXgEQYnPjq^h zNu0mdHfC2nXeiy&C9xn9CN9_{eWFE9YFp}aZ^Rc!D=(QdooH@DhZVPJlZ}JtmGo96 zy0VdTCV3Jh!nCq^c^pcI8RJ?r-7eFDHI+5 zAMpKjoaW(^G*I_tz;CJQv{pCK7_u;SdCLH8;mjGth(s)361fBCqkQd1kXfJPZIziG#7dxkUz46kf3IFf`j!}x3E3;SoX zG8IiTW}A5niAQCsfC>d_PSUx5@cXMi*YzibY*qeQvwP;7Q_^u&c?pCpO$I+^wek7x*?ehXD`9;ol*NP*uL9>e(^%d!e9E(-?F9`Xd$5 zKwUq*xY55YE93`lHbY5nCPg~U8t2Liz46=l9+gA~k6Jf`Z47aB7=X zO;_Jlp1T1jnAcLYPPitRbQbkR#ZZgjzUPVjy!5owqGYa6#?ja_pNuuAeEQv>Za}uT zQJbTBN!k(toB!?(vLeHlMJ*0$(KSUnqu1>;+=86?U&Ng&WW3lR{H0vZ{UADzjHqH> z|DH;Ye*~{WsfJ?j$AKb(MfiqPBc7CGXrS;o%IJn*3Zo#B{&?x`|JkS0cLlFqs)&{H zd9g9bRz1Ic#iBPot*zGDvrmEwaGwu1R~*s#q-U~ntE;C0c>X;?#pqqkchTIUDc5#O zJ`%`rTD|R7PZU>qX?tkdw)PT{9`w;Z%NQ=+{%(|^qKJuurzP6*c<2C=(rv@1GnUA*3a6Was!1o zQ$^%Lj^x(p#mRJV=&J)K!=|5}`snGT9nKGg&$p!WI~?(vEIQ*H=iARy-ISQCy>*Q) zy!{GnH%$=u^SNpl)1(R!`P`i|l5Pgtl+{U2-1jH*m5?+?rAPmMwN+1R4z9d%Xq&^7 zOUlQl9lI33S;?J#ZuW}j-DYl@Ut$UcYB%TpV|pmd!?C*Y<_h19OpQyw7fqTQCs)p} z8|Xqc-Q%ozRh=0I30Jd@u5G#gSgrkZR{6{yf8^Fb*rFX;Ug(f-p1D@f{r!QSMJH1y z)TJC0J9p%|)Qe9Qli#nqWVx_*-=z;Zn=QX*de&q*R7`xZVD0*qcV8E_184j6f1UXq z1B~bC{F^7l2TniZ$=|z_;Xx3T}u^sH(eqr(#r~Qr3^%h$beed`={Uv`uYnha4f= zO`E Date: Sun, 30 Jan 2022 03:20:59 +0000 Subject: [PATCH 1823/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 80ceef9..b76dd2e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control hundreds of Firefox setting The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. +Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. From 0d9de9174ad011d94645660e2780cf1b1f79d14d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 30 Jan 2022 03:23:06 +0000 Subject: [PATCH 1824/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b76dd2e..38f7293 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ### 🟪 user.js -A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/arkenfox/user.js/wiki/1.1-Overview) wiki page. +A `user.js` is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the [wiki](https://github.com/arkenfox/user.js/wiki/2.1-User.js) ### 🟩 the arkenfox user.js From 4c74f1bffb4242ec613168307566d593c6fb4401 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 30 Jan 2022 08:53:08 +0000 Subject: [PATCH 1825/1961] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 38f7293..2f33ad9 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ The `arkenfox user.js` is a **template** which aims to provide as much privacy a Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. -Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. +Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services. Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. From 89bee0e3612be471d427cd81540bd54db1955c9d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 31 Jan 2022 03:08:22 +1300 Subject: [PATCH 1826/1961] Add files via upload --- wikipiki/rfpCanvas.png | Bin 0 -> 5559 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/rfpCanvas.png diff --git a/wikipiki/rfpCanvas.png b/wikipiki/rfpCanvas.png new file mode 100644 index 0000000000000000000000000000000000000000..97488cc218750d38ec88771429a35f1e323370dd GIT binary patch literal 5559 zcma);RZyHwn1w$A!6CQ=hG2oC+TE+&+KWD?>-5{*)o=C16R)YRh==_W8vp=2WhFUn06+N3NVNtD<>k?+z7)lwrlf==k!rEy zCSZTZ*rh8;i7bsvn7G{zEOlDyLH?Y6XkC`ruf2e^%wh~+;$|uFYVn8RR>{y1{)mK+ zjBW37N`+%Hx&s85EjDzX_Y5e&O^BEn8~p%AAAsVwfP)DPsO1g3rH*}kaVP^dK?#dO z8SqLIQo#%(0i*&_WXb_41(YyY4wDX0ga%klT3aCiO%A|P&gvz|0|sva5<8U-S z76@2;VPNnBqM!hY!nwZK8CyNUKI>Dbpv_{PjKcEa#+V!)82b90G;d~<$=OH*ET38C zN^uVPLn(Q}`Ck0Em;!*JG}5QnUflc5;MdR02&A;(n{yoYqd(GHSs@aOi(2PxPG(5VNXuMgtfSqMbQFpdn#5XfNLgi*h@V5yCec@s0;2x7J1`X&Y98_=?k zNq5KR9MbK;7k7X0*AlZ}@J&xR7Mk=IOkzvA)i@NZ1OtW?Omb-S4c(v;8c`x6?RXrC z7QIRuzY@200+?1;33M+0{+V#Bi9%PJ=of$|;x48~kvk*2SxfvIZmVo(rQpjbg%X^v zHeTGhsbocYU*CUzDV`)yy#KYv{>5slge?5+z%L36-Vx`woMXc>O+xHg>DH4?^tHG( zV=o)^YEir6udHXAe9?%)eOr;S6?KwlC4Uu-)NZ-d(C)x^rV}n3a^rryHG}H`)`9?QEk8U`uI;S+sgjW;e9nL?( z)HJ;keUV`&iGj%RxXJfY$J&2Wk$n-8ut{>tvcp1E z&ZpYRZENCGot2$sP@`0%Rik*+D^P!20W0s7?>4**$Crk`V>V${grv?qhwbaE=xkJA zSCFZRi(J)nRy&nZ6?e<|_PbV`! zOms{tYKLkkx!P)-8a_G=_M$Co;de1&wk#1-g4enyM>XT5qn!@TZgT3 z^R7|3;YnMMYqXKDVVQxhk!g!U9jxy4Qg>Z<1z|;}db)Z|!4hP+@vLpUt*V`}aqm0& zT78>KTd*a>iX75DT0eY}-kToW6`Xu8j)51uf?oqN0)=>feorEzC$gD4lYb%^JbIaR zzy&dwC7Auri)bUBWEpXQ>EtaaLdYSVo{<-EiSa5ClbqQSoOx7Z8((^N-+5hmm~IEm zU%~QP@`jEp*BVX)P8?2R*9)ik3Rwyac|E@lf06y6wKpe;Q<(YIX{$CwLslak(z?&U zWzChQU$@-YUglekv^*u3xR!Wdh>$>t32yRi8k$cD4zz!1pVSz3D=?4Vk_}~ew0R78 zoC7MtUZX%z^l>&t$D_bo0ZgYhpVWO(w>;Q_F|i=Y|~EZ8GJ*z(#MDSuvU+w)%Gc)A19+ zSv3W0)5lXS6Kfv?^G^#OkBNqewm-I&#i;0WfDC^2);bC|i+T93VIxSNv&HD4*NSx{ zw6VG@YSbL-XV-`HG6kqPg_{jdL=3i~I33~WV(&!6} zi)+R`$a{(LzBOGGUA0BKMcZ5D+ZLo`eSG!7P1dc8X`Q-@$1xmr9`zoB0l#gz^V=e5 zUL35Qy2N&*h!20&_W(Qf<-ilb(@oAF+hK5*^WQx{Vr?O5@I+R9k^*bDF&19=fFK|) zN15F7T!lQH+*@NS<1URUiMgf2&44?_wO23l`NRzU-(7&m9aaw_7SbW-vq`W_Sa1mE zpLL71lD5Eo>zOUb7jCCr1YXWv~Ak+2hh;fw1^S??r$cauj*BMYa+0p80-e zvU|ms`J}E#qsRPG>R5V3b|ZFC()eNh`{{b9DCL4-5}b~H;?vznyz%dR@|mjrl&umq2^rN zS@UwNJ@F>3wUV|P00g`SfUrma`1APW2LRyx761+{06-)M0La}wnvW_xVd##soHW>P z^*2mQ)p(f_9$L28tgC~THXi1xNm|369BVoM^9RR8l%1L0e7u;P5f--m#fNz%X=krD zJ*0;-L=o9aN!Xq54`e@$YVTZGu47GCTSa`vs?4_qE94%a@%e@Qs%F{9`n_$oMt=L! z**c;nNRmZ+WN-|5JM*XT5eXwc|8}--<`+kc8S&4ECOsVinl!;S`IE@qJeMXwBMf;G z=_vF6Jr<%U@YklfT! zMgQaPAaz7y=xrU^RhaNa-KlkQPs}Xe)IMJSkI^#0&TmU9scvX}CeyyDL1_zq>|a@= zNw+o5TdoV4qk6W^`K+@;h6M}nGc?|wDU73TI);i@cog6K@&;>azuY_a7R+`9S>Lo= zVBaR>3_xJ zZs%t7Eb*U2#DC|6{}uil4gF6s=2JOTYUk#;#~uCCt|yBS3i-GA$)3*oclpU^Q_Q2x z%Q8I&1stt-RSQ6nJ!OwOkiHO{U^yt-zdNSJ%!vJPt36X|44s@t`lMEldC%RCqz0))zhO>BH5U(X&} z5%3_y9rC92Hug~A$8DI#X7?!7edv^b(AIZTFO1%pbjCuYh@i!Diw7&_^ob<~lHjoC z87-w#qu;PjJSsz(GC3T(dh(CHJGHQ?76gJwGcpF&j$He0WF?0O`Dw)Ba5_cz&t#m3 zf(Ix0^mdW!Y?0!stj5(}ow%3e+His6|O#6s-$X-IGwjt`2w!d51{Fvyg zD@8@lgcP8OP>0Tw66^uN4C<{|Eft}M3O>50Z}lSepTe#S;nY_*UF-byEFN=vwY5%Y z6&nWoNf!v_zcy_FMpZ2XJC88Lvd`T!h3e`*Xtq;irs(?UfjKr&*ZL;lKRofW+vg_i zDUzi+TqB;bW0Xg+uD-nLfxznwOPwYt%kK;WsZPS;rkZ?&W@AE+A9bkD5l=%$%vdMr zS{s5clNwl~$mY;COxTzsO=;`gC_>pICtUrU?>8hNASXJDv*l2!!o|@6s@KJou1QQ? z+|wU>rQiG6fL>Ki%9Q4{0r%z2l}paLibCD*g>1yc8^O+^_$k}JtU8EFHcIAi9mLlN z|9GsE;xPJMK+n0}C6Vk*MR+c6AnRQfUo_K=}OC*kyxXUuj_*N^Qy)<*N(s9~QjkYxQ zCx30jKjW#8W@O8I484=%xZDMU1Q4t7*Bh)t1U^Y?8bPtUiRq z5d^X}gp5OS#6%~@kH~3d28G4og|l6%E{mfExT9;i3v!Xuj<$J5tt+Np-M!ylf*WFyk!rR$xrzx_$E?6XXvlTwVE?%yz+ zqE2%B!70n8%I0pm5qWY_zm#F zt*-UO{4uNASllTC`~0lP*-7Re#TvWQ5&Ni311CA-&*y!MEmI0pQ&oP#MEwr) z9?>T#H9oR~pIXVZ@l~2x${M;Wv6Fe1BxRv>{9N$RoA!WbCW%{9-&Nwg%R)8I%%=>M4&O z+^%YIuNjT3S8(pxRsL%Cl@>J1y@qX5(}^V$%~O~1bR`l_P$U1WVDg*(&69Uz^Vom{ zN%?!8j1(Nl#MGRvu?dSj$o4L#A9t<)$sKKkX8EbixR&}HmzoCLjScnk1e52J6LC8= zLcif{6kX*#T;2H{-gt6}t)FglQmkt&c0b~i?>jSBHvPhX;}vT$=N|Pk5$a+aqXr@7 zk4H_pDPAP=ykGdoQM{FmSCJSaX(jYq$-M@wmEz@ww}z;D!mEiDJbV;HC+01*M9nw# z5nUy@p|Z@GU5130pNU`4Ga+69QsqM{G|lasfWW$inz(Epm=P~3I2ME|c5aJ@1lQx9 z{AFIn92cVsPI3M_F$%RlhH{JKv>g6yKilS{td0d?grOtHN{L}X26cTtaB8JVYscu4 z$?R?MdmH@Z(?978bi0TSPQ=-&9uM`2T?gFlv(JwIlwXHaWm7E2-4Ke^sIX=-55-qC zA#ykd9Oofb*vH!qmGcDekjx_%2Vx^up{7p|wNoM|qxs3JN7Z_7Ciw?rO)B`Zsat3< zrLDjG8)ul1y;y(aXA*!wb literal 0 HcmV?d00001 From 917e3fe1aad0be2ae93787e4cbaeb33112a6f8c1 Mon Sep 17 00:00:00 2001 From: xfzv <78810647+xfzv@users.noreply.github.com> Date: Sun, 6 Feb 2022 12:23:20 +0000 Subject: [PATCH 1827/1961] Update wiki link for updater options (#1364) --- updater.bat | 4 ++-- updater.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index badd778..eef06f0 100644 --- a/updater.bat +++ b/updater.bat @@ -3,8 +3,8 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.15 -REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts +REM ## version: 4.16 +REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows SET v=4.15 diff --git a/updater.sh b/updater.sh index a1f7070..8295720 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.2 +## version: 3.3 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac @@ -62,7 +62,7 @@ show_banner() { #### #### ############################################################################" echo -e "${NC}\n" - echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts${NC}\n" + echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-maclinux${NC}\n" } ######################### From 562127be87ff1115f1d5c7bebd5890efd801b064 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Feb 2022 15:27:50 +0000 Subject: [PATCH 1828/1961] Update troubleshooting-help.md --- .../ISSUE_TEMPLATE/troubleshooting-help.md | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 955c367..5e8c1f6 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -7,23 +7,24 @@ assignees: '' --- -Before you proceed... - - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/arkenfox/user.js/wiki/1.4-Troubleshooting), including - - confirming the problem is caused by the `user.js` - - searching the `[Setup` tags in the `user.js` - - Search the GitHub repository. The information you need is most likely here already. - - Note: We do not support forks + + +https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting +- [ ] _I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox:_ + +Information + - Browser version & OS: + - Steps to Reproduce (STR): + - Expected result: + - Actual result: + - Console errors and warnings: + - Anything else you deem worth mentioning: + +--- -Clear all of this when you're ready to type. From d61da93aad93904ba3deaf20ead1f5fcde1369cd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Feb 2022 15:30:25 +0000 Subject: [PATCH 1829/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index 5e8c1f6..a27d59e 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -15,10 +15,10 @@ We do not support forks. --> -https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting -- [ ] _I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox:_ +🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting +- [ ] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox -Information +🟪 INFO - Browser version & OS: - Steps to Reproduce (STR): - Expected result: @@ -27,4 +27,3 @@ Information - Anything else you deem worth mentioning: --- - From 58e2618b9ddb436867f1701733a07ab286eb1b3f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 9 Feb 2022 20:00:43 +0000 Subject: [PATCH 1830/1961] dom.securecontext.whitelist_onions replaced by dom.securecontext.allowlist_onions - https://bugzilla.mozilla.org/1744006 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9d2ec12..af6193f 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 16-January-2022 + Last updated: 9-February-2022 Instructions: - [optional] close Firefox and backup your profile @@ -34,6 +34,7 @@ /* DEPRECATED */ /* FF92+ */ 'browser.urlbar.suggest.quicksuggest', // 95 + 'dom.securecontext.whitelist_onions', // 97 'layout.css.font-visibility.level', // 94 'security.ssl3.rsa_des_ede3_sha', // 93 /* FF79-91 */ From a98b73c64e2e0b505efb6b23d34e6c5d90abe2c8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Feb 2022 00:15:00 +1300 Subject: [PATCH 1831/1961] v97 (#1346) --- user.js | 64 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index e80a95c..9098913 100644 --- a/user.js +++ b/user.js @@ -1,25 +1,24 @@ /****** -* name: arkenfox user.js -* date: 21 January 2022 -* version 96 -* url: https://github.com/arkenfox/user.js +* name: arkenfox user.js +* date: 12 February 2022 +* version: 97 +* url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * README: 1. Consider using Tor Browser if it meets your needs or fits your threat model * https://2019.www.torproject.org/about/torusers.html - 2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries + 2. Read the entire wiki * https://github.com/arkenfox/user.js/wiki 3. If you skipped step 2, return to step 2 - 4. Make changes + 4. Make changes in a user-overrides.js * There are often trade-offs and conflicts between security vs privacy vs anti-tracking and these need to be balanced against functionality & convenience & breakage * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on exit (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags e.g. third party images/videos not loading on some sites? check 1601 - * Take the wiki link in step 2 and read the Troubleshooting entry 5. Some tag info [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break @@ -159,7 +158,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false); * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ user_pref("datareporting.healthreport.uploadEnabled", false); /* 0332: disable telemetry - * The "unified" pref affects the behaviour of the "enabled" pref + * The "unified" pref affects the behavior of the "enabled" pref * - If "unified" is false then "enabled" controls the telemetry module * - If "unified" is true then "enabled" only controls whether to record extended data * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] @@ -235,16 +234,16 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); * To verify the safety of certain executable files, Firefox may submit some information about the * file, including the name, origin, size and a cryptographic hash of the contents, to the Google * Safe Browsing service which helps Firefox determine whether or not the file should be blocked - * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/ + * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.url", ""); + // user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth /* 0404: disable SB checks for unwanted software * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); /* 0405: disable "ignore this warning" on SB warnings [FF45+] * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB - * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 + * [TEST] see https://github.com/arkenfox/user.js/wiki/Appendix-A-Test-Sites#-mozilla * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); @@ -263,7 +262,9 @@ user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: fals /* 0604: disable link-mouseover opening connection to linked server * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ user_pref("network.http.speculative-parallel-limit", 0); -/* 0605: enforce no "Hyperlink Auditing" (click tracking) +/* 0605: disable mousedown speculative connections on bookmarks and history [FF98+] ***/ +user_pref("browser.places.speculativeConnect.enabled", false); +/* 0610: enforce no "Hyperlink Auditing" (click tracking) * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] @@ -306,7 +307,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [WARNING] If false, this will break the fallback for some security features * [SETUP-CHROME] If you use a proxy and you understand the security impact * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ - // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF] + // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96] /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] @@ -323,8 +324,7 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" * [NOTE] This does not affect explicit user action such as using search buttons in the * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) - * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search - * engine that respects privacy, then you probably don't need this ***/ + * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/ user_pref("keyword.enabled", false); /* 0802: disable location bar domain guessing * domain guessing intercepts DNS "hostname not found errors" and resends a @@ -338,7 +338,7 @@ user_pref("browser.fixup.alternate.enabled", false); user_pref("browser.urlbar.trimURLs", false); /* 0804: disable live search suggestions * [NOTE] Both must be true for the location bar to work - * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine + * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); @@ -452,11 +452,11 @@ user_pref("browser.shell.shortcutFavicons", false); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /* 1201: require safe negotiation - * Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2] - * as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be - * safe from the attack if it disables renegotiations but the problem is that the browser can't - * know that. Setting this pref to true is the only way for the browser to ensure there will be - * no unsafe renegotiations on the channel between the browser and the server. + * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a + * MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations + * but the problem is that the browser can't know that. Setting this pref to true is the only way for the + * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server + * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 @@ -580,7 +580,7 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: control when to send a cross-origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram - * If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/ + * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/ user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ @@ -598,7 +598,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!"); * [SETTING] General>Tabs>Enable Container Tabs ***/ user_pref("privacy.userContext.enabled", true); user_pref("privacy.userContext.ui.enabled", true); -/* 1702: set behaviour on "+ Tab" button to display container menu on left click [FF74+] +/* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+] * [NOTE] The menu is always shown on long press and right click * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); @@ -766,8 +766,10 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin user_pref("browser.contentblocking.category", "strict"); /* 2702: disable ETP web compat features [FF93+] * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants + * Opener Heuristics are granted for 30 days and Redirect Heuristics for 15 minutes, see [3] * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ - * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/ + * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 + * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); @@ -781,7 +783,6 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow - * If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ user_pref("network.cookie.lifetimePolicy", 2); /* 2802: delete cache on exit [FF96+] @@ -952,7 +953,7 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ user_pref("browser.link.open_newwindow.restriction", 0); /* 4520: disable WebGL (Web Graphics Library) - * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ + * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/ user_pref("webgl.disabled", true); /*** [SECTION 5000]: OPTIONAL OPSEC @@ -1029,8 +1030,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.download.folderList", 2); /*** [SECTION 5500]: OPTIONAL HARDENING - Not recommended. Keep in mind that these can cause breakage and performance - issues, are mostly fingerpintable, and the threat model is practically zero + Not recommended. Overriding these can cause breakage and performance issues, + they are mostly fingerprintable, and the threat model is practically nonexistent ***/ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); /* 5501: disable MathML (Mathematical Markup Language) [FF51+] @@ -1125,7 +1126,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); // user_pref("browser.cache.offline.enable", false); - // user_pref("dom.vr.enabled", false); + // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+] /* 7002: set default permissions * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block @@ -1159,7 +1160,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ - // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers @@ -1344,6 +1344,10 @@ user_pref("browser.urlbar.suggest.quicksuggest", false); // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows // [-] https://bugzilla.mozilla.org/1738983 user_pref("app.update.background.scheduling.enabled", false); +// FF97 +// 7006: onions - replaced by new 7006 "allowlist" + // [-] https://bugzilla.mozilla.org/1744006 + // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 // ***/ /* END: internal custom pref to test for syntax errors ***/ From 41468d0d0bf287589e9ab2c012aa0eded1388610 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 13 Feb 2022 13:11:26 +0000 Subject: [PATCH 1832/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index a27d59e..ea7f92f 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -11,12 +11,14 @@ assignees: '' Issues will be closed as invalid if you do not troubleshoot first, or if you ignore the steps in the template. -We do not support forks. +We do not support forks or no-longer supported releases. --> + 🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting - [ ] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox + - _unchecked issues ~~may~~ will closed as invalid_ 🟪 INFO - Browser version & OS: From 4bd17611df133b8ab3077df495ab7197c1844eea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 13 Feb 2022 13:11:55 +0000 Subject: [PATCH 1833/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index ea7f92f..ee0a8c7 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -18,7 +18,7 @@ We do not support forks or no-longer supported releases. 🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting - [ ] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox - - _unchecked issues ~~may~~ will closed as invalid_ + - _unchecked issues ~~may~~ will be closed as invalid_ 🟪 INFO - Browser version & OS: From ba052105de3c4be2e34cf103f08b2f28c6d5b496 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Feb 2022 05:38:13 +1300 Subject: [PATCH 1834/1961] Add files via upload --- wikipiki/rfpCanvasException.png | Bin 0 -> 7765 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/rfpCanvasException.png diff --git a/wikipiki/rfpCanvasException.png b/wikipiki/rfpCanvasException.png new file mode 100644 index 0000000000000000000000000000000000000000..6889f80924c3cff60b656dd56ec70f266ebd04f1 GIT binary patch literal 7765 zcmXw8WmFwakR1ZSEx1b{xVyW%yA#|Y1a}X?gF6J5Ai-T9!QCEi4<`ioecztlAJbja zr@QA=*VL`5+c9b?vS`Re$N&JK$;(M;002xNR2D#lhqf)BIXIvllB=A)2LPa8|M$QE zSvdp%fUIgKDXFGr>+;3L!`8)>LS9mm!qwfy+Ro7m0K8XoHEpyskMM-=Hm)TUql14a zx@h1cQfNrT2IC~rFi;|4DnwHjuHdToeUO%hBOWP;hK-L8{*J58g!&D68DWpIC_bz> z`rGK!wqLQsV&~n##B0-%2&DQdw{Z%g7ZEj0j#HgG7_~xz?88G47Z1KbA+2{C@`Md$`#yys95fnMe8UN(}bH;iM6Oe2`!aG2gNNqmZk!8m}J zZ@fe)ASMG7oSQ+T2^7EqW@DBXyMP)qU`88sFb4$Z-e>y30ERy(abXIQ019lYXeq!} z5U8Hg`6dnMu>m;Nii7;XGBdy?uWKy_)U^P;lb9$C03s^DrXC$Z55V~WW+PNo-avRJ zfFtuySLl+l78Ak%J*mtFp*CuM=@3IiW;X;~T^2IBNqKxm93Jy`=2>Da{XUt593fm7 zTUX-%P>_TR)%NPedlJ2Na*`*$8QqlmxCj32qlLxp>;6=gs~7-me+isPjl7i-;sA=U&G9IfhJx&C)H(uIj_D=YhZd&>%g5{BlZx&f~?{ieOT zFOCm^LeFXOrm(R%DYKsIwP=@k?SZH@1YmRiwq#`_j8}2LS&% zT>9qe5MhID!?vfq-Y!I6WD7n4!PfH0ZUA5+Ma`l$+9(P_1OTam5QaK&;_E&Fre1iG zzV~Z=D9>g*;S$t?{SufG$e)8r+|B5#LnY`UC+bKU%vk5eNV$5|Z6i}$(OLSnThWDG zF&@nk^ZMvILy+LaM-Z{iDOaOmEWYVc#UtWpM%+{O$-!a8Qd9hi#!>&Mn8Yo|uJKKa zLR*gXpRoHo{wO1v_9Vd(fFtxdvQw7*M@WOZ@H}dhWLr5eQMgPI%Jk{$tT1=-W? zzlnsu^Atj+t86h=6GS9IY`upB2%LkCY%IeA67_scNGXf{bgE%HVs0#_ z>b>BwLZo|t+DM+ZfKCB|~BEg2M_tSn%DOdbW)BfRMkide2 zJxWiGiE0rm0h<-mFIsYtml`WZl7qG_@tu7APpw(3S(#a94XPuiifk@9BC3=>tDhYj z5cq#EQ811~?B(ta>~Zc9?@|6UM9#GkbNhL(xkINhYOg@JkGapa4{w#hA+BAVrLkUK zsP%z6!9b#>uvz1mdQ>?!muD9LL>QjDVo6O=>Ku_RzU`geufs3xAJ$XJRMMw)XUC3Y z57Q4}uf0&wB5}h&(Kd91*#rm#HiTXTzcQ3c3Fl%7L0W9Q>?awJOpHtyZ9Rr&27lb7 zQRGyGRGL&`23D<#%F@b>N)+uY?J=!{3KPwMS{ZFl&D{#5`LrtS%3QS*O=3-(3c>QI zN}F;QEzzHW`Y$o?`U6S>s**p|3+hdGJBKMyED0OEnJ695svNaXz{je5A*v)Xe&-tQ)1feTSzY6@efpbB>Lr+}FrPRi5W#mwq zmY$|pC0C_hC417vQ+rmHTiPYvq5l+uE)G(lHKLWZNtk?}3(;KBTrWc|!&4R(xT$5S zbSNP%?2z*6aV|U0$m=!<&Qo$J+wkdvJdy;kzG%HTJ(k_bqUymnqEf?yQ6~w6hPd5a zgh*LI;7fH$;{h?r67y8^^zHDZwi%(~1(`S*jPG{CM!VFzPQy;a#We6Vlr)OU$I9nf z8p>^@^reDIf=Zx?@rj~|#Z2yOVfG~sNH!#UDSNZU%)r}#skywl)k?l$&!ANQyt&gk z!hm1DL{HnmxKXAix8~DgM@>iBhq5-66qTyHMVo=T%jQ4L6)l8y`^)g)+GeNb0CO7) ze4Cb`+JWj?l=NE0vlPAIp?AQL)U3XtTuX6m{ZG~ zyUo~R^n-S}n%Q%*HuyGe9${C}u`!CFV=U<+EZM}v>myxz3SVyAjJJJfZ*sF6v-{7= z!N1OV&h5^l*7C=>^6B&RIX$KaMkKe?_h&>=@>AIyHmd_wB~?RgnjloHmaIv-HA{6Z zC0>*mqv=LDex{;#suF-l#GwkWyUNdWw9-C5+QfX2f**5H|{J)qLxEVw$ zS?q;YdE2?#MTc3e^~V?Va`ogL6-oG67;1T(9lJN5&#t0&a(7U6{qQqbM~q#43Mc!o zBg*h9Sg@D`(!`XaRrr4V6~|;K$NT>2AGX)0cx0b`(tewdtTQ|_(aVxX3}h<*>cerjE7J!%Q^9!W2!de;$i;O3- z=pgd$*W3#)W;7l&?YNxb9V%BTpS`0yq|G}rG=bHx-~Fn$5$4FhlG>26+Dl~p%aX~~ z%z84kFl<*H7nxZ+-tc{v1(Rdsa0%)AC|qg%v0FU~olCL#H}yR?H8&uT>YeW*wky%O#+7G`-IGdu}HMYlRQ2V ze*PU%_m`vRGRdjWQ#5(_uSKt8wfK0ff%gk1OOrDhGll8@(o=ez{7YVrdrt^|frtBt z$-4h|bF!OU>pY$Hd98VoUKDR)sP6ew1kt_OKGff6PM1BU5T>NO!NF!+JzH`zgQ58* zg{7Q^G648~0)XH!0C;$V_D2BV$p!$&X3*R;0|4+{l1+zX0028!UP@fcd-XIoNDW7~ z8PszhhNcjFM-!Sgf}Amg{9P2uS(tJ=%FO#U+QCAGqM^IfR~$3iR*cIr+0zDr-2pSv zG_{6_TVF~?(HIUPyj*)mk0^Y$4_P8nBZW@S5~idtk?rM`p!6v7$eD=XN61yhF~h+| zHzd#F;*7Iw>dfxc-^5@vm;y00gH5T3653OMR59Vizgw1~mZ@K`iWYY~!I0evy@MUa z`2Zbu0Bt^vO&!|yNTTOcAX*ghy`G;VU=JUSedgd35U`m2IrAs_=*Cyb{~l8yH(uwX zIHu*&rRcd2mw8TiO3GaMExX+;bu)(hE1b9xeI&`K$`9MknHe{uTWRP=Rd1rDc6aMp zLn#pd@xh5>?%g9nMfYc_!Ic%liVC|{pDR4)jn0Vq`QPeiQ|s%b_BWz4)2?V}XiEh; zZ`kMO=UiauGJ*q))<_90EiMg>ul++q@5%k^P*hYVm)khel9JSyTU=Nb6fyMIkMafY zaEXYU?)OrZfZpM_BtEZmM!5IycW%$XROgmQ8lwK!Gx_X(w~q3VxBK0M`>TA>{!~WK z-#dt*-p9*mH=mrmx?PgKY*cDj6>3#(?d*j1_xt1E;T2R>#dg6iH+(`jY#!WQtTDXb z3NvnX-R{&zecXw~;u93KJX>9$+27yCJv=_{FIApN-t+eMMqJDl@N#-19n|0~sN7{b*DLc)lmqIaLI&#g$ilWJ>OK3fwNz0A*Z z{Ycl{nl8kmrg0{9+k}A$k&}yVp%e9Q#i6Gctg+av)^BwE_xU05SyI&H3i$?k-_tQzrdTW7y)zG$o2%cp(iN zb+Hy1R)d)($> z8e&cWhtR|Ejm#VSNB2^qiLZ9&cvfo!)u3!FXGz!(VXJ5D_t8%4@R_EUDMxBuFdR*p zSH{{%nML=1h+S&O)F5e|7SAfo#$%1>lB;g_V}5w1?;Hbm(0kV&JeDSGe}M~)B(Z@i z(S_m#BAuZe{@G#&Q`0tiL&MLvrz_sKD>llbr>CdG>!EH}sjxNR40n_olcv_TJxK1@{DPRr!)<`1*LAwbqbmx?&l&>5xqX7d z#j}CU63gFDc;{RG+*T3qTW-OjR(2Au;swXJkkBf%_%2i}qBPo$5cYRPKd8 zZ-kN^MiR+ZL)3iuHX09?G$Ly_7%K9>EiR4fo%7K_Kigh9JKyDqzTskF4U%KTegEFy z7xtjn=^e6=(>=3I{H7wm5`PBX1li={ZV$&1Q^oXQ=ClGO`s2?R zn3Uk)F&R*5eh7A82WtLy%rZ5F#KG*F522Q$GYzcgfB(Jf(Uc-ZtfzkvJkqCCIX+ysAk5llR z`MHZkAmf=~v$K-_f!(3Hf$vCVcBiy-5U>2Dx1V2eXD61pcpn|pvt#%y*p0`_jNM^s zey6*Ncuj^5h)@5G>VgG(nW(b<;#3+w^PwMX9V4FmbP3USRJpE*c8=D)qsS? zAvvbm0~Nd+qOhJ>seBXb-@p5i*VBm!bND9Ojrv$UDDW0?Ya&mmcBU6IcPS)rJ2ql|(-yvd`JP}^vQ=_gU&62a zEwZSYt@_&syN`We3)@JAhN#x8W&VEU(NIM_7t74lOxxI03U~fdJVTwzwd_lF#63SL zZ)`l2*?87E)mCNaGLL>GKmz#?WM%dK^>GPRN?Ljs3eGbg#YL!73;CjNsmkaD%h}u$ z9x(3~gTgX!;)<0ZB@QBbhhp|4lC>l+*BJ9vh zKN}kx(=m-lX;fgv)vm9vLnED+~kVm+(fZ;YUlb0emM9#jgydoXEmVY zDR-{gjTF;ukWv;wU1PIz#1{yRjIYHG%P`L$V{L%Aa&vPFbi;8e8r4)JLqL{d1ibB<6ISmGexVH|$Gj5ySSY94WbsxNL$F);pCmK)z+V*SR zPv#NSFW(9iGx>u&KiLcKB)Ys>v5`D#e$>y2(-_#z)bcsns9yqSwu>VUg=hok~v<9q}_jeHubm0|Cy)_CXe^C^6MG z8&O!%w8_Wp4R)GbqhpMh7eTrd?Cf~~Mw%??RJ^?8U%!4$HZ5dJ^S=K}sq@POHZtk9 zITjkrx6ao)7Imfk(3WtaP+yFo!R2o?T~zG`^Fv`*&p|zHBS_ry_W-vW`H$fXy4^Fu zyM8xAz|_{QH6W4WW>f8l)NjMySRbr7`pA#{#GYC9hy5s++bt-_gleT#ku1<^ z><806f)bulzjKe%-&xXN6)&?b=c1rS&eH0jD@`<@BXMpONqGfrwCjXNLp(K-}tZFaSC} z2N?}tgq@en8nBG1q^QUXz1&x)H1vkN8aFg$K<3O?cx~i$tIwawlq?u()l)xT79+ld z@Nn;{67SVj=i;IrYIJfuRTAelf|%Z3-8$Q(dreu3i(~!vc?|NPPJ~A5iR7Q)^$xGg zOAz_D?j7^%jRnqsrg)=Nca%Q|u8R&Bvt5NI$nErFXoVA~E~a>b=miTu1_GzCGtG`M zvIeUxJZM@_4_FA?2oywy2IN!g`YrsWT*2jbZfB_g<2H>bZiiRDP^J$9GHZk>vbXo6 zG(_3zX}FQAduUMj1Zf5hYR29>;nqh7aS@Dt5QTBwe6f@=K#nT7QHswedBgU4h9*5C|C@~i!6v`R(*vN{H|okIxX)Pvb$lQS17u|ioh2Dq2_cL+Iy@qLi&rR{gJJ7T zHlO_||M&8;4~4Zem|nAVYsoaIBvldXDIe^(a^B|BYUAWIu7Yh4K)}!%&P|s2n~&F z3xOP2hR)HW1(uFv6U@AhzORwRZ?>ySYJ)D86=avurd10?ZEb{C2bs=BB|kf-nwRE` z2g<-BwqB*`gRRe-B%sGyp_MQV13(RMb>O9@T@qq4 zRZvp$9(AC1ZZ5WF>4fmJ4WzKD1HpJ*nC=w>v9+@^w_3Bcm(caXh$j(_H@2&&_Alg# z#editnb|!&J~w|u`&pkq6zi|PSzxule_(BRNQ(80y!c`+%qYm@xL@~0NnTlU=#RUO zGqm~nvlMBxvT}B-B;B9sai7fpacMr!^2z@y&a=EiII8xX3=j(l!&_PLsm|+p%H?fu z_meu?ZZwr6^D>IFG}$Z|%66$v;fgvq`Q-8ITWUQc^TKD9hl7bVn%eJFvI)Bryo=C+ zV52+k@hYxk+DH#BrwOP(HY`pYIUu@&u!gA;Y~Kn!m~Ri3kA=>!cwzcB?iCzpiD z{S7GwT(HEcS8wqNsKduM%}z_h>wIny)v0DPDtB{>q45OjKG%~>s-Q3bJs@{2K8lQ) zWM*c*Kgb@7j#d0!XHzavt5=UTG?d>6G49zIIUb@N8yG-=zVB}Jk!)Pz%=Mg_g0@cg zf*XQJ8wrBWA%FiOs{0L|LQ+5rW475*QTVU-ATOnyf@zYhF-E%QjtErtjtQroQMOyF zYTgS&$F+!q{#BloU0RT+GieWWJ^_4rZ7qje;99KQ<)ZH)nNa9?AJzTCgQ7c+gcAXL zC^`xNmbu&dATlvZI^Tz;E8CS9qS1!$gW!?q#fI>!r`tp;4Z6)246=|J&U=h>JLq;h z3vsGJyT8iXnq!Z+ar}OcaQ?E)2=T#mpw$U{@hy%)73n}oVV1V(cEis?aRC1ZVm->U zOCUtD;h~Kskl9mw?sBhu<_RvL1O~q1K~QBu-6HUe{U!r3*dW)PLH17KY_{@h z=-9Rc3}2)(TR3s$V^I3tpOPzW48@|IX1oQid^GA@ z?iD2S&u`nG;LXw_{Pamy`Yi3E;c4Tg%l}zryoNSUMDjJi13O8(N;0WaI6&#d`^uUz z?QO|ot!qgcn`bzadkzV|+u4lwl@?1spFv&!@)L7t8R|>0qI-Ohqb%ct4?^ANqp|Ce z9JCtREXGihHv;S9`HDJN*hoS{)?L#^8q}Mc&AR-c`@$3x3VTMj3|9|s9}d{3id(L` zy?dvyjSbVk_intWLAyew*9@ZimfMQa^;37EUsOgO9*@eLpVz>OC}yZ)*&SHkmqVZU z0@~jRiwcXGk~15H5+DZzbR9k%!Nijaej^WTm4)SiFPJcn8QH(O1aJEGZS20p}f`qlU&5FL4Y88v&x>&;S7|w O1LUPuq-rJ1LjMP~Z54L_ literal 0 HcmV?d00001 From 382b9181dfb9d4d6ae010af526e7410383137fd5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 20 Feb 2022 19:00:32 +1300 Subject: [PATCH 1835/1961] Add files via upload --- wikipiki/uboCustom.png | Bin 0 -> 12439 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/uboCustom.png diff --git a/wikipiki/uboCustom.png b/wikipiki/uboCustom.png new file mode 100644 index 0000000000000000000000000000000000000000..2b8c443aa48bb8c40ea41cc80e259d4a554a5e62 GIT binary patch literal 12439 zcmbt)cT`hP*KQOAR1g&b=_(dFN>h51-g^fH>Agcj6#)SO=`~d8CDMBrq9CCYAXF&< zVn9j=5E5?qz4u%9UGM$wU3abfN6tApGqca^J+t>b`(om$l$#4?@08lC`z0m;x zu7ZirwdAD4YvdDB6XNZLyOOaN0C0=?@^=N0mGb}qxT)zNC#R)l@8<31W$)(xP+3my zp}VJ>t%I`-0N_6l*0s~q-KLemE*;6LehN)db z)6qLa}p2=KFI`K0hp#dqPdcv2zW?s^XU!1UJOt*Y7iq2FnR&FZ>#!U1Tf13 zc%f`)s|5Jg4CsN~xm5=srvSXr{uIFhxCR2e{lUiO5BQh~xUXft#@5)xKMx6K8wC{PuzsdT1$Y1<8S~iJe z;OWH0``^plI1^A7t4hN4_z0zU7;eW)|$xwvSA9zs=jH-*Q{Ro$Blzd2TOzN7#*P zGC#|@GkkU(?7`=!3O3Vimo>xVp z%oN%Z#eM+zKb%K)D85VytJ9X4qG*(BEqlfAQK9hG*n97nSqZfH*<+p!3=*G(3y@=# z_Ehr;l5)@&JzEdR1im}J;2rFjt$odXBiVYm_Hh+O3kKVe&mU zgs=I@K77X_qhzFJq%o^h_K@j`;NAHfuWpch)b4x!IJr!<;aS_=)9(+g_+LgDDRHyS z+)JS5y94?p_x;tAd(m?I&s)D-Rj&Q2H*s%5VZv31ZJWD1TTqFCE&1pCd#5@wkreKS zTt6b#!R!6&0_%+Hj}A<4f~}-IzMkm*X4e^VRH5Ivvmv-aYLme)qhFMzvshN3cULIE zM7Fx1Ne7}GRYoo7lO-||POGe1TwRzt$zV@sk9B}-dAHqNOl8qXA2Xa7-d5a7-y%8k zqo9nW35R~NW2eu4K=#0n-tPe2(-3i<-NYvnhl(kk^Uz*;C>MqRsdv9hQNyD~RD zsjtDt_-In&ezks0xv$#!wU%oggAZ?6)7SfRKXRh1jPwZ;`u?nTWG>K`vpoaP+#V}Y zQC=V-C!iu=Sg&)KVk-d7e~;rg2V;q#TI)+2GpCBQ^faSN zrAqBeMO3G74Z0Lu(kb6=j0?Lh166r$_FT~}0d^gX)Sc5^EWKGut1cmmso||~DrPKb zf8*EfTDqH&+hq}&tL9d^6wrx0V+!KK>)~C_N->HQMx^x=Pe>6Ium|D;LLP47%zRM9 zzP6lszqDNOyVQ5-s~;0v$Hj}L72*`AK06GWtvy+D8FU#edPe%}(KA)`9rfKT9re}{ zjuJ67F*WGOuaUx$nM|QW&Wy}G^hZfUDVvPNa@j9ve?{idHy<<0cpHfBi?HBBx}LGSFW=t;_X+R@pydW9c;ij7wNFwC1S$(zkMxcH-UUBw&YVZI8Sz<{&sv-{9x2*|GR zuETEBLf$XIJdRvr0k5(CA95?&8{<;9@={+oEms9=%4vq#H6q#gtoafRtKr|8i~TCF z@Al{n1nzKiV-rg$C^6=4`D74QDZh++I?x{%-af}Gd#o3l4*ZTk%Lexyf$FZqwFx zxXLD?jxgXF+swz3O7_#K{!7($W1gE$vL#!3ChTxdvN}5(L)-3==pm7`%3Q7y^so9M z#Ftk&dwCb=dwus-lbVVnRSkKVjW#>097XEHJpvFn*J!SDMH-M+iMPZwak@-vR-z5l zYl1tU0o9$tEP97N^fq2`Lfz88xe*bBT7aX?HI4X;mmA-mMS>Y6X`*9l?jz{ZX+mb% z7yLIEquhqNGZ#`C$}7LOz8|%nu-)EV;>k6=omP>)nSR@qa&EqXa@n8(jX9P_@THHi zBih58K*Bw=?U*nEH=J_pSX_iGJ-me1^-MVOgpf6$)8;a z{VV$F)3(z#IAvTtR;nhtV*4Zw=VD&1;o^aYl1z}`$=Gf;!CR-MnI|OlbP{H`P>Q#q ztX%}~o*xgTFr|K6&fsr0_csCS+t?e+SQbjrdEd{Vs#UT{R$pd2WFz@NYTSQ?K2x$#l zcBFFKYrEsUIw5}%ixle+gP9$)cpuauHmD6-46`7jmM%NqJK}`oNlj>bPJ32OtC>^l zF0iu^WQ*Nq%zXu0Jn9VCr@fe&&J~eZ>^uazVF$37W!lAH&*ym9aQmF!^WEwW%?`^W zX|&9o++x(Ulqq3hc5flXvBxj}aC|`#OBxYAN=U>cP|00S$V?cHq>M!6zLpdb`7Py% z-##yu8+||eESHW@NEoi6qvZ=enMT23;~C=x=?Ce_-7bN}_?;dUJp?h>H^|cU(_i4F z#gPFH-RrmD$GlgxOr^OV_%MY1!v3@tqdQiLOQugwzPLt`ad>Vmz=I&-&4<=XI_dxb z@F@Tg8V&%QUJ&ow0D#X60AS}W03ezH0MNN5Sq>-w08jgr-^l3s&;MBjx$EnH*xR>s zR-(J6wfY61y)JvTgiR#{`lKnfA^-MU(T2tEiMiS-SzlEWKiqBjQQR4?^WtWf8H+)L zDLH@Bl7=(iw$g-!v~u~_!3%NmkK!wj?3o)j(xH;Jg>8ok5D&=Y>){jb?OO~xj#W!R$Q#Cu5K8p5gXmA-XAHit3>{D zAeK(gG9>K-;Oqeefm+)GtFL_2#1eKm;=28s;HYC3jjPBwM`HW4(@`@2PRaK_w5~qy z<99Y{h@_xbkpTorcrOKoJS)Dc+cggjy+Xo~!6@kugzt|P(B33{SA++A)FA4uRNj*U zIUa{thTPmFMOMa>QG6iK#*z6cV)M_4?rYt?j7^!&CXASQ;Pj6*l+J~JBM z8B|-#Ha$OIK|*%Bvh}oLVnWCJ+&{IVLPN(L9@MGmFjr@nn&DpxZ)j-1355`(9M%ST zMBVdq`mTmDN+&E>@Xek;&JvKjQ@s)wb6y~eE-k+5+5A{=+nDB&_9h_cyWRUS*VYYN zi6gBFF88LUrtQ86h3T1GIF;17dD4A)`f}V}UInq!@(KzSAs4%y1`J}ppZNs@%BnO3 z16$-7U)A_the?2r9oGi^js_VS^|Z9U-lAimp`j_JvotFscFS$yLq@Gp1S)Ur8nSz_ zZbEP4zN-O@V*XL+?lf8ge4X(^KWb_2)L; z>E*h~_vsxjb~P(8AFF0mnzzTtY1K3TF>MVtv(_kbr@&R{S zudAr4j(d$t6it?Pdv!uhb2cHCHFIp@HC%^u_S3vW3;EW0INw&A!QJZt|po1?5JS!Wr6ZcBECF1Al;e~R&t$O+s zmxY!&p&Bp3Ih2IA*%j(I0&ediB!{Re&mC=Ek#?IX&)X!!o|ne6vd=8oU8Iw~S!8^Rj+ zLvpmeg$7EX?lxmA77|Nd9pg3lYRt;sS(y6hSXQ;D4(Law+d9Kh#_<<`r(aQhlp8oZXEt?HaGIht3Uq zOaeOVhv7hwhI3UAl&Epmu~l*LBIJh>R;qV)=2$msCOb2;Ae=10{$L$6kEl`H+p01a z5VZe-&D-`mE@^87K|5dpg9)sa`)km7M379P6IerEzf=t*DK6FWa_qMC>B(F(y-0Q{`2KDeFY9H!eTo<1O7{b}iLcRFq8JN! z(`&hMuhZmb>UzW)H*dyxZ>S`bQn^wMg_BWv-hzdbDQ+*cp0P-6zs}Q<3hv-s0WmT# z*fbh&zV!G|SR_Xdj+t~}dkUuVtt=D**(4nxdB-@d-->msd*$(Y-KrSWDmlNN)joWR z^W4b6(DdB4?_Z!=AMz5Qt$YD$+ze?pGYzNA8ANCN{Wx9|qRMQ8tx>aIz11fT+uokM6$HcKK#5_;bB5x! zrqjDmVPCpL|3>rX;uIJ{O1UG^LC(i5EN+2P=YRdoTgJ9td5bPvpKqtcehpVNyO8qP zX~@dT@6-`YVY>I;|!1oX{hl$feOr23=o9x!c zupzKx2}~6yf(kluk0q`jDa1gqwe_y#kdo>3!;{os{(AL_N*lQ04>_wJe5>4#--;ro zO3wA49gZsL=q&Q$=Y-@kkJD9^b#*(JO^w-_!`Rw~^lR+n+9YQ2e`n)|sE*Dn_%DVr zuksF4w5M2%xUkIni=Wz4#d|Nh)LVEIDk|ZAkv28+Dl6BN=3b>uftdc0`9*8rNjDnArtdPtm^myi*}$}lS+qHJSc7L!&~HVvK*ovd z`qr_D4~7Ho=gB}^PdO!ntCq3eA8XUU5zV{@3R<*!CGh^oTS|ue8$PP%=ci*JCNiq{ z38E8~AcBvbtDSH}kW6+ZOm~jhCO-)}o=dlo z$cJIgJLiAX9ZO$|}8FlRL(;#7Xnk8vfXg~|3U=U*T+eOiWo;yd) zd6K~B?7`1)2CaK#JGP_WG%FFsG@~K;Dw2v${GSf5>Ux>zX6 zpj5I`QUq-&h@DfHERCRjz0qcVPK=ute)zz(Ag+ZGWuctJ67_&5-?t-8$D<^tngu4* z#S|ms+Egn<3*21~L_x0Yzpv!JZE~9ZBLVEpm*XIB0rdVZmwMabphX z@aFS}HaSV3LcK1YswkK9YUr}3++3IYX7xgwnHMom#xTK`fcj| z*t{*a=H;OJ?;6Q4z4j*j@A&DO=OZMMLvzDI)sC4%LkN;1x{xL3SzcU*VKce{k)Pn3 zGes1RiFi~gG!wj0?xi`2f)ONghBbl?=O?ul)zv5(jB{h|7y*AAc|OFYYOYz&NXhCt&IRH23TjN+ zU#)&obL?HlYl3|$hI*+lGDjHh_C#6gOIk$+quTnJN>Aw{1AJ2}&8Sns)(`qcR&Q+l zN;ou`@k8<|u_?BGnEQBoQI-!8^9!nC_F+M3S9p5r;Q8RAfnjimE;s5;zL`L|zK$Th z25$mW^X!#t#j0I^arzgr&Ahs2=R%LjG^Sm~T%o!si&gibs}As}iZWAPSsjo>46Qj8!gcUBm0~)2@G#uUMk$Oj~)EnYR=cyqE)JympE-w zUTJ75X!{FY^KhQnE5=t{)P1_Bt|@y|q)ihL zv+L+t549|p3`xTwjzFD=8q;~Y2I~Pb$*X^C(JgMRPM_Z|#+!4(Kd&_7Pp2o&HX<>z zQTI+PYfb}ooI`!G_Dna>6GN%lh}Z(xbOUkAX8>}AH_m@vXYWVIw=SDK&t4+X$aJ|G zl4UK8W3g8^Zeb?!_Wm4`h0pM`4i_0ZzBd}q6tGLX%}P)pYN2iQ`&wQ|xM`h~zvs!{ zS2a?xbK1F?>w3buq?jPV6~xJ9Llgb=8SY05q@U#%{rcxI;h0x@d&c*ph<#}ws8 z*@=$tuUYDnOSAUn0X?q2hCZ0EV0=wnxoBD$x+dmyQT{`cr`Z;M+2Tfs=Jb~9pLcdH zO0|m=*f}fkl^%{xC{Z5gLhM`{hJ+YJ<#kKcCjPFXc}{!6`X!iz*91fGMWVQlL#LEK z&2ZH1Ahnfi09iZ5z`_IrMEA3DKeCn);Pc5B@m_BONE7AS?+@v8(L56g3tFAF(|ku{tQ#PwA!pr>`P@AA&1wzqLj$B{6O*DyW}Il zaS*jjisBz8=pUZq-*9}I=e^EjWsRE~z_edACIfe3&zphPgfyXwkE={CF z?0pr2qq5P=U=1X&q?d_NemYdRT{&dKV`P=VW{w&fLLZ)(81&x50joCZOqSs~hM|q4 zlK}<9eQ1C=t*C$kReBX!!wj^cP@alozgj|u_a_UB;iA{nl670L%%q{n2fOiGD(VZ* zDj6EZo-0RZwnn}-5M=WkB zmW|e=7AKA=Flg&D>pN|0^SD#Sn3zS7wEBR<$71dFWzVCG8gS|N?>?f`d9I?+iDfDF zSf6aC1^e;BsFZrsECR?{b4$B(gS^~Hp!ug`ZCUWJI7rDtOw+VV=hv3E36U|Bru)19 zaC{MX9%0G#?%Pi$B%#Dm7`@Y{UZHJXgg*|D2~6ULtLW6u)Chq>+7zHlGr!HSpFt%u zl_i?vI?B_MNGCn;J6Rv|B5t+C*wJ)jp$w1#)6K^;vNz5K4+rYER%xp0 zL^M5tCGRab?9o>rs-;aMr^^zji0rB~-7&kD^@;}D)|ALI<*j4^yrnj^f~|cnqStGE+qtg)Szcs zG2S@YdF<56<}UeFUOxBHzCILGVt~S37WU1Fvm)9-+VHmN3{Q+~_fqHjdyAan<4j5~>)A`-1iOd2QLf(0gNUO#m}!uZh(#wBae$|uT1 z;HILkKHlPC%}yL-_q7O^79Kv$#hf8_>0A0uyq%i*DvpkIkJ;E3En?%F*hS|HP2D;N z(3ti0pKX|#Y=@u3(+7Kzu!}aJJgZ9%1iW{FW&F04R@T#|i{cmcD_8`h?o~x^qt_arr?SVEK=@5<{axE# zQV@F>3?*={lgeD`xrQESgqm8wESyw+JnITTdif@Jut#JqI`wQ|N(9{eH^Z1S8z>ze ztvr7@gKfn0ZNY{3Xl0cJor3SB5+6zvQdAI3REh;jkzV?a!>KzxK zScO{zamK;~m7;YU8pt@mmY0iEotl^;>_-5AmBCx!q$BHLo1g}dE(S- z2P&H!1tW2}@~=CGj(-ZOeS%r-%6QGs!e%G{0N0K&5%FUUyzi>Pob!YtBN98&!=cJ7(9E>bWhj%!s$ox5N=_2%1al32sGO^jmJDYE9P7~%h_x+P%C|~ZG2Uo# z$?IUNqG`ma*@5-TTr}*+WxMPG=IdKdo4~+Ga+Ru)7lZQLGx% z)y+$V85ygFOLN&c4ds znZ%skfP;>D_1wUO!8pbu0=_d(4FYi^lIu|zJT|11=28{D^;{S+;4u)$?e&RHCEGs;kwX zYvz_b1OR$`c-9f9%dlDYf53ati1Q<$_IMt<5V6)tO5(mh@}q`w+g=xrU7Pr(MZ|mS z%eJ8FWysARzI(Yh^G{5bW~BlP1#rZC`eCq*X@Uy{sQl!m3^IXeRs6X#B)%ZZITEk+ zMkUwrwSp_fps#syY04*Z`3J$G?LVU?cK__f{XHa%%?G+ezj!U{rhviK9a*R{f~XnQ zAU;7W1_8tIqI!I$d~jnzPQ>{Lu-2{j(~ZzqvG8qG{@V3 zGf7tnf@#8VU@*Qu;=qfTyJu@F8>Cf#w=Maema2bmu%SjjDb;zn`gV}Xo~=bL0rf+z zk>?c`+}E5|{&|Y=o{248!)X$?DbCga;h8Mfy%;sW+vilu%oBUhG!1x=K~>Y~z232| zU*qbtOz$&~!Ht>5OYH@1?H<1O%d_k=&hyKBfQU1tH$cuOEvC55@J?EoW=4G`6O{&Q1iwP|(3aUvJvKQ72DuLh4&YEaXg}vIv0D%3?0~WSrgLkcRDehp~-p zq>^bc55d{_2H(JD+%{_NWl_A@HR9JBu!Id{W=DM+7P#h-z^R-1Zb92g$`!wPCj@yT z1hYhwM+F`yl@lSDxp12nM~~tUHv|5cg!`9qR?_C=s za5j?y?x-8Q$|ImfrScjFCtM_P&mr;>d^hXOK^R~9CPbAvZqbi*gGIKJY^VBf?o2N* z-8pFYv(*rdjhbF+U@QoG2CInn#+rImf<9B zLqr8kU04cfX(<6V=KPsA*IP*|HGH%c5e*WQxxOF&o~8Q@wd#S;B>F15rEs?TsX$PI zpRw*s=(@`Eazpe`wXd1}0FOZzN*y6I96&s>lf1g)@wwm`RCS*6-& z{xnil$ZTUKuqx)4OC&J6{QRB+sQg{PuKw;->uDBCKoPxr{-Sau;5H0zRTE*V;1?zc95?58|eB|Dl zKsj3oW-NSdENC};xyfmXlq8t+qmLR+Y&6P)>D1IR9gM_-hx)lt@u{VmK_>5YN`_C`o%X@^(Eh@+}ZR8f|FMe^rMc5bS3*Eav%x#=LA zb4FS(8l$OY;M%z6gB-Qs*>&0Q>~yvxLv-L6xr#rY0MKU&+@qN$XC+PQUyjx|MIN*ONYa=7%W1xK9tQ|fekb%#3}^jj^RERw9i zGW97v7F`1a1Bio%Ijd-bep{T6H>2=dVf5@h2?u+7bmvE*A=Mi%V7=aIcI7kopKNK@ zTWCx=^qNVi6g#DD8R3kz6P_tKHL>c-o~w;0`>R77;&Ib05Oj_R6n)Jk8Ji{SV_=*; zx-ROjTEEt~p5Zb7tkbqEYC`CGG_oQLXir)5%r*Mq=1kjq%|(C{HJQIln*1e z>>j72FK&!uk#{6>E{y*cNG!aJEDv2@dCYg>i=Lr&o3Fv^k27I+!?P0fzd?#HyL)}l z7Cbrho1hP5ns3QYdTA;)4J^Ohgmj*iOVx`W7*a`i=I;IRa=Mdu1stpvRZB&ffwLh` z-G@XM4n9v7-MAk4!ngvRn-@|O-{SbRgZ9^h-vFpfY2Nd;d>)@8@vXf8nq*<^)e+rEReNJ8V zv9x}rKIjchup_t4@}P*uO18L!7^LycwOI5U-Q4rw4<5`FwP@b+tHC}{ZAR}4E&U1- zBbm|mso|Lu(u{Ue%l67itYt}BG~D#+3iWxPF-ovz%Conav6zgzC6t!wAxYduZc5TZ zl+OA3zRwJXGDWq8pivsIYFAde&Dq_mds66mr{#0!?pkxQS--VFoiv`|*9IdEOZY|< zz(ukOh=s$>!Jw-Rn)NRGpsEu$zA%`vEioDa|7z#{?9H+46T@cg$+^40v4rac3i8v8 z+rP#4K=zhtikbeuoZ7lzQlr_U@Wi^?&EgWx&=WO$Y3`=a{l5aRqgjfh z%*pF{RPRCvry&*tNZ%~ySck~%?~t^=uSx_i(>R`#FD80NrMv_LN@!@9V3e>a2EFGy z!SgXig$IFh$|RIvKA5u3=>)qy_!Ndxb904v9xJ%h<$%sS@wHSr$Z0#3nZ{ZY0F!e6iv&%?DG&1 zGx3Sp^Z3tP=-#8tV39zLN6CT9oba<9`Xv`d_s^fBK~5kZRU!Tlh^ Date: Thu, 24 Feb 2022 00:26:15 +0000 Subject: [PATCH 1836/1961] Update troubleshooting-help.md --- .github/ISSUE_TEMPLATE/troubleshooting-help.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/troubleshooting-help.md b/.github/ISSUE_TEMPLATE/troubleshooting-help.md index ee0a8c7..b5c7564 100644 --- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md +++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md @@ -9,7 +9,7 @@ assignees: ''